424:
would be added to
Special Publication 800-186, which specifies approved elliptic curves for use by the US Federal Government. Both are described in RFC 7748. A 2019 draft of "FIPS 186-5" notes the intention to allow usage of
335:
By design, Curve25519 is immune to timing attacks, and it accepts any 32-byte string as a valid public key and does not require validating that a given point belongs to the curve, or is generated by the base point.
256:
378:
algorithm. While not directly related, suspicious aspects of the NIST's P curve constants led to concerns that the NSA had chosen values that gave them an advantage in breaking the encryption.
149:
2307:
1942:
2791:
2501:
193:
2919:
1889:
304:
219:
276:
2914:
2009:
1442:
1177:
2643:
1799:
2208:
2822:
2816:
2404:
2940:
2494:
1152:
1004:
2315:
2558:
2626:
2583:
2548:
322:
55:
1692:
228:
2538:
1842:
2487:
1336:
930:
2616:
2563:
2702:
1577:
1539:
417:
keys for signing and encryption. The use of the curve was eventually standardized for both key exchange and signature in 2020.
2727:
2611:
2283:
2172:
1979:
1137:. Advances in cryptology—ASIACRYPT. Lecture Notes in Computer Science. Vol. 4833. Berlin: Springer. pp. 29–50.
307:
2868:
2801:
546:
2543:
1893:
2965:
2858:
2707:
2621:
2606:
504:
43:
382:"I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry."
1205:
989:. Public Key Cryptography. Lecture Notes in Computer Science. Vol. 3958. New York: Springer. pp. 207–228.
2717:
2588:
2019:
58:(ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The
2970:
2950:
1871:
1450:
911:"My curve25519 library computes the Curve25519 function at very high speed. The library is in the public domain."
530:
2996:
2909:
2680:
1288:
713:
612:
594:
440:
92:
59:
2088:
1244:
2863:
2510:
2140:
1515:
742:
678:
2447:
Nidhi
Rastogi; James Hendler (2017-01-24). "WhatsApp security and role of metadata in preserving privacy".
2945:
2796:
2735:
2670:
708:
63:
2811:
2568:
2525:
344:
1612:
541:
2722:
2533:
2233:
1722:
1591:
1553:
1425:
1391:
371:
222:
2828:
1374:
A. Adamantiadis; libssh; S. Josefsson; SJD AB; M. Baushke; Juniper
Networks, Inc. (February 2020).
1126:
975:
952:
907:
632:
429:
for digital signatures. The 2023 update of
Special Publication 800-186 allows usage of Curve25519.
360:
340:
74:
70:
2853:
2675:
2598:
2578:
2573:
2553:
2448:
2350:
1780:
1497:
637:
165:
2935:
2878:
2806:
2692:
1961:
1740:
1148:
1000:
579:
318:
2386:
1481:
1032:
477:
2781:
2337:"Proton Mail now offers elliptic curve cryptography for advanced security and faster speeds"
2119:
1581:
1543:
1489:
1415:
1381:
1138:
1102:
Bernstein, Daniel J.; Duif, Niels; Lange, Tanja; Schwabe, Peter; Yang, Bo-Yin (2011-09-26).
1081:
Bernstein, Daniel J.; Duif, Niels; Lange, Tanja; Schwabe, Peter; Yang, Bo-Yin (2017-01-22).
990:
152:
47:
1162:
1014:
77:
has since proposed that the name Curve25519 be used for the underlying curve, and the name
1915:
1752:
1158:
1010:
826:
757:
574:
483:
1700:
281:
198:
1850:
2154:
584:
387:
261:
39:
1647:
401:
alternative to P-256, being used in a wide variety of applications. Starting in 2014,
332:
Curve25519 is constructed such that it avoids many potential implementation pitfalls.
2990:
2336:
1501:
2975:
2955:
1312:
569:
375:
306:
that of the elliptic curve group. Using a prime order subgroup prevents mounting a
160:
31:
2258:
1493:
2369:
366:
In 2013, interest began to increase considerably when it was discovered that the
2873:
2750:
1608:
1594:
1571:
1556:
1533:
1428:
1409:
1394:
1375:
1143:
1028:
979:
698:
658:
156:
1916:"A pure-Rust implementation of group operations on ristretto255 and Curve25519"
1103:
536:
2899:
2183:
1987:
1360:
2425:
1206:"A Few Thoughts on Cryptographic Engineering: The Many Flaws of Dual_EC_DRBG"
1766:
1289:"The NSA Is Breaking Most Encryption on the Internet - Schneier on Security"
762:
617:
599:
514:
469:
2041:
1411:
Ed25519 and Ed448 Public Key
Algorithms for the Secure Shell (SSH) Protocol
1033:"EFD / Genus-1 large-characteristic / XZ coordinates for Montgomery curves"
2479:
2209:"OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto"
1535:
A New
Cryptographic Signature Method for DomainKeys Identified Mail (DKIM)
2960:
2894:
2765:
2760:
2755:
2636:
2287:
2237:
2212:
1723:"PolarSSL 1.3.3 released - Tech Updates - mbed TLS (Previously PolarSSL)"
1264:
752:
718:
627:
622:
525:
509:
493:
436:
specification was amended so as to allow signatures with this algorithm.
421:
397:
51:
995:
985:. In Yung, Moti; Dodis, Yevgeniy; Kiayias, Aggelos; et al. (eds.).
2786:
2745:
2062:
856:
731:
688:
683:
519:
499:
426:
414:
402:
348:
17:
2904:
2067:
2014:
1920:
1586:
1548:
1420:
1386:
880:
693:
648:
488:
444:
1377:
Secure Shell (SSH) Key
Exchange Method Using Curve25519 and Curve448
195:(hence the numeric "25519" in the name), and it uses the base point
2453:
1130:
2740:
2697:
2665:
2658:
2653:
2648:
2096:
922:
797:
747:
703:
653:
642:
589:
559:
456:
448:
410:
2063:"Gajim plugin for OMEMO Multi-End Message and Object Encryption"
1062:
SafeCurves: choosing safe curves for elliptic-curve cryptography
726:
668:
563:
452:
433:
406:
2483:
1229:
2833:
2687:
1057:
673:
663:
367:
251:{\displaystyle 2^{252}+27742317777372353535851937790883648493}
2472:
1781:"Botan: src/lib/pubkey/curve25519/curve25519.cpp Source File"
903:
1767:"wolfSSL Embedded SSL/TLS Library | Products – wolfSSL"
855:
Exclusive key exchange in OpenSSH 6.7 when compiled without
390:, The NSA Is Breaking Most Encryption on the Internet (2013)
1516:"Recommendations for Discrete Logarithm-Based Cryptography"
1082:
1872:"Add support for ECDHE with X25519. · openbsd/src@0ad90c3"
1667:
1824:
2282:
Murenin, Constantine A. (2014-04-30). Soulskill (ed.).
2207:
Murenin, Constantine A. (2014-01-19). Soulskill (ed.).
1573:
The
Transport Layer Security (TLS) Protocol Version 1.3
2232:
Murenin, Constantine A. (2014-05-01). timothy (ed.).
284:
264:
231:
201:
168:
95:
782:
Starting with
Windows 10 (1607), Windows Server 2016
278:, meaning the number of elements in the subgroup is
2928:
2887:
2846:
2774:
2716:
2597:
2524:
2517:
881:"Irrelevant patents on elliptic-curve cryptography"
2308:"How does Peerio implement end-to-end encryption?"
313:The protocol uses compressed elliptic point (only
298:
270:
250:
213:
187:
143:
1245:"[tor-talk] NIST approved crypto in Tor?"
1131:"Faster addition and doubling on elliptic curves"
1056:Bernstein, Daniel J.; Lange, Tanja (2017-01-22).
1443:"Transition Plans for Key Establishment Schemes"
439:Also in 2018, RFC 8446 was published as the new
317:coordinates), so it allows efficient use of the
380:
221:. This point generates a cyclic subgroup whose
1486:National Institute of Standards and Technology
1447:National Institute of Standards and Technology
1083:"Ed25519: high-speed high-security signatures"
980:"Curve25519: New Diffie-Hellman Speed Records"
69:The original Curve25519 paper defined it as a
2495:
1641:
1639:
1637:
1635:
1633:
1631:
1629:
1185:National Institute of Standards in Technology
8:
2284:"OpenSSH No Longer Has To Depend On OpenSSL"
420:In 2017, NIST announced that Curve25519 and
27:Elliptic curve used in Internet cryptography
2010:"DNSCrypt version 2 protocol specification"
2521:
2502:
2488:
2480:
2173:"MRL-0003 - Monero is Not That Mysterious"
1408:B. Harris; L. Velvindron (February 2020).
904:A state-of-the-art Diffie-Hellman function
359:In 2005, Curve25519 was first released by
2452:
2263:BSD Cross Reference, OpenBSD src/usr.bin/
1585:
1547:
1419:
1385:
1337:"OpenSSH introduces key exchange !"
1142:
994:
821:
819:
817:
815:
288:
283:
263:
236:
230:
200:
173:
167:
144:{\displaystyle y^{2}=x^{3}+486662x^{2}+x}
129:
113:
100:
94:
792:
790:
788:
2403:Roger Dingledine & Nick Mathewson.
1699:(doxygen documentation). Archived from
1480:Regenscheid, Andrew (31 October 2019).
1135:Advances in Cryptology – ASIACRYPT 2007
871:
775:
2405:"Tor's Protocol Specifications - Blog"
1748:
1738:
1613:"Libgcrypt 1.7.0 release announcement"
395:Since 2013, Curve25519 has become the
246:27742317777372353535851937790883648493
1693:"nettle: curve25519.h File Reference"
1330:
1328:
1104:"High-speed high-security signatures"
7:
2823:Naccache–Stern knapsack cryptosystem
1843:"OpenSSL 1.1.0 Series Release Notes"
1648:"Comparison of key exchange methods"
970:
968:
443:standard. It recommends support for
1960:Straub, Andreas (25 October 2015).
933:from the original on 29 August 2020
258:. This subgroup has a co-factor of
1470:RFC 7748. Retrieved from rfc:7748.
987:Public Key Cryptography - PKC 2006
846:Used to sign releases and packages
25:
2387:"Threema Cryptography Whitepaper"
1335:Adamantiadis, Aris (2013-11-03).
613:Conversations Android application
1210:blog.cryptographyengineering.com
1178:"Dual EC in X9.82 and SP 800-90"
1037:EFD / Explicit-Formulas Database
54:) and designed for use with the
2854:Discrete logarithm cryptography
2141:"go-ipfs_keystore.go at master"
1646:SSH implementation comparison.
1243:Maxwell, Gregory (2013-09-08).
2370:"SQRL Cryptography whitepaper"
2368:Steve Gibson (December 2019).
1532:John Levine (September 2018).
809:Only in "secret conversations"
370:had potentially implemented a
1:
2257:Friedl, Markus (2014-04-29).
2061:Bahtiar Gadimov; et al.
1570:E Rescorla (September 2018).
1494:10.6028/NIST.FIPS.186-5-draft
1204:Green, Matthew (2015-01-14).
953:"[Cfrg] 25519 naming"
441:Transport Layer Security v1.3
405:defaults to Curve25519-based
56:Elliptic-curve Diffie–Hellman
2869:Non-commutative cryptography
2143:. Github.com. 30 March 2022.
1449:. 2017-10-31. Archived from
1313:"Things that use Curve25519"
1133:. In Kurosawa, Kaoru (ed.).
2966:Identity-based cryptography
2859:Elliptic-curve cryptography
2426:"Viber Encryption Overview"
1361:"GnuPG - What's new in 2.1"
1144:10.1007/978-3-540-76900-2_3
562:, a proposed extension for
374:into the P-256 curve based
44:elliptic-curve cryptography
3013:
2355:www.chiark.greenend.org.uk
1825:"Introduction · libsodium"
1230:"SafeCurves: Introduction"
1058:"SafeCurves: Introduction"
188:{\displaystyle 2^{255}-19}
2971:Post-quantum cryptography
2920:Post-Quantum Cryptography
2155:"Apple Platform Security"
1176:Kelsey, John (May 2014).
732:Threema Instant Messenger
2042:"Dropbear SSH - Changes"
1890:"NSS 3.28 release notes"
837:Only in "incognito mode"
595:Transport Layer Security
308:Pohlig–Hellman algorithm
60:reference implementation
2864:Hash-based cryptography
2511:Public-key cryptography
2120:"0.9.15 Release - Blog"
1129:; Lange, Tanja (2007).
341:birationally equivalent
85:Mathematical properties
2234:"OpenBSD 5.5 Released"
1980:"Cryptocat - Security"
1265:"SafeCurves: Rigidity"
393:
300:
272:
252:
215:
189:
145:
64:public domain software
2526:Integer factorization
480:(since version 1.9.0)
345:twisted Edwards curve
301:
273:
253:
216:
190:
146:
81:for the DH function.
1800:"TLS (Schannel SSP)"
1127:Bernstein, Daniel J.
976:Bernstein, Daniel J.
282:
262:
229:
199:
166:
93:
2829:Three-pass protocol
2428:. Viber. 3 May 2016
2259:"ssh/kex.c#kexalgs"
1785:botan.randombit.net
1488:(Withdrawn Draft).
1269:safecurves.cr.yp.to
996:10.1007/11745853_14
908:Daniel J. Bernstein
522:since version 1.1.0
496:(formerly PolarSSL)
361:Daniel J. Bernstein
299:{\displaystyle 1/8}
214:{\displaystyle x=9}
75:Daniel J. Bernstein
46:(ECC) offering 128
2599:Discrete logarithm
2351:"PuTTY Change Log"
2118:zzz (2014-09-20).
2099:on 9 December 2017
1962:"OMEMO Encryption"
1949:. 13 October 2021.
1896:on 9 December 2017
1847:OpenSSL Foundation
1804:docs.microsoft.com
1751:has generic name (
638:Facebook Messenger
533:since version 3.28
351:signature scheme.
296:
268:
248:
211:
185:
141:
89:The curve used is
2984:
2983:
2936:Digital signature
2879:Trapdoor function
2842:
2841:
2559:Goldwasser–Micali
1611:(15 April 2016).
1154:978-3-540-76899-9
1006:978-3-540-33851-2
580:Matrix (protocol)
413:adds support for
319:Montgomery ladder
271:{\displaystyle 8}
16:(Redirected from
3004:
2825:
2726:
2721:
2681:signature scheme
2584:Okamoto–Uchiyama
2522:
2504:
2497:
2490:
2481:
2476:
2475:
2473:Official website
2459:
2458:
2456:
2444:
2438:
2437:
2435:
2433:
2422:
2416:
2415:
2413:
2411:
2400:
2394:
2393:
2391:
2383:
2377:
2376:
2374:
2365:
2359:
2358:
2347:
2341:
2340:
2339:. 25 April 2019.
2333:
2327:
2326:
2324:
2323:
2314:. Archived from
2304:
2298:
2297:
2295:
2294:
2279:
2273:
2272:
2270:
2269:
2254:
2248:
2247:
2245:
2244:
2229:
2223:
2222:
2220:
2219:
2204:
2198:
2197:
2195:
2194:
2188:
2182:. Archived from
2177:
2169:
2163:
2162:
2151:
2145:
2144:
2137:
2131:
2130:
2128:
2126:
2115:
2109:
2108:
2106:
2104:
2095:. Archived from
2085:
2079:
2078:
2076:
2075:
2058:
2052:
2051:
2049:
2048:
2037:
2031:
2030:
2028:
2027:
2018:. Archived from
2005:
1999:
1998:
1996:
1995:
1986:. Archived from
1976:
1970:
1969:
1966:conversations.im
1957:
1951:
1950:
1939:
1933:
1932:
1930:
1928:
1912:
1906:
1905:
1903:
1901:
1892:. Archived from
1886:
1880:
1879:
1868:
1862:
1861:
1859:
1858:
1849:. Archived from
1839:
1833:
1832:
1820:
1814:
1813:
1811:
1810:
1795:
1789:
1788:
1777:
1771:
1770:
1763:
1757:
1756:
1750:
1746:
1744:
1736:
1734:
1733:
1718:
1712:
1711:
1709:
1708:
1689:
1683:
1682:
1680:
1678:
1664:
1658:
1657:
1655:
1654:
1643:
1624:
1623:
1621:
1619:
1605:
1599:
1598:
1589:
1587:10.17487/RFC8446
1567:
1561:
1560:
1551:
1549:10.17487/RFC8463
1529:
1523:
1522:
1520:
1512:
1506:
1505:
1482:"FIPS PUB 186-5"
1477:
1471:
1468:
1462:
1461:
1459:
1458:
1439:
1433:
1432:
1423:
1421:10.17487/RFC8709
1405:
1399:
1398:
1389:
1387:10.17487/RFC8731
1371:
1365:
1364:
1357:
1351:
1350:
1348:
1347:
1332:
1323:
1322:
1320:
1319:
1309:
1303:
1302:
1300:
1299:
1293:www.schneier.com
1285:
1279:
1278:
1276:
1275:
1261:
1255:
1254:
1252:
1251:
1240:
1234:
1233:
1226:
1220:
1219:
1217:
1216:
1201:
1195:
1194:
1192:
1191:
1182:
1173:
1167:
1166:
1146:
1123:
1117:
1116:
1114:
1113:
1108:
1099:
1093:
1092:
1090:
1089:
1078:
1072:
1071:
1069:
1068:
1053:
1047:
1046:
1044:
1043:
1025:
1019:
1018:
998:
984:
972:
963:
962:
960:
959:
949:
943:
942:
940:
938:
929:. 5 March 2019.
919:
913:
901:
895:
894:
892:
891:
876:
860:
853:
847:
844:
838:
835:
829:
823:
810:
807:
801:
794:
783:
780:
542:curve25519-dalek
391:
305:
303:
302:
297:
292:
277:
275:
274:
269:
257:
255:
254:
249:
241:
240:
220:
218:
217:
212:
194:
192:
191:
186:
178:
177:
153:Montgomery curve
150:
148:
147:
142:
134:
133:
118:
117:
105:
104:
48:bits of security
21:
3012:
3011:
3007:
3006:
3005:
3003:
3002:
3001:
2997:Elliptic curves
2987:
2986:
2985:
2980:
2924:
2888:Standardization
2883:
2838:
2821:
2770:
2718:Lattice/SVP/CVP
2712:
2593:
2539:Blum–Goldwasser
2513:
2508:
2471:
2470:
2467:
2462:
2446:
2445:
2441:
2431:
2429:
2424:
2423:
2419:
2409:
2407:
2402:
2401:
2397:
2389:
2385:
2384:
2380:
2372:
2367:
2366:
2362:
2349:
2348:
2344:
2335:
2334:
2330:
2321:
2319:
2306:
2305:
2301:
2292:
2290:
2281:
2280:
2276:
2267:
2265:
2256:
2255:
2251:
2242:
2240:
2231:
2230:
2226:
2217:
2215:
2206:
2205:
2201:
2192:
2190:
2186:
2175:
2171:
2170:
2166:
2153:
2152:
2148:
2139:
2138:
2134:
2124:
2122:
2117:
2116:
2112:
2102:
2100:
2089:"GNUnet 0.10.0"
2087:
2086:
2082:
2073:
2071:
2060:
2059:
2055:
2046:
2044:
2040:Matt Johnston.
2039:
2038:
2034:
2025:
2023:
2007:
2006:
2002:
1993:
1991:
1978:
1977:
1973:
1959:
1958:
1954:
1941:
1940:
1936:
1926:
1924:
1914:
1913:
1909:
1899:
1897:
1888:
1887:
1883:
1870:
1869:
1865:
1856:
1854:
1841:
1840:
1836:
1822:
1821:
1817:
1808:
1806:
1797:
1796:
1792:
1779:
1778:
1774:
1765:
1764:
1760:
1747:
1737:
1731:
1729:
1720:
1719:
1715:
1706:
1704:
1691:
1690:
1686:
1676:
1674:
1666:
1665:
1661:
1652:
1650:
1645:
1644:
1627:
1617:
1615:
1607:
1606:
1602:
1569:
1568:
1564:
1531:
1530:
1526:
1518:
1514:
1513:
1509:
1479:
1478:
1474:
1469:
1465:
1456:
1454:
1441:
1440:
1436:
1407:
1406:
1402:
1373:
1372:
1368:
1359:
1358:
1354:
1345:
1343:
1334:
1333:
1326:
1317:
1315:
1311:
1310:
1306:
1297:
1295:
1287:
1286:
1282:
1273:
1271:
1263:
1262:
1258:
1249:
1247:
1242:
1241:
1237:
1228:
1227:
1223:
1214:
1212:
1203:
1202:
1198:
1189:
1187:
1180:
1175:
1174:
1170:
1155:
1125:
1124:
1120:
1111:
1109:
1106:
1101:
1100:
1096:
1087:
1085:
1080:
1079:
1075:
1066:
1064:
1055:
1054:
1050:
1041:
1039:
1027:
1026:
1022:
1007:
982:
974:
973:
966:
957:
955:
951:
950:
946:
936:
934:
921:
920:
916:
902:
898:
889:
887:
878:
877:
873:
869:
864:
863:
854:
850:
845:
841:
836:
832:
827:Signal Protocol
824:
813:
808:
804:
795:
786:
781:
777:
772:
767:
608:
575:Signal Protocol
556:
551:
465:
392:
386:
357:
280:
279:
260:
259:
232:
227:
226:
197:
196:
169:
164:
163:
159:defined by the
125:
109:
96:
91:
90:
87:
73:(DH) function.
28:
23:
22:
15:
12:
11:
5:
3010:
3008:
3000:
2999:
2989:
2988:
2982:
2981:
2979:
2978:
2973:
2968:
2963:
2958:
2953:
2948:
2943:
2938:
2932:
2930:
2926:
2925:
2923:
2922:
2917:
2912:
2907:
2902:
2897:
2891:
2889:
2885:
2884:
2882:
2881:
2876:
2871:
2866:
2861:
2856:
2850:
2848:
2844:
2843:
2840:
2839:
2837:
2836:
2831:
2826:
2819:
2817:Merkle–Hellman
2814:
2809:
2804:
2799:
2794:
2789:
2784:
2778:
2776:
2772:
2771:
2769:
2768:
2763:
2758:
2753:
2748:
2743:
2738:
2732:
2730:
2714:
2713:
2711:
2710:
2705:
2700:
2695:
2690:
2685:
2684:
2683:
2673:
2668:
2663:
2662:
2661:
2656:
2646:
2641:
2640:
2639:
2634:
2624:
2619:
2614:
2609:
2603:
2601:
2595:
2594:
2592:
2591:
2586:
2581:
2576:
2571:
2566:
2564:Naccache–Stern
2561:
2556:
2551:
2546:
2541:
2536:
2530:
2528:
2519:
2515:
2514:
2509:
2507:
2506:
2499:
2492:
2484:
2478:
2477:
2466:
2465:External links
2463:
2461:
2460:
2439:
2417:
2395:
2378:
2360:
2342:
2328:
2299:
2274:
2249:
2224:
2199:
2164:
2146:
2132:
2110:
2080:
2053:
2032:
2000:
1971:
1952:
1943:"Ed25519.java"
1934:
1907:
1881:
1863:
1834:
1823:Denis, Frank.
1815:
1790:
1772:
1758:
1721:Limited, ARM.
1713:
1684:
1668:"Introduction"
1659:
1625:
1600:
1562:
1524:
1507:
1472:
1463:
1434:
1400:
1366:
1363:. August 2021.
1352:
1324:
1304:
1280:
1256:
1235:
1221:
1196:
1168:
1153:
1118:
1094:
1073:
1048:
1020:
1005:
964:
944:
914:
896:
870:
868:
865:
862:
861:
848:
839:
830:
811:
802:
784:
774:
773:
771:
768:
766:
765:
760:
755:
750:
745:
740:
737:
734:
729:
724:
721:
716:
711:
706:
701:
696:
691:
686:
681:
676:
671:
666:
661:
656:
651:
646:
640:
635:
630:
625:
620:
615:
609:
607:
604:
603:
602:
597:
592:
587:
582:
577:
572:
567:
555:
552:
550:
549:
544:
539:
534:
528:
523:
517:
512:
507:
502:
497:
491:
486:
481:
475:
472:
466:
464:
461:
388:Bruce Schneier
384:
356:
353:
295:
291:
287:
267:
247:
244:
239:
235:
210:
207:
204:
184:
181:
176:
172:
140:
137:
132:
128:
124:
121:
116:
112:
108:
103:
99:
86:
83:
71:Diffie–Hellman
40:elliptic curve
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
3009:
2998:
2995:
2994:
2992:
2977:
2974:
2972:
2969:
2967:
2964:
2962:
2959:
2957:
2954:
2952:
2949:
2947:
2944:
2942:
2939:
2937:
2934:
2933:
2931:
2927:
2921:
2918:
2916:
2913:
2911:
2908:
2906:
2903:
2901:
2898:
2896:
2893:
2892:
2890:
2886:
2880:
2877:
2875:
2872:
2870:
2867:
2865:
2862:
2860:
2857:
2855:
2852:
2851:
2849:
2845:
2835:
2832:
2830:
2827:
2824:
2820:
2818:
2815:
2813:
2810:
2808:
2805:
2803:
2800:
2798:
2795:
2793:
2790:
2788:
2785:
2783:
2780:
2779:
2777:
2773:
2767:
2764:
2762:
2759:
2757:
2754:
2752:
2749:
2747:
2744:
2742:
2739:
2737:
2734:
2733:
2731:
2729:
2724:
2719:
2715:
2709:
2706:
2704:
2701:
2699:
2696:
2694:
2691:
2689:
2686:
2682:
2679:
2678:
2677:
2674:
2672:
2669:
2667:
2664:
2660:
2657:
2655:
2652:
2651:
2650:
2647:
2645:
2642:
2638:
2635:
2633:
2630:
2629:
2628:
2625:
2623:
2620:
2618:
2615:
2613:
2610:
2608:
2605:
2604:
2602:
2600:
2596:
2590:
2589:Schmidt–Samoa
2587:
2585:
2582:
2580:
2577:
2575:
2572:
2570:
2567:
2565:
2562:
2560:
2557:
2555:
2552:
2550:
2549:Damgård–Jurik
2547:
2545:
2544:Cayley–Purser
2542:
2540:
2537:
2535:
2532:
2531:
2529:
2527:
2523:
2520:
2516:
2512:
2505:
2500:
2498:
2493:
2491:
2486:
2485:
2482:
2474:
2469:
2468:
2464:
2455:
2450:
2443:
2440:
2427:
2421:
2418:
2406:
2399:
2396:
2388:
2382:
2379:
2371:
2364:
2361:
2356:
2352:
2346:
2343:
2338:
2332:
2329:
2318:on 2017-12-09
2317:
2313:
2309:
2303:
2300:
2289:
2285:
2278:
2275:
2264:
2260:
2253:
2250:
2239:
2235:
2228:
2225:
2214:
2210:
2203:
2200:
2189:on 2019-05-01
2185:
2181:
2180:getmonero.com
2174:
2168:
2165:
2160:
2159:Apple Support
2156:
2150:
2147:
2142:
2136:
2133:
2121:
2114:
2111:
2098:
2094:
2090:
2084:
2081:
2070:
2069:
2064:
2057:
2054:
2043:
2036:
2033:
2022:on 2015-08-13
2021:
2017:
2016:
2011:
2008:Frank Denis.
2004:
2001:
1990:on 2016-04-07
1989:
1985:
1981:
1975:
1972:
1967:
1963:
1956:
1953:
1948:
1944:
1938:
1935:
1923:
1922:
1917:
1911:
1908:
1895:
1891:
1885:
1882:
1877:
1873:
1867:
1864:
1853:on 2018-03-17
1852:
1848:
1844:
1838:
1835:
1830:
1829:libsodium.org
1826:
1819:
1816:
1805:
1801:
1794:
1791:
1786:
1782:
1776:
1773:
1768:
1762:
1759:
1754:
1742:
1728:
1724:
1717:
1714:
1703:on 2015-05-20
1702:
1698:
1694:
1688:
1685:
1673:
1669:
1663:
1660:
1649:
1642:
1640:
1638:
1636:
1634:
1632:
1630:
1626:
1614:
1610:
1604:
1601:
1596:
1593:
1588:
1583:
1579:
1575:
1574:
1566:
1563:
1558:
1555:
1550:
1545:
1541:
1537:
1536:
1528:
1525:
1517:
1511:
1508:
1503:
1499:
1495:
1491:
1487:
1483:
1476:
1473:
1467:
1464:
1453:on 2018-03-11
1452:
1448:
1444:
1438:
1435:
1430:
1427:
1422:
1417:
1413:
1412:
1404:
1401:
1396:
1393:
1388:
1383:
1379:
1378:
1370:
1367:
1362:
1356:
1353:
1342:
1338:
1331:
1329:
1325:
1314:
1308:
1305:
1294:
1290:
1284:
1281:
1270:
1266:
1260:
1257:
1246:
1239:
1236:
1231:
1225:
1222:
1211:
1207:
1200:
1197:
1186:
1179:
1172:
1169:
1164:
1160:
1156:
1150:
1145:
1140:
1136:
1132:
1128:
1122:
1119:
1105:
1098:
1095:
1084:
1077:
1074:
1063:
1059:
1052:
1049:
1038:
1034:
1030:
1024:
1021:
1016:
1012:
1008:
1002:
997:
992:
988:
981:
977:
971:
969:
965:
954:
948:
945:
932:
928:
924:
918:
915:
912:
909:
905:
900:
897:
886:
882:
875:
872:
866:
858:
852:
849:
843:
840:
834:
831:
828:
822:
820:
818:
816:
812:
806:
803:
799:
793:
791:
789:
785:
779:
776:
769:
764:
761:
759:
756:
754:
751:
749:
746:
744:
741:
738:
735:
733:
730:
728:
725:
722:
720:
717:
715:
712:
710:
707:
705:
702:
700:
697:
695:
692:
690:
687:
685:
682:
680:
677:
675:
672:
670:
667:
665:
662:
660:
657:
655:
652:
650:
647:
644:
641:
639:
636:
634:
631:
629:
626:
624:
621:
619:
616:
614:
611:
610:
605:
601:
598:
596:
593:
591:
588:
586:
583:
581:
578:
576:
573:
571:
568:
565:
561:
558:
557:
553:
548:
547:Bouncy Castle
545:
543:
540:
538:
535:
532:
529:
527:
524:
521:
518:
516:
513:
511:
508:
506:
503:
501:
498:
495:
492:
490:
487:
485:
482:
479:
476:
473:
471:
468:
467:
462:
460:
458:
454:
450:
446:
442:
437:
435:
430:
428:
423:
418:
416:
412:
408:
404:
400:
399:
389:
383:
379:
377:
373:
369:
364:
362:
354:
352:
350:
346:
342:
339:The curve is
337:
333:
330:
329:coordinates.
328:
325:, using only
324:
320:
316:
311:
309:
293:
289:
285:
265:
245:
242:
237:
233:
225:is the prime
224:
208:
205:
202:
182:
179:
174:
170:
162:
158:
154:
138:
135:
130:
126:
122:
119:
114:
110:
106:
101:
97:
84:
82:
80:
76:
72:
67:
65:
61:
57:
53:
49:
45:
41:
37:
33:
19:
2976:OpenPGP card
2956:Web of trust
2631:
2612:Cramer–Shoup
2442:
2432:24 September
2430:. Retrieved
2420:
2408:. Retrieved
2398:
2381:
2363:
2354:
2345:
2331:
2320:. Retrieved
2316:the original
2311:
2302:
2291:. Retrieved
2277:
2266:. Retrieved
2262:
2252:
2241:. Retrieved
2227:
2216:. Retrieved
2202:
2191:. Retrieved
2184:the original
2179:
2167:
2158:
2149:
2135:
2123:. Retrieved
2113:
2101:. Retrieved
2097:the original
2092:
2083:
2072:. Retrieved
2066:
2056:
2045:. Retrieved
2035:
2024:. Retrieved
2020:the original
2013:
2003:
1992:. Retrieved
1988:the original
1983:
1974:
1965:
1955:
1946:
1937:
1925:. Retrieved
1919:
1910:
1898:. Retrieved
1894:the original
1884:
1875:
1866:
1855:. Retrieved
1851:the original
1846:
1837:
1828:
1818:
1807:. Retrieved
1803:
1793:
1784:
1775:
1761:
1730:. Retrieved
1727:tls.mbed.org
1726:
1716:
1705:. Retrieved
1701:the original
1696:
1687:
1675:. Retrieved
1671:
1662:
1651:. Retrieved
1616:. Retrieved
1603:
1572:
1565:
1534:
1527:
1510:
1485:
1475:
1466:
1455:. Retrieved
1451:the original
1446:
1437:
1410:
1403:
1376:
1369:
1355:
1344:. Retrieved
1340:
1316:. Retrieved
1307:
1296:. Retrieved
1292:
1283:
1272:. Retrieved
1268:
1259:
1248:. Retrieved
1238:
1224:
1213:. Retrieved
1209:
1199:
1188:. Retrieved
1184:
1171:
1134:
1121:
1110:. Retrieved
1097:
1086:. Retrieved
1076:
1065:. Retrieved
1061:
1051:
1040:. Retrieved
1036:
1029:Lange, Tanja
1023:
986:
956:. Retrieved
947:
935:. Retrieved
926:
917:
910:
899:
888:. Retrieved
884:
874:
851:
842:
833:
805:
778:
714:Silent Phone
606:Applications
570:Secure Shell
459:algorithms.
438:
431:
419:
396:
394:
381:
376:Dual_EC_DRBG
365:
358:
347:used in the
338:
334:
331:
326:
314:
312:
161:prime number
88:
78:
68:
35:
32:cryptography
29:
2946:Fingerprint
2910:NSA Suite B
2874:RSA problem
2751:NTRUEncrypt
2410:20 December
2125:20 December
2103:11 December
1749:|last=
1677:11 December
1609:Werner Koch
879:Bernstein.
699:Proton Mail
659:Google Allo
157:prime field
155:, over the
2900:IEEE P1363
2518:Algorithms
2454:1701.06817
2322:2015-11-04
2293:2014-12-26
2268:2014-12-27
2243:2014-12-27
2218:2014-12-27
2193:2018-06-05
2093:gnunet.org
2074:2016-10-01
2047:2016-02-25
2026:2016-03-03
1994:2016-05-24
1984:crypto.cat
1857:2016-06-24
1809:2017-09-15
1798:Justinha.
1732:2015-05-19
1707:2015-05-19
1653:2016-02-25
1457:2019-09-04
1346:2014-12-27
1341:libssh.org
1318:2015-12-23
1298:2015-05-20
1274:2015-05-20
1250:2015-05-20
1215:2015-05-20
1190:2018-12-02
1112:2019-11-09
1088:2019-11-09
1067:2016-02-08
1042:2016-02-08
958:2016-02-25
937:3 February
890:2016-02-08
867:References
645:via plugin
36:Curve25519
1502:241055751
763:WireGuard
618:Cryptocat
600:WireGuard
554:Protocols
515:Libsodium
470:Libgcrypt
463:Libraries
432:In 2018,
180:−
50:(256-bit
2991:Category
2961:Key size
2895:CRYPTREC
2812:McEliece
2766:RLWE-SIG
2761:RLWE-KEX
2756:NTRUSign
2569:Paillier
2288:Slashdot
2238:Slashdot
2213:Slashdot
1927:14 April
1741:cite web
1618:22 April
978:(2006).
