[curves] General Curve25519 and Ed25519 Libraries

Michael Hamburg mike at shiftleft.org
Wed Jun 17 15:30:30 PDT 2015

As far as other curves go, there is also my Decaf library for Ed448-Goldilocks:

http://sourceforge.net/p/ed448goldilocks/code/ci/decaf/tree/ <http://sourceforge.net/p/ed448goldilocks/code/ci/decaf/tree/>

It includes a C++ header with overloaded arithmetic operations, so you can do all the arithmetic operations you might expect:
Scalar +-*/= Scalar
Point +-= Point
Point */ Scalar, Scalar * Point
Precompute point, precomputed point */ scalar
Constant or variable-time double scalarmul
Convert point to a string and back
Hash uniformly or non-uniformly to the curve
Steganographically encode point on curve

The code implements a prime-order group, so you don’t have to worry about cofactor.  All the operations are constant-time except variable-time double-scalar-mul (i.e. verify), and steg encoding (which succeeds with probability 1/2 on each iteration).

The library also includes an implementation of SHA3 and SHAKE, but you can glue it to your favorite hash function instead.

I can’t guarantee that the code is 100% stable, but it should be plenty for research use.  Most of the guts are generic, so it shouldn’t be too hard to point to other curves, especially curves over 3-mod-4 fields with cofactor exactly 4.  (I.e. you could try porting to Curve25519, but it’d be trickier than porting to a curve mod 2^251-9 or the MS NUMS curves.)

— Mike

> On Jun 17, 2015, at 2:16 PM, Frank Wang <frankw at mit.edu> wrote:
> Hi,
> I am working on a research project at MIT, and I need to use elliptic curves (or a group where DDH is hard, but elliptic curves seem like the best way to go) to implement a cryptographic scheme. I've been trying to search for general Curve25519 and Ed25519 libraries where I can just do add and scalar multiply as well as hash messages to points. The best library I've come across so far is tweetnacl, which has the add and scalar multiply operation for Ed25519, but it's a bit difficult to use, and I end up modifying the library to do subtraction of points.
> I have yet to find a good library that allows me to just do operations on Ed25519 or Curve25519. Does such a library exist? If not, any tips on what I should do? Should I just use another curve library that is better supported? If so, any suggestions?
> Thanks,
> Frank
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20150617/67eb7bdc/attachment.html>

More information about the Curves mailing list