[Cryptech Tech] Requirements for signing the Tor consensus

Linus Nordberg linus at nordberg.se
Wed Mar 5 17:22:42 UTC 2014


Joachim Strömbergson <joachim at secworks.se> wrote
Wed, 05 Mar 2014 13:07:01 +0100:

| > Does this match the use case: http://ed25519.cr.yp.to/python/sign.py>
| > (So I know the operations to be supported.)
| 
| I threw together a repo shell for developing the core. Do you have a
| pointer to ed25519 in Tor to see exactly how it is called (data types etc)?

1. Tor directory authorities don't use Ed25519 yet. No such proposal
exists.

2. Tor relays don't use Ed25519 yet. Proposal 220 [0] describes how they
might do that in the future. I know there's a rewrite of that proposal
sitting somewhere not published yet, so don't make decisions based on
it.

3. Tor relays do use Curve25519 for the "ntor" handshake since
0.2.4.8-alpha (2013-01-14). See [tor-spec] section 5.1.4. for
details. This application requires high performance.

[0] https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/220-ecc-id-keys.txt
[tor-spec] https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt



More information about the Tech mailing list