931:Archived
927:Crypto++
923:"X25519"
885:cr.yp.to
825:Via the
800:protocol
796:Via the
753:WhatsApp
739:TinyTERM
719:SmartFTP
633:Dropbear
628:DNSCurve
623:DNSCrypt
566:(Jabber)
537:Crypto++
526:LibreSSL
510:Schannel
494:mbed TLS
422:Curve448
398:de facto
385:—
372:backdoor
310:attack.
52:key size
42:used in
2807:Lamport
2787:CEILIDH
2746:NewHope
2693:Schnorr
2676:ElGamal
2654:Ed25519
2534:Benaloh
1900:25 July
1697:Fossies
1163:2565722
1015:2423191
857:OpenSSL
736:TinySSH
689:OpenSSH
684:OpenBSD
520:OpenSSL
500:wolfSSL
478:libssh2
449:Ed25519
427:Ed25519
415:Ed25519
403:OpenSSH
355:History
349:Ed25519
2929:Topics
2905:NESSIE
2847:Theory
2775:Others
2632:X25519
2312:Peerio
2068:GitHub
2015:GitHub
1947:GitHub
1921:GitHub
1876:GitHub
1500:
1161:
1151:
1013:
1003:
709:Signal
694:Peerio
679:Monero
649:GNUnet
489:GnuTLS
474:libssh
455:, and
445:X25519
123:486662
79:X25519
38:is an
18:X25519
2741:Kyber
2736:BLISS
2698:SPEKE
2666:ECMQV
2659:Ed448
2649:EdDSA
2644:ECDSA
2574:Rabin
2449:arXiv
2390:(PDF)
2373:(PDF)
2187:(PDF)
2176:(PDF)
1672:yp.to
1519:(PDF)
1498:S2CID
1181:(PDF)
1107:(PDF)
983:(PDF)
798:OMEMO
770:Notes
748:Viber
704:PuTTY
654:GnuPG
643:Gajim
590:Zcash
560:OMEMO
505:Botan
457:Ed448
411:GnuPG
343:to a
223:order
2941:OAEP
2915:CNSA
2792:EPOC
2637:X448
2627:ECDH
2434:2016
2412:2014
2127:2014
2105:2014
1929:2021
1902:2017
1753:help
1679:2014
1620:2016
1595:8446
1578:IETF
1557:8463
1540:IETF
1429:8709
1395:8731
1149:ISBN
1001:ISBN
939:2023
758:Wire
727:SQRL
723:SSHJ
669:IPFS
564:XMPP
484:NaCl
453:X448
434:DKIM
409:and
407:ECDH
323:ECDH
321:for
151:, a
2951:PKI
2834:XTR
2802:IES
2797:HFE
2728:SIS
2723:LWE
2708:STS
2703:SRP
2688:MQV
2671:EKE
2622:DSA
2607:BLS
2579:RSA
2554:GMR
1592:RFC
1582:doi
1554:RFC
1544:doi
1490:doi
1426:RFC
1416:doi
1392:RFC
1382:doi
1139:doi
991:doi
906:by
743:Tor
674:iOS
664:I2P
585:Tox
531:NSS
368:NSA
238:252
175:255
62:is
30:In
2993::
2782:AE
2617:DH
2353:.
2310:.
2286:.
2261:.
2236:.
2211:.
2178:.
2157:.
2091:.
2065:.
2012:.
1982:.
1964:.
1945:.
1918:.
1874:.
1845:.
1827:.
1802:.
1783:.
1745::
1743:}}
1739:{{
1725:.
1695:.
1670:.
1628:^
1590:.
1580:.
1576:.
1552:.
1542:.
1538:.
1496:.
1484:.
1445:.
1424:.
1414:.
1390:.
1380:.
1339:.
1327:^
1291:.
1267:.
1208:.
1183:.
1159:MR
1157:.
1147:.
1060:.
1035:.
1031:.
1011:MR
1009:.
999:.
967:^
925:.
883:.
814:^
787:^
451:,
447:,
363:.
327:XZ
183:19
66:.
34:,
2725:/
2720:/
2503:e
2496:t
2489:v
2457:.
2451::
2436:.
2414:.
2392:.
2375:.
2357:.
2325:.
2296:.
2271:.
2246:.
2221:.
2196:.
2161:.
2129:.
2107:.
2077:.
2050:.
2029:.
1997:.
1968:.
1931:.
1904:.
1878:.
1860:.
1831:.
1812:.
1787:.
1769:.
1755:)
1735:.
1710:.
1681:.
1656:.
1622:.
1597:.
1584::
1559:.
1546::
1521:.
1504:.
1492::
1460:.
1431:.
1418::
1397:.
1384::
1349:.
1321:.
1301:.
1277:.
1253:.
1232:.
1218:.
1193:.
1165:.
1141::
1115:.
1091:.
1070:.
1045:.
1017:.
993::
961:.
941:.
893:.
859:.
315:X
294:8
290:/
286:1
266:8
243:+
234:2
209:9
206:=
203:x
171:2
139:x
136:+
131:2
127:x
120:+
115:3
111:x
107:=
102:2
98:y
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.