mirror of
https://github.com/jedisct1/minisign.git
synced 2025-04-03 19:07:41 +03:00
Add a note on ED25519_NONDETERMINISTIC
This commit is contained in:
Frank Denis
parent
1d4855a83a
commit
66b19a6da3
1 changed files with 15 additions and 0 deletions
15
README.md
15
README.md
|
|
@ -51,3 +51,18 @@ Alternative implementations
|
|||
|
||||
* [rsign](https://bitbucket.org/danielrangel/rsign) is a minisign
|
||||
implementation written in Rust.
|
||||
|
||||
Faults injections
|
||||
-----------------
|
||||
|
||||
Minisign uses the EdDSA signature system, and deterministic signature
|
||||
schemes are fragile against fault attacks. However, conducting these requires
|
||||
physical access or the attacker having access to the same physical host.
|
||||
|
||||
More importantly, this requires a significant amount of time, and messages
|
||||
being signed endlessly while the attack is being conducted.
|
||||
|
||||
If such a scenario ever happens to be part of your threat model,
|
||||
libsodium should be compiled with the `ED25519_NONDETERMINISTIC` macro
|
||||
defined. This will add random noise to the computation of EdDSA
|
||||
nonces.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue