Curve25519

维基百科,自由的百科全书
跳转到导航 跳转到搜索

密码学中,Curve25519是一种椭圆曲线,被设计用于椭圆曲线迪菲-赫尔曼(ECDH)密钥交换方法,可用作提供256比特的安全密钥。它是不被任何已知专利覆盖的最快ECC曲线之一。[1][2]

最初的Curve25519草稿将其定义成一个迪菲-赫尔曼(DH)函数。在那之后Daniel J. Bernstein提出Curve25519应被作为底层曲线的名称,而将X25519作为其DH函数的名称。[3]

数学属性[编辑]

所用的曲线是y2 = x3 + 486662x2 + x,蒙哥马利曲线,在由素数2255 − 19定义的素数场的二次扩展上,并且使用基点x = 9。这个基点的阶数是<math>(2^{252} + 27742317777372353535851937790883648493)</math>[4].

该协议使用压缩椭圆点(仅X坐标),因此它允许在ECDH中高效地使用Montgomery梯子,仅使用XZ坐标。[5]

Curve25519的构造使其避免了许多潜在的实现缺陷。[6] 根据设计,它不受定时攻击的影响,并且它接受任何32字节的字符串作为有效的公钥,并且不需要验证。

该曲线在双有理几何上等同于Ed25519签名方案中使用的扭曲Edwards曲线。[7]

普及[编辑]

[编辑]

协议[编辑]

应用[编辑]

脚注[编辑]

  1. 从Windows 10 (1607)及Windows Server 2016开始使用。
  2. 2.0 2.1 2.2 Via the OMEMO protocol
  3. Only in "secret conversations"
  4. 4.0 4.1 4.2 4.3 Via the Signal Protocol
  5. Only in "incognito mode"
  6. Used to sign releases and packages[32][33]
  7. Exclusive key exchange in OpenSSH 6.7 when compiled without OpenSSL.[34][35]

参见[编辑]

引用[编辑]

  1. Bernstein. Irrelevant patents on elliptic-curve cryptography. cr.yp.to. [2016-02-08]. (原始内容存档于2017-08-25). 
  2. A state-of-the-art Diffie-Hellman function页面存档备份,存于互联网档案馆) by Daniel J. Bernstein"My curve25519 library computes the Curve25519 function at very high speed. The library is in the public domain. "
  3. [Cfrg] 25519 naming. [2016-02-25]. (原始内容存档于2018-04-08). 
  4. Bernstein, Daniel J. Yung, Moti; Dodis, Yevgeniy; Kiayias, Aggelos; et al , 编. Curve25519: New Diffie-Hellman Speed Records (PDF). Public Key Cryptography. Lecture Notes in Computer Science 3958. New York: Springer: 207–228. 2006 [2019-10-22]. ISBN 978-3-540-33851-2. MR 2423191. doi:10.1007/11745853_14. (原始内容存档 (PDF)于2020-01-22). 
  5. Lange, Tanja. EFD / Genus-1 large-characteristic / XZ coordinates for Montgomery curves. EFD / Explicit-Formulas Database. [8 February 2016]. (原始内容存档于2017-03-09). 
  6. SafeCurves: Introduction. safecurves.cr.yp.to. [2016-02-08]. (原始内容存档于2017-09-05). 
  7. Bernstein, Daniel J.; Lange, Tanja. Kurosawa, Kaoru , 编. Faster addition and doubling on elliptic curves. Advances in cryptology—ASIACRYPT. Lecture Notes in Computer Science 4833. Berlin: Springer: 29–50. 2007 [2018-12-10]. ISBN 978-3-540-76899-9. MR 2565722. doi:10.1007/978-3-540-76900-2_3. (原始内容存档于2018-12-15). 
  8. Werner Koch. Libgcrypt 1.7.0 release announcement. 15 April 2016 [22 April 2016]. (原始内容存档于2017-01-22). 
  9. 9.0 9.1 9.2 9.3 9.4 9.5 9.6 SSH implementation comparison. Comparison of key exchange methods. [2016-02-25]. (原始内容存档于2017-09-24). 
  10. Introduction. yp.to. [11 December 2014]. (原始内容存档于2017-10-07). 
  11. nettle: curve25519.h File Reference - doxygen documentation | Fossies Dox. fossies.org. [2015-05-19]. (原始内容存档于2015-05-20). 
  12. Limited, ARM. PolarSSL 1.3.3 released - Tech Updates - mbed TLS (Previously PolarSSL). tls.mbed.org. [2015-05-19]. (原始内容存档于2017-01-22). 
  13. wolfSSL Embedded SSL/TLS Library - wolfSSL Products. [2018-05-01]. (原始内容存档于2017-09-08). 
  14. Botan: src/lib/pubkey/curve25519/curve25519.cpp Source File. botan.randombit.net. [2018-05-01]. (原始内容存档于2017-12-10). 
  15. Justinha. TLS (Schannel SSP). docs.microsoft.com. [2017-09-15]. (原始内容存档于2018-02-28) (en-us). 
  16. Denis, Frank. Introduction · libsodium. libsodium.org. [2020-09-25]. (原始内容存档于2019-09-24). 
  17. Inc., OpenSSL Foundation,. OpenSSL. www.openssl.org. [2016-06-24]. (原始内容存档于2018-03-17). 
  18. Add support for ECDHE with X25519. · openbsd/src@0ad90c3. GitHub. [2018-05-01]. (原始内容存档于2018-04-22). 
  19. Tclers Wiki - NaCl for Tcl. [2018-05-01]. (原始内容存档于2017-12-09). 
  20. NSS 3.28 release notes. [25 July 2017]. (原始内容存档于2017-12-09). 
  21. Monocypher Manual. [2017-08-03]. (原始内容存档于2017-10-19). 
  22. Straub, Andreas. OMEMO Encryption. conversations.im. 25 October 2015 [2018-05-01]. (原始内容存档于2017-03-13). 
  23. Cryptocat - Security. crypto.cat. [2016-05-24]. (原始内容存档于2016-04-07). 
  24. Frank Denis. DNSCrypt version 2 protocol specification. [2016-03-03]. (原始内容存档于2015-08-13). 
  25. Matt Johnston. Dropbear SSH - Changes. [2016-02-25]. (原始内容存档于2018-03-23). 
  26. Bahtiar Gadimov; et al. Gajim plugin for OMEMO Multi-End Message and Object Encryption. [2016-10-01]. (原始内容存档于2017-12-17). 
  27. GNUnet 0.10.0. gnunet.org. [11 December 2014]. (原始内容存档于2017-12-09). 
  28. zzz. 0.9.15 Release - Blog. 2014-09-20 [20 December 2014]. (原始内容存档于2017-06-28). 
  29. 存档副本. [2018-12-05]. (原始内容存档于2019-02-15). 
  30. iOS Security Guide (PDF). [2018-05-01]. (原始内容存档 (PDF)于2018-04-13). 
  31. MRL-0003 - Monero is Not That Mysterious (PDF). getmonero.com. [2018-12-05]. (原始内容 (PDF)存档于2019-05-01). 
  32. Murenin, Constantine A. Soulskill , 编. OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto. Slashdot. 2014-01-19 [2014-12-27]. (原始内容存档于2016-03-04). 
  33. Murenin, Constantine A. timothy , 编. OpenBSD 5.5 Released. Slashdot. 2014-05-01 [2014-12-27]. (原始内容存档于2017-05-05). 
  34. Friedl, Markus. ssh/kex.c#kexalgs. BSD Cross Reference, OpenBSD src/usr.bin/. 2014-04-29 [2014-12-27]. (原始内容存档于2017-12-09). 
  35. Murenin, Constantine A. Soulskill , 编. OpenSSH No Longer Has To Depend On OpenSSL. Slashdot. 2014-04-30 [2014-12-26]. (原始内容存档于2016-06-24). 
  36. How does Peerio implement end-to-end encryption?. Peerio. [2018-05-01]. (原始内容存档于2017-12-09). 
  37. PuTTY Change Log. www.chiark.greenend.org.uk. [2018-05-01]. (原始内容存档于2018-02-02). 
  38. Threema Cryptography Whitepaper (PDF). [2018-05-01]. (原始内容 (PDF)存档于2017-09-21). 
  39. Roger Dingledine & Nick Mathewson. Tor's Protocol Specifications - Blog. [20 December 2014]. (原始内容存档于2018-11-15). 
  40. Viber Encryption Overview. Viber. 3 May 2016 [24 September 2016]. (原始内容存档于2016-10-24). 

外部链接[编辑]