Please review EdDSA API

Adam Petcher adam.petcher at
Wed Jul 25 15:07:53 UTC 2018

+core-libs-dev for additional API expertise.

On 7/25/2018 10:29 AM, Adam Petcher wrote:
> The draft CSR[1] for the EdDSA API[2] is ready for review. Please take 
> a look and send me any feedback you may have. Here are a few 
> high-level notes to explain the API:
> 1) Where possible, this API is similar to the API for X25519/X448. To 
> get the complete background/motivation for the API design, you can 
> review the discussion[3] on this topic.
> 2) Similar to X25519/X448, private keys are byte arrays, and public 
> keys coordinates. Though we can't get by with a single BigInteger 
> coordinate for EdDSA, so I am using the new EdPoint class to hold the 
> coordinates.
> 3) EdDSA has multiple signature modes defined in the RFC[4], including 
> some that "prehash" the input before signing. The draft API uses the 
> EdDSAParameterSpec class to specify parameters of these modes. The 
> standard does not allow an arbitrary choice of prehash function, so 
> the API for EdDSA does not support algorithm names like 
> "SHA256withEdDSA".
> [1]
> [2]
> [3] 
> [4]

More information about the security-dev mailing list