Pythagoras0: /* 메타데이터 */ 새 문단

2022-09-16T04:14:34Z

메타데이터: 새 문단

Pythagoras0: /* 노트 */ 새 문단

2022-09-16T04:14:33Z

노트: 새 문단

새 문서

== 노트 ==

===말뭉치===
# Abstract This document describes elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA).<ref name="ref_2e69d3c6">[https://datatracker.ietf.org/doc/rfc8032/ Edwards-Curve Digital Signature Algorithm (EdDSA)]</ref>
# EdDSA needs to be instantiated with certain parameters, and this document describes some recommended variants.<ref name="ref_2e69d3c6" />
# To facilitate adoption of EdDSA in the Internet community, this document describes the signature scheme in an implementation-oriented way and provides sample code and test vectors.<ref name="ref_2e69d3c6" />
# The advantages with EdDSA are as follows: 1. EdDSA provides high performance on a variety of platforms; 2. The use of a unique random number for each signature is not required; 3.<ref name="ref_2e69d3c6" />
# Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using twisted Edwards curves.<ref name="ref_f6224868">[https://infocenter.nordicsemi.com/topic/sdk_nrf5_v17.1.0/lib_crypto_eddsa.html Edwards-curve Digital Signature Algorithm]</ref>
# This module provides support for EdDSA (Edwards-curve Digital Signature Algorithm) using SHA-512 and Ed25519.<ref name="ref_f6224868" />
# 1. An odd prime power p. EdDSA uses an elliptic curve over the finite field GF(p).<ref name="ref_c615f04d">[https://www.rfc-editor.org/rfc/rfc8032 RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA)]</ref>
# EdDSA public keys have exactly b bits, and EdDSA signatures have exactly 2*b bits.<ref name="ref_c615f04d" />
# Conservative hash functions (i.e., hash functions where it is infeasible to create collisions) are recommended and do not have much impact on the total cost of EdDSA. 5.<ref name="ref_c615f04d" />
# Secret EdDSA scalars have exactly n + 1 bits, with the top bit (the 2^n position) always set and the bottom c bits always cleared.<ref name="ref_c615f04d" />
# Herein, Edwards-curve digital signature algorithm or shortly EdDSA offers slightly faster signatures than ECDSA.<ref name="ref_2cef576e">[https://sefiks.com/2018/12/24/a-gentle-introduction-to-edwards-curve-digital-signature-algorithm-eddsa/ A Gentle Introduction to Edwards-curve Digital Signature Algorithm (EdDSA)]</ref>
# In EdDSA, this is handled by generating random key based on the hash of the message.<ref name="ref_2cef576e" />
# This issue is handled in EdDSA.<ref name="ref_2cef576e" />
# However, ECDSA/EdDSA and DSA differ in that DSA uses a mathematical operation known as modular exponentiation while ECDSA/EdDSA uses elliptic curves.<ref name="ref_fe1a3782">[https://goteleport.com/blog/comparing-ssh-keys/ Comparing SSH Keys - RSA, DSA, ECDSA, or EdDSA?]</ref>
# EdDSA solves the same discrete log problem as DSA/ECDSA, but uses a different family of elliptic curves known as the Edwards Curve (EdDSA uses a Twisted Edwards Curve).<ref name="ref_fe1a3782" />
# The EdDSA signatures use the Edwards form of the elliptic curves (for performance reasons), respectively edwards25519 and edwards448 .<ref name="ref_5dcd89c0">[https://cryptobook.nakov.com/digital-signatures/eddsa-and-ed25519 EdDSA and Ed25519]</ref>
# The hash function H {\displaystyle H} is normally modelled as a random oracle in formal analyses of EdDSA's security.<ref name="ref_c73f9309">[https://en.wikipedia.org/wiki/EdDSA#:~:text=In%20public%2Dkey%20cryptography%2C%20Edwards,signature%20schemes%20without%20sacrificing%20security. Wikipedia]</ref>
# Like other discrete-log-based signature schemes, EdDSA uses a secret value called a nonce unique to each signature.<ref name="ref_c73f9309" />
# In contrast, EdDSA chooses the nonce deterministically as the hash of a part of the private key and the message.<ref name="ref_c73f9309" />
# The Edwards-curve Digital Signature Algorithm (EdDSA) scheme uses a variant of the Schnorr signature based on twisted Edwards curves.<ref name="ref_b44dad56">[https://doc.primekey.com/ejbca/ejbca-operations/ejbca-ca-concept-guide/certificate-authority-overview/eddsa-keys-and-signatures EdDSA Keys and Signatures]</ref>
# EdDSA is designed to be faster than existing digital signature schemes without sacrificing security.<ref name="ref_b44dad56" />
# EJBCA supports EdDSA signature keys and you can create a Certificate Authority (CA) using EdDSA keys both using the EJBCA Admin UI and the CLI ( bin/ejbca.sh ca init ).<ref name="ref_b44dad56" />
# PKCS#11 did not standardize support for EdDSA until PKCS#11v3, while most HSMs still (October 2020) are still on PKCS#11v2.40.<ref name="ref_b44dad56" />
# Although EdDSA is employed in many widely used protocols, such as TLS and SSH, there appear to be extremely few hardware implementations that focus only on EdDSA.<ref name="ref_e6c15893">[https://cse.usf.edu/~mehran2/Papers/J46.pdf Ieee transactions on very large scale integration (vlsi) systems, vol. 29, no. 7, july 2021]</ref>
# I. INTRODUCTION E DWARDS curve digital signature algorithm (EdDSA) developed by Bernstein et al.<ref name="ref_e6c15893" />
# The Ed25519, as the most popular instance of EdDSA, is widely used as a digital signature method to guarantee the validity of the communications.<ref name="ref_e6c15893" />
# However, EdDSA has not got sufcient study, especially in the eld of hard- ware implementation based on eld-programmable gate arrays (FPGAs).<ref name="ref_e6c15893" />
# The API for EdDSA and the implementation in SunEC will not support arbitrary domain parameters.<ref name="ref_a0a94417">[https://openjdk.org/jeps/339 JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA)]</ref>
# Typical uses of EdDSA only use standardized parameter sets such as Ed25519 and Ed448 which can be specified using identifiers, and support for arbitrary curve parameters is not typically needed.<ref name="ref_a0a94417" />
# The EdDSA API should permit, through extension, the specification of arbitrary domain parameters.<ref name="ref_a0a94417" />
# Some users may have EdDSA certificates, and may have a strong preference to use EdDSA.<ref name="ref_a0a94417" />
# If you’re working on embedded systems, the determinism inherent to EdDSA might be undesirable due to the possibility of fault attacks.<ref name="ref_e17b9766">[https://soatok.blog/2022/05/19/guidance-for-choosing-an-elliptic-curve-signature-algorithm-in-2022/ Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022]</ref>
# Maybe you've seen the landslide of acronyms that go along with it: ECC, ECDSA, ECDH, EdDSA, Ed25519, etc.<ref name="ref_ba58ee33">[https://fission.codes/blog/everything-you-wanted-to-know-about-elliptic-curve-cryptography/ Everything you wanted to know about Elliptic Curve Cryptography – Fission]</ref>
# Hence implementing EdDSA over Galois field provides more security compared to the conventional EdDSA signature.<ref name="ref_4f5df1eb">[http://www.sdiarticle3.com/wp-content/uploads/2019/05/Revised-ms_JERR_48655_v2.pdf Eddsa over galois field gf((cid:2198)(cid:2195)) for multimedia data]</ref>
# EdDSA needs to be instantiated with certain parameters.<ref name="ref_4f5df1eb" />
# Creation of signature is deterministic in EdDSA and it has higher security due to intractability of some discrete logarithm problems.<ref name="ref_4f5df1eb" />
# For the EdDSA authenticator to function, it needs to know its own private key.<ref name="ref_4f5df1eb" />
# It means that EdDSA is similar to other elliptic curve signature algorithms, but has some different algorithmic details.<ref name="ref_3c6dfb07">[https://medium.com/@qinwen228/eddsa-a-good-signature-algorithm-717499a305 EdDSA, a good signature algorithm]</ref>
# On some other occasions, the EdDSA is also called ed25519.<ref name="ref_3c6dfb07" />
# But the security of EdDSA does not depend on a random number generator, which is very different from ECDSA.<ref name="ref_3c6dfb07" />
# Last but not least, EdDSA is very fast during the key generation process to sign a signature, make a verification.<ref name="ref_3c6dfb07" />
# In this paper, we make a comparative study of these methods for the Edwards curve digital signature algorithm (EdDSA).<ref name="ref_0f7f5980">[https://link.springer.com/chapter/10.1007/978-3-319-12060-7_17 Batch Verification of EdDSA Signatures]</ref>
# We describe the adaptation of Algorithms N, N′, S2′ and SP for EdDSA signatures.<ref name="ref_0f7f5980" />
# More precisely, we study seminumeric scalar multiplication and Montgomery ladders during randomization of EdDSA signatures.<ref name="ref_0f7f5980" />
# Each EdDSA signature verification involves a square-root computation.<ref name="ref_0f7f5980" />
# Signing a message with EdDSA proves to the recipient that the sender of the message is in possession of the private key corresponding to the transmitted public key used during verification.<ref name="ref_f5a772cf">[https://software-dl.ti.com/simplelink/esd/simplelink_cc13x2_26x2_sdk/5.10.00.48/exports/docs/drivers/doxygen/html/_e_d_d_s_a_8h.html EDDSA.h File Reference]</ref>
# The sender generates an EdDSA private-public keypair with private key k and public key A. For Ed25519, these are 32 bytes in little endian.<ref name="ref_f5a772cf" />
# This result is used as a scalar to generate EdDSA signature component R which is a point on Ed25519.<ref name="ref_f5a772cf" />
# The signature component R, public key A, and message M are hashed to find a value that is used to generate the EdDSA signature component S which is a scalar.<ref name="ref_f5a772cf" />
# Using EdDSA has a few advantages over ECDSA, mostly due to it being easier to implement and, therefore, more secure.<ref name="ref_6ead77c0">[https://www.scottbrady91.com/c-sharp/eddsa-for-jwt-signing-in-dotnet-core EdDSA for JWT Signing in .NET Core]</ref>
# To learn more about EdDSA and these variants, I recommend checking out David Wong’s article “EdDSA, Ed25519, Ed25519-IETF, Ed25519ph, Ed25519ctx, HashEdDSA, PureEdDSA, WTF?”.<ref name="ref_6ead77c0" />
# Otherwise, check out ed25519.cr.yp.to, which lists the benefits of using EdDSA (some are debatable).<ref name="ref_6ead77c0" />
# With EdDSA, both Ed25519 and Ed448 use an alg value of EdDSA .<ref name="ref_6ead77c0" />
# This document specifies the conventions for using the Edwards-curve Digital Signature Algorithm (EdDSA) for curve25519 and curve448 in the Cryptographic Message Syntax (CMS).<ref name="ref_cfc89118">[https://www.hjp.at/(en)/doc/rfc/rfc8419.html hjp: doc: RFC 8419: Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures in the Cryptographic Message Syntax (CMS)]</ref>
# For each curve, EdDSA defines the PureEdDSA and HashEdDSA modes.<ref name="ref_cfc89118" />
# The id-Ed25519 and id-Ed448 object identifiers are used to identify EdDSA public keys in certificates.<ref name="ref_cfc89118" />
# The SignerInfo signature field contains the octet string resulting from the EdDSA private key signing operation.<ref name="ref_cfc89118" />
# You've heard of EdDSA right?<ref name="ref_24deef46">[https://www.cryptologie.net/article/497/eddsa-ed25519-ed25519-ietf-ed25519ph-ed25519ctx-hasheddsa-pureeddsa-wtf/ EdDSA, Ed25519, Ed25519-IETF, Ed25519ph, Ed25519ctx, HashEdDSA, PureEdDSA, WTF?]</ref>
# Since its inception, EdDSA has evolved quite a lot, and some amount of standardization process has happened to it.<ref name="ref_24deef46" />
# Using EdDSA Signatures with CMS August 2018 Table of Contents 1. Introduction ....................................................2 1.1.<ref name="ref_0a6951d3">[http://www.muonics.com/rfc/rfc8419.php RFC 8419 - Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures in the Cryptographic Message Syntax (CMS)]</ref>
# EdDSA with curve25519 is referred to as "Ed25519", and EdDSA with curve448 is referred to as "Ed448".<ref name="ref_0a6951d3" />
# Using EdDSA Signatures with CMS August 2018 2.3.