[curves] Ed25519 "clamping" and its effect on hierarchical key derivation
Trevor Perrin
trevp at trevp.net
Wed Mar 29 12:08:57 PDT 2017
On Wed, Mar 29, 2017 at 11:49 AM, Tony Arcieri <bascule at gmail.com> wrote:
>
> This is what has always confused me: the clamping procedure used by Ed25519
> seems "inherited" from X25519[1], ostensibly for some case where you may
> want to take an Ed25519 key, convert it to an X25519 key, and use it for
> D-H. Aside from libsodium providing an API for doing so, I haven't actually
> seen anyone do this.
[...]
> I think most people interested in an "Ed25519-BIP32"-style construction are
> interested exclusively in signatures.
That's my impression as well.
Trevor
More information about the Curves
mailing list