RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 10 records.

Status: Verified (3)

RFC 8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)", January 2017

Source of RFC: IRTF

Errata ID: 5930
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Daniel Bleichenbacher
Date Reported: 2019-12-06
Verifier Name: Colin Perkins
Date Verified: 2021-05-24

Section 6 says:

def verify(public, msg, signature):
    if len(public) != 32:
        raise Exception("Bad public key length")
    if len(signature) != 64:
        Exception("Bad signature length")

It should say:

def verify(public, msg, signature):
    if len(public) != 32:
        raise Exception("Bad public key length")
    if len(signature) != 64:
        raise Exception("Bad signature length")

Notes:

Missing raise before Exception

Errata ID: 5519
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Susumu Endoh
Date Reported: 2018-10-10
Verifier Name: Colin Perkins
Date Verified: 2019-04-09

Section 5.1.7 says:

Decode the first half as a point R, and the second half as an integer S,
in the range 0 <= s < L.

It should say:

Decode the first half as a point R, and the second half as an integer S,
in the range 0 <= S < L.

Notes:

original document expression is ' 0 <= s < L', but it must be '0 <= S < L'. upper/lower case problem.

Errata ID: 6851
Status: Verified
Type: Editorial
Publication Format(s) : TEXT

Reported By: Martin Thomson
Date Reported: 2022-02-15
Verifier Name: RFC Editor

Section 8.7 says:

   As an API consideration, this means that any Initialize Update
   Finalize (IFU) verification interface is prone to misuse.

It should say:

   As an API consideration, this means that any Initialize Update
   Finalize (IUF) verification interface is prone to misuse.

Notes:

Typo in acronym.

Status: Reported (4)

RFC 8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)", January 2017

Source of RFC: IRTF

Errata ID: 5968
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Valeria Nikolaenko
Date Reported: 2020-01-28

Section 3.1 says:

3.1.  Encoding

   An integer 0 < S < L - 1 is encoded in little-endian form as a b-bit
   string ENC(S).

It should say:

3.1.  Encoding

   An integer 0 <= S <= L - 1 is encoded in little-endian form as a b-bit
   string ENC(S).

Notes:

The range of the scalar should include the end-points: 0 and L-1.

Errata ID: 6306
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Dmitry Khovratovich
Date Reported: 2020-10-15

Section 5.1.7 says:

       Decode the first half as a
       point R, and the second half as an integer S, in the range
       0 <= s < L.  Decode the public key A as point A'.  If any of the
       decodings fail (including S being out of range), the signature is
       invalid.

   2.  Compute SHA512(dom2(F, C) || R || A || PH(M)), and interpret the
       64-octet digest as a little-endian integer k.

   3.  Check the group equation [8][S]B = [8]R + [8][k]A'.  It's
       sufficient, but not required, to instead check [S]B = R + [k]A'.

It should say:

       Decode the first half R as a
       point R', and the second half as an integer S, in the range
       0 <= S < L.  Decode the public key A as point A'.  If any of the
       decodings fail (including S being out of range), the signature is
       invalid.

   2.  Compute SHA512(dom2(F, C) || R || A || PH(M)), and interpret the
       64-octet digest as a little-endian integer k.

   3.  Check the group equation [8][S]B = [8]R' + [8][k]A'.  It's
       sufficient, but not required, to instead check [S]B = R' + [k]A'.

Notes:

1) public key R' and its encoding R are confused
2) s changed to S (this errata has been reported already)

Errata ID: 6348
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: David Benjamin
Date Reported: 2020-12-02

Section 3.4 says:

Compute h = H(ENC(R) || ENC(A) || M), and check the group
equation [2^c * S] B = 2^c * R + [2^c * h] A in E.

It should say:

Compute h = H(ENC(R) || ENC(A) || M), and check the group
equation [2^c * S] B = [2^c] R + [2^c * h] A in E.

Notes:

Section 2 uses a separate notation, [n]X, for point multiplication, so this operation should use the brackets.

Errata ID: 7031
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Benson Muite
Date Reported: 2022-07-24

Section 7.1 says:

   These test vectors are taken from [ED25519-TEST-VECTORS] (but we
   removed the public key as a suffix of the private key and removed the
   message from the signature) and [ED25519-LIBGCRYPT-TEST-VECTORS].

   -----TEST 1

   ALGORITHM:
   Ed25519

   SECRET KEY:
   9d61b19deffd5a60ba844af492ec2cc4
   4449c5697b326919703bac031cae7f60

   PUBLIC KEY:
   d75a980182b10ab7d54bfed3c964073a
   0ee172f3daa62325af021a68f707511a

   MESSAGE (length 0 bytes):

   SIGNATURE:
   e5564300c360ac729086e2cc806e828a
   84877f1eb8e5d974d873e06522490155
   5fb8821590a33bacc61e39701cf9b46b
   d25bf5f0595bbe24655141438e7a100b

   -----TEST 2

   ALGORITHM:
   Ed25519

   SECRET KEY:
   4ccd089b28ff96da9db6c346ec114e0f
   5b8a319f35aba624da8cf6ed4fb8a6fb

   PUBLIC KEY:
   3d4017c3e843895a92b70aa74d1b7ebc
   9c982ccf2ec4968cc0cd55f12af4660c

   MESSAGE (length 1 byte):
   72

   SIGNATURE:
   92a009a9f0d4cab8720e820b5f642540
   a2b27b5416503f8fb3762223ebdb69da
   085ac1e43e15996e458f3613d0f11d8c
   387b2eaeb4302aeeb00d291612bb0c00



Josefsson & Liusvaara         Informational                    [Page 24]


RFC 8032                EdDSA: Ed25519 and Ed448            January 2017


   -----TEST 3

   ALGORITHM:
   Ed25519

   SECRET KEY:
   c5aa8df43f9f837bedb7442f31dcb7b1
   66d38535076f094b85ce3a2e0b4458f7

   PUBLIC KEY:
   fc51cd8e6218a1a38da47ed00230f058
   0816ed13ba3303ac5deb911548908025

   MESSAGE (length 2 bytes):
   af82

   SIGNATURE:
   6291d657deec24024827e69c3abe01a3
   0ce548a284743a445e3680d7db5ac3ac
   18ff9b538d16f290ae67f760984dc659
   4a7c15e9716ed28dc027beceea1ec40a

   -----TEST 1024

   ALGORITHM:
   Ed25519

   SECRET KEY:
   f5e5767cf153319517630f226876b86c
   8160cc583bc013744c6bf255f5cc0ee5

   PUBLIC KEY:
   278117fc144c72340f67d0f2316e8386
   ceffbf2b2428c9c51fef7c597f1d426e

   MESSAGE (length 1023 bytes):
   08b8b2b733424243760fe426a4b54908
   632110a66c2f6591eabd3345e3e4eb98
   fa6e264bf09efe12ee50f8f54e9f77b1
   e355f6c50544e23fb1433ddf73be84d8
   79de7c0046dc4996d9e773f4bc9efe57
   38829adb26c81b37c93a1b270b20329d
   658675fc6ea534e0810a4432826bf58c
   941efb65d57a338bbd2e26640f89ffbc
   1a858efcb8550ee3a5e1998bd177e93a
   7363c344fe6b199ee5d02e82d522c4fe
   ba15452f80288a821a579116ec6dad2b
   3b310da903401aa62100ab5d1a36553e
   06203b33890cc9b832f79ef80560ccb9
   a39ce767967ed628c6ad573cb116dbef
   efd75499da96bd68a8a97b928a8bbc10
   3b6621fcde2beca1231d206be6cd9ec7
   aff6f6c94fcd7204ed3455c68c83f4a4
   1da4af2b74ef5c53f1d8ac70bdcb7ed1
   85ce81bd84359d44254d95629e9855a9
   4a7c1958d1f8ada5d0532ed8a5aa3fb2
   d17ba70eb6248e594e1a2297acbbb39d
   502f1a8c6eb6f1ce22b3de1a1f40cc24
   554119a831a9aad6079cad88425de6bd
   e1a9187ebb6092cf67bf2b13fd65f270
   88d78b7e883c8759d2c4f5c65adb7553
   878ad575f9fad878e80a0c9ba63bcbcc
   2732e69485bbc9c90bfbd62481d9089b
   eccf80cfe2df16a2cf65bd92dd597b07
   07e0917af48bbb75fed413d238f5555a
   7a569d80c3414a8d0859dc65a46128ba
   b27af87a71314f318c782b23ebfe808b
   82b0ce26401d2e22f04d83d1255dc51a
   ddd3b75a2b1ae0784504df543af8969b
   e3ea7082ff7fc9888c144da2af58429e
   c96031dbcad3dad9af0dcbaaaf268cb8
   fcffead94f3c7ca495e056a9b47acdb7
   51fb73e666c6c655ade8297297d07ad1
   ba5e43f1bca32301651339e22904cc8c
   42f58c30c04aafdb038dda0847dd988d
   cda6f3bfd15c4b4c4525004aa06eeff8
   ca61783aacec57fb3d1f92b0fe2fd1a8
   5f6724517b65e614ad6808d6f6ee34df
   f7310fdc82aebfd904b01e1dc54b2927
   094b2db68d6f903b68401adebf5a7e08
   d78ff4ef5d63653a65040cf9bfd4aca7
   984a74d37145986780fc0b16ac451649
   de6188a7dbdf191f64b5fc5e2ab47b57
   f7f7276cd419c17a3ca8e1b939ae49e4
   88acba6b965610b5480109c8b17b80e1
   b7b750dfc7598d5d5011fd2dcc5600a3
   2ef5b52a1ecc820e308aa342721aac09
   43bf6686b64b2579376504ccc493d97e
   6aed3fb0f9cd71a43dd497f01f17c0e2
   cb3797aa2a2f256656168e6c496afc5f
   b93246f6b1116398a346f1a641f3b041
   e989f7914f90cc2c7fff357876e506b5
   0d334ba77c225bc307ba537152f3f161
   0e4eafe595f6d9d90d11faa933a15ef1
   369546868a7f3a45a96768d40fd9d034
   12c091c6315cf4fde7cb68606937380d
   b2eaaa707b4c4185c32eddcdd306705e
   4dc1ffc872eeee475a64dfac86aba41c
   0618983f8741c5ef68d3a101e8a3b8ca
   c60c905c15fc910840b94c00a0b9d0

   SIGNATURE:
   0aab4c900501b3e24d7cdf4663326a3a
   87df5e4843b2cbdb67cbf6e460fec350
   aa5371b1508f9f4528ecea23c436d94b
   5e8fcd4f681e30a6ac00a9704a188a03

   -----TEST SHA(abc)

   ALGORITHM:
   Ed25519

   SECRET KEY:
   833fe62409237b9d62ec77587520911e
   9a759cec1d19755b7da901b96dca3d42

   PUBLIC KEY:
   ec172b93ad5e563bf4932c70e1245034
   c35467ef2efd4d64ebf819683467e2bf

   MESSAGE (length 64 bytes):
   ddaf35a193617abacc417349ae204131
   12e6fa4e89a97ea20a9eeee64b55d39a
   2192992a274fc1a836ba3c23a3feebbd
   454d4423643ce80e2a9ac94fa54ca49f

   SIGNATURE:
   dc2a4459e7369633a52b1bf277839a00
   201009a3efbf3ecb69bea2186c26b589
   09351fc9ac90b3ecfdfbc7c66431e030
   3dca179c138ac17ad9bef1177331a704
   -----

It should say:

   These test vectors are taken from [ED25519-TEST-VECTORS] (but we
   removed the public key as a suffix of the private key and removed the
   message from the signature) and [ED25519-LIBGCRYPT-TEST-VECTORS]. Test
   vectors 100-111 are taken from "Taming the many EdDSAs" by Konstantinos 
   Chalkias, François Garillot, and Valeria Nikolaenko 
   https://eprint.iacr.org/2020/1244

   -----TEST 1

   ALGORITHM:
   Ed25519

   SECRET KEY:
   9d61b19deffd5a60ba844af492ec2cc4
   4449c5697b326919703bac031cae7f60

   PUBLIC KEY:
   d75a980182b10ab7d54bfed3c964073a
   0ee172f3daa62325af021a68f707511a

   MESSAGE (length 0 bytes):

   SIGNATURE:
   e5564300c360ac729086e2cc806e828a
   84877f1eb8e5d974d873e06522490155
   5fb8821590a33bacc61e39701cf9b46b
   d25bf5f0595bbe24655141438e7a100b

   -----TEST 2

   ALGORITHM:
   Ed25519

   SECRET KEY:
   4ccd089b28ff96da9db6c346ec114e0f
   5b8a319f35aba624da8cf6ed4fb8a6fb

   PUBLIC KEY:
   3d4017c3e843895a92b70aa74d1b7ebc
   9c982ccf2ec4968cc0cd55f12af4660c

   MESSAGE (length 1 byte):
   72

   SIGNATURE:
   92a009a9f0d4cab8720e820b5f642540
   a2b27b5416503f8fb3762223ebdb69da
   085ac1e43e15996e458f3613d0f11d8c
   387b2eaeb4302aeeb00d291612bb0c00



Josefsson & Liusvaara         Informational                    [Page 24]


RFC 8032                EdDSA: Ed25519 and Ed448            January 2017


   -----TEST 3

   ALGORITHM:
   Ed25519

   SECRET KEY:
   c5aa8df43f9f837bedb7442f31dcb7b1
   66d38535076f094b85ce3a2e0b4458f7

   PUBLIC KEY:
   fc51cd8e6218a1a38da47ed00230f058
   0816ed13ba3303ac5deb911548908025

   MESSAGE (length 2 bytes):
   af82

   SIGNATURE:
   6291d657deec24024827e69c3abe01a3
   0ce548a284743a445e3680d7db5ac3ac
   18ff9b538d16f290ae67f760984dc659
   4a7c15e9716ed28dc027beceea1ec40a

   -----TEST 1024

   ALGORITHM:
   Ed25519

   SECRET KEY:
   f5e5767cf153319517630f226876b86c
   8160cc583bc013744c6bf255f5cc0ee5

   PUBLIC KEY:
   278117fc144c72340f67d0f2316e8386
   ceffbf2b2428c9c51fef7c597f1d426e

   MESSAGE (length 1023 bytes):
   08b8b2b733424243760fe426a4b54908
   632110a66c2f6591eabd3345e3e4eb98
   fa6e264bf09efe12ee50f8f54e9f77b1
   e355f6c50544e23fb1433ddf73be84d8
   79de7c0046dc4996d9e773f4bc9efe57
   38829adb26c81b37c93a1b270b20329d
   658675fc6ea534e0810a4432826bf58c
   941efb65d57a338bbd2e26640f89ffbc
   1a858efcb8550ee3a5e1998bd177e93a
   7363c344fe6b199ee5d02e82d522c4fe
   ba15452f80288a821a579116ec6dad2b
   3b310da903401aa62100ab5d1a36553e
   06203b33890cc9b832f79ef80560ccb9
   a39ce767967ed628c6ad573cb116dbef
   efd75499da96bd68a8a97b928a8bbc10
   3b6621fcde2beca1231d206be6cd9ec7
   aff6f6c94fcd7204ed3455c68c83f4a4
   1da4af2b74ef5c53f1d8ac70bdcb7ed1
   85ce81bd84359d44254d95629e9855a9
   4a7c1958d1f8ada5d0532ed8a5aa3fb2
   d17ba70eb6248e594e1a2297acbbb39d
   502f1a8c6eb6f1ce22b3de1a1f40cc24
   554119a831a9aad6079cad88425de6bd
   e1a9187ebb6092cf67bf2b13fd65f270
   88d78b7e883c8759d2c4f5c65adb7553
   878ad575f9fad878e80a0c9ba63bcbcc
   2732e69485bbc9c90bfbd62481d9089b
   eccf80cfe2df16a2cf65bd92dd597b07
   07e0917af48bbb75fed413d238f5555a
   7a569d80c3414a8d0859dc65a46128ba
   b27af87a71314f318c782b23ebfe808b
   82b0ce26401d2e22f04d83d1255dc51a
   ddd3b75a2b1ae0784504df543af8969b
   e3ea7082ff7fc9888c144da2af58429e
   c96031dbcad3dad9af0dcbaaaf268cb8
   fcffead94f3c7ca495e056a9b47acdb7
   51fb73e666c6c655ade8297297d07ad1
   ba5e43f1bca32301651339e22904cc8c
   42f58c30c04aafdb038dda0847dd988d
   cda6f3bfd15c4b4c4525004aa06eeff8
   ca61783aacec57fb3d1f92b0fe2fd1a8
   5f6724517b65e614ad6808d6f6ee34df
   f7310fdc82aebfd904b01e1dc54b2927
   094b2db68d6f903b68401adebf5a7e08
   d78ff4ef5d63653a65040cf9bfd4aca7
   984a74d37145986780fc0b16ac451649
   de6188a7dbdf191f64b5fc5e2ab47b57
   f7f7276cd419c17a3ca8e1b939ae49e4
   88acba6b965610b5480109c8b17b80e1
   b7b750dfc7598d5d5011fd2dcc5600a3
   2ef5b52a1ecc820e308aa342721aac09
   43bf6686b64b2579376504ccc493d97e
   6aed3fb0f9cd71a43dd497f01f17c0e2
   cb3797aa2a2f256656168e6c496afc5f
   b93246f6b1116398a346f1a641f3b041
   e989f7914f90cc2c7fff357876e506b5
   0d334ba77c225bc307ba537152f3f161
   0e4eafe595f6d9d90d11faa933a15ef1
   369546868a7f3a45a96768d40fd9d034
   12c091c6315cf4fde7cb68606937380d
   b2eaaa707b4c4185c32eddcdd306705e
   4dc1ffc872eeee475a64dfac86aba41c
   0618983f8741c5ef68d3a101e8a3b8ca
   c60c905c15fc910840b94c00a0b9d0

   SIGNATURE:
   0aab4c900501b3e24d7cdf4663326a3a
   87df5e4843b2cbdb67cbf6e460fec350
   aa5371b1508f9f4528ecea23c436d94b
   5e8fcd4f681e30a6ac00a9704a188a03

   -----TEST SHA(abc)

   ALGORITHM:
   Ed25519

   SECRET KEY:
   833fe62409237b9d62ec77587520911e
   9a759cec1d19755b7da901b96dca3d42

   PUBLIC KEY:
   ec172b93ad5e563bf4932c70e1245034
   c35467ef2efd4d64ebf819683467e2bf

   MESSAGE (length 64 bytes):
   ddaf35a193617abacc417349ae204131
   12e6fa4e89a97ea20a9eeee64b55d39a
   2192992a274fc1a836ba3c23a3feebbd
   454d4423643ce80e2a9ac94fa54ca49f

   SIGNATURE:
   dc2a4459e7369633a52b1bf277839a00
   201009a3efbf3ecb69bea2186c26b589
   09351fc9ac90b3ecfdfbc7c66431e030
   3dca179c138ac17ad9bef1177331a704
   -----
-----Test 100

ALGORITHM:
Ed25519

MESSAGE:
8c93255d71dcab10e8f379c26200f3c7bd5f09d9bc3068d3ef4edeb4853022b6

PUBLIC KEY:
c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa

SIGNATURE:
c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a0000000000000000000000000000000000000000000000000000000000000000

-----Test 101

ALGORITHM:
Ed25519

MESSAGE:
9bd9f44f4dcc75bd531b56b2cd280b0bb38fc1cd6d1230e14861d861de092e79

PUBLIC KEY:
c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa

SIGNATURE:
f7badec5b8abeaf699583992219b7b223f1df3fbbea919844e3f7c554a43dd43a5bb704786be79fc476f91d3f3f89b03984d8068dcf1bb7dfc6637b45450ac04

-----Test 102

ALGORITHM:
Ed25519

MESSAGE:
aebf3f2601a0c8c5d39cc7d8911642f740b78168218da8471772b35f9d35b9ab

PUBLIC KEY:
f7badec5b8abeaf699583992219b7b223f1df3fbbea919844e3f7c554a43dd43

SIGNATURE:
c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa8c4bd45aecaca5b24fb97bc10ac27ac8751a7dfe1baff8b953ec9f5833ca260e

-----Test 103

ALGORITHM:
Ed25519

MESSAGE:
9bd9f44f4dcc75bd531b56b2cd280b0bb38fc1cd6d1230e14861d861de092e79

PUBLIC KEY:
cdb267ce40c5cd45306fa5d2f29731459387dbf9eb933b7bd5aed9a765b88d4d

SIGNATURE:
9046a64750444938de19f227bb80485e92b83fdb4b6506c160484c016cc1852f87909e14428a7a1d62e9f22f3d3ad7802db02eb2e688b6c52fcd6648a98bd009

-----Test 104

ALGORITHM:
Ed25519

MESSAGE:
e47d62c63f830dc7a6851a0b1f33ae4bb2f507fb6cffec4011eaccd55b53f56c

PUBLIC KEY:
cdb267ce40c5cd45306fa5d2f29731459387dbf9eb933b7bd5aed9a765b88d4d

SIGNATURE:
160a1cb0dc9c0258cd0a7d23e94d8fa878bcb1925f2c64246b2dee1796bed5125ec6bc982a269b723e0668e540911a9a6a58921d6925e434ab10aa7940551a09

-----Test 105

ALGORITHM:
Ed25519

MESSAGE:
e47d62c63f830dc7a6851a0b1f33ae4bb2f507fb6cffec4011eaccd55b53f56c

PUBLIC KEY:
cdb267ce40c5cd45306fa5d2f29731459387dbf9eb933b7bd5aed9a765b88d4d

SIGNATURE:
21122a84e0b5fca4052f5b1235c80a537878b38f3142356b2c2384ebad4668b7e40bc836dac0f71076f9abe3a53f9c03c1ceeeddb658d0030494ace586687405

-----Test 106

ALGORITHM:
Ed25519

MESSAGE:
85e241a07d148b41e47d62c63f830dc7a6851a0b1f33ae4bb2f507fb6cffec40

PUBLIC KEY:
442aad9f089ad9e14647b1ef9099a1ff4798d78589e66f28eca69c11f582a623

SIGNATURE:
e96f66be976d82e60150baecff9906684aebb1ef181f67a7189ac78ea23b6c0e547f7690a0e2ddcd04d87dbc3490dc19b3b3052f7ff0538cb68afb369ba3a514

-----Test 107

ALGORITHM:
Ed25519

MESSAGE:
85e241a07d148b41e47d62c63f830dc7a6851a0b1f33ae4bb2f507fb6cffec40

PUBLIC KEY:
442aad9f089ad9e14647b1ef9099a1ff4798d78589e66f28eca69c11f582a623

SIGNATURE:
8ce5b96c8f26d0ab6c47958c9e68b937104cd36e13c33566acd2fe8d38aa19427e71f98a473474f2f13f06f97c20d58cc3f54b8bd0d272f42b695dd7e89a8c22

-----Test 108

ALGORITHM:
Ed25519

MESSAGE:
9bedc267423725d473888631ebf45988bad3db83851ee85c85e241a07d148b41

PUBLIC KEY:
f7badec5b8abeaf699583992219b7b223f1df3fbbea919844e3f7c554a43dd43

SIGNATURE:
ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03be9678ac102edcd92b0210bb34d7428d12ffc5df5f37e359941266a4e35f0f

-----Test 109

ALGORITHM:
Ed25519

MESSAGE:
9bedc267423725d473888631ebf45988bad3db83851ee85c85e241a07d148b41

PUBLIC KEY:
f7badec5b8abeaf699583992219b7b223f1df3fbbea919844e3f7c554a43dd43

SIGNATURE:
ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffca8c5b64cd208982aa38d4936621a4775aa233aa0505711d8fdcfdaa943d4908

-----Test 110

ALGORITHM:
Ed25519

MESSAGE:
e96b7021eb39c1a163b6da4e3093dcd3f21387da4cc4572be588fafae23c155b

PUBLIC KEY:
ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

SIGNATURE:
a9d55260f765261eb9b84e106f665e00b867287a761990d7135963ee0a7d59dca5bb704786be79fc476f91d3f3f89b03984d8068dcf1bb7dfc6637b45450ac04

-----Test 111

ALGORITHM:
Ed25519

MESSAGE:
39a591f5321bbe07fd5a23dc2f39d025d74526615746727ceefd6e82ae65c06f

PUBLIC KEY:
ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

SIGNATURE:
a9d55260f765261eb9b84e106f665e00b867287a761990d7135963ee0a7d59dca5bb704786be79fc476f91d3f3f89b03984d8068dcf1bb7dfc6637b45450ac04

Notes:

Some of these vectors are not expected to validate. See https://github.com/novifinancial/ed25519-speccheck and Taming the many EdDSAs by Konstantinos Chalkias, François Garillot, and Valeria Nikolaenko https://eprint.iacr.org/2020/1244

Status: Held for Document Update (2)

RFC 8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)", January 2017

Source of RFC: IRTF

Errata ID: 5758
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Franck Rondepierre
Date Reported: 2019-06-21
Held for Document Update by: Stanislav Smyshlyaev
Date Held: 2022-02-15

Section 5.1. says:

                          (p+3)/8      3        (p-5)/8
                 x = (u/v)        = u v  (u v^7)         (mod p)

It should say:

                          (p+3)/8          (p-5)/8
                 x = (u/v)        = u (u v)         (mod p)

Notes:

--VERIFIER NOTES--
The original text was correct (verified by Nick Sullivan).
01/28/2022: RFC Editor changed status to Reported per discussion with Stanislav V. Smyshlyaev.
02/15/2022: The status is changed to "Held for Document Update" by Stanislav Smyshlyaev. The proposed formulas are correct as well (for the specific case of the EdDSA parameters) and provide a slight efficiency gain.

Errata ID: 5759
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT

Reported By: Franck Rondepierre
Date Reported: 2019-06-21
Held for Document Update by: Stanislav Smyshlyaev
Date Held: 2022-02-15

Section 5.2. says:

                          (p+1)/4    3            (p-3)/4
                 x = (u/v)        = u  v (u^5 v^3)         (mod p)

It should say:

                          (p+1)/4            (p-3)/4
                 x = (u/v)        =  u (u v)         (mod p)

Notes:

--VERIFIER NOTES--
The original text was correct (verified by Nick Sullivan).
01/28/2022: RFC Editor changed status to Reported per discussion with Stanislav V. Smyshlyaev.
02/15/2022: The status is changed to "Held for Document Update" by Stanislav Smyshlyaev. The proposed formulas are correct as well (for the specific case of the EdDSA parameters) and provide a slight efficiency gain.

Status: Rejected (1)

RFC 8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)", January 2017

Source of RFC: IRTF

Errata ID: 5757
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Franck Rondepierre
Date Reported: 2019-06-21
Rejected by: Stanislav Smyshlyaev
Date Rejected: 2021-10-26

Section .1 says:

An element (x,y) of E is encoded as a b-bit string called ENC(x,y),
 which is the (b-1)-bit encoding of y concatenated with one bit that
 is 1 if x is negative and 0 if x is not negative.

It should say:

An element (x,y) of E is encoded as a b-bit string called ENC(x,y),
 which is the (b-1)-bit encoding of y concatenated 
with the least significant bit of x.

Notes:

Section 3.1 is not coherent with encodings described for Ed25519 (5.1.2) and Ed448 (5.2.2)
--VERIFIER NOTES--
The original text was correct (verified by Nick Sullivan).

Report New Errata



Advanced Search