EPFL Logo
fr|en
Login
Concept

Curve25519

Summary
In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security (256-bit key size) and designed for use with the elliptic curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software. The original Curve25519 paper defined it as a Diffie–Hellman (DH) function. Daniel J. Bernstein has since proposed that the name "Curve25519" be used for the underlying curve, and the name "X25519" for the DH function. The curve used is , a Montgomery curve, over the prime field defined by the prime number (hence the numeric "25519" in the name), and it uses the base point . This point generates a cyclic subgroup whose order is the prime . This subgroup has a co-factor of , meaning the number of elements in the subgroup is that of the elliptic curve group. Using a prime order subgroup prevents mounting a Pohlig–Hellman algorithm attack. The protocol uses compressed elliptic point (only X coordinates), so it allows efficient use of the Montgomery ladder for ECDH, using only XZ coordinates. Curve25519 is constructed such that it avoids many potential implementation pitfalls. By design, Curve25519 is immune to timing attacks, and it accepts any 32-byte string as a valid public key and does not require validating that a given point belongs to the curve, or is generated by the base point. The curve is birationally equivalent to a twisted Edwards curve used in the Ed25519 signature scheme. In 2005, Curve25519 was first released by Daniel J. Bernstein. In 2013, interest began to increase considerably when it was discovered that the NSA had potentially implemented a backdoor into the P-256 curve based Dual_EC_DRBG algorithm. While not directly related, suspicious aspects of the NIST's P curve constants led to concerns that the NSA had chosen values that gave them an advantage in breaking the encryption. "I no longer trust the constants.
Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Copyright © 2024 EPFL, all rights reserved