Ed25519: Difference between revisions
more refs |
the prime number |
||
| Line 7: | Line 7: | ||
</ref>. Schneier <ref>Bruce Schneier. “Bounty to Recover NIST’s Elliptic Curve Seeds.” ''Schneier on Security,'' Oct 12, 2023. https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html</ref><ref>Filippo Valsorda. “Announcing the $12K NIST elliptic curve seeds bounty.” ''Cryptography Dispatches,'' Oct 5, 2023. https://words.filippo.io/dispatches/seeds-bounty/</ref> feels that some of these schemes are overspecified <ref>A. Langley, M. Hamburg and S. Turner. “Elliptic Curves for Security.” Technical Report RFC 7748, Jan. 2016. https://datatracker.ietf.org/doc/html/rfc7748</ref>, and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA [https://www.cia.gov/the-world-factbook/countries/tonga/factbook factbook on the Tonga], official registrant of the <tt>.to</tt> top level country code domain. | </ref>. Schneier <ref>Bruce Schneier. “Bounty to Recover NIST’s Elliptic Curve Seeds.” ''Schneier on Security,'' Oct 12, 2023. https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html</ref><ref>Filippo Valsorda. “Announcing the $12K NIST elliptic curve seeds bounty.” ''Cryptography Dispatches,'' Oct 5, 2023. https://words.filippo.io/dispatches/seeds-bounty/</ref> feels that some of these schemes are overspecified <ref>A. Langley, M. Hamburg and S. Turner. “Elliptic Curves for Security.” Technical Report RFC 7748, Jan. 2016. https://datatracker.ietf.org/doc/html/rfc7748</ref>, and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA [https://www.cia.gov/the-world-factbook/countries/tonga/factbook factbook on the Tonga], official registrant of the <tt>.to</tt> top level country code domain. | ||
The figure 25519 refers to the prime number 2<sup>255</sup> | The figure 25519 refers to the prime number 2<sup>255</sup> – 19 = | ||
57896044618658097711785492504343953926634992332820282019728792003956564819949 | |||
used as the modulus of the finite field. | |||
Revision as of 13:19, 28 December 2024
Ed25519 is a particular implementation of Elliptic Curve Digital Signature Algorithm (ECDSA) on a particular elliptic curve over a particular finite field, uniquely specified for the purpose, and named “Curve25519.”
Or is it “birationally equivalent?”
It is described perhaps most definitively on its author’s homepage [1]. It has been extensively studied and reviewed [2]. Schneier [3][4] feels that some of these schemes are overspecified [5], and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA factbook on the Tonga, official registrant of the .to top level country code domain.
The figure 25519 refers to the prime number 2255 – 19 =
57896044618658097711785492504343953926634992332820282019728792003956564819949
used as the modulus of the finite field.
- ↑ Daniel Bernstein. https://ed25519.cr.yp.to/, last updated 2017.01.22.
- ↑ Jacqueline Brendel, Cas Cremers, Dennis Jackson, and Mang Zhao. “The Provable Security of Ed25519: Theory and Practice.” Cryptology ePrint Archive, vol. 2020, no. 823. https://eprint.iacr.org/2020/823.pdf
- ↑ Bruce Schneier. “Bounty to Recover NIST’s Elliptic Curve Seeds.” Schneier on Security, Oct 12, 2023. https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html
- ↑ Filippo Valsorda. “Announcing the $12K NIST elliptic curve seeds bounty.” Cryptography Dispatches, Oct 5, 2023. https://words.filippo.io/dispatches/seeds-bounty/
- ↑ A. Langley, M. Hamburg and S. Turner. “Elliptic Curves for Security.” Technical Report RFC 7748, Jan. 2016. https://datatracker.ietf.org/doc/html/rfc7748
