WingNews logo WingNews
top | item 46633300

(no title)

teunispeters | 1 month ago

I look forward to crypto libraries not openssl that can provide support for ED25519 and ED448, as well as a wide range of EC keys.

These are requirements for my current work, and OpenSSL 3+ was the only crypto library that delivered.

discuss

order

fsmv|1 month ago

The go standard library has an implementation of ed25519 although I did not find ed448 it also has some NIST curves. There are a few libraries that do ed448 like one from cloudflare.

tob_scott_a|1 month ago

To test a Claude Skill for analyzing cryptographic implementations of cryptographic side-channels ([1] see constant-time-analysis), I had Claude vibe-code an Ed448 implementation.

This includes:

1. The Ed448 signature algorithm

2. The Edwards448 elliptic curve group (which could conceivably be used for ECDH)

3. The Decaf448 prime-order group (a much better target for doing non-EdDSA things with)

I've been putting off reviewing it and making the implementation public (as it was an exercise in "is this skill a sufficient guard-rail against implementation error" more than anything), but if there's any interest in this from the Go community, I'll try to prioritize it later this year.

(I'm not publishing it without approval from the rest of the cryptography team, which requires an internal review.)

But if you're curious about the efficacy of the Skill, it did discover https://github.com/RustCrypto/signatures/security/advisories...

[1] https://github.com/trailofbits/skills

some_furry|1 month ago

What do you need Ed448 for? I've not seen much real world deployments of this algorithm, so I'm very curious about this.

adrian_b|1 month ago

Presumably one would want to use Ed448 in order to achieve for session key establishment or for digital signing a level of security comparable to using for encryption AES with a 256-bit key.

ED25519 has a level of security only comparable with AES with an 128-bit key.

Nowadays many prefer to use for encryption AES or similar ciphers with a 256-bit key, to guard against possible future advances, like the development of quantum computers. In such cases, ED25519 remains the component with the lowest resistance against brute force, but it is less common to use something better than it because of the increase in computational cost for session establishment.