mirror of
https://github.com/monero-project/monero-docs.git
synced 2024-10-30 10:57:36 +00:00
2.5 KiB
2.5 KiB
Ed25519 curve
!!! danger Author is nowhere close to being a cryptographer. Be sceptical on accuracy.
!!! note This article is only about the underlying curve. Public key derivation and signing algorithm will be treated separately.
Monero employs Ed25519 elliptic curve as a basis for its key pair generation.
However, Monero does not exactly follow EdDSA reference signature scheme.
Definition
This is the standard Ed25519 curve definition, no Monero specific stuff here.
Curve equation:
−x^2 + y^2 = 1 − (121665/121666) * x^2 * y^2
Base point:
# The base point is the specific point on the curve. It is used
# as a basis for further calculations. It is an arbitrary choice
# by the curve authors, just to standarize the scheme.
#
# Note that it is enough to specify the y value and the sign of the x value.
# That's because the specific x can be calculated from the curve equation.
G = (x, 4/5) # take the point with the positive x
# The hex representation of the base point
5866666666666666666666666666666666666666666666666666666666666666
Prime order of the base point:
# In layment terms, the "canvas" where the curve is drawn is assumed
# to have a finite "resolution", so point coordinates must "wrap around"
# at some point. This is achieved by modulo the "l" value.
# In other words, the "l" defines the maximum scalar we can use.
l = 2^252 + 27742317777372353535851937790883648493
The total number of points on the curve, a prime number:
q = 2^255 - 19
Implementation
Monero uses (apparently modified) Ref10 implementation by Daniel J. Bernstein.
Reference
- Understanding Monero Cryptography - excellent writeup by Luigi
- StackOverflow answer
- Python implementation - not the reference one but easier to understand
- Encoding point to hex
- Ed25519 on Wikipedia
- A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography