How do I add two curve25519 points
Question
I have two points ([32]byte) on curve25519. How do I add them (a + b). I obviously can't do it using big.Int, since they aren't numbers but points on the curve. I haven't found so far any library to do something similar to what I can do using edwards25519 :
a := [32]byte // I get that from another function
b := [32]byte // also from another function
pointA, _ := new(edwards25519.Point).SetBytes(a)
pointB, _ := new(edwards25519.Point).SetBytes(b)
pointC := pointA.Add(pointA, pointB)
fmt.Println(pointC.Bytes())
I already tried using this and converting the result to the montgomery curve using &edwards25519.Point{}.BytesMontgomery() , but I was not able to import neither a nor b into the edwards25519 curve, since they are points on the curve25519.
1 answers
solution1
2 2021-02-24 11:53:00
You can use libsodium to achieve this with two steps.
Start with
Edwards25519/Ed25519keys, generate two public keys/points, then callcrypto_core_ed25519_add( documentation ).Covert the resultant to
curve25519usingcrypto_sign_ed25519_pk_to_curve25519via birational map ( documentation ).
There are bindings for Go . You need to be careful and not use some "random" lib, this stuff is hard to get right and hard to do in constant time (avoid side channels).
RFC 7748 provides the formulas to map (x, y) Ed25519 Edwards points to (u, v) Curve25519 Montgomery points and vice versa.
The birational maps are:
(u, v) = ((1+y)/(1-y), sqrt(-486664)*u/x)
(x, y) = (sqrt(-486664)*u/v, (u-1)/(u+1))
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.