Sign the hash of the credential, not the raw credential #130
Labels
documentation
Improvements or additions to documentation
enhancement
New feature or request
good first issue
Good for newcomers
Stale
Comments
noandrea
added
enhancement
|
This issue was marked as stale because there was no activity for 15 days |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the code for signing credentials here:
elesto/x/credential/client/cli/tx.go
Line 355 in c2e33f6
and in the code to verify credential signatures here:
elesto/x/credential/credential.go
Line 202 in c2e33f6
we do sign and verify the entire credential byte slice. The signing is done on the client side so it's relatively not critical, but the signature verification is done on the node side.
The signing computes the signature on the whole byte slice of the minified and encoded JSON. That seems to imply that the cost of signing/verifying a credential is linear with the credential size. The task would be to collect empirical data on the cost of signing/verifying a message vs computing the hash of the message and then signing/verifying the hash.
As for hashing algorithm consider blake2b or sha-3
The text was updated successfully, but these errors were encountered: