Use of hedged signatures

[wemeetagain]

Peer id specs currently enforce RFC-6979 for creating signatures.

Ed25519 signatures follow the normal Ed25519 standard.

then sign it using the standard Bitcoin EC signature algorithm (BIP0062

then sign it with the ECDSA standard algorithm

Meanwhile there is an attempt to improve the security of signing via "hedging" with additional entropy:
https://datatracker.ietf.org/doc/draft-irtf-cfrg-det-sigs-with-noise/

Should the spec be relaxed to allow for use of this?

Related:

• article describing hedged signatures: https://paulmillr.com/posts/deterministic-signatures/
• PR where this issue was raised: feat: use bitcoin secp256k11 ChainSafe/zig-discv5#1

[MarcoPolo]

Interesting, thanks for the references. I'm not a cryptographer, so I won't weigh in with an opinion on the specifics.

From libp2p's perspective we should probably wait for the actual cryptographers at the CFRG to publish a recommendation.

We don't need to relax the spec, we would just introduce a new key type.