Curve25519
此条目翻译品质不佳,原文在en:Curve25519。 |
在密码学中,Curve25519是一种椭圆曲线,被设计用于椭圆曲线迪菲-赫尔曼(ECDH)密钥交换方法,可用作提供256比特的安全密钥。它是不被任何已知专利覆盖的最快ECC曲线之一。[1][2]
最初的Curve25519草稿将其定义成一个迪菲-赫尔曼(DH)函数。在那之后Daniel J. Bernstein提出Curve25519应被作为底层曲线的名称,而将X25519作为其DH函数的名称。[3]
数学属性
所用的曲线是y2 = x3 + 486662x2 + x,蒙哥马利曲线,在由素数2255 − 19定义的素数场的二次扩展上,并且使用基点x = 9。这个基点的阶数是[4].
该协议使用压缩椭圆点(仅X座标),因此它允许在ECDH中高效地使用Montgomery梯子,仅使用XZ座标。[5]
Curve25519的构造使其避免了许多潜在的实现缺陷。[6] 根据设计,它不受定时攻击的影响,并且它接受任何32字节的字符串作为有效的公钥,并且不需要验证。
该曲线在双有理几何上等同于Ed25519签名方案中使用的扭曲Edwards曲线。[7]
普及
库
协议
- OMEMO, 一个对XMPP (Jabber)的建议性扩展[22]
- Secure Shell
- Signal Protocol
- Tox
- Zcash
- TLS
应用
- Conversations Android application[b]
- Cryptocat[23][b]
- DNSCrypt[24]
- DNSCurve
- Dropbear[9][25]
- Facebook Messenger [c][d]
- Gajim via plugin[26][b]
- GNUnet[27]
- GnuPG
- Google Allo[e][d]
- I2P[28]
- IPFS[29]
- iOS[30]
- Monero[31]
- OpenBSD[f]
- OpenSSH[9][g]
- Peerio[36]
- PuTTY[37]
- Signal[d]
- Silent Phone
- SmartFTP[9]
- SSHJ[9]
- Threema Instant Messenger[38]
- TinySSH[9]
- TinyTERM[9]
- Tor[39]
- Viber[40]
- WhatsApp[d]
- Wire
- WireGuard
脚注
- ^ 从Windows 10 (1607)及Windows Server 2016开始使用。
- ^ 2.0 2.1 2.2 Via the OMEMO protocol
- ^ Only in "secret conversations"
- ^ 4.0 4.1 4.2 4.3 Via the Signal Protocol
- ^ Only in "incognito mode"
- ^ Used to sign releases and packages[32][33]
- ^ Exclusive key exchange in OpenSSH 6.7 when compiled without OpenSSL.[34][35]
参见
引用
- ^ Bernstein. Irrelevant patents on elliptic-curve cryptography. cr.yp.to. [2016-02-08]. (原始内容存档于2017-08-25).
- ^ A state-of-the-art Diffie-Hellman function (页面存档备份,存于互联网档案馆) by Daniel J. Bernstein"My curve25519 library computes the Curve25519 function at very high speed. The library is in the public domain. "
- ^ [Cfrg] 25519 naming. [2016-02-25]. (原始内容存档于2018-04-08).
- ^ Bernstein, Daniel J. Yung, Moti; Dodis, Yevgeniy; Kiayias, Aggelos; et al , 编. Curve25519: New Diffie-Hellman Speed Records (PDF). Public Key Cryptography. Lecture Notes in Computer Science 3958. New York: Springer: 207–228. 2006 [2019-10-22]. ISBN 978-3-540-33851-2. MR 2423191. doi:10.1007/11745853_14. (原始内容存档 (PDF)于2020-01-22).
- ^ Lange, Tanja. EFD / Genus-1 large-characteristic / XZ coordinates for Montgomery curves. EFD / Explicit-Formulas Database. [8 February 2016]. (原始内容存档于2017-03-09).
- ^ SafeCurves: Introduction. safecurves.cr.yp.to. [2016-02-08]. (原始内容存档于2017-09-05).
- ^ Bernstein, Daniel J.; Lange, Tanja. Kurosawa, Kaoru , 编. Faster addition and doubling on elliptic curves. Advances in cryptology—ASIACRYPT. Lecture Notes in Computer Science 4833. Berlin: Springer: 29–50. 2007 [2018-12-10]. ISBN 978-3-540-76899-9. MR 2565722. doi:10.1007/978-3-540-76900-2_3. (原始内容存档于2018-12-15).
- ^ Werner Koch. Libgcrypt 1.7.0 release announcement. 15 April 2016 [22 April 2016]. (原始内容存档于2017-01-22).
- ^ 9.0 9.1 9.2 9.3 9.4 9.5 9.6 SSH implementation comparison. Comparison of key exchange methods. [2016-02-25]. (原始内容存档于2017-09-24).
- ^ Introduction. yp.to. [11 December 2014]. (原始内容存档于2017-10-07).
- ^ nettle: curve25519.h File Reference - doxygen documentation | Fossies Dox. fossies.org. [2015-05-19]. (原始内容存档于2015-05-20).
- ^ Limited, ARM. PolarSSL 1.3.3 released - Tech Updates - mbed TLS (Previously PolarSSL). tls.mbed.org. [2015-05-19]. (原始内容存档于2017-01-22).
- ^ wolfSSL Embedded SSL/TLS Library - wolfSSL Products. [2018-05-01]. (原始内容存档于2017-09-08).
- ^ Botan: src/lib/pubkey/curve25519/curve25519.cpp Source File. botan.randombit.net. [2018-05-01]. (原始内容存档于2017-12-10).
- ^ Justinha. TLS (Schannel SSP). docs.microsoft.com. [2017-09-15]. (原始内容存档于2018-02-28) (美国英语).
- ^ Denis, Frank. Introduction · libsodium. libsodium.org. [2020-09-25]. (原始内容存档于2019-09-24).
- ^ Inc., OpenSSL Foundation,. OpenSSL. www.openssl.org. [2016-06-24]. (原始内容存档于2018-03-17).
- ^ Add support for ECDHE with X25519. · openbsd/src@0ad90c3. GitHub. [2018-05-01]. (原始内容存档于2018-04-22).
- ^ Tclers Wiki - NaCl for Tcl. [2018-05-01]. (原始内容存档于2017-12-09).
- ^ NSS 3.28 release notes. [25 July 2017]. (原始内容存档于2017-12-09).
- ^ Monocypher Manual. [2017-08-03]. (原始内容存档于2017-10-19).
- ^ Straub, Andreas. OMEMO Encryption. conversations.im. 25 October 2015 [2018-05-01]. (原始内容存档于2017-03-13).
- ^ Cryptocat - Security. crypto.cat. [2016-05-24]. (原始内容存档于2016-04-07).
- ^ Frank Denis. DNSCrypt version 2 protocol specification. [2016-03-03]. (原始内容存档于2015-08-13).
- ^ Matt Johnston. Dropbear SSH - Changes. [2016-02-25]. (原始内容存档于2018-03-23).
- ^ Bahtiar Gadimov; et al. Gajim plugin for OMEMO Multi-End Message and Object Encryption. [2016-10-01]. (原始内容存档于2017-12-17).
- ^ GNUnet 0.10.0. gnunet.org. [11 December 2014]. (原始内容存档于2017-12-09).
- ^ zzz. 0.9.15 Release - Blog. 2014-09-20 [20 December 2014]. (原始内容存档于2017-06-28).
- ^ 存档副本. [2018-12-05]. (原始内容存档于2019-02-15).
- ^ iOS Security Guide (PDF). [2018-05-01]. (原始内容存档 (PDF)于2018-04-13).
- ^ MRL-0003 - Monero is Not That Mysterious (PDF). getmonero.com. [2018-12-05]. (原始内容 (PDF)存档于2019-05-01).
- ^ Murenin, Constantine A. Soulskill , 编. OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto. Slashdot. 2014-01-19 [2014-12-27]. (原始内容存档于2016-03-04).
- ^ Murenin, Constantine A. timothy , 编. OpenBSD 5.5 Released. Slashdot. 2014-05-01 [2014-12-27]. (原始内容存档于2017-05-05).
- ^ Friedl, Markus. ssh/kex.c#kexalgs. BSD Cross Reference, OpenBSD src/usr.bin/. 2014-04-29 [2014-12-27]. (原始内容存档于2017-12-09).
- ^ Murenin, Constantine A. Soulskill , 编. OpenSSH No Longer Has To Depend On OpenSSL. Slashdot. 2014-04-30 [2014-12-26]. (原始内容存档于2016-06-24).
- ^ How does Peerio implement end-to-end encryption?. Peerio. [2018-05-01]. (原始内容存档于2017-12-09).
- ^ PuTTY Change Log. www.chiark.greenend.org.uk. [2018-05-01]. (原始内容存档于2018-02-02).
- ^ Threema Cryptography Whitepaper (PDF). [2018-05-01]. (原始内容 (PDF)存档于2017-09-21).
- ^ Roger Dingledine & Nick Mathewson. Tor's Protocol Specifications - Blog. [20 December 2014]. (原始内容存档于2018-11-15).
- ^ Viber Encryption Overview. Viber. 3 May 2016 [24 September 2016]. (原始内容存档于2016-10-24).