On Fri, 29 May 2015 23:04, mdb(_at_)juniper(_dot_)net said:
It may be desirable to have a family EdDSA of Edwards curves rather than
just the Ed25519 entry. Let's wait to see the IEF CFRG finding.
My I-D already does this:
draft-koch-eddsa-for-openpgp-02.txt:
This document specifies how to use the EdDSA public key signature
algorithm [ED25519] with the OpenPGP standard. It defines a new
signature algorithm named EdDSA and specifies how to use the Ed25519
curve with EdDSA. This algorithm uses a custom point compression
method. There are three main advantages of the EdDSA algorithm: It
does not require the use of a unique random number for each
signature, there are no padding or truncation issues as with ECDSA,
and it is more resilient to side-channel attacks.
It might be useful to replace the reference id
[ED25519] Bernstein, D., Duif, N., Lange, T., Schwabe, P., and B.
Yang, "High-speed high-security signatures", Journal of
Cryptographic Engineering Volume 2, Issue 2, pp. 77-89,
September 2011,
<http://dx.doi.org/10.1007/s13389-012-0027-1>.
to [EDDSA] for clarity. And we should push for Simon's EDDSA draft to
become an RFC.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp