ed25519-java icon indicating copy to clipboard operation
ed25519-java copied to clipboard

Published 20 hours ago verified publisher icon str4d

Rewrite to wrap around curve25519-elisabeth and ed25519-elisabeth

Open str4d opened this issue 5 years ago • 1 comments

Currently the Curve25519-specific arithmetic is closely-coupled to its use in this EdDSA implementation. Part of the reason for this was to make it theoretically easier to generically support other EdDSA instantiations in the library, such as Ed448. However, the close coupling makes it difficult to reuse the Curve25519 arithmetic for either X25519 operations, or as an internal representation for ristretto255.

Meanwhile, since this library was created, the wider community has standardised Ed25519 and Ed448 in RFC 8032. In particular, section 3 states:

   The generic EdDSA digital signature system with its 11 input
   parameters is not intended to be implemented directly.  Choosing
   parameters is critical for secure and efficient operation.  Instead,
   you would implement a particular parameter choice for EdDSA (such as
   Ed25519 or Ed448), sometimes slightly generalized to achieve code
   reuse to cover Ed25519 and Ed448.

Therefore, in the next version of this library I plan to move the Curve25519 arithmetic out of this library, and remove the BigInteger-based arithmetic.

This is a breaking change, because the current API of this library exposes arithmetic classes that will be moved (such as GroupElement).

My strategy for this will be:

  1. Create a new library, instantiated with the Curve25519 group and field arithmetic from this library.
  2. Refactor the arithmetic code within the new library as necessary to create a standalone API there.
  3. Publish the new library.
  4. Replace the Curve25519 arithmetic in this library with the new library, refactoring the API here as necessary.

This library will then solely be focused on implementing the EdDSA algorithm, the JCA engine, and the higher-level encoding formats such as X.509.

str4d avatar Jan 28 '19 03:01 str4d

My new Curve25519 library is here: https://github.com/cryptography-cafe/curve25519-elisabeth

I have decided to also create a new Ed25519 library with a more modern API, which I am working on here: https://github.com/cryptography-cafe/ed25519-elisabeth

So my plan now is to have this library wrap ed25519-elisabeth for backwards-compatibility with JCA usages.

str4d avatar Aug 03 '19 16:08 str4d