Commit bd22fc52 authored by Simon Josefsson's avatar Simon Josefsson

fix

parent 66e2d8b6
......@@ -69,16 +69,15 @@ Table of Contents
3.4. Verify . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Ed25519 . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Test Vectors for Ed25519 . . . . . . . . . . . . . . . . . . 9
6. Copying Conditions . . . . . . . . . . . . . . . . . . . . . 10
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
9. Security Considerations . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
10.1. Normative References . . . . . . . . . . . . . . . . . . 10
10.2. Informative References . . . . . . . . . . . . . . . . . 11
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
8. Security Considerations . . . . . . . . . . . . . . . . . . . 10
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
9.1. Normative References . . . . . . . . . . . . . . . . . . 10
9.2. Informative References . . . . . . . . . . . . . . . . . 10
Appendix A. Ed25519 Python Library . . . . . . . . . . . . . . . 11
Appendix B. Library driver . . . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction
......@@ -109,6 +108,7 @@ Table of Contents
Josefsson Expires August 11, 2015 [Page 2]
Internet-Draft scrypt February 2015
......@@ -523,57 +523,45 @@ Internet-Draft scrypt February 2015
4a7c15e9716ed28dc027beceea1ec40a
-----
6. Copying Conditions
The authors agree to grant third parties the irrevocable right to
copy, use and distribute this entire document or any portion of it,
with or without modification, in any medium, without royalty,
provided that, unless separate permission is granted, redistributed
modified works do not contain misleading author, version, name of
work, or endorsement information.
6. Acknowledgements
7. Acknowledgements
The Python code was written by Niels Moeller.
The Python code is written by Niels Moeller.
8. IANA Considerations
7. IANA Considerations
None.
9. Security Considerations
8. Security Considerations
TBA.
10. References
9. References
10.1. Normative References
9.1. Normative References
[RFC4634] Eastlake, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and HMAC-SHA)", RFC 4634, July 2006.
Josefsson Expires August 11, 2015 [Page 10]
Internet-Draft scrypt February 2015
[I-D.irtf-cfrg-curves]
Langley, A., Salz, R., and S. Turner, "Elliptic Curves for
Security", draft-irtf-cfrg-curves-01 (work in progress),
January 2015.
10.2. Informative References
9.2. Informative References
[EDDSA] Bernstein, D., Duif, N., Lange, T., Schwabe, P., and B.
Yang, "High-speed high-security signatures", WWW
http://ed25519.cr.yp.to/ed25519-20110926.pdf, September
2011.
Josefsson Expires August 11, 2015 [Page 10]
Internet-Draft scrypt February 2015
Appendix A. Ed25519 Python Library
Below is an example implementation of Ed25519 written in Python,
......@@ -611,13 +599,6 @@ def sha512_modq(s):
# with x = X/Z, y = Y/Z, x*y = T/Z
Josefsson Expires August 11, 2015 [Page 11]
Internet-Draft scrypt February 2015
def point_add(P, Q):
A = (P[1]-P[0])*(Q[1]-Q[0]) % p
B = (P[1]+P[0])*(Q[1]+Q[0]) % p
......@@ -630,6 +611,13 @@ def point_add(P, Q):
return (E*F, G*H, F*G, E*H)
Josefsson Expires August 11, 2015 [Page 11]
Internet-Draft scrypt February 2015
# Computes Q = s * Q
def point_mul(s, P):
Q = (0, 1, 1, 0) # Neutral element
......@@ -666,14 +654,6 @@ def recover_x(y, sign):
# Compute square root of x2
x = pow(x2, (p+3) // 8, p)
Josefsson Expires August 11, 2015 [Page 12]
Internet-Draft scrypt February 2015
if (x*x - x2) % p != 0:
x = x * modp_sqrt_m1 % p
if (x*x - x2) % p != 0:
......@@ -686,6 +666,14 @@ Internet-Draft scrypt February 2015
# Base point
g_y = 4 * modp_inv(5) % p
g_x = recover_x(g_y, 0)
Josefsson Expires August 11, 2015 [Page 12]
Internet-Draft scrypt February 2015
G = (g_x, g_y, 1, g_x * g_y % p)
......@@ -722,14 +710,6 @@ def secret_expand(secret):
def secret_to_public(secret):
(a, dummy) = secret_expand(secret)
Josefsson Expires August 11, 2015 [Page 13]
Internet-Draft scrypt February 2015
return point_compress(point_mul(a, G))
......@@ -744,6 +724,12 @@ def sign(secret, msg):
return Rs + int.to_bytes(s, 32, "little")
Josefsson Expires August 11, 2015 [Page 13]
Internet-Draft scrypt February 2015
def verify(public, msg, signature):
if len(public) != 32:
raise Exception("Bad public-key length")
......@@ -779,13 +765,6 @@ Appendix B. Library driver
assert (x*y - P[3]*zinv) % p == 0
return (-x*x + y*y - 1 - d*x*x*y*y) % p == 0
Josefsson Expires August 11, 2015 [Page 14]
Internet-Draft scrypt February 2015
assert point_valid(G)
Z = (0, 1, 1, 0)
assert point_valid(Z)
......@@ -799,6 +778,14 @@ Internet-Draft scrypt February 2015
assert point_valid(point_mul(i, G))
assert point_equal(Z, point_mul(q, G))
Josefsson Expires August 11, 2015 [Page 14]
Internet-Draft scrypt February 2015
def munge_string(s, pos, change):
return (s[:pos] +
int.to_bytes(s[pos] ^ change, 1, "little") +
......@@ -832,16 +819,6 @@ Internet-Draft scrypt February 2015
bad_signature = munge_string(signature, 40, 16)
assert not verify(public, msg, bad_signature)
Josefsson Expires August 11, 2015 [Page 15]
Internet-Draft scrypt February 2015
Author's Address
Simon Josefsson
......@@ -860,37 +837,4 @@ Author's Address
Josefsson Expires August 11, 2015 [Page 16]
Josefsson Expires August 11, 2015 [Page 15]
......@@ -422,22 +422,10 @@ SIGNATURE:
</section>
<section anchor="copying-conditions"
title="Copying Conditions">
<t>The authors agree to grant third parties the irrevocable
right to copy, use and distribute this entire document or any
portion of it, with or without modification, in any medium,
without royalty, provided that, unless separate permission is
granted, redistributed modified works do not contain misleading
author, version, name of work, or endorsement information.</t>
</section>
<section anchor="ack"
title="Acknowledgements">
<t>The Python code is written by Niels Möller.</t>
<t>The Python code was written by Niels Möller.</t>
</section>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment