From 92a264662dc10d77600da4d64e9bd91909c5dfa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20W=C5=82odarek?= Date: Fri, 5 Jan 2018 17:36:27 +0100 Subject: [PATCH] Add Ed25519 stub --- docs/{primitives => cryptography}/base58.md | 0 docs/cryptography/ed25519.md | 24 +++++++++++++++++++-- docs/cryptography/keccak-256.md | 5 +++-- docs/cryptography/prng.md | 14 +++++++----- docs/public-address/integrated-address.md | 2 +- docs/public-address/standard-address.md | 2 +- docs/technical-specs.md | 5 ++--- mkdocs.yml | 4 ++-- 8 files changed, 40 insertions(+), 16 deletions(-) rename docs/{primitives => cryptography}/base58.md (100%) diff --git a/docs/primitives/base58.md b/docs/cryptography/base58.md similarity index 100% rename from docs/primitives/base58.md rename to docs/cryptography/base58.md diff --git a/docs/cryptography/ed25519.md b/docs/cryptography/ed25519.md index 44dcba6..9557b74 100644 --- a/docs/cryptography/ed25519.md +++ b/docs/cryptography/ed25519.md @@ -1,7 +1,27 @@ # Ed25519 curve -Monero uses Ref10 implementation by Daniel J. Bernstein. +**!! Work in progress - be sceptical on accuracy !!** + +Monero employs Ed25519 curve as a basis for its signature scheme. + +However, Monero does not follow EdDSA reference signature scheme. + +## Public key derivation + +In relation to EdDSA, Monero derives public keys differently: + +* Monero uses Keccak instead of SHA-512 +* Monero uses private keys as scalars, not as seeds + +## Signature scheme + +In relation to EdDSA, Monero uses a different signature scheme. + +## Implementation + +For the curve itself, Monero uses Ref10 implementation by Daniel J. Bernstein. ## Reference -https://stackoverflow.com/questions/19147619/what-implementions-of-ed25519-exist +* [Understanding Monero Cryptography](https://medium.com/@luigi1111w/understanding-monero-cryptography-privacy-introduction-9baf073e970c) - excellent writeup by Luigi +* [StackOverflow answer](https://monero.stackexchange.com/questions/2290/why-how-does-monero-generate-public-ed25519-keys-without-using-the-standard-publ) diff --git a/docs/cryptography/keccak-256.md b/docs/cryptography/keccak-256.md index 90d6308..2e5c937 100644 --- a/docs/cryptography/keccak-256.md +++ b/docs/cryptography/keccak-256.md @@ -1,11 +1,12 @@ # Keccak-256 hash function -Monero employs Keccak-256 as a hashing function. +Monero employs Keccak as a hashing function. In most context specifically Keccak-256 is used, +providing 32-byte hashes. Keccak is the leading hashing function, designed by non-NSA designers. Keccak won [NIST competition](https://en.wikipedia.org/wiki/NIST_hash_function_competition) to become the official SHA3. -## Uses +## Use Cases Monero does **not** employ Keccak for Proof-of-Work. Instead, Keccak is used for: diff --git a/docs/cryptography/prng.md b/docs/cryptography/prng.md index 80806f9..58e0f7c 100644 --- a/docs/cryptography/prng.md +++ b/docs/cryptography/prng.md @@ -1,15 +1,19 @@ -# Monero Pseudo Random Number Generator +# Monero Pseudorandom Number Generator -Monero uses PRNG based on Keccak hashing function. +Monero uses PRNG based on the Keccak hashing function. +Basically, output of the previous hashing round is input for the next one. -The seed comes from entropy sources provided by operating system. -On Linux and MacOS this translates to `/dev/urandom`. -On Windows the WinAPI `CryptGenRandom` call is used. +The initial seed comes from entropy sources provided by operating system. +On Linux and MacOS the seed comes from `/dev/urandom`. +On Windows the WinAPI `CryptGenRandom` call is used for seeding. There is no reseeding. ## Caveats +* This concerns the reference C++ implementation of Monero. +Please note there are many alternative implementations of private key generation, +including JavaScript, Python, Android/Java. These should be researched case by case for correctness. * In Monero source code you can also find libsodium based random bytes generator. It is part of the embedded library and apparently is not used in actual Monero code. ## Reference diff --git a/docs/public-address/integrated-address.md b/docs/public-address/integrated-address.md index adadc37..85e7aa9 100644 --- a/docs/public-address/integrated-address.md +++ b/docs/public-address/integrated-address.md @@ -25,7 +25,7 @@ Index | Size in bytes | Description 65 | 8 | compact payment ID - 8 bytes randomly generated by the recipient; note that it does not need encryption in the address itself but it is hidden in a transaction paying to integrated address to prevent linking payment with the address by external observers 73 | 4 | checksum ([Keccak-f[1600] hash](https://github.com/monero-project/monero/blob/8f1f43163a221153403a46902d026e3b72f1b3e3/src/common/base58.cpp#L261) of the previous 73 bytes, trimmed to first [4](https://github.com/monero-project/monero/blob/8f1f43163a221153403a46902d026e3b72f1b3e3/src/common/base58.cpp#L53) bytes) -It totals to 78 bytes. The bytes are then encoded ([src](https://github.com/monero-project/monero/blob/8f1f43163a221153403a46902d026e3b72f1b3e3/src/common/base58.cpp#L240)) in [Monero specific Base58](/primitives/base58) format, resulting in a 106 chars long string. Example integrated address: +It totals to 78 bytes. The bytes are then encoded ([src](https://github.com/monero-project/monero/blob/8f1f43163a221153403a46902d026e3b72f1b3e3/src/common/base58.cpp#L240)) in [Monero specific Base58](/cryptography/base58) format, resulting in a 106 chars long string. Example integrated address: `4LL9oSLmtpccfufTMvppY6JwXNouMBzSkbLYfpAV5Usx3skxNgYeYTRj5UzqtReoS44qo9mtmXCqY45DJ852K5Jv2bYXZKKQePHES9khPK` diff --git a/docs/public-address/standard-address.md b/docs/public-address/standard-address.md index fba2cf0..8356cfd 100644 --- a/docs/public-address/standard-address.md +++ b/docs/public-address/standard-address.md @@ -33,7 +33,7 @@ Index | Size in bytes | Description 33 | 32 | public view key 65 | 4 | checksum ([Keccak-f[1600] hash](https://github.com/monero-project/monero/blob/8f1f43163a221153403a46902d026e3b72f1b3e3/src/common/base58.cpp#L261) of the previous 65 bytes, trimmed to first [4](https://github.com/monero-project/monero/blob/8f1f43163a221153403a46902d026e3b72f1b3e3/src/common/base58.cpp#L53) bytes) -It totals to 69 bytes. The bytes are then encoded ([src](https://github.com/monero-project/monero/blob/8f1f43163a221153403a46902d026e3b72f1b3e3/src/common/base58.cpp#L240)) in [Monero specific Base58](/primitives/base58) format, resulting in a 95 chars long string. Example standard address: +It totals to 69 bytes. The bytes are then encoded ([src](https://github.com/monero-project/monero/blob/8f1f43163a221153403a46902d026e3b72f1b3e3/src/common/base58.cpp#L240)) in [Monero specific Base58](/cryptography/base58) format, resulting in a 95 chars long string. Example standard address: `4AdUndXHHZ6cfufTMvppY6JwXNouMBzSkbLYfpAV5Usx3skxNgYeYTRj5UzqtReoS44qo9mtmXCqY45DJ852K5Jv2684Rge` diff --git a/docs/technical-specs.md b/docs/technical-specs.md index c2c5dff..cf804c1 100644 --- a/docs/technical-specs.md +++ b/docs/technical-specs.md @@ -70,6 +70,5 @@ This translates to <1% inflation decreasing over time. ## IP address privacy -* not built in -* use TOR or I2P -* there is an ongoing effort to integrate I2P into Monero: the Kovri project +* not built in - please use TOR or I2P +* there is an ongoing effort to integrate I2P into Monero - the Kovri project diff --git a/mkdocs.yml b/mkdocs.yml index ea4295b..b447114 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -8,13 +8,13 @@ pages: - Home: 'index.md' - Interacting: 'interacting/overview.md' - Technical Specs: 'technical-specs.md' -- Primitives: - - Base58: 'primitives/base58.md' - Cryptography: - Overview: 'cryptography/overview.md' - PRNG: 'cryptography/prng.md' - 'Keccak-256': 'cryptography/keccak-256.md' + - Ed25519: 'cryptography/ed25519.md' # - CryptoNight PoW: 'cryptography/cryptonight.md' + - Base58: 'cryptography/base58.md' - Address: - Standard: 'public-address/standard-address.md' - Integrated: 'public-address/integrated-address.md'