0

I have been studying Curve25519 and signal protocol since few days . What i came to know that in general Curve25519 uses "9" as base point but in signal base point used is convert_mont(9). convert_mont(9) is the function which generate a twisted edward curve key pair using montgomery private key as the parameter. Why is that?

Also it has been mentioned that in the docs that 

XEd25519 signatures are valid Ed25519 signatures [1] and vice versa, provided the public keys are converted with the birational map.

which i think means that if Ed25519 signatures are calculated using convert_mont() then it is equivelent to the XEd25519 signature .

If i have to implement convert_mont() then how do i do airthmetic operation on in libsodium since i am pretty new to cryptography.

Thanks.

Sagar Singh
  • 45
  • 5
  • The folks on the [Crypto.SE](https://crypto.stackexchange.com/) can probably answer in detail. Just a guess since I did not look at the code... The protective coordinates are converted to a Montgomery representation. The Montgomery representation allows use of a Montgomery Ladder for near-constant time multiplication. I do know the various Bernstein-derived implementations perform an expand step from the little-endian byte array to a base-51 polynomial, but that should have already occurred. See the function `curve25519_expand`. – jww Dec 20 '19 at 14:47
  • @jww well the main confusion was to understand the signature scheme. Since if i use the convert_mont(9) as a curve parameter then the signatures will be different and i think XEd25519 is their name . So is it ok to use the the normal Curve25519 with base point 9 in their protocol . – Sagar Singh Jan 06 '20 at 10:26

0 Answers0