<ref name="ref_0a6951d3" />
# EdDSA needs to be instantiated with certain parameters and this document describe some recommended variants.<ref name="ref_6e4f16c1">[http://www.watersprings.org/pub/id/draft-irtf-cfrg-eddsa-00.html Edwards-curve Digital Signature Algorithm (EdDSA)]</ref>
# This obviates the need for EdDSA to perform expensive point validation on untrusted public values.<ref name="ref_6e4f16c1" />
# The generic EdDSA digital signature system with its eleven input parameters is not intended to be implemented directly.<ref name="ref_6e4f16c1" />
# EdDSA public keys have exactly b bits, and EdDSA signatures have exactly 2b bits.<ref name="ref_6e4f16c1" />
# EDDSA Specifies to generate a digital signature using the EDDSA algorithm.<ref name="ref_b1905011">[https://www.ibm.com/docs/en/zos/2.5.0?topic=signatures-digital-signature-generate-csnddsg-csnfdsg Digital Signature Generate (CSNDDSG and CSNFDSG)]</ref>
# This keyword is required with EDDSA, EC-SDSA , and CRDL-DSA keywords.<ref name="ref_b1905011" />
# This keyword is required with the EDDSA keyword.<ref name="ref_b1905011" />
# EdDSA is used in TLS 1.3.<ref name="ref_9bf6be08">[https://www.googlecloudcommunity.com/gc/-/-/td-p/23063 Edwards-Curve Digital Signature Algorithm (EdDSA) ...]</ref>
# So in that regard, no, EdDSA is not supported.<ref name="ref_9bf6be08" />
# According to our knowledge, this is the rst two-part cryptography scheme designed for Edwards-curve digital signature algorithm without sacricing security.<ref name="ref_6baef6d0">[http://ijns.jalaxy.com.tw/contents/ijns-v23-n4/ijns-2021-v23-n4-p558-568.pdf International journal of network security, vol.23, no.4, pp.558-568, july 2021 (doi: 10.6633/ijns.202107 23(4).02)]</ref>
# For the sake of improving above deciency, we present a two-party Edwards-curve digital signature algorithm.<ref name="ref_6baef6d0" />
# However, EdDSA signatures are defined on twisted Edwards curves, where a public key is a compressed point consisting of a twisted Edwards y-coordinate and a sign bit s which is either 0 or 1.<ref name="ref_3a3cf059">[https://signal.org/docs/specifications/xeddsa/ Signal >> Specifications >> The XEdDSA and VXEdDSA Signature Schemes]</ref>
# Abstract We present an EdDSA-compatible multi-party digital signature scheme that supports an oine participant during the key-generation phase, without relying on a trusted third party.<ref name="ref_9cb6e7a0">[https://arxiv.org/pdf/2009.01631 Springer Nature 2021 LATEX template A Provably-Unforgeable Threshold EdDSA]</ref>
# A Provably-Unforgeable Threshold EdDSA with an Oine Recovery Party 3 Organization We present some preliminaries in Section 2.<ref name="ref_9cb6e7a0" />
# Our protocol works with both ECDSA and EdDSA signature schemes and prioritizes efcient computation and communication.<ref name="ref_960480d9">[https://arxiv.org/pdf/2106.10972 Improving security for users of decentralized exchanges through multiparty computation]</ref>
# z, the rst part of the signature r, and the nonce k as follows: s k1 (z + r d) mod n. C. EdDSA Signature generation in EdDSA works similar to ECDSA.<ref name="ref_960480d9" />
# An EdDSA signature also consists of a tuple of integers (r, s), but computation differs slightly: 1) First, the secret key is hashed.<ref name="ref_960480d9" />
# 2) A cryptographically secure nonce is also required in EdDSA, but generating it is not left to the implementer.<ref name="ref_960480d9" />
===소스===
<references />

← 이전 판		2022년 9월 16일 (금) 04:14 판
84번째 줄:		84번째 줄:
	===소스===		===소스===
	<references />		<references />
		+
		+	== 메타데이터 ==
		+
		+	===위키데이터===
		+	* ID : [https://www.wikidata.org/wiki/Q16966748 Q16966748]
		+	===Spacy 패턴 목록===
		+	* [{'LOWER': 'edwards'}, {'OP': '*'}, {'LOWER': 'curve'}, {'LOWER': 'digital'}, {'LOWER': 'signature'}, {'LOWER': 'algorithm'}]
		+	* [{'LOWER': 'eddsa'}]

에드워즈 곡선 디지털 서명 알고리듬 - 편집 역사

Pythagoras0: /* 메타데이터 */ 새 문단

Pythagoras0: /* 노트 */ 새 문단