[solved] Re: [go-nuts] ed25519 signature, expected non-deterministic
On Friday, April 19, 2019 at 7:44:42 AM UTC-7, Marvin Renich wrote: > > * Dave Cohen > [190419 10:25]: > > I'm working on code that signs a message with an ed25519 key. > > > > I expected that when signing the same message over and over, I'd get a > > different signature each time. > > > > But I find when I run the test (below) more than once, I get the same > > signature bytes each time. Here's sample (identical) output from two > > consecutive tests: > > From Wikipedia (https://en.wikipedia.org/wiki/EdDSA): > > Like other discrete-log-based signature schemes, EdDSA uses a secret > value called a nonce unique to each signature. In the signature > schemes DSA and ECDSA, this nonce is traditionally generated > randomly for each signature In contrast, EdDSA chooses the > nonce deterministically as the hash of the private key and the > message. > > I've snipped quite a bit; you should read the link. From this I would > expect the signature to be the same each time for a given message. > > ...Marvin > Thanks! That explains it perfectly. I was incorrectly assuming ed25519 signing used ECDSA, when its actually EdDSA, which importantly uses the deterministic nonce. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [go-nuts] ed25519 signature, expected non-deterministic
* Dave Cohen [190419 10:25]: > I'm working on code that signs a message with an ed25519 key. > > I expected that when signing the same message over and over, I'd get a > different signature each time. > > But I find when I run the test (below) more than once, I get the same > signature bytes each time. Here's sample (identical) output from two > consecutive tests: >From Wikipedia (https://en.wikipedia.org/wiki/EdDSA): Like other discrete-log-based signature schemes, EdDSA uses a secret value called a nonce unique to each signature. In the signature schemes DSA and ECDSA, this nonce is traditionally generated randomly for each signature In contrast, EdDSA chooses the nonce deterministically as the hash of the private key and the message. I've snipped quite a bit; you should read the link. From this I would expect the signature to be the same each time for a given message. ...Marvin -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[go-nuts] ed25519 signature, expected non-deterministic
I'm working on code that signs a message with an ed25519 key. I expected that when signing the same message over and over, I'd get a different signature each time. But I find when I run the test (below) more than once, I get the same signature bytes each time. Here's sample (identical) output from two consecutive tests: $ go run ~/devel/signtest/*.go { "Format": "ssh-ed25519", "Blob": "BRnwjfCMNZiqRRJdkZi7Gh0sOdJzOcPVIu/wWxlpRjogRnGJT3yn0wH3Fz6WvAmdYakNY7qkKfgSWe+t9PXiCQ==" } $ go run ~/devel/signtest/*.go { "Format": "ssh-ed25519", "Blob": "BRnwjfCMNZiqRRJdkZi7Gh0sOdJzOcPVIu/wWxlpRjogRnGJT3yn0wH3Fz6WvAmdYakNY7qkKfgSWe+t9PXiCQ==" } Am I misunderstanding how the ed25519 package signs? Do I have a bug in the test code? I'm very eager to better understand what's going on. Thanks in advance for any help. -Dave package main import ( "crypto/rand" "encoding/json" "fmt" "io/ioutil" "log" "golang.org/x/crypto/ssh" ) func main() { // generate key with `ssh-keygen -t ed25519 -N '' -f /tmp/id_ed25519` buffer, err := ioutil.ReadFile("/tmp/id_ed25519") check(err) signer, err := ssh.ParsePrivateKey(buffer) check(err) signMe := []byte("sign me") sig, err := signer.Sign(rand.Reader, signMe) check(err) out, err := json.MarshalIndent(sig, "", "\t") check(err) fmt.Println(string(out)) } func check(err error) { if err != nil { log.Fatal(err) } } -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.