1
$\begingroup$

There are many different ED25519/Curve25519/X25519 implementations around. I focus on two of them:

  1. https://github.com/jedisct1/libsodium
  2. https://github.com/floodyberry/ed25519-donna

The libsodium library provides the function

crypto_scalarmult_curve25519_ref10(unsigned char *q, const unsigned char *n, const unsigned char *p)

in the file x25519_ref10.c which is e.q. used during the SSH handshake to exchange a secret using ECDH.

The ed25519-donna provides a very fast implementation of ed25519 and also provides the function

/* Fast Curve25519 basepoint scalar multiplication */ void ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25519_key e) {

...

Unfortunately this doesn't yield the same result as the x25519 scalar multiplication from libsodium.

Now the question:

Is there a way to implement the scalar multiplication of X25519 by using the ed25519 functions? And how would an implementation look like?

Improve this question
$\endgroup$
2
  • 1
    $\begingroup$ Yes, but it would be slower. Ed25519 and Curve25519 are isomorphic (if you handle Curve25519's degenerate points correctly), so you can convert between the two. It gets a bit complicated, but it can be done. However, there's not much reason to do this - just use a Curve25519 implementation. $\endgroup$ Commented Apr 9, 2024 at 22:55
  • $\begingroup$ @Myria: would it be a speedup then to use Curve25519 for Ed25519 computations? $\endgroup$ Commented May 16, 2024 at 14:32

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.