Curve25519：修订间差异

以互动方式浏览历史

←上一版本下一版本→

删除的内容添加的内容

可视化wikitext

行内

2018年12月5日 (三) 14:10的版本

在密码学中，Curve25519是一种椭圆曲线，被设计用于椭圆曲线迪菲-赫尔曼（ECDH）密钥交换方法，可用作提供128 bit的安全金鑰。它是不被任何已知专利覆盖的最快ECC曲线之一。^[1]其参考实现是公共领域软件。^[2]

最初的Curve25519草稿将其定义成一个迪菲-赫尔曼（DH）函数。在那之后Daniel J. Bernstein提出Curve25519应被作为底层曲线的名称，而将X25519作为其DH函数的名称。^[3]

普及

库

Libgcrypt^[4]
libssh^[5]
NaCl^[6]
GnuTLS^[7]
mbed TLS (前称 PolarSSL)^[8]
wolfSSL^[9]
Botan^[10]
SChannel^[a]^[11]
Libsodium^[12]
OpenSSL 自版本 1.1.0^[13]
LibreSSL^[14]
NaCl for Tcl — 一个对 Tcl 语言的端口^[15]
NSS 自版本 3.28^[16]
Monocypher^[17]
Crypto++

协议

OMEMO, 一个对XMPP (Jabber)的建议性扩展^[18]
Secure Shell
Signal Protocol
Tox
Zcash
TLS

应用

脚注

^ 從Windows 10 (1607)及Windows Server 2016開始使用。
^ ^2.0 ^2.1 ^2.2 Via the OMEMO protocol
^ Only in "secret conversations"
^ ^4.0 ^4.1 ^4.2 ^4.3 Via the Signal Protocol
^ Only in "incognito mode"
^ Used to sign releases and packages^[28]^[29]
^ Exclusive key exchange in OpenSSH 6.7 when compiled without OpenSSL.^[30]^[31]

参见

EdDSA § Ed25519

引用

^ Bernstein. Irrelevant patents on elliptic-curve cryptography. cr.yp.to. [2016-02-08].
^ A state-of-the-art Diffie-Hellman function by Daniel J. Bernstein"My curve25519 library computes the Curve25519 function at very high speed. The library is in the public domain. "
^ [Cfrg] 25519 naming. [2016-02-25].
^ Werner Koch. Libgcrypt 1.7.0 release announcement. 15 April 2016 [22 April 2016].
^ ^5.0 ^5.1 ^5.2 ^5.3 ^5.4 ^5.5 ^5.6 SSH implementation comparison. Comparison of key exchange methods. [2016-02-25].
^ Introduction. yp.to. [11 December 2014].
^ nettle: curve25519.h File Reference - doxygen documentation | Fossies Dox. fossies.org. [2015-05-19]. （原始内容存档于2015-05-20）.
^ Limited, ARM. PolarSSL 1.3.3 released - Tech Updates - mbed TLS (Previously PolarSSL). tls.mbed.org. [2015-05-19].
^ wolfSSL Embedded SSL/TLS Library - wolfSSL Products.
^ Botan: src/lib/pubkey/curve25519/curve25519.cpp Source File. botan.randombit.net.
^ Justinha. TLS (Schannel SSP). docs.microsoft.com. [2017-09-15] （美国英语）.
^ Denis, Frank. Introduction · libsodium. libsodium.org.
^ Inc., OpenSSL Foundation,. OpenSSL. www.openssl.org. [2016-06-24].
^ Add support for ECDHE with X25519. · openbsd/src@0ad90c3. GitHub.
^ Tclers Wiki - NaCl for Tcl.
^ NSS 3.28 release notes. [25 July 2017].
^ Monocypher Manual. [2017-08-03].
^ Straub, Andreas. OMEMO Encryption. conversations.im. 25 October 2015.
^ Cryptocat - Security. crypto.cat. [2016-05-24].
^ Frank Denis. DNSCrypt version 2 protocol specification. [2016-03-03]. （原始内容存档于2015-08-13）.
^ Matt Johnston. Dropbear SSH - Changes. [2016-02-25].
^ Bahtiar Gadimov; et al. Gajim plugin for OMEMO Multi-End Message and Object Encryption. [2016-10-01].
^ GNUnet 0.10.0. gnunet.org. [11 December 2014].
^ zzz. 0.9.15 Release - Blog. 2014-09-20 [20 December 2014].
^ https://github.com/ipfs/go-ipfs/blob/master/core/commands/keystore.go#L68
^ iOS Security Guide (PDF).
^ MRL-0003 - Monero is Not That Mysterious (PDF). getmonero.com.
^ Murenin, Constantine A. Soulskill , 编. OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto. Slashdot. 2014-01-19 [2014-12-27].
^ Murenin, Constantine A. timothy , 编. OpenBSD 5.5 Released. Slashdot. 2014-05-01 [2014-12-27].
^ Friedl, Markus. ssh/kex.c#kexalgs. BSD Cross Reference, OpenBSD src/usr.bin/. 2014-04-29 [2014-12-27].
^ Murenin, Constantine A. Soulskill , 编. OpenSSH No Longer Has To Depend On OpenSSL. Slashdot. 2014-04-30 [2014-12-26].
^ How does Peerio implement end-to-end encryption?. Peerio.
^ PuTTY Change Log. www.chiark.greenend.org.uk.
^ Threema Cryptography Whitepaper (PDF).
^ Roger Dingledine & Nick Mathewson. Tor's Protocol Specifications - Blog. [20 December 2014].
^ Viber Encryption Overview. Viber. 3 May 2016 [24 September 2016].

外部链接

官方网站

[11] 從Windows 10 (1607)及Windows Server 2016開始使用。

[OMEMO-20] 2.0 ^2.1 ^2.2 Via the OMEMO protocol

[24] Only in "secret conversations"

[SIGNAL-25] 4.0 ^4.1 ^4.2 ^4.3 Via the Signal Protocol

[28] Only in "incognito mode"

[35] Used to sign releases and packages^[28]^[29]

[38] Exclusive key exchange in OpenSSH 6.7 when compiled without OpenSSL.^[30]^[31]

[1] Bernstein. Irrelevant patents on elliptic-curve cryptography. cr.yp.to. [2016-02-08].

[2] A state-of-the-art Diffie-Hellman function by Daniel J. Bernstein"My curve25519 library computes the Curve25519 function at very high speed. The library is in the public domain. "

[3] [Cfrg] 25519 naming. [2016-02-25].

[4] Werner Koch. Libgcrypt 1.7.0 release announcement. 15 April 2016 [22 April 2016].

[sshcompare-5] 5.0 ^5.1 ^5.2 ^5.3 ^5.4 ^5.5 ^5.6 SSH implementation comparison. Comparison of key exchange methods. [2016-02-25].

[6] Introduction. yp.to. [11 December 2014].

[7] ttle: curve25519.h File Reference - doxygen documentation | Fossies Dox. fossies.org. [2015-05-19]. （原始内容存档于2015-05-20）.

[8] Limited, ARM. PolarSSL 1.3.3 released - Tech Updates - mbed TLS (Previously PolarSSL). tls.mbed.org. [2015-05-19].

[9] wolfSSL Embedded SSL/TLS Library - wolfSSL Products.

[10] Botan: src/lib/pubkey/curve25519/curve25519.cpp Source File. botan.randombit.net.

[12] Justinha. TLS (Schannel SSP). docs.microsoft.com. [2017-09-15] （美国英语）.

[13] Denis, Frank. Introduction · libsodium. libsodium.org.

[14] Inc., OpenSSL Foundation,. OpenSSL. www.openssl.org. [2016-06-24].

[15] Add support for ECDHE with X25519. · openbsd/src@0ad90c3. GitHub.

[16] Tclers Wiki - NaCl for Tcl.

[17] NSS 3.28 release notes. [25 July 2017].

[18] Monocypher Manual. [2017-08-03].

[19] Straub, Andreas. OMEMO Encryption. conversations.im. 25 October 2015.

[21] Cryptocat - Security. crypto.cat. [2016-05-24].

[22] Frank Denis. DNSCrypt version 2 protocol specification. [2016-03-03]. （原始内容存档于2015-08-13）.

[23] Matt Johnston. Dropbear SSH - Changes. [2016-02-25].

[gajim-omemo-26] Bahtiar Gadimov; et al. Gajim plugin for OMEMO Multi-End Message and Object Encryption. [2016-10-01].

[27] GNUnet 0.10.0. gnunet.org. [11 December 2014].

[29] zzz. 0.9.15 Release - Blog. 2014-09-20 [20 December 2014].

[30] ttps://github.com/ipfs/go-ipfs/blob/master/core/commands/keystore.go#L68

[31] OS Security Guide (PDF).

[32] MRL-0003 - Monero is Not That Mysterious (PDF). getmonero.com.

[33] Murenin, Constantine A. Soulskill , 编. OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto. Slashdot. 2014-01-19 [2014-12-27].

[34] Murenin, Constantine A. timothy , 编. OpenBSD 5.5 Released. Slashdot. 2014-05-01 [2014-12-27].

[36] Friedl, Markus. ssh/kex.c#kexalgs. BSD Cross Reference, OpenBSD src/usr.bin/. 2014-04-29 [2014-12-27].

[37] Murenin, Constantine A. Soulskill , 编. OpenSSH No Longer Has To Depend On OpenSSL. Slashdot. 2014-04-30 [2014-12-26].

[39] How does Peerio implement end-to-end encryption?. Peerio.

[40] PuTTY Change Log. www.chiark.greenend.org.uk.

[41] Threema Cryptography Whitepaper (PDF).

[42] Roger Dingledine & Nick Mathewson. Tor's Protocol Specifications - Blog. [20 December 2014].

[43] Viber Encryption Overview. Viber. 3 May 2016 [24 September 2016].

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[a]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[b]

[19]

[20]

[21]

[c]

[d]

[22]

[23]

[e]

[24]

[25]

[26]

[27]

[f]

[g]

[32]

[33]

[34]

[35]

[36]

[28]

[29]

[30]

[31]

@@ 第6行： / 第6行： @@
 == 普及 ==
 === 库 ===
-{{div col|cols=2}}
+{{div col|colwidth=16em}}
 * [[Libgcrypt]]<ref>{{cite web |url=https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000386.html |title=Libgcrypt 1.7.0 release announcement |author=[[Werner Koch]] |date=15 April 2016 |accessdate=22 April 2016}}</ref>
 * libssh<ref name="sshcompare">{{cite web|url=http://ssh-comparison.quendi.de/comparison/kex.html|title=Comparison of key exchange methods|author=SSH implementation comparison|accessdate=2016-02-25}}</ref>
@@ 第30行： / 第30行： @@
 * [[Tox (protocol)|Tox]]
 * [[Zcash]]
+* [[传输层安全|TLS]]
 === 应用 ===
-<!-- PLEASE RESPECT ALPHABETICAL ORDER -->
 {{div col|colwidth=16em}}
 * [[Conversations (software)|Conversations Android application]]{{efn|name=OMEMO|Via the [[OMEMO]] protocol}}
@@ 第45行： / 第45行： @@
 * [[Google Allo]]{{efn|Only in "incognito mode"}}{{efn|name=SIGNAL}}
 * [[I2P]]<ref>{{cite web|url=https://geti2p.net/en/blog/post/2014/09/20/0.9.15-Release|title=0.9.15 Release - Blog|author=zzz|date=2014-09-20|work=|accessdate=20 December 2014}}</ref>
+* [[IPFS]]<ref>https://github.com/ipfs/go-ipfs/blob/master/core/commands/keystore.go#L68</ref>
 * [[iOS]]<ref>{{cite web|url=https://www.apple.com/business/docs/iOS_Security_Guide.pdf|title=iOS Security Guide|publisher=}}</ref>
-* [[minilock]]<ref>{{cite web|url=https://github.com/kaepora/miniLock/blob/master/README.md|title=kaepora/miniLock|website=GitHub}}</ref>
+* [[门罗币|Monero]]<ref>{{cite web|url=https://lab.getmonero.org/pubs/MRL-0003.pdf|title=MRL-0003 - Monero is Not That Mysterious|website=getmonero.com}}</ref>
 * [[OpenBSD]]{{efn|Used to sign releases and packages<ref>{{cite web |url=http://bsd.slashdot.org/story/14/01/19/0124202/openbsd-moving-towards-signed-packages-based-on-d-j-bernstein-crypto |title= OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto |first=Constantine A. |last=Murenin |editor=Soulskill |date=2014-01-19 |accessdate=2014-12-27 |publisher=[[Slashdot]]}}</ref><ref>{{cite web |url=http://bsd.slashdot.org/story/14/05/01/1656209/openbsd-55-released |title= OpenBSD 5.5 Released |first=Constantine A. |last=Murenin |editor=timothy |date=2014-05-01 |accessdate=2014-12-27 |publisher=[[Slashdot]]}}</ref>}}
 * [[OpenSSH]]<ref name="sshcompare" />{{efn|Exclusive key exchange in OpenSSH 6.7 when compiled without [[OpenSSL]].<ref>{{cite web |url=http://bxr.su/OpenBSD/usr.bin/ssh/kex.c#kexalgs |title=ssh/kex.c#kexalgs |first=Markus |last=Friedl |website=BSD Cross Reference, OpenBSD src/usr.bin/ |date=2014-04-29 |accessdate=2014-12-27 }}</ref><ref>{{cite web |url=http://it.slashdot.org/story/14/04/30/1822209/openssh-no-longer-has-to-depend-on-openssl |title= OpenSSH No Longer Has To Depend On OpenSSL |first=Constantine A. |last=Murenin |editor=Soulskill |date=2014-04-30 |accessdate=2014-12-26 |publisher=[[Slashdot]]}}</ref>}}
@@ 第59行： / 第60行： @@
 * TinyTERM<ref name="sshcompare" />
 * [[Tor (anonymity network)|Tor]]<ref>{{cite web|url=https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt?id=b5b771b19df9fc052b424228045409467a7b6414#n81|title=Tor's Protocol Specifications - Blog|author=Roger Dingledine & Nick Mathewson|date=|work=|accessdate=20 December 2014}}</ref>
-* [[Userify]]<ref>{{cite web|title=Platform Security Overview|url=https://userify.com/products/platform-security/|publisher=Userify|accessdate=23 May 2017}}</ref>
 * [[Viber]]<ref>{{cite web|title=Viber Encryption Overview|url=https://www.viber.com/en/security-overview|publisher=Viber|accessdate=24 September 2016|date=3 May 2016}}</ref>
-* Virgil<ref>{{cite web|title=Virgil crypto uses Curve25519 for ECIES by default|url=https://virgil.net}}</ref>
 * [[WhatsApp]]{{efn|name=SIGNAL}}
 * [[Wire (software)|Wire]]