2021-01-22 14:04:23 +00:00
<!doctype html> < html lang = en class = no-js > < head > < meta charset = utf-8 > < meta name = viewport content = "width=device-width,initial-scale=1" > < meta name = description content = "Unofficial Monero Documentation" > < meta name = author content = "Piotr 'Qertoip' Włodarek" > < link href = https://monerodocs.org/cryptography/asymmetric/edwards25519/ rel = canonical > < link rel = "shortcut icon" href = ../../../assets/favicon.png > < meta name = generator content = "mkdocs-1.1.2, mkdocs-material-6.2.5" > < title > Edwards25519 Elliptic Curve - Monero Documentation< / title > < link rel = stylesheet href = ../../../assets/stylesheets/main.15aa0b43.min.css > < link rel = stylesheet href = ../../../assets/stylesheets/palette.75751829.min.css > < meta name = theme-color content = #ffffff > < link rel = preconnect href = https://fonts.gstatic.com crossorigin > < link rel = stylesheet href = "https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback" > < style > body , input { font-family : "Roboto" , - apple-system , BlinkMacSystemFont , Helvetica , Arial , sans-serif } code , kbd , pre { font-family : "Roboto Mono" , SFMono-Regular , Consolas , Menlo , monospace } < / style > < link rel = stylesheet href = ../../../overrides.css > < / head > < body dir = ltr data-md-color-scheme data-md-color-primary = white data-md-color-accent = indigo > < input class = md-toggle data-md-toggle = drawer type = checkbox id = __drawer autocomplete = off > < input class = md-toggle data-md-toggle = search type = checkbox id = __search autocomplete = off > < label class = md-overlay for = __drawer > < / label > < div data-md-component = skip > < a href = #edwards25519-elliptic-curve class = md-skip > Skip to content < / a > < / div > < div data-md-component = announce > < / div > < header class = md-header data-md-component = header > < nav class = "md-header-nav md-grid" aria-label = Header > < a href = https://monerodocs.org title = "Monero Documentation" class = "md-header-nav__button md-logo" aria-label = "Monero Documentation" > < img src = ../../../images/monero.svg alt = logo > < / a > < label class = "md-header-nav__button md-icon" for = __drawer > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z" / > < / svg > < / label > < div class = md-header-nav__title data-md-component = header-title > < div class = md-header-nav__ellipsis > < div class = md-header-nav__topic > < span class = md-ellipsis > Monero Documentation < / span > < / div > < div class = md-header-nav__topic > < span class = md-ellipsis > Edwards25519 Elliptic Curve < / span > < / div > < / div > < / div > < label class = "md-header-nav__button md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg > < / label > < div class = md-search data-md-component = search role = dialog > < label class = md-search__overlay for = __search > < / label > < div class = md-search__inner role = search > < form class = md-search__form name = search > < input type = text class = md-search__input name = query aria-label = Search placeholder = Search autocapitalize = off autocorrect = off autocomplete = off spellcheck = false data-md-component = search-query data-md-state = active required > < label class = "md-search__icon md-icon" for = __search > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z" / > < / svg > < / label > < button type = reset class = "md-search__icon md-icon" aria-label = Clear data-md-component = search-reset tabindex = -1 > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z" / > < / svg > < / button > < / form > < div class = md-search__output > < div class = md-search__scrollwrap data-md-scrollfix > < div class = md-search-result data-md-componen
< / code > < / pre > < / div > < p > Note:< / p > < ul > < li > curve is in two dimensions (nothing fancy, like all the curves is high school)< / li > < li > curve is mirrored below y axis due to < code > y^2< / code > part of the equation (not a polynomial)< / li > < / ul > < h3 id = base-point-g > Base point: < code > G< / code > < a class = headerlink href = #base-point-g title = "Permanent link" > ¶ < / a > < / h3 > < p > The base point is a specific point on the curve. It is used as a basis for further calculations. It is an arbitrary choice by the curve authors, just to standardize the scheme.< / p > < p > Note that it is enough to specify the y value and the sign of the x value. That's because the specific x can be calculated from the curve equation.< / p > < div class = highlight > < pre > < span > < / span > < code > G = (x, 4/5) # take the point with the positive x
2021-01-21 14:52:04 +00:00
# The hex representation of the base point
5866666666666666666666666666666666666666666666666666666666666666
2021-01-22 14:04:23 +00:00
< / code > < / pre > < / div > < h3 id = prime-order-of-the-base-point-l > Prime order of the base point: < code > l< / code > < a class = headerlink href = #prime-order-of-the-base-point-l title = "Permanent link" > ¶ < / a > < / h3 > < p > In layment terms, the "canvas" where the curve is drawn is assumed to have a finite "resolution", so point coordinates must "wrap around" at some point. This is achieved by modulo the < code > l< / code > value (lowercase L). In other words, the < code > l< / code > defines the maximum scalar we can use.< / p > < div class = highlight > < pre > < span > < / span > < code > l = 2^252 + 27742317777372353535851937790883648493
2021-01-21 14:52:04 +00:00
# => 7237005577332262213973186563042994240857116359379907606001950938285454250989
2021-01-22 14:04:23 +00:00
< / code > < / pre > < / div > < p > The < code > l< / code > is a prime number specified by the curve authors.< / p > < p > In practice this is the private key's strength.< / p > < h3 id = total-number-of-points-on-the-curve > Total number of points on the curve< a class = headerlink href = #total-number-of-points-on-the-curve title = "Permanent link" > ¶ < / a > < / h3 > < p > The total number of points on the curve is also a prime number:< / p > < div class = highlight > < pre > < span > < / span > < code > q = 2^255 - 19
< / code > < / pre > < / div > < p > In practice not all points are "useful" and so the private key strength is limited to < code > l< / code > describe above.< / p > < h2 id = implementation > Implementation< a class = headerlink href = #implementation title = "Permanent link" > ¶ < / a > < / h2 > < p > Monero uses (apparently modified) Ref10 implementation by Daniel J. Bernstein.< / p > < h2 id = reference > Reference< a class = headerlink href = #reference title = "Permanent link" > ¶ < / a > < / h2 > < ul > < li > < a href = https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/ > A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography< / a > < / li > < li > < a href = https://tools.ietf.org/html/rfc8032 > RFC 8032 defining EdDSA< / a > < / li > < li > < a href = https://steemit.com/monero/@luigi1111/understanding-monero-cryptography-privacy-introduction > Understanding Monero Cryptography< / a > - excellent writeup by Luigi< / li > < li > < a href = https://monero.stackexchange.com/questions/2290/why-how-does-monero-generate-public-ed25519-keys-without-using-the-standard-publ > StackOverflow answer< / a > < / li > < li > < a href = https://github.com/monero-project/mininero/blob/master/ed25519.py > Python implementation< / a > - not the reference one but easier to understand< / li > < li > < a href = https://monero.stackexchange.com/questions/6050/what-is-the-base-point-g-from-the-whitepaper-and-how-is-it-represented-as-a > Encoding point to hex< / a > < / li > < li > < a href = https://en.wikipedia.org/wiki/EdDSA > EdDSA on Wikipedia< / a > < / li > < / ul > < / article > < / div > < / div > < / main > < footer class = md-footer > < div class = md-footer-nav > < nav class = "md-footer-nav__inner md-grid" aria-label = Footer > < a href = ../public-key/ class = "md-footer-nav__link md-footer-nav__link--prev" rel = prev > < div class = "md-footer-nav__button md-icon" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z" / > < / svg > < / div > < div class = md-footer-nav__title > < div class = md-ellipsis > < span class = md-footer-nav__direction > Previous < / span > Public keys < / div > < / div > < / a > < a href = ../key-image/ class = "md-footer-nav__link md-footer-nav__link--next" rel = next > < div class = md-footer-nav__title > < div class = md-ellipsis > < span class = md-footer-nav__direction > Next < / span > Key image < / div > < / div > < div class = "md-footer-nav__button md-icon" > < svg xmlns = http://www.w3.org/2000/svg viewbox = "0 0 24 24" > < path d = "M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z" / > < / svg > < / div > < / a > < / nav > < / div > < div class = "md-footer-meta md-typeset" > < div class = "md-footer-meta__inner md-grid" > < div class = md-footer-copyright style = "margin: auto;" > < a href = http://bumz4sduzxzlobbgzy5fiufdflg3mo2jyecdwdx5rphrqldms7wlmiid.onion/ > Tor onion version< / a > | < a href = https://qertoip.com/ > contact< / a > | © 2021 MoneroDocs under < a href = https://opensource.org/licenses/MIT > MIT< / a > | built w/ < a href = https://www.mkdocs.org/ > mkdocs< / a > and < a href = https://squidfunk.github.io/mkdocs-material/ > squidfunk/material< / a > < / div > < / div > < / div > < / footer > < / div > < script src = ../../../assets/javascripts/vendor.93c04032.min.js > < / script > < script src = ../../../assets/javascripts/bundle.83e5331e.min.js > < / script > < script id = __lang type = application/json > { "clipboard.copy" : "Copy to clipboard" , "clipboard.copied" : "Copied to clipboard" , "search.config.lang" : "en" , "search.config.pipeline" : "trimmer, stopWordFilter" , "search.config.separator" : "[\\s\\-]+" , "search.placeholder" : "Search" , "search.result.placeholder" : "Type to start searching" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.term.missing" : "Missing" } < / script > < script >
2021-01-21 14:52:04 +00:00
app = initialize({
base: "../../..",
features: [],
search: Object.assign({
worker: "../../../assets/javascripts/worker/search.8c7e0a7e.min.js"
}, typeof search !== "undefined" & & search)
})
2021-01-22 14:04:23 +00:00
< / script > < / body > < / html >
