On Thu, Apr 06, 2017 at 03:37:35PM +0300, George Kadianakis wrote:
> Hello again,
>
> this is the second subthread of the AONT thread that grew too big for
> its own good, and it's about ed25519.
>
> The topic of this subthread is the above ed25519 verification of onion
> addresses that Ian sugge
On Wed, Apr 12, 2017 at 05:57:00PM +0300, George Kadianakis wrote:
> An update:
>
> After lots of discussions in the Amsterdam Tor meeting, the following
> approach was suggested for cleansing keys of their torsion components
> that is more friendly towards hierarchical key-derivation schemes:
>
Note that the torsion-safe method explicitly *does* result in the low 3
bits being "000". It does not explicity preserve the top bits being
"10", because in discussion, we could not determine an actual reason for
them to be fixed in that way.
Another thing to keep an eye on is how one produces su
