stackoom
  简体   繁体   中英

How do I sign a curve25519 key in golang?

 原文  2020-06-26 01:06:49       algorithm/ go/ cryptography/ ed25519/ curve-25519

Question

I am trying to implement the X3DH algorithm from Signal in Go. However, I got stuck on how to sign the Public Signed PreKey.

Per the specifications it is supposed to be an X25519 key. In looking at previous implementations on Github they generated a [32]byte key from the curve25519 package and then converted it to an ed25519 key and then signed it.

However, the packages they used for the conversion are deprecated ( github.com/agl/ed25519 ). Therefore, I either need to be able to convert the keys to ed25519 so I can sign them with the current ed25519 package ( golang.org/x/crypto/25519 ) or implement a sign and verify function for curve25519 keys.

2 answers

solution1
 0 ACCPTED  2020-06-26 15:07:49

Ed25519 keys can be converted to X25519 keys easily, the twisted Edwards curve used by Ed25519 and the Montgomery curve used by X25519 are birationally equivalent.

Points on the Edwards curve are usually referred to as ( x, y ), while points on the Montgomery curve are usually referred to as ( u, v ).

You don't need a library to do the conversion, it's really simple...

(u, v) = ((1+y)/(1-y), sqrt(-486664)*u/x)
(x, y) = (sqrt(-486664)*u/v, (u-1)/(u+1))

Here is a great blog by Filippo Valsorda, the Golang security lead at Google, discussing this topic.

solution2
 0  2020-06-28 08:22:44

This takes in a public curve25519 key and converts it to an ed25519 public key. I did not write this code but appears to be doing what Woodstock above is stating. Further information would be welcomed:

func Verify(publicKey [32]byte, message []byte, signature *[64]byte) bool {

publicKey[31] &= 0x7F

/* Convert the Curve25519 public key into an Ed25519 public key.  In
particular, convert Curve25519's "montgomery" x-coordinate into an
Ed25519 "edwards" y-coordinate:
ed_y = (mont_x - 1) / (mont_x + 1)
NOTE: mont_x=-1 is converted to ed_y=0 since fe_invert is mod-exp
Then move the sign bit into the pubkey from the signature.
*/

var edY, one, montX, montXMinusOne, montXPlusOne FieldElement
FeFromBytes(&montX, &publicKey)
FeOne(&one)
FeSub(&montXMinusOne, &montX, &one)
FeAdd(&montXPlusOne, &montX, &one)
FeInvert(&montXPlusOne, &montXPlusOne)
FeMul(&edY, &montXMinusOne, &montXPlusOne)

var A_ed [32]byte
FeToBytes(&A_ed, &edY)

A_ed[31] |= signature[63] & 0x80
signature[63] &= 0x7F

var sig = make([]byte, 64)
var aed = make([]byte, 32)

copy(sig, signature[:])
copy(aed, A_ed[:])

return ed25519.Verify(aed, message, sig)

This uses functions from "golang.org/x/crypto/ed25519/internal"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Golang: How do I convert command line arguments to integers? How do I connect four 2D grid points with a smooth curve in C# and give the x and y location back at a certain time? How do I merge two lists of tuples based on a key? How do I make a “composite key” (and what is this even called)? How can I change the curve of this random number generator dynamically? How can I draw a curve which satisfies several definite integrals? How can I get a cubic bezier curve closest to given points? How to divide a numerique curve How to draw Gaussian Distribution curve How do I create a third object from two objects using the key values
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM