[cryptopp-users] ed25519 signing is in testing

Sun, 16 Dec 2018 03:20:20 -0800 

Hi Everyone,

I've got ed25519 on my testing fork at 
https://github.com/noloader/cryptopp/tree/xed25519 .

It is in the early stages of integration. The most important part at this 
point is the selection of Crypto++ interfaces. That is, our ed25519 signers 
and verifiers have to expose the expected interfaces and implement the 
expected methods. It is easier said than done because we are stitching 
together Moon's ed25519, and it is _not_ interface friendly.

This is the part the has me most worried.... One of the things we did not 
do is, start at a Point and then work up to GroupParameters, 
Precomputation, PrivateKey and PublicKey. Point is the most important piece 
because it is the implementation of group operations like + and * in the 
field. If you are familiar with the library, all the existing code does so. 
It also means this will fail in spectacular fashion:

    ed25519::Signer signer(...);
    Integer order = 
signer.AccessKey().GetGroupParameters().GetSubgroupOrder();

We made AccessKey() work as expected because it is needed to load and store 
parameters. But you can't drill in further and go below the keys.

At the moment we are using the NaCl library to implement key generation, 
signing and verification. It produces correct results but it is slow. Next 
we will forgo NaCl library functions and use Moon's code directly. NaCl 
will stick around to cross-validate results. Cross-validation was always 
one of the goals for adding NaCl.

If you have a moment take a look at things, especially the code in 
validat{N}.cpp. That's where ed25519 is exercised like other signers and 
verifiers, such as PKCS and RSA.

Jeff

-- 
You received this message because you are subscribed to "Crypto++ Users". More 
information about Crypto++ and this group is available at 
http://www.cryptopp.com and 
http://groups.google.com/forum/#!forum/cryptopp-users.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to