Curve25519

Curve25519 is an elliptic curve cryptography curve and set of parameters designed by Daniel J. Bernstein to be used with the elliptic curve Diffie–Hellman key agreement scheme.^[1]

The curve used is y² = x³ + 486662x² + x, a Montgomery curve, over the prime field defined by the prime number 2²⁵⁵ − 19, and it uses the base point x = 9. Protocol uses compressed elliptic point (only X coordinates), so it allows for efficient use of the Montgomery ladder for ECDH, using only XZ coordinates.^[2]

The curve is birationally equivalent to Ed25519 (Twisted Edwards curve).^[3]

Notable uses

Curve25519 is used in a wide variety of software.^[4] Its deployment has accelerated since the summer of 2013.

• OpenSSH 6.5 as the default key exchange;^[5] also as the exclusive key exchange in OpenSSH 6.7 when compiled without OpenSSL^[6][7]
• OpenIKED^[8]
• OpenBSD signify tool,^[9][10] used to sign releases and packages, debuted in OpenBSD 5.5^[11][12]
• Tor^[13]
• I2P^[14]
• Monero^[15]
• Nxt crypto platform
• NaCl^[16] (cryptographic library)
• DNSCurve
• TextSecure
• GNUnet^[17]
• SQRL^[18] (Secure Quick Reliable Login by Gibson Research Corporation)
• miniLock^[19]
• Cryptocat^[20]
• ZeroMQ^[21]
• iOS^[22] (mobile operating system by Apple Inc.)
• Apple HomeKit^[23]
• GNU Privacy Guard^[24]
• Node p2p cryptocurrency^[25]
• Tox^[26]

See also

• Ed25519

References

1. ↑ Bernstein, Daniel J. (2006). "Curve25519: New Diffie-Hellman Speed Records". Public Key Cryptography - PKC 2006 (PDF). Lecture Notes in Computer Science 3958. New York: Springer. pp. 207–228. doi:10.1007/11745853_14. ISBN 978-3-540-33851-2. 
2. ↑ Lange, Tanja. EFD / Explicit-Formulas Database http://www.hyperelliptic.org/EFD/g1p/auto-montgom-xz.html. Retrieved 1 December 2014.  Missing or empty |title= (help)
3. ↑ Bernstein, Daniel J.; Lange, Tanja (2007). "Faster addition and doubling on elliptic curves". pp. 29–50. 
4. ↑ "Things that use Curve25519". 
5. ↑ Adamantiadis, Aris (2013-11-03). "OpenSSH introduces curve25519-sha256@libssh.org key exchange !". libssh.org. Retrieved 2014-12-27. 
6. ↑ Friedl, Markus (2014-04-29). "ssh/kex.c#kexalgs". BSD Cross Reference, OpenBSD src/usr.bin/. Retrieved 2014-12-27. 
7. ↑ Murenin, Constantine A. (2014-04-30). Soulskill, ed. "OpenSSH No Longer Has To Depend On OpenSSL". Slashdot. Retrieved 2014-12-26. 
8. ↑ Floeter, Reyk (2014-10-12). "iked/dh.c#curve25519_key". BSD Cross Reference, OpenBSD src/sbin/. Retrieved 2014-12-27. 
9. ↑ Unangst, Ted; Espie, Marc (2014-03-04). "signify — cryptographically sign and verify files". mdoc.su/o55/signify.1. Retrieved 2014-12-27. 
10. ↑ "usr.bin/signify/". BSD Cross Reference, OpenBSD. Retrieved 2014-12-27. smult_curve25519_ref.c 
11. ↑ Murenin, Constantine A. (2014-01-19). Soulskill, ed. "OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto". Slashdot. Retrieved 2014-12-27. 
12. ↑ Murenin, Constantine A. (2014-05-01). timothy, ed. "OpenBSD 5.5 Released". Slashdot. Retrieved 2014-12-27. 
13. ↑ Roger Dingledine & Nick Mathewson. "Tor's Protocol Specifications - Blog". Retrieved 20 December 2014. 
14. ↑ zzz (2014-09-20). "0.9.15 Release - Blog". Retrieved 20 December 2014. 
15. ↑ Monero (cryptocurrency)#Privacy
16. ↑ "Introduction". yp.to. Retrieved 11 December 2014. 
17. ↑ "GNUnet 0.10.0". gnunet.org. Retrieved 11 December 2014. 
18. ↑ "GRC's - SQRL Secure Quick Reliable Login Cryptography". grc.com. Retrieved 11 December 2014. 
19. ↑ miniLock Retrieved 2014-08-04
20. ↑ Cryptocat Multiparty Protocol Specification Retrieved 2013-12-28
21. ↑ "Read The Docs - CurveZMQ". curvezmq.org. Retrieved 11 December 2014. 
22. ↑ iOS Security White Paper
23. ↑ "HomeKit - Apple Developer". apple.com. Retrieved 11 December 2014. 
24. ↑ "GnuPG unterstützt Krypto auf Elliptischen Kurven". heise online. 7 November 2014. Retrieved 11 December 2014. 
25. ↑ "NODE". nodecoin.com. Retrieved 11 December 2014. 
26. ↑ https://jenkins.libtoxcore.so/job/Technical_Report/lastSuccessfulBuild/artifact/tox.pdf

External links

• Official website