[govpn-devel] Elligator2 implementation problem

public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed

* [govpn-devel] Elligator2 implementation problem
@ 2020-02-26 10:45 Sergey Matveev
  0 siblings, 0 replies; only message in thread
From: Sergey Matveev @ 2020-02-26 10:45 UTC (permalink / raw)
  To: govpn-devel

[-- Attachment #1: Type: text/plain, Size: 701 bytes --]

Greetings!

GoVPN relies on Elligator2 transformation for zero-knowledge password
authentication. And it uses github.com/agl/ed25519 library for that.
Seems that it contains some possible bias in the output, as
https://github.com/tankf33der pointed me at:
https://github.com/agl/ed25519/issues/27
It does not compromise confidentiality and authenticity of connections,
but it makes the handshake password not so zero-knowledgable.

Currently I have not found easy replacements for Elligator2
implementation. However that flow should not be the practical
problem in real life.

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2020-02-26 10:46 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-26 10:45 [govpn-devel] Elligator2 implementation problem Sergey Matveev