com.google.crypto.tink.internal

Class Ed25519

java.lang.Object

com.google.crypto.tink.internal.Ed25519

public final class Ed25519
extends Object

This implementation is based on the ed25519/ref10 implementation in NaCl.

It implements this twisted Edwards curve:

 -x^2 + y^2 = 1 + (-121665 / 121666 mod 2^255-19)*x^2*y^2
 

See Also:

Bernstein D.J., Birkner P., Joye M., Lange T., Peters C. (2008) Twisted Edwards Curves, Hisil H., Wong K.KH., Carter G., Dawson E. (2008) Twisted Edwards Curves Revisited

Field Summary

Fields

Modifier and Type	Field and Description
static int	PUBLIC_KEY_LEN
static int	SECRET_KEY_LEN
static int	SIGNATURE_LEN

Method Summary

Modifier and Type	Method and Description
static byte[]	getHashedScalar(byte[] privateKey)
static void	init() Initializes Ed25519 if not yet initialized.
static byte[]	scalarMultWithBaseToBytes(byte[] a) Computes a*B where a = a[0]+256*a[1]+...+256^31 a[31] and B is the Ed25519 base point (x,4/5) with x positive.
static byte[]	sign(byte[] message, byte[] publicKey, byte[] hashedPrivateKey) Returns the EdDSA signature for the message based on the hashedPrivateKey.
static boolean	verify(byte[] message, byte[] signature, byte[] publicKey) Returns true if the EdDSA signature with message, can be verified with publicKey.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SECRET_KEY_LEN

public static final int SECRET_KEY_LEN

See Also:

Constant Field Values

PUBLIC_KEY_LEN

public static final int PUBLIC_KEY_LEN

See Also:

Constant Field Values

SIGNATURE_LEN

public static final int SIGNATURE_LEN

See Also:

Constant Field Values

Method Detail

scalarMultWithBaseToBytes

public static byte[] scalarMultWithBaseToBytes(byte[] a)

Computes a*B where a = a[0]+256*a[1]+...+256^31 a[31] and B is the Ed25519 base point (x,4/5) with x positive. Preconditions: a[31] <= 127

getHashedScalar

public static byte[] getHashedScalar(byte[] privateKey)
                              throws GeneralSecurityException

Throws:

GeneralSecurityException

sign

public static byte[] sign(byte[] message,
                          byte[] publicKey,
                          byte[] hashedPrivateKey)
                   throws GeneralSecurityException

Returns the EdDSA signature for the message based on the hashedPrivateKey.

Parameters:

message - to sign

publicKey - scalarMultWithBaseToBytes(byte[]) of hashedPrivateKey

hashedPrivateKey - getHashedScalar(byte[]) of the private key

Returns:

signature for the message.

Throws:

GeneralSecurityException - if there is no SHA-512 algorithm defined in EngineFactory.MESSAGE_DIGEST.

verify

public static boolean verify(byte[] message,
                             byte[] signature,
                             byte[] publicKey)
                      throws GeneralSecurityException

Returns true if the EdDSA signature with message, can be verified with publicKey.

Throws:

GeneralSecurityException - if there is no SHA-512 algorithm defined in EngineFactory.MESSAGE_DIGEST.

init

public static void init()

Initializes Ed25519 if not yet initialized.