[tahoe-dev] ecdsa_25519.py
Brian Warner
warner at lothar.com
Sun Apr 18 23:00:32 PDT 2010
Zooko Wilcox-O'Hearn wrote:
> Dear Brian, Sébastien Martini, and tahoe-dev:
>
> I noticed Sébastien Martini has posted this:
>
> http://git.dbzteam.org/sandbox/tree/ecdsa_25519.py
>
> I guess it won't suit for your (Brian's) Jetpack work because it is
> not a standard that will be interoperable with NSS and OpenSSL and
> whatnot. However, it might be an interesting possibility for Tahoe-LAFS.
Interesting! Incidentally, I published a python2 binding to Adam
Langley's "curve25519-donna" implementation (which is written in
portable C code). This provides key-agreement but not signatures (and so
is unsuitable for most of what we need in Tahoe, but it's cool anyways).
My branch, which contains the python/ directory, is available here:
http://github.com/warner/curve25519-donna
Also, I just published a nicer wrapper to the pure-python ECDSA library
that Zooko found for me a few days ago (originally written by Peter
Pearson). It is available here:
http://github.com/warner/python-ecdsa
This ECDSA code does NIST256p key generation in 305ms, signatures in
112ms, and verification in 220ms. (I suppose that 305ms is really the
privkey-to-pubkey transformation time). It's a far cry from Crypto++'s
2.88ms signatures, or curve25519-donna's 560us shared-key derivation,
but still pretty fast.
The python-ecdsa code is limited to five NIST curves (known in OpenSSL
world as prime192v1, secp224r1, prime256v1, secp384r1, and secp521r1),
but it probably wouldn't be too hard to add others. I have unit tests to
demonstrate interoperability with OpenSSL's command-line tools.
There are some design issues still remaining with python-ecdsa (in
particular how one gets from the data to be signed, an arbitrary-length
string, to the appropriately-sized integer that ECDSA actually knows how
to handle). But I believe that, once we get those settled, we can just
drop python-ecdsa into Tahoe's src/allmydata/ and start using it right
away. The first project will probably be signed+extensible Introducer
announcements (#466).
cheers,
-Brian
More information about the tahoe-dev
mailing list