Questions tagged as ['ed25519']

Ed25519 is an algorithm for producing digital signatures. The algorithm is based on Edwards curves introduced by Bernstein et al. (2007) and named after mathematician Harold M. Edwards.
Score: 1
pintor avatar
Birational transformation from Edwards curve with not square d to Edwards curve with square d
ng flag

How can I transform a complete twisted Edwards curve $ax^2+y^2 = 1+dx^2y^2$ with not square $d$ and square $a$ into an isomorphic Edwards curve $X^2+Y^2 = 1+DX^2Y^2$ with a square $-D$ i.e. $D = -r^2$?

I tried to set $X = \frac{x}{\sqrt{a}}; Y=y$, but $-\frac{d}{a}$ is also a non square (at least for Edwards25519). This answer is not working as well (i.e. $-1/d$ is not a square), because $-1$ is squ ...

Score: 1
Myria avatar
Should Ed25519 verification multiply by the cofactor?
in flag

The standardization document for Ed25519, RFC 8032, says the following method should be used for verifying Ed25519 signatures:

  1. Check the group equation $[8][S]B = [8]R + [8][k]A'$. It's sufficient, but not required, to instead check $[S]B = R + [k]A'$.

Does that mean that code doing verification should point-multiply both sides by $8 = 2^c$ for cofactor $c$ or should they not? The document and

Score: 0
mehdi mahdavi oliaiy avatar
Why is the cofactor of the twisted Edwards curve equal to 8?
ro flag

While The cofactor of the Edwards curve is chosen $4$ in standards, the cofactor of the twisted Edwards curve is chosen $8$. I can't understand the reason for this. Can we choose cofactor $4$ for the twisted Edwards curve? What happens in this case? Is there any security problem in this case?

Score: 3
Digital Signatures with Curve25519 key-pair
it flag

I have a public/private key pair of Curve25519 keys used by Wireguard.

How can I use this keypair to generate/verify digital signatures?

Preferrably, I would like to use EdDSA/Ed25519 but I struggle to derive a Ed25519 keypair from the Curve25519 keys used by Wireguard.

Score: 1
Кирилл Волков avatar
ed25519 base point coordinates
ph flag

For the ed25519 standard Base Point is $B = (x, 4/5)$. According to Stack Question the y coordinate equals


But how this value is received? As I understand $y = 4 \cdot 5^{-1} \mod l$, where $l = 2^{252} + 27742317777372353535851937790883648493$.

So $5^{-1} \mod l$ gives

1447401115466452442794637312608598848171423271875981521200 ...
Score: 1
Why is implementation relevant to timing attacks?
in flag

Discussions from highly respected sources (details below) emphasize the importance of the implementation of cryptographic software to the effective security provided, with one particular case being sensitivity to timing attacks.

Clarification - Context is cryptographic signing of non-secret messages

@poncho's initial answer notes that attackers don't always have the luxury of determining the "user's" im ...

Score: 8
Why Elliptic Curve Cryptography protocols depend on fixed curves?
in flag

I'm learning about Ed25519. It depends on a bunch of magic values: The finite field of order $2^{255}-19$, the specific elliptic curve over that field, a specific point on that curve. This is in contrast to Diffie-Hellman or RSA.

Why is that? And conversely, why doesn't DH fix the prime number & the generator, or RSA fix, say, the $n = pq$ value?

I suspect that in case of DH & RSA it's very easy  ...

Score: 0
Eirtaza avatar
How to securly save ED25519 private key on hard drive
cn flag

I am developing an application which stores user's private Identity key (ed 25519) on user's hard drive without any security.

What are the best practices / standards to save private key on hard drive, so even if the filesystem is hacked, keys are secure.