Module sigma_fun::ed25519

Available on crate feature ed25519 only.

Expand description

Proofs of knowledge of discrete logarithm on Edwards twist of curve25519 using using curve25519-dalek.

WARNING: This does not check whether the points are in the prime-order subgroup. For the proof to be completely sound this needs to be checked by the verifier with is_torsion_free. This code is mostly here to demonstrate that you can prove a secp256k1 and ed25519 public key have the same secret key for use in cross-chain atomic swaps between Bitcoin and Monero. If you are developing a cryptosystem from scratch you should use ristretto instead.

Re-exports§

pub use curve25519_dalek;

Structs§

DL
Proves knowledge of x such that A = x * B for some A and B included in the statement.
DLG
Proves knowledge of x such that A = x * G for some A included in the statement. G is the standard basepoint used in the ed25519 signature scheme and is not included in the statement.