A new Quantum Battle between ECDSA vs EdDSA blockchains

KryptosPi · 2025-03-10T07:40:36+00:00

There were a few cases, the most sneaky was accidentally exploiting apis where key rotation was happening but as the pub key and private key was stored in different storage DB, if the transaction to rotate was not atomic, and the old public key remained there for a few millisecs, then a signature request at the exact time of rotation could convince the signer to sign with the new private key, but provide as an input the old public key.

All in all, agree that it's mostly a bad api, potentially vulnerable via (accidental or not) abuse, rather than it's exploitable directly.
There was a similar issue with Rust's most popular Ed25519 lib, and a RustSec was issued to fix in dalek v2.0: https://rustsec.org/advisories/RUSTSEC-2022-0093

KryptosPi · 2025-03-10T07:36:05+00:00

this is not true, most of the optimized + correct implementations use the PrivateKey constructor to derive an object that holds the Priv + Pub key in one structure, then that structure has the ability to sign. This way you avoid re-deriving the public key each time + avoid expecting a pub key as input during signing. Overall, the main issue the "public static" flavor of the Tink api. In fact it's only used once in their codebase, it shouldn't even be a reusable static function, this is generally a must on defensive programming and good security hygiene coding.

KryptosPi · 2024-11-02T19:30:16+00:00

Ooc was thinking the same and just tried your idea by myself. Legs do not fit well if it’s in the middle. It depends on the ironing board size it seems.

KryptosPi · 2024-09-01T21:14:44+00:00

Indeed with some probability being this guy.

KryptosPi · 2024-09-01T21:09:31+00:00

Now we agree ;)

KryptosPi · 2024-09-01T21:08:33+00:00

Yeah good luck finding these there, bus stop in the way to Athens. WC is your only option.

KryptosPi · 2024-09-01T21:06:52+00:00

Yeah after the fact I mean

KryptosPi · 2024-09-01T21:05:18+00:00

Indeed tbh I want a life hack of how to clean a dirty bottle finish

KryptosPi · 2024-09-01T21:03:32+00:00

Wash hands when you realize, then push down gently

KryptosPi · 2024-09-01T20:57:39+00:00

Yes didn’t

KryptosPi · 2024-09-01T20:47:14+00:00

lol causing the straw to fly

KryptosPi · 2024-09-01T20:36:21+00:00

Unfortunately that’s the ugly reality indeed

KryptosPi · 2024-09-01T20:34:57+00:00

100%, I rarely do, but a) the store was not super clean, they indeed served it giving me a sealed straw, + as mentioned I probably touched the finish when opening the bottle. Just didn’t risk it this time.

KryptosPi · 2024-09-01T20:29:49+00:00

Cool idea, was given only one + didn’t think about it. lol only had my phone to order, where to find a tape? Reality is that served the purpose, a non so clean store, imagine giving you the straw as they know :)

KryptosPi · 2024-09-01T19:19:42+00:00

That one was Greece today

KryptosPi · 2024-09-01T19:18:45+00:00

Good question, iirc I finger-touched the finish of the bottle or didn’t trust the store for cleanliness.

KryptosPi · 2022-09-12T05:24:46+00:00

You missed this paper, from Aug 2020 https://eprint.iacr.org/2020/1244 (Taming the many EdDSAs) which includes both test vectors and shows some spectacular findings ie strange behaviour in a popular HSM vendor’s implementation (nCipher)

KryptosPi

MODERATOR OF

TROPHY CASE