[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography
Subject: [Cryptography] Question about crypto_sign_open (in tweetnacl.c)
From: Patrick Chkoreff <pc () fexl ! com>
Date: 2018-10-27 14:55:33
Message-ID: 9938ed51-d33b-4738-d35c-0c85faaa8b72 () fexl ! com
[Download RAW message or body]
I wrote:
> I noticed an intriguing technique used in crypto_sign_open in
> tweetnacl.c. On line 790 we have:
>
> FOR(i,n) m[i] = sm[i];
>
> That's straightforward. After that loop, m consists of the 64 byte
> signature followed by the (64-n) byte message that was signed. But then
> watch this on line 791:
>
> FOR(i,32) m[i+32] = pk[i];
>
> That loop overwrites the last 16 bytes of the signature with the first
> 16 bytes of the public key, and overwrites the first 16 bytes of the
> message with the last 16 bytes of the public key.
Sorry, I misinterpreted that loop. It overwrites the last 32 bytes of
the 64-byte signature with the contents of the 32-byte public key,
period. It does not overwrite the message at all.
-- Patrick
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic