Ed25519 and Ed448 implement Edwards-curve Digital Signature Algorithm (EdDSA). Ed25519 uses Curve 25519 and SHA-512 and Ed448 uses Curve 448 and SHA-3. For Ed25519 we use 32 byte values for both the private key and the public key, and for X448 we use 57 byte values for both the private key and the public key. In this case, we will run one standard test for private and public keys, and then using random keys for a given messages.
Testing Ed448 and Ed25519 using RFC 8032 Test Vectors |
Tests
The code used is:
from ecpy.curves import Curve from ecpy.keys import ECPrivateKey from ecpy.eddsa import EDDSA import secrets, hashlib, binascii import sys print ("=== Test Vector for Ed448 ===") curve = Curve.get_curve('Ed448') signer = EDDSA(hashlib.shake_256, hash_len=114) sk = ECPrivateKey(secrets.randbits(57*8), curve) sk.d=0x6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b pk = signer.get_public_key(sk, hashlib.shake_256, hash_len=114) print("Private key:", hex(sk.d)) print("Public key: ", binascii.hexlify(curve.encode_point(pk.W)).decode()) # print("Public key (point): ", pk) msg = b'' signature = signer.sign(msg, sk) print ("Message: ",msg.decode()) print("Signature:", binascii.hexlify(signature).decode()) valid = signer.verify(msg, signature, pk) print("Valid: ", valid) print ("=== Test Vector for Ed25519 ===") curve = Curve.get_curve('Ed25519') signer = EDDSA(hashlib.sha512) sk = ECPrivateKey(secrets.randbits(32*8), curve) sk.d=0x9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60 pk = signer.get_public_key(sk, hashlib.sha512) print("Private key:", hex(sk.d)) print("Public key: ", binascii.hexlify(curve.encode_point(pk.W)).decode()) # print("Public key (point): ", pk) msg = b'' signature = signer.sign(msg, sk) print ("Message: ",msg.decode()) print("Signature:", binascii.hexlify(signature).decode()) valid = signer.verify(msg, signature, pk) print("Valid: ", valid) print ("=== With message for Ed448 and random keys ===") msg='Test' if (len(sys.argv)>1): msg=str(sys.argv[1]) msg=msg.encode() curve = Curve.get_curve('Ed448') signer = EDDSA(hashlib.shake_256, hash_len=114) sk = ECPrivateKey(secrets.randbits(57*8), curve) pk = signer.get_public_key(sk, hashlib.shake_256, hash_len=114) print("Private key:", hex(sk.d)) print("Public key: ", binascii.hexlify(curve.encode_point(pk.W)).decode()) # print("Public key (point): ", pk) signature = signer.sign(msg, sk) print ("Message: ",msg.decode()) print("Signature:", binascii.hexlify(signature).decode()) valid = signer.verify(msg, signature, pk) print("Valid: ", valid) print ("=== Test Vector for Ed25519 and random keys ===") curve = Curve.get_curve('Ed25519') signer = EDDSA(hashlib.sha512) sk = ECPrivateKey(secrets.randbits(32*8), curve) pk = signer.get_public_key(sk, hashlib.sha512) print("Private key:", hex(sk.d)) print("Public key: ", binascii.hexlify(curve.encode_point(pk.W)).decode()) # print("Public key (point): ", pk) signature = signer.sign(msg, sk) print ("Message: ",msg.decode()) print("Signature:", binascii.hexlify(signature).decode()) valid = signer.verify(msg, signature, pk) print("Valid: ", valid)
The standard tests are [RFC 8032]:
ALGORITHM: Ed448 SECRET KEY: 6c82a562cb808d10d632be89c8513ebf 6c929f34ddfa8c9f63c9960ef6e348a3 528c8a3fcc2f044e39a3fc5b94492f8f 032e7549a20098f95b PUBLIC KEY: 5fd7449b59b461fd2ce787ec616ad46a 1da1342485a70e1f8a0ea75d80e96778 edf124769b46c7061bd6783df1e50f6c d1fa1abeafe8256180 MESSAGE (length 0 bytes): SIGNATURE: 533a37f6bbe457251f023c0d88f976ae 2dfb504a843e34d2074fd823d41a591f 2b233f034f628281f2fd7a22ddd47d78 28c59bd0a21bfd3980ff0d2028d4b18a 9df63e006c5d1c2d345b925d8dc00b41 04852db99ac5c7cdda8530a113a0f4db b61149f05a7363268c71d95808ff2e65 2600 ALGORITHM: Ed25519 SECRET KEY: 9d61b19deffd5a60ba844af492ec2cc4 4449c5697b326919703bac031cae7f60 PUBLIC KEY: d75a980182b10ab7d54bfed3c964073a 0ee172f3daa62325af021a68f707511a MESSAGE (length 0 bytes): SIGNATURE: e5564300c360ac729086e2cc806e828a 84877f1eb8e5d974d873e06522490155 5fb8821590a33bacc61e39701cf9b46b d25bf5f0595bbe24655141438e7a100b
=== Test Vector for Ed448 === Private key: 0x6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b Public key: 5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180 Message: Signature: 533a37f6bbe457251f023c0d88f976ae2dfb504a843e34d2074fd823d41a591f2b233f034f628281f2fd7a22ddd47d7828c59bd0a21bfd3980ff0d2028d4b18a9df63e006c5d1c2d345b925d8dc00b4104852db99ac5c7cdda8530a113a0f4dbb61149f05a7363268c71d95808ff2e652600 Valid: True === Test Vector for Ed25519 === Private key: 0x9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60 Public key: d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a Message: Signature: e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b Valid: True === With message for Ed448 and random keys === Private key: 0xc9ef1eb61c54bad2f0daa131903a7e6bb1cd099df51b8e8cdb337d0c89dffad2a68de6977373d09c63149c4aca5a342bf31abd46f5cd0d064f Public key: 390bb03b6bffc92f1bdd921784b2e7556db342b2d9eb822f16fd82e5db47b74b3655c06ba55b4bce0e6e4ea0889c4916c48c098fbbe0da8980 Message: Hello Signature: 0fe3b451480299b929997537ba3e9e9f93c37a882779dbd865d6284fb8d81143054b14ffdc7a6d52f31a58b67a42c0f1622def82848a8e20806f10d336b916d21137e8713dd25a9b9a6d1de266c118c70df37e5ba47a0dc5ce215156ccff0dd943d22d3859bbba85eb18bf145fe4c6160d00 Valid: True === Test Vector for Ed25519 and random keys === Private key: 0x55cfd114bdee3c242de25f76eed9d9f5e7f9d65874e341c8b3537b7934716c4f Public key: 8b6b30cbfc6b2cb95b99174e6dc3b15f20ccb975409af74306cb31418b7a193a Message: Hello Signature: 070fd32e137d792a4120a768cd95c5d22943fc6049db38d6ba7ffa9a35427679f6310849342c04d5e0730b499948494837d8a787090fe827f1fa7bfb939c2b05 Valid: True