Commit message (Collapse) | Author | Age | ||
---|---|---|---|---|
... | ||||
* | first batch of license fixes (boring) | psyc://loupsycedyglgamf.onion/~lynX | 2018-06-05 | |
| | ||||
* | typofix | amirouche | 2018-01-08 | |
| | | | | Signed-off-by: ng0 <ng0@n0.is> | |||
* | doxygen/indentation fixes | Christian Grothoff | 2017-11-02 | |
| | ||||
* | add -P option to gnunet-ecc | Christian Grothoff | 2017-11-01 | |
| | ||||
* | add missing const | Christian Grothoff | 2017-10-31 | |
| | ||||
* | introducing GNUNET_CRYPTO_ecdhe_create2() to avoid malloc nonsense | Christian Grothoff | 2017-02-15 | |
| | ||||
* | use new shortmap to simplify CADET logic a bit | Christian Grothoff | 2017-01-17 | |
| | ||||
* | introducing the short map | Christian Grothoff | 2017-01-17 | |
| | ||||
* | fix dlog API for mteich | Christian Grothoff | 2016-07-06 | |
| | ||||
* | Rework the error handling for gcd(r,n) != 1 so the Taler wallet can see errors. | Jeff Burdges | 2016-06-08 | |
| | ||||
* | Use a uniform random number mod an RSA composites for both | Jeff Burdges | 2016-05-30 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the blinding factor and the full domain hash. This resolves an attack against the blinding factor in Taler: There was a call to GNUNET_CRYPTO_kdf in bkey = rsa_blinding_key_derive (len, bks); that gives exactly len bits where len = GNUNET_CRYPTO_rsa_public_key_len (pkey); Now r = 2^(len-1)/pkey.n is the probability that a set high bit being okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey > pkey.n making the effective bkey be bkey mod pkey.n = bkey - pkey.n so the effective bkey has its high bit set with probability r/2. We expect r to be close to 1/2 if the exchange is honest, but the exchange can choose r otherwise. In blind signing, the exchange sees B = bkey * S mod pkey.n On deposit, the exchange sees S so they can compute bkey' = B/S mod pkey.n for all B they recorded to see if bkey' has it's high bit set. Also, note the exchange can compute 1/S efficiently since they know the factors of pkey.n. I suppose that happens with probability r/(1+r) if its the wrong B, not completely sure. If otoh we've the right B, then we've the probability r/2 of a set high bit in the effective bkey. Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving the wrong and right probabilities 1/3 and 1/4, respectively. I fear this gives the exchange a meaningful fraction of a bit of information per coin involved in the transaction. It sounds damaging if numerous coins were involved. And it could run across transactions in some scenarios. I suspect we need a more uniform deterministic pseudo-random number generator for blinding factors. Just fyi, our old call to gcry_mpi_randomize had this same problem. I do not believe this caused a problem for the full domain hash, but we can fix it easily enough anyways. | |||
* | fixing #4483: optimize blinding key storage/transmission | Christian Grothoff | 2016-05-24 | |
| | ||||
* | rename.sh GNUNET_CRYPTO_rsa_BlindingKey to GNUNET_CRYPTO_RsaBlindingKey ↵ | Christian Grothoff | 2016-05-19 | |
| | | | | following naming conventions | |||
* | Fix paramater description | Jeff Burdges | 2016-03-21 | |
| | ||||
* | Updated global symbols for FDH | Jeff Burdges | 2016-03-21 | |
| | ||||
* | fixing symbol naming and coding convention issues | Christian Grothoff | 2016-03-21 | |
| | ||||
* | -fix (C) notices | Christian Grothoff | 2016-01-19 | |
| | ||||
* | add crc8 | Christian Grothoff | 2016-01-17 | |
| | ||||
* | doxygen: add documentation links | Gabor X Toth | 2016-01-15 | |
| | ||||
* | doxygen: group/module definitions (part 1) | Gabor X Toth | 2016-01-11 | |
| | ||||
* | - Add ecdsa ecdh functions | Martin Schanzenbach | 2016-01-04 | |
| | | | | | - Update identity token to encrypted protocol | |||
* | -fix ftbfs | Christian Grothoff | 2015-09-05 | |
| | ||||
* | add GNUNET_CRYPTO_ecc_pmul_mpi | Christian Grothoff | 2015-09-05 | |
| | ||||
* | adding bin_to_point and point_to_bin functions for GNUNET_CRYPTO_ecc API | Christian Grothoff | 2015-09-05 | |
| | ||||
* | DEFAULTSERVICES is dead, remove remains | Christian Grothoff | 2015-07-08 | |
| | ||||
* | -fix non-deterministic peerstore sync failure | Christian Grothoff | 2015-07-06 | |
| | ||||
* | -adding ecc dlog support | Christian Grothoff | 2015-07-02 | |
| | ||||
* | fix #3869: outdated FSF address | Christian Grothoff | 2015-06-30 | |
| | ||||
* | patch from Nicolas Fournier to add some _dup and _cmp functions for RSA ↵ | Christian Grothoff | 2015-06-30 | |
| | | | | signatures and private keys | |||
* | fix #3862 | Christian Grothoff | 2015-06-23 | |
| | ||||
* | -minor fixes | Christian Grothoff | 2015-06-10 | |
| | ||||
* | make libextractor actually optional, both for GNUnet and GNUnet-taler builds | Christian Grothoff | 2015-05-30 | |
| | ||||
* | Introduce function to duplicate RSA public keys | Sree Harsha Totakura | 2015-05-28 | |
| | ||||
* | -adding cmp functions for RSA public keys and sigs | Christian Grothoff | 2015-05-15 | |
| | ||||
* | towards using EdDSA-ECDHE instead of ECDSA-ECDHE combined cryptosystem (API ↵ | Christian Grothoff | 2015-05-13 | |
| | | | | only) | |||
* | -doxygen, indentation | Christian Grothoff | 2015-04-17 | |
| | ||||
* | -doxygen, build system fixes, minor API extension | Christian Grothoff | 2015-04-13 | |
| | ||||
* | -updated french translations | Christian Grothoff | 2015-03-24 | |
| | ||||
* | -also cover private key case | Christian Grothoff | 2015-03-19 | |
| | ||||
* | -get test to work, but with ecdsa instead of eddsa | Christian Grothoff | 2015-03-19 | |
| | ||||
* | check for existence of 'getopt' command line tool | Christian Grothoff | 2015-03-15 | |
| | ||||
* | add GNUNET_CRYPTO_rsa_public_key_hash | Christian Grothoff | 2015-03-09 | |
| | ||||
* | -bringing copyright tags up to FSF standard | Christian Grothoff | 2015-02-07 | |
| | ||||
* | adding GNUNET_CRYPTO_eddsa_private_key_from_string | Christian Grothoff | 2015-01-28 | |
| | ||||
* | - fix docu | Sree Harsha Totakura | 2015-01-26 | |
| | ||||
* | -fix doc | Sree Harsha Totakura | 2015-01-26 | |
| | ||||
* | adding API for incremental hashing (from Taler) | Christian Grothoff | 2015-01-09 | |
| | ||||
* | adding support for blind signatures (modernized version of Taler logic, with ↵ | Christian Grothoff | 2015-01-09 | |
| | | | | variable key length) | |||
* | -do forcestart for gns; doxygen fixes | Christian Grothoff | 2014-12-14 | |
| | ||||
* | -clarify docs | Christian Grothoff | 2014-12-07 | |
| |