On Fri, May 6, 2016 at 12:06 PM, Ron Garret <[1]ron@flownet.com> wrote: > But with all forms of DH based signatures, a random number is generated and that affects the signature value. In effect, every signature has a salt value. Interesting sidebar: ECDSA nonces were one of the sources of Bitcoin's transaction malleability. The (massive pile of hacks that is) segregated witness feature being added to Bitcoin has an added side effect of removing signatures from the hash of a transaction, and with it the associated malleability. All that said, if you're designing a new system today, pick Ed25519. -- Tony Arcieri References 1. mailto:ron@flownet.com