[solved] Re: [go-nuts] ed25519 signature, expected non-deterministic

2019-04-19 Thread Dave Cohen 


On Friday, April 19, 2019 at 7:44:42 AM UTC-7, Marvin Renich wrote:
>
> * Dave Cohen > [190419 10:25]: 
> > I'm working on code that signs a message with an ed25519 key. 
> > 
> > I expected that when signing the same message over and over, I'd get a 
> > different signature each time. 
> > 
> > But I find when I run the test (below) more than once, I get the same 
> > signature bytes each time.  Here's sample (identical) output from two 
> > consecutive tests: 
>
> From Wikipedia (https://en.wikipedia.org/wiki/EdDSA): 
>
> Like other discrete-log-based signature schemes, EdDSA uses a secret 
> value called a nonce unique to each signature. In the signature 
> schemes DSA and ECDSA, this nonce is traditionally generated 
> randomly for each signature  In contrast, EdDSA chooses the 
> nonce deterministically as the hash of the private key and the 
> message. 
>
> I've snipped quite a bit; you should read the link.  From this I would 
> expect the signature to be the same each time for a given message. 
>
> ...Marvin 
>

Thanks!  That explains it perfectly. I was incorrectly assuming ed25519 
signing used ECDSA, when its actually EdDSA, which importantly uses the 
deterministic nonce.
 

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [go-nuts] ed25519 signature, expected non-deterministic

2019-04-19 Thread Marvin Renich 
* Dave Cohen  [190419 10:25]:
> I'm working on code that signs a message with an ed25519 key.
> 
> I expected that when signing the same message over and over, I'd get a 
> different signature each time.
> 
> But I find when I run the test (below) more than once, I get the same 
> signature bytes each time.  Here's sample (identical) output from two 
> consecutive tests:

>From Wikipedia (https://en.wikipedia.org/wiki/EdDSA):

Like other discrete-log-based signature schemes, EdDSA uses a secret
value called a nonce unique to each signature. In the signature
schemes DSA and ECDSA, this nonce is traditionally generated
randomly for each signature  In contrast, EdDSA chooses the
nonce deterministically as the hash of the private key and the
message.

I've snipped quite a bit; you should read the link.  From this I would
expect the signature to be the same each time for a given message.

...Marvin

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[go-nuts] ed25519 signature, expected non-deterministic

2019-04-19 Thread Dave Cohen 
I'm working on code that signs a message with an ed25519 key.

I expected that when signing the same message over and over, I'd get a 
different signature each time.

But I find when I run the test (below) more than once, I get the same 
signature bytes each time.  Here's sample (identical) output from two 
consecutive tests:

$ go run ~/devel/signtest/*.go
{
"Format": "ssh-ed25519",
"Blob": 
"BRnwjfCMNZiqRRJdkZi7Gh0sOdJzOcPVIu/wWxlpRjogRnGJT3yn0wH3Fz6WvAmdYakNY7qkKfgSWe+t9PXiCQ=="
}
$ go run ~/devel/signtest/*.go
{
"Format": "ssh-ed25519",
"Blob": 
"BRnwjfCMNZiqRRJdkZi7Gh0sOdJzOcPVIu/wWxlpRjogRnGJT3yn0wH3Fz6WvAmdYakNY7qkKfgSWe+t9PXiCQ=="
}


Am I misunderstanding how the ed25519 package signs?  Do I have a bug in 
the test code?

I'm very eager to better understand what's going on.  Thanks in advance for 
any help.

-Dave

package main

import (
  "crypto/rand"
  "encoding/json"
  "fmt"
  "io/ioutil"
  "log"

  "golang.org/x/crypto/ssh"
)

func main() {

  // generate key with `ssh-keygen -t ed25519 -N '' -f /tmp/id_ed25519`

  buffer, err := ioutil.ReadFile("/tmp/id_ed25519")
  check(err)

  signer, err := ssh.ParsePrivateKey(buffer)
  check(err)

  signMe := []byte("sign me")
  sig, err := signer.Sign(rand.Reader, signMe)
  check(err)

  out, err := json.MarshalIndent(sig, "", "\t")
  check(err)

  fmt.Println(string(out))
}

func check(err error) {
  if err != nil {
log.Fatal(err)
  }
}



-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.