Unsignedio
/
micropython-curve25519
mirror of https://github.com/markqvist/micropython-curve25519.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Implementation of X25519 and Ed25519 as a micropython mpy-module on a Pyboard
18 Commits
1 Branch
4 Tags
61 KiB
C 73.2%
Python 24.9%
Makefile 1.9%
 
 
 
Go to file
pmvr 96ce625d1c in place transform to/from Montgomery space 2020-06-17 08:38:59 +02:00
mpy-modules in place transform to/from Montgomery space 2020-06-17 08:38:59 +02:00
LICENSE
README.md small improvement for inversion 2020-06-14 16:30:49 +02:00
ed25519.py corrected lenth 2020-06-14 15:32:03 +02:00
x25519.py

README.md

micropython-curve25519

Implementation of X25519 and Ed25519 as a micropython mpy-module on a Pyboard

Background

Curve25519 is a state-of-the-art for elliptic curve Diffie-Hellman, designed for both performance and security. Furthermore, it is used for Edwards-curve Digital Signature Algorithm (EdDSA).

While the key exchange is refered by the function X25519, Ed25519 refers to the digital signature algorithm.

X25519 performs scalar multiplication on the Montgomery form of Curve25519. It uses a Montgomery ladder on the u-coordinate only, see here for the algorithm.

Ed25519 is performed on the twisted Edwards curve of Curve25519 on the x- und y-coordinate. For performance reasons, the signing operation uses here the function X25519 and then a recovery of the v-coordinate, see Algorithm 5 in this paper, followed by the birational map between the Montgomery curve and the Edwards curve.

mpy-Modules

For native machine code in mpy-files see here.

There are two modules in the mpy-modules/ sub-directory:

  • One for the SHA512 mpy-modules/sha512/, where I modfied this code.
  • And one for X25519 mpy-modules/curve25519/.

After compilation to machine code, the two mpy-files have to be copied to a Pyboard.

Results

The following results are received on a Pyboard (STM32F722IEK).

X25519

Python script x25519.py

Test vectors from https://tools.ietf.org/html/rfc8031#appendix-A
Test 1: X25519: q = d*u
Computation time: 24 ms
q [hex/dec] = 66c7fb0d9f7090f777fa8493081ce8a4f174dbbbf9a36f16ba571206d4ddd548      46489245826987382655505058740283756869827209462947799117248009944518788765000
Test 1 passed.

Test 2: X25519 + y-coordinate recovery + transform to Edwards-curve
(x, y) = Edward(q, r), (q, r) = d*(u, v)
Computation time: 25 ms
x [hex/dec] = 1ce7e6e3a747a25352df2d3155f06427ba389769e37755731dead2b54c5cef03      13074494971479542188989287385397236998770807488645203601973104535274459557635
y [hex/dec] = 4dd1c7c2001c147333ceedf77ebd48b1100e2a95f88cf1f40d1b74ec7279e657      35198739055214410372845858661063095427357109357427482712729161712065293444695
Test 2 passed.

Ed25519

Python script ed25519.py

Test 1: Length of message: 0 bytes
Computation time: 52 ms
Test 1 passed.

Test 2: Length of message: 1 byte
Computation time: 52 ms
Test 2 passed.

Test 3: Length of message: 2 bytes
Computation time: 52 ms
Test 3 passed.

Test 4: Length of message: 1023 bytes
Computation time: 61 ms
Test 4 passed.

Test 5: Length of message: 64 bytes
Computation time: 53 ms
Test 5 passed.

Warning

The source code is not ready for production for both security reasons and missing regression tests.