It should probably be clearer that Ed25519 as described by RFC 8032 does not suffer from signature malleability
zamicol opened this issue · comments
Zach Collier commented
Ed25519 described by RFC 8032 is not malleable. This should probably be clearer on the demonstration page.
Zach Collier commented
Fantastic tool. Thank you for your work.
I used your tool to generate a test for Coze to ensure that the Go implementation wasn't malleable. I also tested Paul's noble library using the Ed25519 Online Tool which also does not permit malleability.
I was unable to get TweetNACL to validate a "high s" signature, but perhaps it was an encoding issue. Do you perhaps have an example?
I've not dug too deep into the Rust code. Was it dalek that's permitting malleable signing/verification of Ed25519?