EdDSA: Difference between revisions
No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
'''Ed25519''' is a specific implementation of EdDSA using the Twisted Edwards curve: |
'''Ed25519''' is a specific implementation of EdDSA using the Twisted Edwards curve: |
||
:<math>-x^2 + y^2 = 1 - \frac{121665}{121666}x^2y^2</math>. |
:<math>-x^2 + y^2 = 1 - \frac{121665}{121666}x^2y^2</math>. |
||
This curve is [[birationally equivalent]] to the [[Montgomery curve]] known as [[Curve25519]]. The equivalence is <math>x = \sqrt{-486664}u/v</math> and <math>y=(u-1)/(u+1)</math>.<ref name="DJB" /> |
This curve is [[birationally equivalent]] to the [[Montgomery curve]] known as [[Curve25519]]. The equivalence is <math>x = \sqrt{-1}\sqrt{486664}u/v</math> and <math>y=(u-1)/(u+1)</math>.<ref name="DJB" /> |
||
The Bernstein team have optimized Ed25519 for 64-bit processors in the [[x86]] [[Nehalem (microarchitecture)|Nehalem]]/[[Westmere (microarchitecture)|Westmere]] family, achieving fast key generation, document signing and signature verification. Verification can be performed in batches of 64 signatures for even greater throughput. Ed25519 is targeted to provide attack resistance comparable to quality 128-bit ciphers. Public keys are 256 bits (32 bytes) in length and signatures are twice that size. |
The Bernstein team have optimized Ed25519 for 64-bit processors in the [[x86]] [[Nehalem (microarchitecture)|Nehalem]]/[[Westmere (microarchitecture)|Westmere]] family, achieving fast key generation, document signing and signature verification. Verification can be performed in batches of 64 signatures for even greater throughput. Ed25519 is targeted to provide attack resistance comparable to quality 128-bit ciphers. Public keys are 256 bits (32 bytes) in length and signatures are twice that size. |
||
Revision as of 10:57, 12 November 2014
 | This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of elliptic curve cryptography based on Twisted Edwards curves. It is designed for high performance while avoiding security problems that have surfaced in other digital signature schemes. It was developed by a team led by Daniel J. Bernstein.[1]
Ed25519 is a specific implementation of EdDSA using the Twisted Edwards curve:
- .
This curve is birationally equivalent to the Montgomery curve known as Curve25519. The equivalence is and .[1]
The Bernstein team have optimized Ed25519 for 64-bit processors in the x86 Nehalem/Westmere family, achieving fast key generation, document signing and signature verification. Verification can be performed in batches of 64 signatures for even greater throughput. Ed25519 is targeted to provide attack resistance comparable to quality 128-bit ciphers. Public keys are 256 bits (32 bytes) in length and signatures are twice that size.
Security features of Ed25519 include elimination of branch operations and array indexing steps that depend on data which must be kept secret, so as to defeat many side channel attacks. Like other digital signature algorithms, EdDSA requires a secret value, or nonce, unique to each signature, however EdDSA calculates this nonce deterministically, as the hash of the secret key and the message, rather than rely on a random number generator. This reduces the risk of a random number generator attack, but does not completely eliminate it, since high quality random numbers are still needed for key generation.
See also
References
- ^ a b Bernstein, Daniel J.; Duif, Niels; Lange, Tanja; Schwabe, Peter; Bo-Yin Yang (2011-09-26). "High-speed high-security signatures" (PDF).
{{cite journal}}: Cite journal requires|journal=(help)
External links
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |