[curves] Generalizing EdDSA
Tony Arcieri
bascule at gmail.com
Thu Jun 29 11:37:59 PDT 2017
On Tue, Jun 27, 2017 at 9:40 AM, Trevor Perrin <trevp at trevp.net> wrote:
> (B) A signing function that takes a user-specified private scalar
> (instead of Ed25519-style key derivation) to support extensions like
> XEdDSA where signing uses an existing X25519 private key; or Bitcoin's
> Hierarchical Deterministic key derivation.
This is a major shortcoming of the "bag of bytes" API provided by all
existing Ed25519 libraries to my knowledge, which always prehash the seed
value to generate the private scalar and nonce prefix, making it impossible
to provide your own scalar.
Would be wonderful to see it addressed by a more flexible/lower-level API
targeting more sophisticated protocols.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20170629/40d481ef/attachment.html>
More information about the Curves
mailing list