Public key cryptography algorithm played a very important role in various fields of information science since it has been invented. And digital signature algorithm is considered as one of the most important foundation of blockchain techniques. EdDSA is a good signature algorithm in the family of elliptic curve algorithms.
what is EdDSA
Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on Twisted Edwards curves.(Wiki) It means that EdDSA is similar to other elliptic curve signature algorithms, but has some different algorithmic details. On some other occasions, the EdDSA is also called ed25519. It is evolved from Schnorr signature, and has been more and more widely used. Details of the algorithm can be found in RFC8032.
Advantages of EdDSA
EdDSA has similar breaking difficulty to the ECDSA. But the security of EdDSA does not depend on a random number generator, which is very different from ECDSA. In ECDSA, if two different signatures constructed by a same random number, the private key will be leaked. So a misuse of a random generator could cause serious consequences. There have been several related incidents in history, such as the 2010 Sony PS3 private key leak incident. Furthermore, the possible causes of random number conflicts are not only misuse, but also software backdoor, such as backdoor event of Dual_EC_DRBG Random Number Generator exposed by Snowden in 2013. There is no similar defect found in EdDSA by now.
dDSA could be side-channel attack immune. During signature calculation period, it is possible to avoid reading or writing private key, instead, to generate necessary data by access the private key in pre-process period. Therefore it can prevent from many common side-channel attacks.
Last but not least, EdDSA is very fast during the key generation process to sign a signature, make a verification. Some studies shows that it takes only 87548/ 273364 CPU cycles for a well-designed software to calculate a EdDSA signature/verification. And in a batch verification, it takes only 134000 cycles per verification. The key generation costs about 6000 cycles. All the above data show that EdDSA is a very fast algorithm.
by Hao Zhang, hao.zhang@nbltrust.com
References
[1] Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang, High-speed high-security signatures
