monero-project/monero-docs
monero-project/monero-docs
2
1
Fork 0
mirror of https://github.com/monero-project/monero-docs.git synced 2025-01-10 04:44:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
monero-docs/public/cryptography/asymmetric/edwards25519/index.html

1204 lines
No EOL
31 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Unofficial Monero Documentation">
<meta name="author" content="Piotr 'Qertoip' Włodarek">
<link rel="canonical" href="https://monerodocs.org/cryptography/asymmetric/edwards25519/">
<link rel="shortcut icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.1.2, mkdocs-material-6.2.5">
<title>Edwards25519 Elliptic Curve - Monero Documentation</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.15aa0b43.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.75751829.min.css">
<meta name="theme-color" content="#ffffff">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style>
<link rel="stylesheet" href="../../../overrides.css">
</head>
<body dir="ltr" data-md-color-scheme="" data-md-color-primary="white" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#edwards25519-elliptic-curve" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid" aria-label="Header">
<a href="https://monerodocs.org" title="Monero Documentation" class="md-header-nav__button md-logo" aria-label="Monero Documentation">
<img src="../../../images/monero.svg" alt="logo">
</a>
<label class="md-header-nav__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
</label>
<div class="md-header-nav__title" data-md-component="header-title">
<div class="md-header-nav__ellipsis">
<div class="md-header-nav__topic">
<span class="md-ellipsis">
Monero Documentation
</span>
</div>
<div class="md-header-nav__topic">
<span class="md-ellipsis">
Edwards25519 Elliptic Curve
</span>
</div>
</div>
</div>
<label class="md-header-nav__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" data-md-state="active" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</label>
<button type="reset" class="md-search__icon md-icon" aria-label="Clear" data-md-component="search-reset" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header-nav__source">
<a href="https://github.com/monerodocs/md/" title="Go to repository" class="md-source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg>
</div>
<div class="md-source__repository">
monerodocs/md
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="https://monerodocs.org" title="Monero Documentation" class="md-nav__button md-logo" aria-label="Monero Documentation">
<img src="../../../images/monero.svg" alt="logo">
</a>
Monero Documentation
</label>
<div class="md-nav__source">
<a href="https://github.com/monerodocs/md/" title="Go to repository" class="md-source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg>
</div>
<div class="md-source__repository">
monerodocs/md
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
Home
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-2" type="checkbox" id="nav-2" >
<label class="md-nav__link" for="nav-2">
Interacting
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Interacting" data-md-level="1">
<label class="md-nav__title" for="nav-2">
<span class="md-nav__icon md-icon"></span>
Interacting
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../interacting/download-monero-binaries/" class="md-nav__link">
Download
</a>
</li>
<li class="md-nav__item">
<a href="../../../interacting/verify-monero-binaries/" class="md-nav__link">
Verify
</a>
</li>
<li class="md-nav__item">
<a href="../../../interacting/overview/" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../../../interacting/monero-config-file/" class="md-nav__link">
Config file
</a>
</li>
<li class="md-nav__item">
<a href="../../../interacting/monerod-reference/" class="md-nav__link">
monerod
</a>
</li>
<li class="md-nav__item">
<a href="../../../interacting/monero-wallet-cli-reference/" class="md-nav__link">
monero-wallet-cli
</a>
</li>
<li class="md-nav__item">
<a href="../../../interacting/monero-wallet-gui-reference/" class="md-nav__link">
monero-wallet-gui
</a>
</li>
<li class="md-nav__item">
<a href="../../../interacting/monero-wallet-rpc-reference/" class="md-nav__link">
monero-wallet-rpc
</a>
</li>
<li class="md-nav__item">
<a href="../../../interacting/monero-blockchain-export-reference/" class="md-nav__link">
monero-blockchain-export
</a>
</li>
<li class="md-nav__item">
<a href="../../../interacting/monero-blockchain-import-reference/" class="md-nav__link">
monero-blockchain-import
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../technical-specs/" class="md-nav__link">
Technical specs
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-4" type="checkbox" id="nav-4" checked>
<label class="md-nav__link" for="nav-4">
Cryptography
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Cryptography" data-md-level="1">
<label class="md-nav__title" for="nav-4">
<span class="md-nav__icon md-icon"></span>
Cryptography
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../introduction/" class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-4-2" type="checkbox" id="nav-4-2" checked>
<label class="md-nav__link" for="nav-4-2">
Asymmetric
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Asymmetric" data-md-level="2">
<label class="md-nav__title" for="nav-4-2">
<span class="md-nav__icon md-icon"></span>
Asymmetric
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../introduction/" class="md-nav__link">
Introduction
</a>
</li>
<li class="md-nav__item">
<a href="../private-key/" class="md-nav__link">
Private keys
</a>
</li>
<li class="md-nav__item">
<a href="../public-key/" class="md-nav__link">
Public keys
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
Edwards25519 curve
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
Edwards25519 curve
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#definition" class="md-nav__link">
Definition
</a>
<nav class="md-nav" aria-label="Definition">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#curve-equation" class="md-nav__link">
Curve equation
</a>
</li>
<li class="md-nav__item">
<a href="#base-point-g" class="md-nav__link">
Base point: G
</a>
</li>
<li class="md-nav__item">
<a href="#prime-order-of-the-base-point-l" class="md-nav__link">
Prime order of the base point: l
</a>
</li>
<li class="md-nav__item">
<a href="#total-number-of-points-on-the-curve" class="md-nav__link">
Total number of points on the curve
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#implementation" class="md-nav__link">
Implementation
</a>
</li>
<li class="md-nav__item">
<a href="#reference" class="md-nav__link">
Reference
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../key-image/" class="md-nav__link">
Key image
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../base58/" class="md-nav__link">
Base58
</a>
</li>
<li class="md-nav__item">
<a href="../../prng/" class="md-nav__link">
PRNG
</a>
</li>
<li class="md-nav__item">
<a href="../../keccak-256/" class="md-nav__link">
Keccak-256
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-5" type="checkbox" id="nav-5" >
<label class="md-nav__link" for="nav-5">
Address
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Address" data-md-level="1">
<label class="md-nav__title" for="nav-5">
<span class="md-nav__icon md-icon"></span>
Address
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../public-address/standard-address/" class="md-nav__link">
Standard
</a>
</li>
<li class="md-nav__item">
<a href="../../../public-address/subaddress/" class="md-nav__link">
Subaddress
</a>
</li>
<li class="md-nav__item">
<a href="../../../public-address/integrated-address/" class="md-nav__link">
Integrated
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-6" type="checkbox" id="nav-6" >
<label class="md-nav__link" for="nav-6">
Proof of Work
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Proof of Work" data-md-level="1">
<label class="md-nav__title" for="nav-6">
<span class="md-nav__icon md-icon"></span>
Proof of Work
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../proof-of-work/what-is-pow/" class="md-nav__link">
What is PoW?
</a>
</li>
<li class="md-nav__item">
<a href="../../../proof-of-work/pow-in-cryptocurrencies/" class="md-nav__link">
PoW in Cryptocurrencies
</a>
</li>
<li class="md-nav__item">
<a href="../../../proof-of-work/cryptonight/" class="md-nav__link">
CryptoNight
</a>
</li>
<li class="md-nav__item">
<a href="../../../proof-of-work/random-x/" class="md-nav__link">
RandomX
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../multisignature/" class="md-nav__link">
Multisignature
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-8" type="checkbox" id="nav-8" >
<label class="md-nav__link" for="nav-8">
Infrastructure
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Infrastructure" data-md-level="1">
<label class="md-nav__title" for="nav-8">
<span class="md-nav__icon md-icon"></span>
Infrastructure
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../infrastructure/networks/" class="md-nav__link">
Mainnet, stagenet, testnet
</a>
</li>
<li class="md-nav__item">
<a href="../../../infrastructure/tor-onion-p2p-seed-nodes/" class="md-nav__link">
Tor onion seed nodes
</a>
</li>
<li class="md-nav__item">
<a href="../../../infrastructure/monero-pulse/" class="md-nav__link">
MoneroPulse
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-9" type="checkbox" id="nav-9" >
<label class="md-nav__link" for="nav-9">
Running a Node
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Running a Node" data-md-level="1">
<label class="md-nav__title" for="nav-9">
<span class="md-nav__icon md-icon"></span>
Running a Node
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../running-node/open-node-tor-onion/" class="md-nav__link">
Open Node + Tor Onion
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle" data-md-toggle="nav-10" type="checkbox" id="nav-10" >
<label class="md-nav__link" for="nav-10">
Accepting Monero
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" aria-label="Accepting Monero" data-md-level="1">
<label class="md-nav__title" for="nav-10">
<span class="md-nav__icon md-icon"></span>
Accepting Monero
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../accepting-monero/overview/" class="md-nav__link">
Overview
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#definition" class="md-nav__link">
Definition
</a>
<nav class="md-nav" aria-label="Definition">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#curve-equation" class="md-nav__link">
Curve equation
</a>
</li>
<li class="md-nav__item">
<a href="#base-point-g" class="md-nav__link">
Base point: G
</a>
</li>
<li class="md-nav__item">
<a href="#prime-order-of-the-base-point-l" class="md-nav__link">
Prime order of the base point: l
</a>
</li>
<li class="md-nav__item">
<a href="#total-number-of-points-on-the-curve" class="md-nav__link">
Total number of points on the curve
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#implementation" class="md-nav__link">
Implementation
</a>
</li>
<li class="md-nav__item">
<a href="#reference" class="md-nav__link">
Reference
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/monerodocs/md/edit/master/docs/cryptography/asymmetric/edwards25519.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
</a>
<h1 id="edwards25519-elliptic-curve">Edwards25519 Elliptic Curve<a class="headerlink" href="#edwards25519-elliptic-curve" title="Permanent link">&para;</a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Author is nowhere close to being a cryptographer. Be sceptical on accuracy.</p>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This article is only about the underlying curve. Public key derivation and signing algorithm will be treated separately. </p>
</div>
<p>Monero employs edwards25519 elliptic curve as a basis for its key pair generation.</p>
<p>The curve comes from the Ed25519 signature scheme. While Monero takes the curve unchanged, it does not exactly follow rest of the Ed25519.</p>
<p>The edwards25519 curve is <a href="https://tools.ietf.org/html/rfc7748#section-4.1">birationally equivalent to Curve25519</a>.</p>
<h2 id="definition">Definition<a class="headerlink" href="#definition" title="Permanent link">&para;</a></h2>
<p>This is the standard edwards25519 curve definition, no Monero specific stuff here,
except the naming convention. The convention comes from the CryptoNote
whitepaper and is widely used in Monero literature.</p>
<h3 id="curve-equation">Curve equation<a class="headerlink" href="#curve-equation" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>x^2 + y^2 = 1 (121665/121666) * x^2 * y^2
</code></pre></div>
<p>Note:</p>
<ul>
<li>curve is in two dimensions (nothing fancy, like all the curves is high school)</li>
<li>curve is mirrored below y axis due to <code>y^2</code> part of the equation (not a polynomial)</li>
</ul>
<h3 id="base-point-g">Base point: <code>G</code><a class="headerlink" href="#base-point-g" title="Permanent link">&para;</a></h3>
<p>The base point is a specific point on the curve. It is used
as a basis for further calculations. It is an arbitrary choice
by the curve authors, just to standardize the scheme.</p>
<p>Note that it is enough to specify the y value and the sign of the x value.
That's because the specific x can be calculated from the curve equation.</p>
<div class="highlight"><pre><span></span><code>G = (x, 4/5) # take the point with the positive x
# The hex representation of the base point
5866666666666666666666666666666666666666666666666666666666666666
</code></pre></div>
<h3 id="prime-order-of-the-base-point-l">Prime order of the base point: <code>l</code><a class="headerlink" href="#prime-order-of-the-base-point-l" title="Permanent link">&para;</a></h3>
<p>In layment terms, the "canvas" where the curve is drawn is assumed
to have a finite "resolution", so point coordinates must "wrap around"
at some point. This is achieved by modulo the <code>l</code> value (lowercase L).
In other words, the <code>l</code> defines the maximum scalar we can use.</p>
<div class="highlight"><pre><span></span><code>l = 2^252 + 27742317777372353535851937790883648493
# =&gt; 7237005577332262213973186563042994240857116359379907606001950938285454250989
</code></pre></div>
<p>The <code>l</code> is a prime number specified by the curve authors.</p>
<p>In practice this is the private key's strength.</p>
<h3 id="total-number-of-points-on-the-curve">Total number of points on the curve<a class="headerlink" href="#total-number-of-points-on-the-curve" title="Permanent link">&para;</a></h3>
<p>The total number of points on the curve is also a prime number:</p>
<div class="highlight"><pre><span></span><code>q = 2^255 - 19
</code></pre></div>
<p>In practice not all points are "useful" and so the private key strength is limited to <code>l</code> describe above.</p>
<h2 id="implementation">Implementation<a class="headerlink" href="#implementation" title="Permanent link">&para;</a></h2>
<p>Monero uses (apparently modified) Ref10 implementation by Daniel J. Bernstein.</p>
<h2 id="reference">Reference<a class="headerlink" href="#reference" title="Permanent link">&para;</a></h2>
<ul>
<li><a href="https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/">A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography</a></li>
<li><a href="https://tools.ietf.org/html/rfc8032">RFC 8032 defining EdDSA</a></li>
<li><a href="https://steemit.com/monero/@luigi1111/understanding-monero-cryptography-privacy-introduction">Understanding Monero Cryptography</a> - excellent writeup by Luigi</li>
<li><a href="https://monero.stackexchange.com/questions/2290/why-how-does-monero-generate-public-ed25519-keys-without-using-the-standard-publ">StackOverflow answer</a></li>
<li><a href="https://github.com/monero-project/mininero/blob/master/ed25519.py">Python implementation</a> - not the reference one but easier to understand</li>
<li><a href="https://monero.stackexchange.com/questions/6050/what-is-the-base-point-g-from-the-whitepaper-and-how-is-it-represented-as-a">Encoding point to hex</a></li>
<li><a href="https://en.wikipedia.org/wiki/EdDSA">EdDSA on Wikipedia</a></li>
</ul>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid" aria-label="Footer">
<a href="../public-key/" class="md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-footer-nav__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
</div>
<div class="md-footer-nav__title">
<div class="md-ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Public keys
</div>
</div>
</a>
<a href="../key-image/" class="md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-footer-nav__title">
<div class="md-ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Key image
</div>
</div>
<div class="md-footer-nav__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../../../assets/javascripts/vendor.93c04032.min.js"></script>
<script src="../../../assets/javascripts/bundle.83e5331e.min.js"></script><script id="__lang" type="application/json">{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script>
<script>
app = initialize({
base: "../../..",
features: [],
search: Object.assign({
worker: "../../../assets/javascripts/worker/search.8c7e0a7e.min.js"
}, typeof search !== "undefined" && search)
})
</script>
</body>
</html>
Reference in a new issue View git blame Copy permalink