goshimmer
goshimmer copied to clipboard
iotaledger
Fix Ed25519 key derivation
The derivation currently implemented in hive.go and the wallet does not offer the needed security requirements. It should be changed to a SLIP-10-based implementation to offer the proper security and compatibility with Chrysalis and other standards.
Hey @Wollac
I thought I might take a stab at this issue (it is on the sprint log) but I am not sure what is the way you had in mind. I see currently Hive relies on an outdated implementation from Oasis protocol.
Do we want to find another 3rd party lib? Do we want use what you created in your crypto demo? Or maybe we want to use adapters from the implmentation we have in rust?
I would propose to just go for the easiest approach. I think the Oasis Ed25519 implementation was chosen for some performance considerations, but with Go 1.16 there were significant performance improvements to Ed25519 so this is even less relevant now.
I think, an implementation based on my "crypto demo" should be the easiest, at least this is how Hornet is currently doing it. And then either parse those keys as Oasis keys or just replace it with the stdlib implementation.