EdDSA

EdDSA#

HACL Packages provides the Ed25519 instantiation of EdDSA, i.e., EdDSA signing and verification on the edwards25519 curve.

Two APIs are exposed: A (simple) “One-Shot” API to sign/verify a single message and a (more efficient) “Precomputed” API to sign multiple messages under the same (precomputed) key.

API Reference#

void Hacl_Ed25519_secret_to_public(uint8_t *public_key, uint8_t *private_key)#

Compute the public key from the private key.

Parameters:

  • public_key[out] Points to 32 bytes of valid memory, i.e., uint8_t[32]. Must not overlap the memory location of private_key.

  • private_key[in] Points to 32 bytes of valid memory containing the private key, i.e., uint8_t[32].

One-Shot#

void Hacl_Ed25519_sign(uint8_t *signature, uint8_t *private_key, uint32_t msg_len, uint8_t *msg)#

Create an Ed25519 signature.

The function first calls expand_keys and then invokes sign_expanded.

If one needs to sign several messages under the same private key, it is more efficient to call expand_keys only once and sign_expanded multiple times, for each message.

Parameters:

  • signature[out] Points to 64 bytes of valid memory, i.e., uint8_t[64]. Must not overlap the memory locations of private_key nor msg.

  • private_key[in] Points to 32 bytes of valid memory containing the private key, i.e., uint8_t[32].

  • msg_len[in] Length of msg.

  • msg[in] Points to msg_len bytes of valid memory containing the message, i.e., uint8_t[msg_len].

bool Hacl_Ed25519_verify(uint8_t *public_key, uint32_t msg_len, uint8_t *msg, uint8_t *signature)#

Verify an Ed25519 signature.

Parameters:

  • public_key – Points to 32 bytes of valid memory containing the public key, i.e., uint8_t[32].

  • msg_len – Length of msg.

  • msg – Points to msg_len bytes of valid memory containing the message, i.e., uint8_t[msg_len].

  • signature – Points to 64 bytes of valid memory containing the signature, i.e., uint8_t[64].

Returns:

Returns true if the signature is valid and false otherwise.

Example

Precomputed#

void Hacl_Ed25519_expand_keys(uint8_t *expanded_keys, uint8_t *private_key)#

Compute the expanded keys for an Ed25519 signature.

If one needs to sign several messages under the same private key, it is more efficient to call expand_keys only once and sign_expanded multiple times, for each message.

Parameters:

  • expanded_keys[out] Points to 96 bytes of valid memory, i.e., uint8_t[96]. Must not overlap the memory location of private_key.

  • private_key[in] Points to 32 bytes of valid memory containing the private key, i.e., uint8_t[32].

void Hacl_Ed25519_sign_expanded(uint8_t *signature, uint8_t *expanded_keys, uint32_t msg_len, uint8_t *msg)#

Create an Ed25519 signature with the (precomputed) expanded keys.

If one needs to sign several messages under the same private key, it is more efficient to call expand_keys only once and sign_expanded multiple times, for each message.

Parameters:

  • signature[out] Points to 64 bytes of valid memory, i.e., uint8_t[64]. Must not overlap the memory locations of expanded_keys nor msg.

  • expanded_keys[in] Points to 96 bytes of valid memory, i.e., uint8_t[96], containing the expanded keys obtained by invoking expand_keys.

  • msg_len[in] Length of msg.

  • msg[in] Points to msg_len bytes of valid memory containing the message, i.e., uint8_t[msg_len].

Example

Contents