[curves] EdDSA specification
Trevor Perrin
trevp at trevp.net
Thu Oct 20 16:41:19 PDT 2016
Hi curves,
I'm happy to announce that a spec for the "XEd25519" signature
algorithm used in Signal is available at [1].
Based on ideas this list has discussed a few times, this allows
signing and verifying Ed25519 signatures with X25519 key pairs, which
gives a single format for key pairs, and may even allow a single key
pair for DH and signatures in some cases.
The document also generalizes this signature algorithm to the 448
curve, and extends it to include VRF functionality, which Signal might
use in the future. These extensions are somewhat new, and should
probably get more public review before people rush to implement.
Feedback is welcome!
If we get editorial or design feedback that is too detailed for this
list, we may create a more specific list for feedback.
Code implementing XEd25519 and VXEd25519 (the VRF extension) can be
found in [1].
Trevor
[1]
https://whispersystems.org/docs/
https://whispersystems.org/docs/specifications/xeddsa/
[2]
https://github.com/WhisperSystems/curve25519-java/
More information about the Curves
mailing list