"Sign-then-hash" does not exist
Opened this issue · 0 comments
falko-strenzke commented
The document contains the term "sign-then-hash". Such a paradigm does not exist to the best of my knowledge. The alternative to hash-and-sign, as realised by the new PQC algorithms, is a signature operation that takes the data to be signed as input, and not a hash value computed from it. But that has nothing to do with reversing the order of signing and hashing.