Ed25519 - Revision history

Rational Point: cat

2025-01-02T08:58:04Z

cat

← Older revision		Revision as of 08:58, 2 January 2025
Line 1:		Line 1:
			[[Category:Conic section cryptography]]

	[[Image:Ed25519.svg\|frame\|left\|<tt>−x^2 + y^2 = 1 − (121665/121666) * x^2 * y^2</tt> <ref>Monero Project: Monero docs: Edwards25519 Elliptic Curve https://docs.getmonero.org/cryptography/asymmetric/edwards25519/</ref>]]		[[Image:Ed25519.svg\|frame\|left\|<tt>−x^2 + y^2 = 1 − (121665/121666) * x^2 * y^2</tt> <ref>Monero Project: Monero docs: Edwards25519 Elliptic Curve https://docs.getmonero.org/cryptography/asymmetric/edwards25519/</ref>]]
	'''Ed25519''' is a particular implementation of Elliptic Curve Digital Signature Algorithm ([[ECDSA]]) on a particular elliptic curve over a particular finite field, uniquely specified for the purpose, and named “Curve25519.”		'''Ed25519''' is a particular implementation of Elliptic Curve Digital Signature Algorithm ([[ECDSA]]) on a particular elliptic curve over a particular finite field, uniquely specified for the purpose, and named “Curve25519.”

	Or is it “birationally equivalent?”		Or is it “birationally equivalent?” We need a dunce cap category for “elliptic curves” that are actually conic sections plotted by the square roots of their coördinates to appear as trivially reducible quartic curves.

	It is described perhaps most definitively on its author’s homepage <ref>Daniel Bernstein. https://ed25519.cr.yp.to/, last updated 2017.01.22.</ref>. It has been extensively studied and reviewed <ref>Jacqueline Brendel, Cas Cremers, Dennis Jackson, and Mang Zhao. “The Provable Security of Ed25519: Theory and Practice.” ''Cryptology ePrint Archive,''		It is described perhaps most definitively on its author’s homepage <ref>Daniel Bernstein. https://ed25519.cr.yp.to/, last updated 2017.01.22.</ref>. It has been extensively studied and reviewed <ref>Jacqueline Brendel, Cas Cremers, Dennis Jackson, and Mang Zhao. “The Provable Security of Ed25519: Theory and Practice.” ''Cryptology ePrint Archive,''
Line 12:		Line 14:
	57896044618658097711785492504343953926634992332820282019728792003956564819949		57896044618658097711785492504343953926634992332820282019728792003956564819949

	used as the modulus of the finite field. This particular choice of prime number is not difficult to explain ~~or justify~~ as simply the largest suitable prime number that will not overflow a 256-bit or 8-byte array of memory allocated for the efficient machine implementation of arithmetic which is mentioned in the literature. The properties of the [[finite field]] ''GF''(''p''), however, depend heavily on the prime factorization of <math>\phi(p)=p-1</math>.		used as the modulus of the finite field. This particular choice of prime number is not difficult to explain as simply the largest suitable prime number that will not overflow a 256-bit or 8-byte array of memory allocated for the efficient machine implementation of arithmetic which is mentioned in the literature. The properties of the [[finite field]] ''GF''(''p''), however, depend heavily on the prime factorization of <math>\phi(p)=p-1</math>. Assuming quartic curves reducible to a degree of two are largely irrelevant, the only difficulty for cracking this scheme of public key encryption is the straight discrete [[logarithm problem]] modulo 2²⁵⁵–19.

Rational Point: illustration

2024-12-29T12:00:10Z

illustration

← Older revision		Revision as of 12:00, 29 December 2024
Line 1:		Line 1:
			[[Image:Ed25519.svg\|frame\|left\|<tt>−x^2 + y^2 = 1 − (121665/121666) * x^2 * y^2</tt> <ref>Monero Project: Monero docs: Edwards25519 Elliptic Curve https://docs.getmonero.org/cryptography/asymmetric/edwards25519/</ref>]]
	'''Ed25519''' is a particular implementation of Elliptic Curve Digital Signature Algorithm ([[ECDSA]]) on a particular elliptic curve over a particular finite field, uniquely specified for the purpose, and named “Curve25519.”		'''Ed25519''' is a particular implementation of Elliptic Curve Digital Signature Algorithm ([[ECDSA]]) on a particular elliptic curve over a particular finite field, uniquely specified for the purpose, and named “Curve25519.”

Line 7:		Line 8:
	</ref>. Schneier <ref>Bruce Schneier. “Bounty to Recover NIST’s Elliptic Curve Seeds.” ''Schneier on Security,'' Oct 12, 2023. https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html</ref><ref>Filippo Valsorda. “Announcing the $12K NIST elliptic curve seeds bounty.” ''Cryptography Dispatches,'' Oct 5, 2023. https://words.filippo.io/dispatches/seeds-bounty/</ref> feels that some of these schemes are overspecified <ref>A. Langley, M. Hamburg and S. Turner. “Elliptic Curves for Security.” Technical Report RFC 7748, Jan. 2016. https://datatracker.ietf.org/doc/html/rfc7748</ref>, and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA [https://www.cia.gov/the-world-factbook/countries/tonga/factbook factbook on the Tonga], official registrant of the <tt>.to</tt> top level country code domain.		</ref>. Schneier <ref>Bruce Schneier. “Bounty to Recover NIST’s Elliptic Curve Seeds.” ''Schneier on Security,'' Oct 12, 2023. https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html</ref><ref>Filippo Valsorda. “Announcing the $12K NIST elliptic curve seeds bounty.” ''Cryptography Dispatches,'' Oct 5, 2023. https://words.filippo.io/dispatches/seeds-bounty/</ref> feels that some of these schemes are overspecified <ref>A. Langley, M. Hamburg and S. Turner. “Elliptic Curves for Security.” Technical Report RFC 7748, Jan. 2016. https://datatracker.ietf.org/doc/html/rfc7748</ref>, and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA [https://www.cia.gov/the-world-factbook/countries/tonga/factbook factbook on the Tonga], official registrant of the <tt>.to</tt> top level country code domain.

	The figure ~~25519~~ refers to the prime number 2<sup>255</sup> – 19 =		The figure “25519” refers to the prime number 2<sup>255</sup> – 19 =

	57896044618658097711785492504343953926634992332820282019728792003956564819949		57896044618658097711785492504343953926634992332820282019728792003956564819949

	used as the modulus of the finite field. This particular choice of prime number is not difficult to explain or justify as simply the largest suitable prime number that will not overflow a 256-bit or 8-byte array of memory allocated for the efficient machine implementation of arithmetic which is mentioned in the literature. The properties of the [[finite field]] ''GF''(''p''), however, depend heavily on the prime factorization of <math>\phi(p)=p-1</math>.		used as the modulus of the finite field. This particular choice of prime number is not difficult to explain or justify as simply the largest suitable prime number that will not overflow a 256-bit or 8-byte array of memory allocated for the efficient machine implementation of arithmetic which is mentioned in the literature. The properties of the [[finite field]] ''GF''(''p''), however, depend heavily on the prime factorization of <math>\phi(p)=p-1</math>.

Rational Point: properties of finite field

2024-12-28T21:41:42Z

properties of finite field

← Older revision		Revision as of 21:41, 28 December 2024
Line 11:		Line 11:
	57896044618658097711785492504343953926634992332820282019728792003956564819949		57896044618658097711785492504343953926634992332820282019728792003956564819949

	used as the modulus of the finite field.		used as the modulus of the finite field. This particular choice of prime number is not difficult to explain or justify as simply the largest suitable prime number that will not overflow a 256-bit or 8-byte array of memory allocated for the efficient machine implementation of arithmetic which is mentioned in the literature. The properties of the [[finite field]] ''GF''(''p''), however, depend heavily on the prime factorization of <math>\phi(p)=p-1</math>.

Rational Point: the prime number

2024-12-28T13:19:03Z

the prime number

← Older revision		Revision as of 13:19, 28 December 2024
Line 7:		Line 7:
	</ref>. Schneier <ref>Bruce Schneier. “Bounty to Recover NIST’s Elliptic Curve Seeds.” ''Schneier on Security,'' Oct 12, 2023. https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html</ref><ref>Filippo Valsorda. “Announcing the $12K NIST elliptic curve seeds bounty.” ''Cryptography Dispatches,'' Oct 5, 2023. https://words.filippo.io/dispatches/seeds-bounty/</ref> feels that some of these schemes are overspecified <ref>A. Langley, M. Hamburg and S. Turner. “Elliptic Curves for Security.” Technical Report RFC 7748, Jan. 2016. https://datatracker.ietf.org/doc/html/rfc7748</ref>, and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA [https://www.cia.gov/the-world-factbook/countries/tonga/factbook factbook on the Tonga], official registrant of the <tt>.to</tt> top level country code domain.		</ref>. Schneier <ref>Bruce Schneier. “Bounty to Recover NIST’s Elliptic Curve Seeds.” ''Schneier on Security,'' Oct 12, 2023. https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html</ref><ref>Filippo Valsorda. “Announcing the $12K NIST elliptic curve seeds bounty.” ''Cryptography Dispatches,'' Oct 5, 2023. https://words.filippo.io/dispatches/seeds-bounty/</ref> feels that some of these schemes are overspecified <ref>A. Langley, M. Hamburg and S. Turner. “Elliptic Curves for Security.” Technical Report RFC 7748, Jan. 2016. https://datatracker.ietf.org/doc/html/rfc7748</ref>, and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA [https://www.cia.gov/the-world-factbook/countries/tonga/factbook factbook on the Tonga], official registrant of the <tt>.to</tt> top level country code domain.

	The figure 25519 refers to the prime number 2<sup>255</sup>~~–19~~ used as the modulus of the finite field.		The figure 25519 refers to the prime number 2<sup>255</sup> – 19 =

			57896044618658097711785492504343953926634992332820282019728792003956564819949

			used as the modulus of the finite field.

Rational Point: more refs

2024-12-28T13:10:53Z

more refs

← Older revision		Revision as of 13:10, 28 December 2024
Line 1:		Line 1:
	'''Ed25519''' is a particular implementation of Elliptic Curve Digital Signature Algorithm ([[ECDSA]]) on a particular elliptic curve over a particular finite field, uniquely specified for the purpose, and named “Curve25519.”		'''Ed25519''' is a particular implementation of Elliptic Curve Digital Signature Algorithm ([[ECDSA]]) on a particular elliptic curve over a particular finite field, uniquely specified for the purpose, and named “Curve25519.”

	It is described perhaps most definitively on its author’s homepage, https://ed25519.cr.yp.to/, last updated 2017.01.22. Schneier<ref>Bruce Schneier. [https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html ~~“Bounty to Recover NIST’s Elliptic Curve Seeds.”] ''Schneier on Security,'' Oct 12, 2023.~~</ref><ref>Filippo Valsorda. ~~[https://words.filippo.io/dispatches/seeds-bounty/~~ “Announcing the $12K NIST elliptic curve seeds bounty.”] ''Cryptography Dispatches,'' Oct 5, 2023.</ref> feels that some of these schemes are overspecified, and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA [https://www.cia.gov/the-world-factbook/countries/tonga/factbook factbook on the Tonga], official registrant of the <tt>.to</tt> top level country code domain.		Or is it “birationally equivalent?”

			It is described perhaps most definitively on its author’s homepage <ref>Daniel Bernstein. https://ed25519.cr.yp.to/, last updated 2017.01.22.</ref>. It has been extensively studied and reviewed <ref>Jacqueline Brendel, Cas Cremers, Dennis Jackson, and Mang Zhao. “The Provable Security of Ed25519: Theory and Practice.” ''Cryptology ePrint Archive,''
			vol. 2020, no. 823. https://eprint.iacr.org/2020/823.pdf
			</ref>. Schneier <ref>Bruce Schneier. “Bounty to Recover NIST’s Elliptic Curve Seeds.” ''Schneier on Security,'' Oct 12, 2023. https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html</ref><ref>Filippo Valsorda. “Announcing the $12K NIST elliptic curve seeds bounty.” ''Cryptography Dispatches,'' Oct 5, 2023. https://words.filippo.io/dispatches/seeds-bounty/</ref> feels that some of these schemes are overspecified <ref>A. Langley, M. Hamburg and S. Turner. “Elliptic Curves for Security.” Technical Report RFC 7748, Jan. 2016. https://datatracker.ietf.org/doc/html/rfc7748</ref>, and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA [https://www.cia.gov/the-world-factbook/countries/tonga/factbook factbook on the Tonga], official registrant of the <tt>.to</tt> top level country code domain.

			The figure 25519 refers to the prime number 2<sup>255</sup>–19 used as the modulus of the finite field.

Rational Point: refs and links

2024-12-21T11:35:37Z

refs and links

New page

'''Ed25519''' is a particular implementation of Elliptic Curve Digital Signature Algorithm ([[ECDSA]]) on a particular elliptic curve over a particular finite field, uniquely specified for the purpose, and named “Curve25519.”

It is described perhaps most definitively on its author’s homepage, https://ed25519.cr.yp.to/, last updated 2017.01.22. Schneier<ref>Bruce Schneier. [https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html “Bounty to Recover NIST’s Elliptic Curve Seeds.”] ''Schneier on Security,'' Oct 12, 2023.</ref><ref>Filippo Valsorda. [https://words.filippo.io/dispatches/seeds-bounty/ “Announcing the $12K NIST elliptic curve seeds bounty.”] ''Cryptography Dispatches,'' Oct 5, 2023.</ref> feels that some of these schemes are overspecified, and possibly backdoored by the NSA. For that matter we could just as easily pull a CIA [https://www.cia.gov/the-world-factbook/countries/tonga/factbook factbook on the Tonga], official registrant of the <tt>.to</tt> top level country code domain.