Join Log in
Score:1
Кирилл Волков avatar Crypto

Why are hashing private key in Ed22519 key generation and later the modifications required?

ph flag
Кирилл Волков

In EdDSA with Ed25519 the algorithm of public key computing is following:

h = hash (privateKey)
h[0] &= 0xF8
h[31] &= 0x7F
h[31] |= 0x40
publicKey = h * B

The questions are

  1. Why is Hashing in Ed25519 key generation needed?
  2. Why are the actions on h bits are needed?
  3. What does the clearing relate to the 31st bit?
234
1 + 2
Кирилл Волков avatar
ph flag
Кирилл Волков
@kelalaka got it, thanks a lot
0
Reply
kelalaka avatar
in flag
kelalaka
Converted those comments into an aswer since the hash part was missing from any answer during my searhes..
0
Reply
Score:2
kelalaka avatar Crypto
in flag
kelalaka

  1. Hashing in EdDSA key generation

    This is addressed in the original paper as

    Legitimate users choose $A = [a]B$, where $a$ is a random secret; the derivation of a from $H(k)$ ensures adequate randomness.

    If you don't apply the hashing, there is no problem on the verification of the signatures of such public keys.

  2. The question is what actions on h bits are needed for?

    This clearly clears the lower bits so that it is a multiple of 8, and this removes the small groups on the curve that this information, although small, can leak in a small-subgroup attack. See more in this answer

  3. The clearing relates to 0th bit and what about 31th?

    This is mainly due to a possible timing attack (in this site)

Stick to the advises and standards; see RFC 8709.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.