# RFC Errata

Found 6 records.

## Status: Verified (1)

### RFC 8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)", January 2017

Source of RFC: IRTF
Errata ID: 5519

**Status: Verified
Type: Editorial
Publication Format(s) : TEXT**

Reported By: Susumu Endoh

Date Reported: 2018-10-10

Verifier Name: Colin Perkins

Date Verified: 2019-04-09

Section 5.1.7 says:

Decode the first half as a point R, and the second half as an integer S, in the range 0 <= s < L.

It should say:

Decode the first half as a point R, and the second half as an integer S, in the range 0 <= S < L.

Notes:

original document expression is ' 0 <= s < L', but it must be '0 <= S < L'. upper/lower case problem.

## Status: Reported (5)

### RFC 8032, "Edwards-Curve Digital Signature Algorithm (EdDSA)", January 2017

Source of RFC: IRTF
Errata ID: 5757

**Status: Reported
Type: Technical
Publication Format(s) : TEXT**

Reported By: Franck Rondepierre

Date Reported: 2019-06-21

Section 3.1 says:

An element (x,y) of E is encoded as a b-bit string called ENC(x,y), which is the (b-1)-bit encoding of y concatenated with one bit that is 1 if x is negative and 0 if x is not negative.

It should say:

An element (x,y) of E is encoded as a b-bit string called ENC(x,y), which is the (b-1)-bit encoding of y concatenated with the least significant bit of x.

Notes:

Section 3.1 is not coherent with encodings described for Ed25519 (5.1.2) and Ed448 (5.2.2)

Errata ID: 5758

**Status: Reported
Type: Technical
Publication Format(s) : TEXT**

Reported By: Franck Rondepierre

Date Reported: 2019-06-21

Section 5.1.3 says:

(p+3)/8 3 (p-5)/8 x = (u/v) = u v (u v^7) (mod p)

It should say:

(p+3)/8 (p-5)/8 x = (u/v) = u (u v) (mod p)

Errata ID: 5759

**Status: Reported
Type: Technical
Publication Format(s) : TEXT**

Reported By: Franck Rondepierre

Date Reported: 2019-06-21

Section 5.2.3 says:

(p+1)/4 3 (p-3)/4 x = (u/v) = u v (u^5 v^3) (mod p)

It should say:

(p+1)/4 (p-3)/4 x = (u/v) = u (u v) (mod p)

Errata ID: 5968

**Status: Reported
Type: Technical
Publication Format(s) : TEXT**

Reported By: Valeria Nikolaenko

Date Reported: 2020-01-28

Section 3.1 says:

3.1. Encoding An integer 0 < S < L - 1 is encoded in little-endian form as a b-bit string ENC(S).

It should say:

3.1. Encoding An integer 0 <= S <= L - 1 is encoded in little-endian form as a b-bit string ENC(S).

Notes:

The range of the scalar should include the end-points: 0 and L-1.

Errata ID: 5930

**Status: Reported
Type: Editorial
Publication Format(s) : TEXT**

Reported By: Daniel Bleichenbacher

Date Reported: 2019-12-06

Section 6 says:

def verify(public, msg, signature): if len(public) != 32: raise Exception("Bad public key length") if len(signature) != 64: Exception("Bad signature length")

It should say:

def verify(public, msg, signature): if len(public) != 32: raise Exception("Bad public key length") if len(signature) != 64: raise Exception("Bad signature length")

Notes:

Missing raise before Exception