one137

Theme: 

Security - Cryptography

Crypto Algorithms

Ed25519 and difference with RSA

Ed25519 is a modern digital signature scheme using elliptic curve cryptography (specifically, a twisted Edwards curve). It’s named after the curve it uses (Edwards curve 25519). RSA is an older public-key cryptosystem based on the mathematical properties of large prime numbers.

Key differences:

  1. Security and Key Size: Ed25519 provides equivalent security to RSA with much smaller key sizes. An Ed25519 key is just 32 bytes (256 bits) while achieving security equivalent to a 3072-bit RSA key.
  2. Performance: Ed25519 is significantly faster than RSA, especially for signing operations. It was designed with modern hardware in mind and includes protections against timing attacks.
  3. Implementation: Ed25519 is simpler to implement correctly and securely. RSA implementations need careful attention to padding schemes (like PKCS#1 v2.1) and are more prone to implementation mistakes.
  4. Mathematical Basis:
    • RSA relies on the difficulty of factoring large numbers (the factoring problem)
    • Ed25519 relies on the discrete logarithm problem over elliptic curves
  5. Usage: While RSA can be used for both encryption and signatures, Ed25519 is specifically designed for digital signatures. For encryption, a related curve (Curve25519) is used in the X25519 key exchange.

Ed25519 is increasingly becoming the preferred choice for new systems, especially in contexts like SSH keys and cryptocurrency addresses, due to its combination of security, performance, and ease of implementation.

Source: Claude

Note:

  • Curve25519 is used for key exchange/encryption (e.g. by WireGuard)
  • Ed25519 is used for digital signatures

Symmetric VS Asymmetric encryption for data transfer

Compared to asymmetric, symmetric encryption is: - Much faster (often 100-1000x) - Can encrypt unlimited data - Requires fewer CPU resources. Hardware acceleration available for algorithms like AES

Hence the use of symmetric encryption by even modern protocols such as Wireguard:

  1. Use public key cryptography to authenticate and securely exchange a session key
  2. Then use that session key with symmetric encryption for the actual data transfer

Wireguard’s optional pre-shared key (PSK) is also symmetric.

Symmetric encryption is more quantum-resistant. All current elliptic curve cryptography is theoretically vulnerable to Shor’s algorithm, just like RSA. The main threat to symmetric encryption comes from Grover’s algorithm, which can effectively reduce the security of a symmetric key by half. 256 bits is considered quantum-safe.

Backlinks