Skip to content

Size of the ed25519 secret key #33

Answered by paulmillr
mirceanis asked this question in Q&A
Discussion options

You must be logged in to vote
  1. Having 64-byte keys where only the first 32 bytes (private) are relevant is dumb. Every other elliptic curve uses ONLY the private part.
  2. Having the second half a public key introduces a potential issue. It was found here: https://twitter.com/kostascrypto/status/1538351278413058048. Libraries now need to validate whether the second half is actually the valid key, produced from the first half, and not some garbage. So, many libraries were affected, and the issue has been fixed. We have not been affected in the first place, because we always used 32-byte private keys.
  3. Having the second half pre-computed can be considered a cache and speed-up, but ONLY if you don't validate it (see 2), so it…

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@mirceanis
Comment options

mirceanis Apr 21, 2023
Author Sponsor

Answer selected by mirceanis
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants