Commit 2fe8d4e3 authored by Simon Josefsson's avatar Simon Josefsson

fix

parent 728a3e06
This diff is collapsed.
......@@ -53,11 +53,12 @@
<t>The Edwards-curve Digital Signature Algorithm (EdDSA) is a
variant of Schnorr's signature system with Twisted Edwards
curves. EdDSA needs to be instantiated with certain parameters,
and Ed25519 is described in this document. To facilitate
adoption in the Internet community of Ed25519, this document
describe the signature scheme in an implementation-oriented way,
and we provide sample code and test vectors.</t>
curves. EdDSA needs to be instantiated with certain parameters
and this document described Ed25519 - an instantiation of EdDSA
in a curve over GF(2^255-19). To facilitate adoption in the
Internet community of Ed25519, this document describe the
signature scheme in an implementation-oriented way, and we
provide sample code and test vectors.</t>
<t>The advantages with EdDSA and Ed25519 include:
......@@ -72,7 +73,9 @@
<t>Small public keys (32 bytes) and signatures (64 bytes).</t>
<t>The formulas are "strongly unified", i.e., they are valid
for all points on the curve, with no exceptions.</t>
for all points on the curve, with no exceptions. This
obviates the need for EdDSA to perform expensive point
validation on untrusted public values.</t>
<t>Collision resilience, meaning that hash-function collisions
do not break this system.</t>
......@@ -105,9 +108,10 @@
<t>It is required that q = 1 modulo 4 (which implies that -1 is
a square modulo q) and that d is a non-square modulo q. For
Ed25519, the curve used is equivalent to curve25519, under a
change of coordinates, which means that the difficulty of the
discrete logarithm problem is the same as for curve25519.</t>
Ed25519, the curve used is equivalent to <xref
target="CURVE25519">Curve25519</xref>, under a change of
coordinates, which means that the difficulty of the discrete
logarithm problem is the same as for Curve25519.</t>
<t>Points on this curve form a group under addition, (x3, y3) =
(x1, y1) + (x2, y2), with the formulas</t>
......@@ -627,7 +631,8 @@ d25bf5f0595bbe24655141438e7a100b
<section anchor="ack"
title="Acknowledgements">
<t>Feedback on this document was received from Werner Koch.</t>
<t>Feedback on this document was received from Werner Koch and
Damien Miller.</t>
</section>
......@@ -671,6 +676,7 @@ d25bf5f0595bbe24655141438e7a100b
<seriesInfo name="WWW"
value="http://ed25519.cr.yp.to/ed25519-20110926.pdf" />
</reference>
<reference anchor="Faster-ECC">
<front>
<title>Faster addition and doubling on elliptic curves</title>
......@@ -695,6 +701,17 @@ d25bf5f0595bbe24655141438e7a100b
value="http://eprint.iacr.org/2008/522" />
</reference>
<reference anchor="CURVE25519">
<front>
<title>Curve25519: new Diffie-Hellman speed records</title>
<author initials="D.J." surname="Bernstein"
fullname="D.J. Bernstein"/>
<date month="February" year="2006" />
</front>
<seriesInfo name="WWW"
value="http://cr.yp.to/ecdh.html" />
</reference>
<reference anchor="ED25519-TEST-VECTORS">
<front>
<title>Ed25519 test vectors</title>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment