Welcome to the wolfSSL Forums!

gabriel · 2024-10-22 16:38:04

gabriel
Member
Offline

Registered: 2024-10-02
Posts: 7

Topic: Why do we have to use SHAKE-256 with ed25519 and ed448?

Reading the WolfSSL docs for both the functions wc_ed448ph_sign_hash and wc_ed25519ph_sign_hash, it says that

The hash algorithm used to create message digest must be SHAKE-256

Why is that? I tried signing messages hashed with SHA-512 and SHA3-256 and it seems to work with no errors.

Besides, looking at the ed25519.c file, the implementation for wc_ed25519_sign_msg_ex, which already hashes the message internally, the hash algorithm used is SHA-512, contradicting what the documentation says.

embhorn · 2024-10-23 06:45:18

embhorn
Moderator
Offline

From: Mobile, AL
Registered: 2013-12-11
Posts: 352

Re: Why do we have to use SHAKE-256 with ed25519 and ed448?

Hi Gabriel,

Thanks for pointing out this issue with the documentation. I've opened a PR here:
https://github.com/wolfSSL/wolfssl/pull/8102

Kind regards,
Eric - wolfSSL Support

Welcome to the wolfSSL Forums!

Why do we have to use SHAKE-256 with ed25519 and ed448?

Posts: 2

1 Topic by gabriel 2024-10-22 16:38:04

Topic: Why do we have to use SHAKE-256 with ed25519 and ed448?

2 Reply by embhorn 2024-10-23 06:45:18

Re: Why do we have to use SHAKE-256 with ed25519 and ed448?

Posts: 2