There is a reason ed25519 is used instead of ed25519ph :) PureEdDSA does not bre... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		h_anna_h on May 3, 2021 \| parent \| context \| favorite \| on: Bitcoin Core: Bitcoin Core 0.21.1 released with Ta... There is a reason ed25519 is used instead of ed25519ph :) PureEdDSA does not break when a hash function without collision resistance is used.

nullc on May 3, 2021 [–]

Doesn't apply to PGP. :)

And the kind of theoretical attack that non-prehashing protects you from requires that you sign an attacker chosen message -- relevant in some applications but kind of contrived.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact