EdDSA - Edwards-curve Digital Signature Algorithm

Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using twisted Edwards curves. The EdDSA algorithm is described in RFC 8032 - Edwards-Curve Digital Signature Algorithm (EdDSA) .

This module provides support for EdDSA (Edwards-curve Digital Signature Algorithm) using SHA-512 and Ed25519. EdDSA is available in the API as a separate curve type. To use EdDSA, variable g_nrf_crypto_ecc_ed25519_curve_info must be passed to key creation functions.

For information about public-private key management and general concepts regarding ECC, see ECC - Elliptic Curve Cryptography.

For detailed API documentation of this module, see Edwards-curve Digital Signature Algorithm (EdDSA).

EdDSA frontend API

The library provides the following functions to perform EdDSA:

• nrf_crypto_eddsa_sign
• nrf_crypto_eddsa_verify

For examples of both functions, see the EdDSA usage section.

This library represents a signature as an array of bytes that contains two big integers in little-endian order. If big-endian order is required, use nrf_crypto_ecc_byte_order_invert.

Note

Unlike ECDSA, the EdDSA sign and verify functions require the full plain text message as input for the signature, not the hash of the message.

Available backends

The following backends can be used for EdDSA:

• CryptoCell CC310
• Oberon crypto library

For information on configuring the backends, see Configuring nrf_crypto frontend and backends.

EdDSA usage

This section contains examples of the EdDSA procedure, both for signing and verification.

Example of signing

const uint8_t my_raw_private_key[32] = {
 0x23, 0x8F, 0x43, 0x88, ... // 32 bytes (256 bits) of raw private key
}

nrf_crypto_eddsa_sign_context_t sign_context;
nrf_crypto_ecc_private_key_t my_private_key;
uint8_t signature[NRF_CRYPTO_EDDSA_ED25519_SIGNATURE_SIZE];

size_t raw_key_size = sizeof(my_raw_private_key);
size_t signature_size = sizeof(signature);

// Initialize crypto library once before using any crypto functionality.
err_code = nrf_crypto_init();
APP_ERROR_CHECK(err_code);

// Convert raw private key to backend type.
err_code = nrf_crypto_ecc_private_key_from_raw(
 &g_nrf_crypto_ecc_ed25519_curve_info, // Info structure
 &my_private_key, // Private key
 my_raw_private_key, // Raw private key
 raw_key_size); // Raw key size
APP_ERROR_CHECK(err_code);

// Sign using Ed25519
err_code = nrf_crypto_eddsa_sign(&sign_context, // Sign context
 &my_private_key, // Ed25519 private key
 "Hello World!", // String to sign
 strlen("Hello World!"),// Size of string
 signature, // Signature (out)
 &signature_size); // Signature size (in/out)
APP_ERROR_CHECK(err_code);

Example of verification

const uint8_t raw_public_key[32] = {
 0xB4, 0x84, 0x12, 0xB8, ... // 32 bytes (256 bits) of raw public key
}

nrf_crypto_eddsa_verify_context_t verify_context;
nrf_crypto_ecc_public_key_t public_key;
uint8_t signature[NRF_CRYPTO_EDDSA_ED25519_SIGNATURE_SIZE];

// Initialize crypto library once before using any crypto functionality.
err_code = nrf_crypto_init();
APP_ERROR_CHECK(err_code);

// Convert raw public key to backend type
err_code = nrf_crypto_ecc_public_key_from_raw(
 &g_nrf_crypto_ecc_ed25519_curve_info,
 &public_key,
 raw_public_key,
 sizeof(raw_public_key));
APP_ERROR_CHECK(err_code);

// Verify using Ed25519
err_code = nrf_crypto_eddsa_verify(&verify_context, // Sign context
 &public_key, // Ed25519 public key
 "Hello World!", // String to verify
 strlen("Hello World!"), // Size of string
 signature, // Signature (in)
 sizeof(signature)); // Signature size
APP_ERROR_CHECK(err_code);