Curve 25519 is one of the most widely used ECC methods. It uses a curve of \(y^2 = x^3 + 486662 x^2 + x\), and which is a Montgomery curve. This page tests a few standard input vectors for private keys. They are tested against the vectors [here] and [here].
Test Vectors for Curve 25519 using Go |
ECDH and Curve 25519
The vectors are tested against the vectors [here] and [here]:
Private= "a8abababababababababababababababababababababababababababababab6b" Public="e3712d851a0e5d79b831c5e34ab22b41a198171de209b8b8faca23a11c624859" Private=""c8cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd4d" Public="b5bea823d9c9ff576091c54b7c596c0ae296884f0e150290e88455d7fba6126f" Alice's private key, a: 77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a Alice's public key, X25519(a, 9): 8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a Bob's private key, b: 5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb Bob's public key, X25519(b, 9): de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f Their shared secret, K: 4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742
The code used is:
package main import ( "golang.org/x/crypto/curve25519" "fmt" "encoding/hex" ) func main() { pr,_ := hex.DecodeString("a8abababababababababababababababababababababababababababababab6b") var privateKey [32]byte copy(privateKey[:], pr) var publicKey [32]byte curve25519.ScalarBaseMult(&publicKey, &privateKey) fmt.Printf("\nPrivate key (n):\t%x\n",privateKey) fmt.Printf("\nPublic key point (x co-ord):\t%x\n",publicKey) pr,_ = hex.DecodeString("c8cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd4d") copy(privateKey[:], pr) curve25519.ScalarBaseMult(&publicKey, &privateKey) fmt.Printf("\nPrivate key (n):\t%x\n",privateKey) fmt.Printf("\nPublic key point (x co-ord):\t%x\n",publicKey) /// Do key share test fmt.Printf("\n\nKey share test from RFC-7748:\n") var a,b [32]byte var A,B [32]byte pr,_ = hex.DecodeString("77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a") copy(a[:], pr) curve25519.ScalarBaseMult(&A, &a) fmt.Printf("\nAlice Private key (a):\t%x\n",a) fmt.Printf("\nAlice Public key point [A] (x co-ord):\t%x\n",A) pr,_ = hex.DecodeString("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb") copy(b[:],pr) curve25519.ScalarBaseMult(&B, &b) fmt.Printf("\nBob Private key (b):\t%x\n",b) fmt.Printf("\nBob Public key point [B] (x co-ord):\t%x\n",B) var out1, out2 [32]byte curve25519.ScalarMult(&out1, &a, &B) curve25519.ScalarMult(&out2, &b, &A) fmt.Printf("\nShared key (Alice):\t%x\n",out1) fmt.Printf("\nShared key (Bob):\t%x\n",out2) }
It uses a curve of \(y^2 = x^3 + 486662 x^2 + x\), and which is a Montgomery curve. The base point \(G\)is at x = 9, and the corresponding y point is 1478161944758954479102059356840998688726 4606134616475288964881837755586237401. The prime number (p) is \(2^{255} - 19\). It provides an equiavalent security of 128 bits.