Curve25519
Curve25519 is an elliptical curve that is used for asymmetric cryptosystems . It is usually used for digital signatures and key exchange protocols and is considered to be particularly fast. It is standardized by the IETF as RFC 7748 . It is widely used, for example in the GNU Privacy Guard (GPG), the Signal app , WhatsApp , Element , the Tor and I2P network or in iOS for storing files while the device is locked.
Mathematical formula
The curve is made by the function
defined in a finite field modulo the prime number (hence the name). It is a so-called Montgomery curve . In contrast to the usual Weierstrass curves, this form allows the use of algorithms that are immune to timing side-channel attacks .
development
Curve25519 was developed in 2005 by the cryptographer Daniel J. Bernstein . He also published a public domain program library as a reference implementation . It was defined as the first (fastest) curve that meets a specified catalog of criteria. This deterministic derivation from publicly known factors makes it unnecessary to trust complex basic constants and is thus intended to ensure that backdoors are excluded .
Curve25519 was originally defined as a Diffie-Hellman function. Daniel J. Bernstein has since suggested the name Curve25519 for the underlying curve, while the designation X25519 should be used for the Diffie-Hellman function.
standardization
Since 2014 the cryptography working group of the Internet Engineering Task Force (IETF) has been striving to standardize new elliptic curves for asymmetric cryptography on the Internet. Curve25519 is considered the most promising candidate for the standardization of an elliptical curve, which is intended to replace the curves standardized by the National Institute of Standards and Technology (NIST). These have fallen into disrepute, as they were derived by the National Security Agency (NSA) from unexplained initial data and a backdoor cannot be ruled out. In addition to more transparency, it should also be less error-prone during implementation.
Ed25519 and other curves
Curve25519 cannot be used with older signature algorithms such as ECDSA. For curves like Curve25519, there is the specially developed Ed25519 process.
In addition to Curve25519, there are other curves that were developed according to similar principles and also work with Ed25519, including Ed448-Goldilocks by Mike Hamburg and the curve E-521, which was independently discovered by several people.
See also
Web links
- Daniel J. Bernstein: A state-of-the-art Diffie-Hellman function (English)
- IANIX: Things that use Curve25519 (English)
- A. Langley, M. Hamburg, S. Turner: RFC 7748 . - Elliptic Curves for Security . [Errata: RFC 7748 ]. January 2016. (English).
swell
- ↑ Fabian A. Scherschel: Encryption: IETF standardizes two further elliptic curves. In: heise Security. January 27, 2016, accessed December 30, 2016 .
- ↑ Hanno Böck (golem.de), November 6th, 2014: Encryption: GnuPG 2.1 brings support for elliptic curves
- ↑ Things that use Curve25519
- ↑ Jean Sigwald ( Sogeti ), October 14, 2011: iOS 5 data protection updates ( Memento from May 30, 2014 in the Internet Archive )
- ↑ SafeCurves: choosing safe curves for elliptic-curve cryptography. Retrieved June 7, 2016 .
- ↑ a b Hanno Böck (golem.de), December 4, 2014: The search for new curves
- ↑ [Cfrg] 25519 naming. In: ietf.org. Retrieved June 24, 2016 .
- ↑ Hanno Böck (golem.de), September 12, 2013: The origin of the nesting curves
- ↑ Ed25519: ed25519.cr.yp.to
- ↑ SafeCurves: safecurves.cr.yp.to