bitconch/bitconch-core

Apply new elliptic curve encryption in Bitconch (Ed25519)

Closed this issue · 2 comments

caesarchad commented

Ed25519 has much better properties than ECDSA with secp256k1.
https://safecurves.cr.yp.to/ (joint work between Daniel J. Bernstein, University of Illinois at Chicago, USA, and Tanja Lange, Technische Universiteit Eindhoven, Netherlands) has rated Curve25519 as "safe"

The specific reasons why CryptoNote creators chose Curve25519 are unclear but it appears to be trusted by top cryptographers.

Monero developers trust DJB, Curve25519 and the fast Schnorr algo (EdDSA).

Ed25519 is a specific instance of the EdDSA family of signature schemes. Ed25519 is specified in RFC 8032 and widely used. The only other instance of EdDSA that anyone cares about is Ed448, which is slower, not widely used, and also specified in RFC 8032. Keys and signatures in one instance of EdDSA are not meaningful in another instance of EdDSA: Ed25519 and Ed448 are different signature schemes.

The ECDSA family of signature schemes is not related to EdDSA, except in that the mathematics behind it also involves elliptic curves. Any particular instance of ECDSA, such as ECDSA over the curve secp256k1 with SHA-256 (as Bitcoin uses), is incompatible with any other instance of it, such as ECDSA over the curve nistp521 with SHA-512.

On a practical level, what a user might need to know is that Ed25519 keys are not compatible in any meaningful sense with keys in any instance of ECDSA. So, e.g., in the ssh protocol, an ssh-ed25519 key is not compatible with an ecdsa-sha2-nistp521 key, which is why they are marked with different types. Similarly, an ssh-ed448 key, for Ed448, is incompatible, which is why it is also marked with a different type.

On a technical level, what a protocol designer should know is that the ECDSA family of signature schemes is an archaic slow design that encourages security-destroying implementation errors, while the EdDSA family of signature schemes is a modern design that avoids those errors.

FYI https://forum.ethereum.org/discussion/comment/53/#Comment_53
We should create a new function to apply the Ed25519 encrytpion.

caesarchad commented

Some existing libs we could use

  1. golang golang.org/x/crypto/ed25519
    https://godoc.org/golang.org/x/crypto/ed25519#Verify

  2. https://github.com/golang/crypto.git

  3. https://github.com/cloudflare/gokey (this one sue golang.org/x/crypto/ed25519)

  4. https://github.com/trezor/trezor-crypto

caesarchad commented

Ethereum use ??? to verify signature? secp256k1, you can look at the codes in crypto.go in geth
Bitcoin use ??? to verify signature?
We will use ??? to veriy signature.