Package org.bouncycastle.math.ec.rfc8032

Class Ed25519

java.lang.Object

org.bouncycastle.math.ec.rfc8032.Ed25519

public abstract class Ed25519
extends Object

A low-level implementation of the Ed25519, Ed25519ctx, and Ed25519ph instantiations of the Edwards-Curve Digital Signature Algorithm specified in RFC 8032.

The implementation strategy is mostly drawn from Mike Hamburg, "Fast and compact elliptic-curve cryptography", notably the "signed multi-comb" algorithm (for scalar multiplication by a fixed point), the "half Niels coordinates" (for precomputed points), and the "extensible coordinates" (for accumulators). Standard extended coordinates are used during precomputations, needing only a single extra point addition formula.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	Ed25519.Algorithm
static final class	Ed25519.PublicPoint

Field Summary

Fields

Modifier and Type	Field	Description
static final int	PREHASH_SIZE
static final int	PUBLIC_KEY_SIZE
static final int	SECRET_KEY_SIZE
static final int	SIGNATURE_SIZE

Constructor Summary

Constructors

Constructor	Description
Ed25519()

Method Summary

Modifier and Type	Method	Description
static Digest	createPrehash()
static void	encodePublicPoint(Ed25519.PublicPoint publicPoint, byte[] pk, int pkOff)
static void	generatePrivateKey(SecureRandom random, byte[] k)
static Ed25519.PublicPoint	generatePublicKey(byte[] sk, int skOff)
static void	generatePublicKey(byte[] sk, int skOff, byte[] pk, int pkOff)
static void	precompute()
static void	scalarMultBaseYZ(X25519.Friend friend, byte[] k, int kOff, int[] y, int[] z)	NOTE: Only for use by X25519
static void	sign(byte[] sk, int skOff, byte[] ctx, byte[] m, int mOff, int mLen, byte[] sig, int sigOff)
static void	sign(byte[] sk, int skOff, byte[] pk, int pkOff, byte[] ctx, byte[] m, int mOff, int mLen, byte[] sig, int sigOff)
static void	sign(byte[] sk, int skOff, byte[] pk, int pkOff, byte[] m, int mOff, int mLen, byte[] sig, int sigOff)
static void	sign(byte[] sk, int skOff, byte[] m, int mOff, int mLen, byte[] sig, int sigOff)
static void	signPrehash(byte[] sk, int skOff, byte[] ctx, byte[] ph, int phOff, byte[] sig, int sigOff)
static void	signPrehash(byte[] sk, int skOff, byte[] pk, int pkOff, byte[] ctx, byte[] ph, int phOff, byte[] sig, int sigOff)
static void	signPrehash(byte[] sk, int skOff, byte[] pk, int pkOff, byte[] ctx, Digest ph, byte[] sig, int sigOff)
static void	signPrehash(byte[] sk, int skOff, byte[] ctx, Digest ph, byte[] sig, int sigOff)
static boolean	validatePublicKeyFull(byte[] pk, int pkOff)
static Ed25519.PublicPoint	validatePublicKeyFullExport(byte[] pk, int pkOff)
static boolean	validatePublicKeyPartial(byte[] pk, int pkOff)
static Ed25519.PublicPoint	validatePublicKeyPartialExport(byte[] pk, int pkOff)
static boolean	verify(byte[] sig, int sigOff, byte[] pk, int pkOff, byte[] ctx, byte[] m, int mOff, int mLen)
static boolean	verify(byte[] sig, int sigOff, byte[] pk, int pkOff, byte[] m, int mOff, int mLen)
static boolean	verify(byte[] sig, int sigOff, Ed25519.PublicPoint publicPoint, byte[] ctx, byte[] m, int mOff, int mLen)
static boolean	verify(byte[] sig, int sigOff, Ed25519.PublicPoint publicPoint, byte[] m, int mOff, int mLen)
static boolean	verifyPrehash(byte[] sig, int sigOff, byte[] pk, int pkOff, byte[] ctx, byte[] ph, int phOff)
static boolean	verifyPrehash(byte[] sig, int sigOff, byte[] pk, int pkOff, byte[] ctx, Digest ph)
static boolean	verifyPrehash(byte[] sig, int sigOff, Ed25519.PublicPoint publicPoint, byte[] ctx, byte[] ph, int phOff)
static boolean	verifyPrehash(byte[] sig, int sigOff, Ed25519.PublicPoint publicPoint, byte[] ctx, Digest ph)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

PREHASH_SIZE

public static final int PREHASH_SIZE

See Also:

• Constant Field Values

PUBLIC_KEY_SIZE

public static final int PUBLIC_KEY_SIZE

See Also:

• Constant Field Values

SECRET_KEY_SIZE

public static final int SECRET_KEY_SIZE

See Also:

• Constant Field Values

SIGNATURE_SIZE

public static final int SIGNATURE_SIZE

See Also:

• Constant Field Values

Constructor Details

Ed25519

public Ed25519()

Method Details

createPrehash

public static Digest createPrehash()

encodePublicPoint

public static void encodePublicPoint(Ed25519.PublicPoint publicPoint,
 byte[] pk,
 int pkOff)

generatePrivateKey

public static void generatePrivateKey(SecureRandom random,
 byte[] k)

generatePublicKey

public static void generatePublicKey(byte[] sk,
 int skOff,
 byte[] pk,
 int pkOff)

generatePublicKey

public static Ed25519.PublicPoint generatePublicKey(byte[] sk,
 int skOff)

precompute

public static void precompute()

scalarMultBaseYZ

public static void scalarMultBaseYZ(X25519.Friend friend,
 byte[] k,
 int kOff,
 int[] y,
 int[] z)

NOTE: Only for use by X25519

sign

public static void sign(byte[] sk,
 int skOff,
 byte[] m,
 int mOff,
 int mLen,
 byte[] sig,
 int sigOff)

sign

public static void sign(byte[] sk,
 int skOff,
 byte[] pk,
 int pkOff,
 byte[] m,
 int mOff,
 int mLen,
 byte[] sig,
 int sigOff)

sign

public static void sign(byte[] sk,
 int skOff,
 byte[] ctx,
 byte[] m,
 int mOff,
 int mLen,
 byte[] sig,
 int sigOff)

sign

public static void sign(byte[] sk,
 int skOff,
 byte[] pk,
 int pkOff,
 byte[] ctx,
 byte[] m,
 int mOff,
 int mLen,
 byte[] sig,
 int sigOff)

signPrehash

public static void signPrehash(byte[] sk,
 int skOff,
 byte[] ctx,
 byte[] ph,
 int phOff,
 byte[] sig,
 int sigOff)

signPrehash

public static void signPrehash(byte[] sk,
 int skOff,
 byte[] pk,
 int pkOff,
 byte[] ctx,
 byte[] ph,
 int phOff,
 byte[] sig,
 int sigOff)

signPrehash

public static void signPrehash(byte[] sk,
 int skOff,
 byte[] ctx,
 Digest ph,
 byte[] sig,
 int sigOff)

signPrehash

public static void signPrehash(byte[] sk,
 int skOff,
 byte[] pk,
 int pkOff,
 byte[] ctx,
 Digest ph,
 byte[] sig,
 int sigOff)

validatePublicKeyFull

public static boolean validatePublicKeyFull(byte[] pk,
 int pkOff)

validatePublicKeyFullExport

public static Ed25519.PublicPoint validatePublicKeyFullExport(byte[] pk,
 int pkOff)

validatePublicKeyPartial

public static boolean validatePublicKeyPartial(byte[] pk,
 int pkOff)

validatePublicKeyPartialExport

public static Ed25519.PublicPoint validatePublicKeyPartialExport(byte[] pk,
 int pkOff)

verify

public static boolean verify(byte[] sig,
 int sigOff,
 byte[] pk,
 int pkOff,
 byte[] m,
 int mOff,
 int mLen)

verify

public static boolean verify(byte[] sig,
 int sigOff,
 Ed25519.PublicPoint publicPoint,
 byte[] m,
 int mOff,
 int mLen)

verify

public static boolean verify(byte[] sig,
 int sigOff,
 byte[] pk,
 int pkOff,
 byte[] ctx,
 byte[] m,
 int mOff,
 int mLen)

verify

public static boolean verify(byte[] sig,
 int sigOff,
 Ed25519.PublicPoint publicPoint,
 byte[] ctx,
 byte[] m,
 int mOff,
 int mLen)

verifyPrehash

public static boolean verifyPrehash(byte[] sig,
 int sigOff,
 byte[] pk,
 int pkOff,
 byte[] ctx,
 byte[] ph,
 int phOff)

verifyPrehash

public static boolean verifyPrehash(byte[] sig,
 int sigOff,
 Ed25519.PublicPoint publicPoint,
 byte[] ctx,
 byte[] ph,
 int phOff)

verifyPrehash

public static boolean verifyPrehash(byte[] sig,
 int sigOff,
 byte[] pk,
 int pkOff,
 byte[] ctx,
 Digest ph)

verifyPrehash

public static boolean verifyPrehash(byte[] sig,
 int sigOff,
 Ed25519.PublicPoint publicPoint,
 byte[] ctx,
 Digest ph)