ed25519 ECDH encryption? #33
Comments
|
What you want is called http://en.wikipedia.org/wiki/Integrated_Encryption_Scheme . I think we have at least one module mentioned in readme of elliptic. Please let me know if there is anything else I could help you with. |
|
Think you misunderstood me as I am only talking about ECC encryption with a public private key pair when using the ed25519 curve. E.g. not symmetric encryption and then public private encryption as under the Integrated Encryption Scheme. I am not using the ed25519 curve for signing - but all info on the web states the ed25519 curve is used for signing. No where is there any info about using the ed25519 curve for ECDH. I have tested that it works fine with your library but think my question is if this is then secure? |
|
Also see my question here: http://stackoverflow.com/questions/28795706/ed25519-ecdh-encryption-possible-and-safe |
|
I think it should be possible, though, you'll need to use |
|
Regarding security - there are tons of side-channel leaks, but other than that - there should not be other problems. |
|
OK - for now I will then use seperate curves for encryption and signing! BTW: Why do this code fail when I select curve25519 (works fine for ed25519)? It fails because getY is undefined here: |
|
It doesn't fail for me, what elliptic version are you using? |
|
Will test with the latest version ASAP. BTW: What is the diff between the small and big distribution? |
|
small distribution does not include precomputed points for sepc256k1 curve. Technically they could be computed in runtime, but it takes some time and it might be useful for bitcoin apps to just distribute it with precomputed points. |
|
Have now testet the latest version 3.03 with the same result => getY is not defined. Please note that I run it directly in the browser and just took the file elliptic,js from the dist folder! |
|
Don't know whether that's the reason for the problem you're having. But the Ed25519 private "key" is actually a "key seed" that's used to derive the private and public keys (internally). Benefit for that is that it's impossible to actually choose an illegal key (e. g. not adhering to the pre-defined bit mask on the first/last few bits as Curve25519 uses). |
|
Do not think that is the problem here. I actually had some problems to understand the concept to begin with ;-) |
|
@beastybeast exactly this code works for me in a browser too. |
|
I have now done some testing with the code and it works in Firefox but does not work in Chrome (Chromium) where getY is undefined - very strange! Testing is done under Ubuntu 14.10 (64 bit), FF 36, Chromium Version 40.0.2214.11 |
|
Now testet under Windows 8.1 and both IE, FF and Chrome works fine. So the only problem is my development platform Chromium Version 40.0.2214.11 under Ubuntu 14.10 (64 bit) NB: Have not tested Chromium under Windows! |
|
Chromium version 43.0.2325.0 works under Windows 8.1 (64 bit) So the conclusion must be that there is a bug in Chromium Version 40.0.2214.11 - strange error! Will try to upgrade my Chromium Linux version and see if it helps! |
|
Installed Chrome Version 41.0.2272.76 (64-bit) and it works fine under Ubuntu! |
When selecting the ed25519 curve like this:
var ec = new ellipticjs.ec('ed25519');
Can it then be used for asymmetric encryption?
I have searched the web with mixed results. Some say something about the possibilities to convert the keys between ed25519 and curve25519? But no clear indication as to using ed25519 directly?
When tested with the library it seam to work fine, but I do not know about security etc.
Benny
The text was updated successfully, but these errors were encountered: