[curves] 25519 implementations in JavaScript

Guy K. Kloss gk at mega.co.nz
Mon Jun 2 20:26:20 PDT 2014

Hi all,

for our web application, we're using 25519-based EC crypto.
Unfortunately, it's a bit of a "wild" field, where no commonly accepted
and scrutinised implementations have crystallised out, yet.

We were originally using Michele Bini's code for Curve25519 ECDH and Ron
Garret's code for Ed25519 EdDSA signing. Unfortunately both codes were
quite messy, and Ron's was depending on an old/outdated version of
Michele's code. So, with their help, we've united the two under a single
project, which keeps the name spaces nice and tidy, as well as provides
some unit tests, also checking against NaCl's and DJB's test vectors for


It would be awesome, if people with an interest in this matter on the
field of JavaScript would have a look, critique, scrutinise, validate,
use, ... whatever. Anything is appreciated. Well ... maybe not rants on
the suitability of JavaScript for this type of job. ;-)

It's probably a good idea to aggregate more eye balls on this, than
people using all kinds of different or home brew versions of this.
Especially as Michele and Ron (the original authors of the code base)
are on board with this, too.

On a similar note: I have just seen that the JavaScript module
"elliptic" now also features Curve 25519 crypto (since a few days only):


However, I couldn't find any way to use that API simply yet for direct
scalar multiplication, as needed for determining a group key via some
kind of group Diffie-Hellman (or even triple DH). I've opened an issue
on it, so let's see what comes back:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20140603/70124771/attachment.sig>

More information about the Curves mailing list