You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In our project, we need to verify Ed25519 signatures according to the criteria outlined in ZIP215.
The current implementation uses different verification criteria. For example
both verify and verify_strict use the verification equation without the cofactors, i.e., [S]B = R + [k]A, while ZIP215 says that the equation with the cofactors must be used (i.e., [8][S]B = [8]R + [8][k]A) and the one without "MUST NOT" be used.
the current implementation rejects non-canonical encodings of R, while under the ZIP215 rules "it is not required that A and R are canonical encodings".
Would you be open to having a verification method that follows the ZIP215 rules, e.g., verify_zip215? If so, would it help if we contribute a respective PR?
It seems we are not the first ones interested in such a feature. For example, there was dalek-cryptography/ed25519-dalek#152, but it was closed without comment.
The text was updated successfully, but these errors were encountered:
In our project, we need to verify Ed25519 signatures according to the criteria outlined in ZIP215.
The current implementation uses different verification criteria. For example
Would you be open to having a verification method that follows the ZIP215 rules, e.g., verify_zip215? If so, would it help if we contribute a respective PR?
It seems we are not the first ones interested in such a feature. For example, there was dalek-cryptography/ed25519-dalek#152, but it was closed without comment.
The text was updated successfully, but these errors were encountered: