Ed25519: high-speed high-security signatures



Ed25519 was introduced in the following paper:

  • [ed25519] 23pp. (PDF) Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin Yang. High-speed high-security signatures. Journal of Cryptographic Engineering 2 (2012), 77–89. Document ID: a1a62a2f76d23f65d622484ddd09caf8. URL: https://cr.yp.to/papers.html#ed25519. Date: 2011.09.26.

    Earlier version: (PDF) 2011.07.05.

    Earlier version: 2011.07.04. Pages 124--142 in Cryptographic hardware and embedded systems---CHES 2011, 13th international workshop, Nara, Japan, September 28--October 1, 2011, proceedings, edited by Bart Preneel and Tsuyoshi Takagi, Lecture Notes in Computer Science 6917, Springer, 2011.

The following paper extends EdDSA to handle more curves:

  • [eddsa] 5pp. (PDF) Daniel J. Bernstein, Simon Josefsson, Tanja Lange, Peter Schwabe, Bo-Yin Yang. EdDSA for more curves. URL: https://cr.yp.to/papers.html#eddsa. Date: 2015.07.04.

The following paper analyzes reductions between multi-key attacks and single-key attacks for several variants of the Schnorr signature system, including EdDSA:

  • [multischnorr] 19pp. (PDF) Daniel J. Bernstein. Multi-user Schnorr security, revisited. URL: https://cr.yp.to/papers.html#multischnorr. Date: 2015.10.12.


This is version 2017.01.22 of the papers.html web page.