TeaSpeak/ed25519
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added scalar addition

Browse Source
This commit is contained in:
Orson Peters 2013-02-04 17:56:19 +01:00
parent ce74cffc0a
commit 310b4e0d27
5 changed files with 84 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
ed25519.dll
View File

Binary file not shown.

7
readme.md
View File

@ -83,6 +83,13 @@ must be a readable 64 byte buffer. `message` must have at least `message_len`
bytes to be read. `public_key` must be a 32 byte public key generated by bytes to be read. `public_key` must be a 32 byte public key generated by
`ed25519_create_keypair`. Returns 1 if the signature matches, 0 otherwise. `ed25519_create_keypair`. Returns 1 if the signature matches, 0 otherwise.
```c
void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key,
const unsigned char *scalar);
```
Adds `scalar` to the given keypair where scalar is a 32 byte buffer (possibly generated with `ed25519_create_seed`), generating a new keypair. You can calculate the public key sum without knowing the private key and vice versa by passing in NULL. This is useful for enforcing randomness on a keypair while only knowing the public key, among other things.
Example Example
------- -------
```c ```c

46
src/add_scalar.c Normal file
View File

@ -0,0 +1,46 @@
#include "ge.h"
#include "sc.h"
/* see http://crypto.stackexchange.com/a/6215/4697 */
void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar) {
const unsigned char SC_1[32] = {1}; /* scalar with value 1 */
unsigned char n[32];
ge_p3 nB;
ge_p1p1 A_p1p1;
ge_p3 A;
ge_p3 public_key_unpacked;
ge_cached T;
int i;
/* copy the scalar and clear highest bit */
for (i = 0; i < 31; ++i) {
n[i] = scalar[i];
}
n[31] = scalar[31] & 127;
/* private key: a = n + t */
if (private_key) {
sc_muladd(private_key, SC_1, n, private_key);
}
if (public_key) {
/* unpack public key into T */
ge_frombytes_negate_vartime(&public_key_unpacked, public_key);
fe_neg(public_key_unpacked.X, public_key_unpacked.X); // undo negate
fe_neg(public_key_unpacked.T, public_key_unpacked.T); // undo negate
ge_p3_to_cached(&T, &public_key_unpacked);
/* calculate n*B */
ge_scalarmult_base(&nB, n);
/* A = n*B + T */
ge_add(&A_p1p1, &nB, &T);
ge_p1p1_to_p3(&A, &A_p1p1);
/* pack public key */
ge_p3_tobytes(public_key, &A);
}
}

1
src/ed25519.h
View File

@ -27,6 +27,7 @@ int ED25519_DECLSPEC ed25519_create_seed(unsigned char *seed);
void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed); void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed);
void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key); void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key);
int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key); int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key);
void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar);
#ifdef __cplusplus #ifdef __cplusplus

32
test.c
View File

@ -3,13 +3,17 @@
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
#define ED25519_DLL //#define ED25519_DLL
#include "src/ed25519.h" #include "src/ed25519.h"
#include "src/ge.h"
#include "src/sc.h"
const char message[] = "Hello, world!"; const char message[] = "Hello, world!";
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
unsigned char public_key[32], private_key[64], seed[32]; unsigned char public_key[32], private_key[64], seed[32], scalar[32];
unsigned char signature[64]; unsigned char signature[64];
clock_t start; clock_t start;
@ -30,6 +34,20 @@ int main(int argc, char *argv[]) {
printf("invalid signature\n"); printf("invalid signature\n");
} }
/* create scalar and add it to the keypair */
ed25519_create_seed(scalar);
ed25519_add_scalar(public_key, private_key, scalar);
/* create signature with the new keypair */
ed25519_sign(signature, message, strlen(message), public_key, private_key);
/* verify the signature with the new keypair */
if (ed25519_verify(signature, message, strlen(message), public_key)) {
printf("valid signature\n");
} else {
printf("invalid signature\n");
}
/* make a slight adjustment and verify again */ /* make a slight adjustment and verify again */
signature[44] ^= 0x10; signature[44] ^= 0x10;
if (ed25519_verify(signature, message, strlen(message), public_key)) { if (ed25519_verify(signature, message, strlen(message), public_key)) {
@ -66,6 +84,16 @@ int main(int argc, char *argv[]) {
end = clock(); end = clock();
printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000);
printf("testing scalar addition performance: ");
start = clock();
for (i = 0; i < 10000; ++i) {
ed25519_add_scalar(public_key, private_key, scalar);
}
end = clock();
printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000);
return 0; return 0;
} }