monero-docs/docs/cryptography/asymmetric/ed25519.md

58 lines
2.5 KiB
Markdown
Raw Normal View History

2018-01-06 13:41:04 +00:00
# Ed25519 curve
!!! danger
Author is nowhere close to being a cryptographer. Be sceptical on accuracy.
2018-01-06 13:41:04 +00:00
!!! note
This article is only about the underlying curve. Public key derivation and signing algorithm will be treated separately.
Monero employs Ed25519 elliptic curve as a basis for its key pair generation.
However, Monero does not exactly follow EdDSA reference signature scheme.
## Definition
This is the standard Ed25519 curve definition, no Monero specific stuff here.
Curve equation:
x^2 + y^2 = 1 (121665/121666) * x^2 * y^2
Base point:
# The base point is the specific point on the curve. It is used
# as a basis for further calculations. It is an arbitrary choice
# by the curve authors, just to standarize the scheme.
#
# Note that it is enough to specify the y value and the sign of the x value.
# That's because the specific x can be calculated from the curve equation.
G = (x, 4/5) # take the point with the positive x
# The hex representation of the base point
5866666666666666666666666666666666666666666666666666666666666666
Prime order of the base point:
# In layment terms, the "canvas" where the curve is drawn is assumed
# to have a finite "resolution", so point coordinates must "wrap around"
# at some point. This is achieved by modulo the "l" value.
# In other words, the "l" defines the maximum scalar we can use.
l = 2^252 + 27742317777372353535851937790883648493
The total number of points on the curve, a prime number:
q = 2^255 - 19
## Implementation
Monero uses (apparently modified) Ref10 implementation by Daniel J. Bernstein.
## Reference
* [Understanding Monero Cryptography](https://steemit.com/monero/@luigi1111/understanding-monero-cryptography-privacy-introduction) - excellent writeup by Luigi
* [StackOverflow answer](https://monero.stackexchange.com/questions/2290/why-how-does-monero-generate-public-ed25519-keys-without-using-the-standard-publ)
* [Python implementation](https://github.com/monero-project/mininero/blob/master/ed25519.py) - not the reference one but easier to understand
* [Encoding point to hex](https://monero.stackexchange.com/questions/6050/what-is-the-base-point-g-from-the-whitepaper-and-how-is-it-represented-as-a)
* [Ed25519 on Wikipedia](https://en.wikipedia.org/wiki/EdDSA#Ed25519)
* [A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography](https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/)