Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing infinite point #34

Open
dot-asm opened this issue Dec 28, 2020 · 1 comment
Open

Signing infinite point #34

dot-asm opened this issue Dec 28, 2020 · 1 comment

Comments

@dot-asm
Copy link

dot-asm commented Dec 28, 2020

Signing infinite point in step 2 of the CoreSign procedure is as cryptographically meaningless as having SK==0. For formal completeness it's appropriate to explicitly spell it in one way or another. One way could be to explicitly make it application's problem, i.e. suggest/demand that application specifies how to handle this case (of message hashing to infinity). This implies that infinite [individual] signatures would have to be effectively banned in this draft. Another way is to require that hash_to_point never returns infinity. It's unfeasible to amend draft-irtf-cfrg-hash-to-curve, except maybe allowing to return a fixed precomputed value in case it's about to return infinity? Say generator*h_eff?
@dot-asm
Copy link
Author

dot-asm commented Mar 14, 2021

Since some are not on the watchers list, just in case ping @kwantam, @sergeynog, @hoeteck.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dot-asm