aboutsummaryrefslogtreecommitdiff
path: root/src/include/gnunet_crypto_lib.h
Commit message (Collapse)AuthorAge
* introducing GNUNET_CRYPTO_ecdhe_create2() to avoid malloc nonsenseChristian Grothoff2017-02-15
|
* use new shortmap to simplify CADET logic a bitChristian Grothoff2017-01-17
|
* introducing the short mapChristian Grothoff2017-01-17
|
* fix dlog API for mteichChristian Grothoff2016-07-06
|
* Rework the error handling for gcd(r,n) != 1 so the Taler wallet can see errors.Jeff Burdges2016-06-08
|
* Use a uniform random number mod an RSA composites for bothJeff Burdges2016-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the blinding factor and the full domain hash. This resolves an attack against the blinding factor in Taler: There was a call to GNUNET_CRYPTO_kdf in bkey = rsa_blinding_key_derive (len, bks); that gives exactly len bits where len = GNUNET_CRYPTO_rsa_public_key_len (pkey); Now r = 2^(len-1)/pkey.n is the probability that a set high bit being okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey > pkey.n making the effective bkey be bkey mod pkey.n = bkey - pkey.n so the effective bkey has its high bit set with probability r/2. We expect r to be close to 1/2 if the exchange is honest, but the exchange can choose r otherwise. In blind signing, the exchange sees B = bkey * S mod pkey.n On deposit, the exchange sees S so they can compute bkey' = B/S mod pkey.n for all B they recorded to see if bkey' has it's high bit set. Also, note the exchange can compute 1/S efficiently since they know the factors of pkey.n. I suppose that happens with probability r/(1+r) if its the wrong B, not completely sure. If otoh we've the right B, then we've the probability r/2 of a set high bit in the effective bkey. Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving the wrong and right probabilities 1/3 and 1/4, respectively. I fear this gives the exchange a meaningful fraction of a bit of information per coin involved in the transaction. It sounds damaging if numerous coins were involved. And it could run across transactions in some scenarios. I suspect we need a more uniform deterministic pseudo-random number generator for blinding factors. Just fyi, our old call to gcry_mpi_randomize had this same problem. I do not believe this caused a problem for the full domain hash, but we can fix it easily enough anyways.
* fixing #4483: optimize blinding key storage/transmissionChristian Grothoff2016-05-24
|
* rename.sh GNUNET_CRYPTO_rsa_BlindingKey to GNUNET_CRYPTO_RsaBlindingKey ↵Christian Grothoff2016-05-19
| | | | following naming conventions
* Fix paramater descriptionJeff Burdges2016-03-21
|
* Updated global symbols for FDH Jeff Burdges2016-03-21
|
* fixing symbol naming and coding convention issuesChristian Grothoff2016-03-21
|
* -fix (C) noticesChristian Grothoff2016-01-19
|
* add crc8Christian Grothoff2016-01-17
|
* doxygen: add documentation linksGabor X Toth2016-01-15
|
* doxygen: group/module definitions (part 1)Gabor X Toth2016-01-11
|
* - Add ecdsa ecdh functionsMartin Schanzenbach2016-01-04
| | | | | - Update identity token to encrypted protocol
* -fix ftbfsChristian Grothoff2015-09-05
|
* add GNUNET_CRYPTO_ecc_pmul_mpiChristian Grothoff2015-09-05
|
* adding bin_to_point and point_to_bin functions for GNUNET_CRYPTO_ecc APIChristian Grothoff2015-09-05
|
* DEFAULTSERVICES is dead, remove remainsChristian Grothoff2015-07-08
|
* -fix non-deterministic peerstore sync failureChristian Grothoff2015-07-06
|
* -adding ecc dlog supportChristian Grothoff2015-07-02
|
* fix #3869: outdated FSF addressChristian Grothoff2015-06-30
|
* patch from Nicolas Fournier to add some _dup and _cmp functions for RSA ↵Christian Grothoff2015-06-30
| | | | signatures and private keys
* fix #3862Christian Grothoff2015-06-23
|
* -minor fixesChristian Grothoff2015-06-10
|
* make libextractor actually optional, both for GNUnet and GNUnet-taler buildsChristian Grothoff2015-05-30
|
* Introduce function to duplicate RSA public keysSree Harsha Totakura2015-05-28
|
* -adding cmp functions for RSA public keys and sigsChristian Grothoff2015-05-15
|
* towards using EdDSA-ECDHE instead of ECDSA-ECDHE combined cryptosystem (API ↵Christian Grothoff2015-05-13
| | | | only)
* -doxygen, indentationChristian Grothoff2015-04-17
|
* -doxygen, build system fixes, minor API extensionChristian Grothoff2015-04-13
|
* -updated french translationsChristian Grothoff2015-03-24
|
* -also cover private key caseChristian Grothoff2015-03-19
|
* -get test to work, but with ecdsa instead of eddsaChristian Grothoff2015-03-19
|
* check for existence of 'getopt' command line toolChristian Grothoff2015-03-15
|
* add GNUNET_CRYPTO_rsa_public_key_hashChristian Grothoff2015-03-09
|
* -bringing copyright tags up to FSF standardChristian Grothoff2015-02-07
|
* adding GNUNET_CRYPTO_eddsa_private_key_from_stringChristian Grothoff2015-01-28
|
* - fix docuSree Harsha Totakura2015-01-26
|
* -fix docSree Harsha Totakura2015-01-26
|
* adding API for incremental hashing (from Taler)Christian Grothoff2015-01-09
|
* adding support for blind signatures (modernized version of Taler logic, with ↵Christian Grothoff2015-01-09
| | | | variable key length)
* -do forcestart for gns; doxygen fixesChristian Grothoff2014-12-14
|
* -clarify docsChristian Grothoff2014-12-07
|
* -fixing misc issues and bugs, including better termination logic for ↵Christian Grothoff2014-11-28
| | | | intersection and salt handling
* cleaning up scalar product client APIChristian Grothoff2014-05-24
|
* 1.Removed GNUNET_CRYPTO_compute_finger_identitySupriti Singh2014-04-07
| | | | | | | 2.Removed myself as the first element of the trail. 3.Multiple entries in the routing table. 4.Put/Get/Monitor from old DHT added back in clients file.
* Add missing stub definitions of structs to the corresponding header filesFlorian Dold2014-03-10
|
* Adding function GNUNET_CRYPTO_compute_finger_identitySupriti Singh2014-02-18
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 19:44:24 +0000