-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ed25519 ECDH #28
Comments
I don't think ECDH would be necessary here. One, X25519 is much faster than ECDH, and secondly, it's trivial to convert an Ed25519 key to an X25519 key. For an example, see (plus, there might be some issues in public key exchange) |
X25519 is ECDH, and is not really faster than DH over Edwards25519, especially if conversions are needed. But if you need to convert from Ed25519 to Curve25519, that library already implements it. |
It's not possible to convert an X25519 key to Ed25519 though, which is what I need to make this work. I guess there is also https://www.signal.org/docs/specifications/xeddsa/ as a solution, but haven't looked into it. |
Hey there, we're using this great library to implement an authenticated handshake between nodes that run on user machines. Users are also able to sign objects with their node key and it's important to be able to authenticate user nodes with the same key as the one they sign objects with. We've identified three potential ways to make this happen:
The issue with (2) is that we store private keys in SSH format and make heavy use of ssh-agent, so moving to ristretto255 is not that straightforward. (3) is what we currently have, but it seems sub-optimal to have another roundtrip and protocol just for this, when DH is basically the right tool for the job.
I know it's possible to do ECDH with ed25519, just slower, and was hoping you'd consider adding support to your library, if you think it makes sense!
Cheers
The text was updated successfully, but these errors were encountered: