src/ext/ed25519/ref10/README.tor


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

We've made the following changes to the stock ed25519_ref10 from
supercop-20140622:

   * We added the necessary glue to provide integers of fixed bit
     sizes, SHA512, and to compile without warnings everywhere we need
     to build.

   * Secret keys are stored in expanded format.  There are functions
     to expand them from the 32-byte seed.

   * Signatures are made and processed detached from the messages that
     they sign.  (In other words, we support "make signature" and
     "check signature", not "create signed message" and "check and
     unpack signed message".)

   * There's an implementation of 'convert a curve25519 key to an
     ed25519 key' so we can do cross-certification with curve25519 keys.
     (keyconv.c)

   * There's an implementation of multiplicative key blinding so we
     can use it for next-gen hidden srevice descriptors. (blinding.c)