New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/ecdsa: Sign output differs using 1.18 #52510
Comments
Friendly cc'ing @FiloSottile 🙏 |
This output mismatch could to be related to this commit: crypto/ecdsa: draw a fixed amount of entropy while signing. |
You should not expect the signature value to be stable relatively to a specific randomness input stream. We actually go out of our way to draw an extra byte or not to not always generate the same signature, but since your randomness input is all zeroes, it will still look stable-ish. Anyway, the algorithm will sometimes change between releases, that's to be expected. |
Thanks for the quick response & clarification! Although I need to get my head around your words as I don't understand how the same input could output different results and they continue to be verifiable! I will take a look to the verify internals. Thanks! |
Unlike hashes, there can be multiple valid signatures for a (message, public key) pair. Some algorithms like Ed25519 are deterministic in that they will always generate the same one when signing, but that's just an implementation choice. You could add randomness to Ed25519 and get many valid signatures for the same message. If you need that not to be true, you want a Verifiable Random Function, not a signature scheme. |
Thanks for the detailed comment @FiloSottile, it's really appreciated! |
What version of Go are you using (
go version
)?1.18
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?arm64 but I would say it does reproduce in other environments as we detected in a failing test in our CI which uses linux/amd64.
What did you do?
1.18: https://go.dev/play/p/d-e_UyfTK9B
1.17: https://go.dev/play/p/d-e_UyfTK9B?v=goprev
What did you expect to see?
Same result in both.
What did you see instead?
Different output:
ecdsa.Sign
using go1.17:ecdsa.Sign
using go1.18:The hardcoded key is a PKCS8 key for an underlying P256 elliptic curve. Generated using
crypto/rand
and 1.18 although I don't think this would be an important detail as it was caught in our CI using a previously generated key using 1.17.Code for key generation if that helps:
The text was updated successfully, but these errors were encountered: