XDH vs DH and ECDSA vs EDDSA

Nick Allen

12/7/22, 10:55 AM

I am new to security area. I came across mutiple words I can't understand and there is little infomration I can get from google.

What is XDH/XEC, is the X means 'enhanced'? Are they just have a different way of generating key pair?
According to RFC8422 ECDHE_ECDSA supports the EdDSA as well, does this means EdDSA is just a different set of curves?

154

0 + 6

key-exchange

Manish Adhikari

12/8/22, 3:54 AM

Hi Nick, welcome to cryptography SE. XDH is a computational hardness assumption described here.https://en.wikipedia.org/wiki/XDH_assumption . You may need to be familiar with CDH, DDH, co-CDH as well as pairings before you understand it. I don't think you need to know cryptography in such mathematical details to work in security either.

Manish Adhikari

12/8/22, 3:57 AM

And EdDSA is not ECDSA with a different curve. They are different algorithms that work in different ways. EdDSA is based on and thus similar to Schnorr's signature while ECDSA is elliptical curve version of DSA, which itself is based on El-Gamal signatures (kinda shorter version of it) ECDSA https://en.wikipedia.org/wiki/ECDSA EdDSA https://en.wikipedia.org/wiki/EdDSA

dave_thompson_085

12/8/22, 7:11 AM

@ManishAdhikari+ in this context I suspect XDH is the 'family' (so far, just pair) of Montgomery-ladder (X-only) DH methods created by Bernstein, originally named curve25519 and curve448 but renamed X25519 and X448 so he could reuse the curves (in Edwards form) for Ed25519 and Ed448. XEC _might_ reference the slightly strained naming of classes in (Oracle/OpenJDK) Java for these schemes: the `KeyAgreement` is `X#` and `Signature` is `ED#` (ED because JCA ignores case) but the keys are `{XEC,EdEC}{,Private,Public}Key`.

Manish Adhikari

12/8/22, 7:26 AM

@dave_thompson_085 yeah. I should have suspected because this was migrated from infosec I don't expect bi linear mapping with two different groups to appear wild in the industry.

Nick Allen

12/9/22, 2:53 AM

@ManishAdhikari Thanks for your hospitality. The reason cryptography confuse me is that I am just a developer which just integrating these algorithms. The mathematical detail are too much for me. I want to know XDH's relation to DH when it comes to integrating it. And why ECDHE_ECDSA supports EdDSA while they are different algothems.

Manish Adhikari

12/9/22, 3:26 AM

You don't need to bother with details to use cryptography. It is better to just use a well tested library or applications like openssl. Even then there is always a danger of using it wrongly so it is better to consult someone.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: XDH vs DH and ECDSA vs EDDSA

TH: XDH กับ DH และ ECDSA กับ EDDSA

RO: XDH vs DH și ECDSA vs EDDSA

RU: XDH против DH и ECDSA против EDDSA

VI: XDH so với DH và ECDSA so với EDDSA

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.