Comments (5)
Hi,
After a rather long integration effort, we have pushed a beta version of EdDSA (25519 and 448) signature algorithms on a dedicated branch eddsa-sm2
: https://github.com/ANSSI-FR/libecc/tree/eddsa-sm2
As previously discussed in the post, EdDSA has been implemented using isogenies between Twisted Edwards / Montgormey / Weierstrass curves : although this induces a performance hit, this has the great advantage of keeping the library's scalar multiplication and addition formulas unique and sound (inheriting all the protections put there).
The current implementations of ed448 and ed25519 follow RFC8032 (https://datatracker.ietf.org/doc/html/rfc8032) in all its variants (pure, with context, pre-hashed) and should pass the provided test vectors.
There is still work in progress on the signature and verification init / update / final APIs as pure EdDSA needs to process twice the input message during signature, and hence a "streaming" mode is not possible. We plan to somehow improve our current API to be compatible with such algorithms that do not support message streaming.
Regards,
from libecc.
EdDSA is now stable and has been merged upstream.
from libecc.
Hi,
Sorry for leaving this issue empty for so long. Please find some explanations hereafter.
libecc is currently designed/built using curves with a short-Weierstrass equation form at its core (i.e. for points addition and doubling formulas). Edwards curves (the family of curves encompassing Ed25519) and Montgomery curves (the family of curves encompassing Curve25519) use different formulas, hence the complexity of adding such curves to libecc "as is".
The optimal way of adding such curves to libecc without new formulas implementation would be to exploit the isomorphisms that exist between Weierstrass / Edwards / Montgomery curves (see https://tools.ietf.org/id/draft-struik-lwip-curve-representations-00.html#rfc.appendix.A.1 for the mappings implementations), this would require some development work and integration.
Another way of adding these curves would be to integrate new formulas, but this will require more work in the "curve" layer as libecc has many routines using the Weierstrass form as a hypothesis (on the other hand, using dedicated formulas will benefit from the inherent security claims of Ed25519 and Curve25519, regarding side channels, fault injections and so on).
Finally, on top of the "curves" layer the EdDSA signature scheme will have to be implemented in the "signature" layer (this is not the most complex task as this signature algorithm is very close to the existing EC*DSA schemes).
For now, we primarily seek stability and security for the existing code base. Adding Ed25519, Curve25519 and EdDSA are indeed future work but with lower priority (although we completely understand the need for such an integration).
I hope that these explanations make things clearer!
Regards,
from libecc.
As a follow up, the new signature and verification init / update / final APIs (supporting message "streaming" and "non-streaming" modes) have been integrated and tested on the eddsa-sm2-newapi
branch: https://github.com/ANSSI-FR/libecc/tree/eddsa-sm2-newapi (other improvements and additions to the library are also included).
We plan to merge it to the master branch in the next weeks after some more reviews and tests, but it should be usable and stable by now.
Regards,
from libecc.
I know this is old, but would adding in these curves be challenging? Ed25519 and Curve25519 would be fantastic.
from libecc.
Related Issues (20)
- Minerva vulnerability? HOT 6
- rand does not include Wincrypt.h HOT 1
- The second g should be a 0 HOT 1
- functions with too much stack usage HOT 5
- conversion from 'word_t' to 'u8', possible loss of data HOT 2
- ECRDSA fuzzing mode bugfix
- Signature function's "help" function is incorrect HOT 1
- secp256k1 HOT 2
- Am I allowed to include the source of this in a project with a GPLv2 license? HOT 2
- Doubt in generate a Signature isong ECDSA brainpool method HOT 7
- Documentation HOT 2
- Error compilation example, overflow HOT 3
- Incorrect `ec_params` during startup HOT 3
- Unable to sign file with the example code from README HOT 2
- prj_pt_monty.c is missing HOT 5
- Support generating random numbers from an entropy buffer HOT 2
- Conflicting type for size_t and ssize_t
- conflicting types for βuint64_tβ HOT 2
- How to transform 'toy' examples to production example ? HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libecc.