简体繁体 English

有哪些Ed25519的实现？

[英]What implementions of Ed25519 exist?

原文 2013-10-02 22:06:16 5 4 cryptography/ curve-25519/ sqrl/ ed25519

The new SQRL authentication scheme relies on Curve Ed25519 encryption developed by Daniel Bernstein. 新的SQRL认证方案依赖于Daniel Bernstein开发的Curve Ed25519加密。 However, in order to start implementing this scheme there needs to be a mature implementation of Curve Ed25519 first. 但是，为了开始实施该方案，首先需要成熟的Curve Ed25519实现。

Does anyone know of any mature, implementations? 有谁知道任何成熟的实现？ For Java, .NET or any other popular platform? 对于Java，.NET或任何其他流行的平台？

4 个解决方案

Curve25519 vs. Ed25519 Curve25519对比Ed25519

First of all, Curve25519 and Ed25519 aren't exactly the same thing. 首先，Curve25519和Ed25519并不完全相同。 They're based on the same underlying curve, but use different representations. 它们基于相同的基础曲线，但使用不同的表示。 Most implementations are either for Curve25519 or Ed25519, but it's possible to reuse some code between them. 大多数实现都是针对Curve25519或Ed25519，但可以在它们之间重用一些代码。

It is possible to convert Ed25519 public keys to Curve25519, but the other way round misses a sign bit. 可以将Ed25519公钥转换为Curve25519，但反过来却错过了一个符号位。 ie two Ed25519 public keys correspond to a single Curve25519 public key. 即两个Ed25519公钥对应一个Curve25519公钥。 Private keys are very similar as well. 私钥也非常相似。

Concerning implementations it's important to distinguish between the actual implementation, and libraries that package them in usable form. 关于实现，区分实际实现和以可用形式打包它们的库是很重要的。

Actual implementations 实际实施

djb's implementations in SUPERCOP djb在SUPERCOP中的实现

Ref written in c, very slow Ref用c写的，很慢
djb's Ref10 written in c, decent performance djb的Ref10用c写的，性能不错
djb's amd64-64-24k and amd64-51-30k , written in assembly, about twice as fast as Ref10 djb的amd64-64-24k和amd64-51-30k ，用汇编编写，大约是Ref10两倍

He also wrote an earlier, incompatible, prototype in NaCl, don't use that one 他还在NaCl中编写了一个早期的，不兼容的原型，不要使用那个

Floodyberry's donna implementation Floodyberry的唐娜实施

Contains several variants, both assembly and c. 包含几个变体，包括程序集和c。 Some optimized for 64 bit, some optimized for 32 bit. 一些针对64位进行了优化，一些针对32位进行了优化。

Libraries 图书馆

LibSodium LibSodium
C library, currently uses Ref10 implementation C库，目前使用Ref10实现
Has bindings for many programming languages . 具有许多编程语言的绑定。 It's probably the most popular version and what I recommend to most people. 它可能是最受欢迎的版本，也是我向大多数人推荐的版本。
Contains a bunch of other crypto functions from NaCl, such authenticated encryption (XSalsa20Poly1305), hashes, Curve25519 key-exchange. 包含来自NaCl的一堆其他加密函数，例如经过身份验证的加密（XSalsa20Poly1305），哈希，Curve25519密钥交换。
Nightcracker's Ed25519 Nightcracker的Ed25519
C library, uses Ref10 implementation. C库，使用Ref10实现。
Most interesting feature of this library is that it supports key-exchange using Ed25519 public keys. 该库最有趣的功能是它支持使用Ed25519公钥进行密钥交换。 But it doesn't hash the shared key, so it doesn't produce the same shared secret as Curve25519. 但它不会散列共享密钥，因此它不会产生与Curve25519相同的共享密钥。
Contains pre-built binaries for Win32 and Win64. 包含Win32和Win64的预构建二进制文件。
My C# port 我的C＃端口
Pure managed code and works unchanged on 32 and 64 bit platforms. 纯托管代码，在32位和64位平台上保持不变。 Based on Ref10. 基于Ref10。 A bit slower than c implementations, but the difference is surprisingly small. 比c实现慢一点，但差异非常小。
Supports key-exchange compatible with NaCl using both Curve25519 and Ed25519 key and contains a bunch of other crypto functions from NaCl. 使用Curve25519和Ed25519键支持与NaCl兼容的密钥交换，并包含一系列来自NaCl的其他加密函数。 I'm aiming for a similar feature set as LibSodium. 我的目标是像LibSodium一样的功能集。
The Ed25519 signature functions work and have seen a reasonable amount of tests, but other parts of the library are a bit rough. Ed25519签名功能可以工作并且已经看到了大量的测试，但是库的其他部分有点粗糙。
Directly using an implementation from SUPERCOP or Floodyberry's code. 直接使用SUPERCOP或Floodyberry代码的实现。
Probably requires a bit more work for building, but you'll get higher performance (~2x) and don't need to carry around code you don't need. 可能需要更多的工作来构建，但是你将获得更高的性能（~2x）并且不需要携带你不需要的代码。

I recommend going with LibSodium for now. 我建议现在和LibSodium一起去。 It's relatively popular and well maintained. 它相对受欢迎且维护良好。 Performance is decent, should only cause performance issues in really signature heavy applications. 性能不错，应该只会导致真正签名的重型应用程序中的性能问题。

Adding to CodesInChaos' answer: 添加到CodesInChaos的答案：

Libraries 图书馆

My Java port 我的Java端口
Based on Ref 10, and provides the standard JCA APIs so it can be added to a crypto Provider. 基于Ref 10，并提供标准JCA API，以便将其添加到加密提供程序。

By far the most mature and performant one is the one written by Daniel Bernstein himself. 到目前为止，最成熟和最高效的是丹尼尔伯恩斯坦本人写的。 It can be found within SUPERCOP . 它可以在SUPERCOP中找到。

However, the API of it is quite awkward, and it takes quite some digging/extracting to get what you want. 但是，它的API非常笨拙，需要相当多的挖掘/提取才能得到你想要的东西。 To save other people work I have done this myself and put my code on Github . 为了节省其他人的工作，我自己完成了这项工作并将我的代码放在Github上。

Beware your exact terms though, Ed25519 and Curve25519 are related, but different things. 请注意您的确切条款，Ed25519和Curve25519是相关的，但不同的东西。 What you should know is that Ed25519 is a public/private key signature system and Curve25519 is a key exchange. 你应该知道的是Ed25519是一个公钥/私钥签名系统，Curve25519是一个密钥交换。 Ed25519 keypairs can be converted to Curve25519 keypairs, the other way around I'm not so sure about. Ed25519密钥对可以转换为Curve25519密钥对，反过来我不太确定。 What my library on Github does is keep everything in Ed25519 keypairs and convert to Curve25519 for key exchanging. 我在Github上的图书馆所做的就是将所有内容保存在Ed25519密钥对中，然后转换为Curve25519进行密钥交换。