Monero Stack Exchange
Monero Stack Exchange

Questions tagged [elliptic-curve]

Elliptic curve cryptography (ECC) is an approach to public-key cryptography that allowed smaller keys compared to non-ECC cryptography to provide equivalent levels of security.

30 questions
17
votes
2 answers

Why/how does monero generate public ed25519 keys without using the standard public key generation provided by ed25519 libraries?

Why/how does monero generate public ed25519 keys without using the standard public key derivation provided by ed25519 libraries? Inspecting the code for mininero (https://github.com/monero-project/mininero/blob/master/mininero.py), it seems that it…
Ryan
  • 1,257
  • 8
  • 13
10
votes
4 answers

Is a Monero key backdoor possible?

Recently an article was published stating the possibility of the NSA or some other malicious organization creating backdoor undetectable Diffie-Hellman keys (source) to allow snooping. Is Monero at risk to an attack of this nature? If so, under…
well_then
  • 430
  • 3
  • 10
10
votes
1 answer

How to see that the RingCT commitment parameter H is in fact a multiple of the base point G

On the last paragraph of page 7 of Monero Research Lab's paper about RingCT, the author makes some statements to the effect that it is possible to pick a random point on the base curve ED25519 that is on the subgroup generated by its base point G,…
user141
  • 3,337
  • 14
  • 34
10
votes
1 answer

Comparison of Curve25519 with secp256k1?

How does the security of Curve25519 compare with secp256k1? Is it known why the creators of CryptoNote may have chosen one curve over the other?
Logan
  • 808
  • 1
  • 9
  • 16
9
votes
3 answers

How does the recent patched key image exploit work in practice?

For more info https://getmonero.org/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html This has been patched months ago and was never exploited which can be proven by running a node because it checks every transaction's key…
samwellj
  • 3,215
  • 4
  • 17
  • 32
8
votes
1 answer

What is the 'base point' (G) from the whitepaper and how is it represented as a single hex value?

The white paper introduces G, aka the base point, as G = (x, −4/5). I have two questions: what is x? Is this the x from the elliptic curve (is it a variable)? If so, how is a private key aG computed? A point has two coordinates (x and y). How…
Jona
  • 852
  • 5
  • 17
6
votes
2 answers

Why does Monero use a 256 bit seed?

Apparently, ECC 256 bit keys have a bit strength of 128 bits. See https://crypto.stackexchange.com/questions/26791/how-many-bits-of-entropy-does-an-elliptic-curve-key-of-length-n-provide And apparently, no one needs more than 128 bits of entropy…
knaccc
  • 8,518
  • 17
  • 23
5
votes
1 answer

How were Monero elliptic curve constants chosen?

In the cryptonote paper review, there was a mention about not knowing how the constants were calculated, is there anyway to verify these constants are 'safe' or change them to something 'better'? please enlighten me :DD
samwellj
  • 3,215
  • 4
  • 17
  • 32
5
votes
1 answer

What is elliptic curve cryptography and why is it important to Monero?

What is elliptic curve cryptography and why is it important to Monero? Please provide both a basic description and an in depth description of the type found on Moneropedia
guesswhoiam
  • 1,010
  • 1
  • 9
  • 21
5
votes
2 answers

How strong is Monero cryptography against brute-force attacks?

I have seen an image about brute forcing Bitcoin cryptography saying even a perfect computer which uses all the power of star system, and still wont succeed. How strong is Monero cryptography against such an attack?
MoneroWarrior
  • 722
  • 1
  • 4
  • 10
5
votes
1 answer

Why does the stealth address involve a hash function?

According to the cryptonote white paper, a stealth address of the form P = H_s(rA)G + B. My question is, why is the hash function necessary? It seems that P=rA + B would work just as well. Using a hash function makes scanning the blockchain for your…
Christopher King
  • 3,120
  • 14
  • 65
5
votes
2 answers

Curve used in Monero - A Subgroup of Ed25519?

I am a student researcher at IIT Bombay (India). I have been recently understanding the cryptography behind Monero as well as its implementation. The elliptic curve used in the CryptoNote protocol is Ed25519 (of order 8q, where q is a prime). This…
Suyash Bagad
  • 51
  • 4
4
votes
1 answer

Who Generates parameters G & H for Pedersen commitment in Monero?

Who (which party) generates parameters G & H for Pedersen commitment in Monero? I mean for a confidential transaction in Monero, pedersen commitment is required which has parameters G & H which are group elements. I am not sure who generates it? Is…
user2582387
  • 41
  • 1
3
votes
1 answer

What are the hex representations of the small subgroup curve points on Ed25519?

Monero uses Ed25519, which has a cofactor of 8. This means the curve has a prime order l = 2^252 + 27742317777372353535851937790883648493 and the total number of possible points on the curve is 8l. The number of points in the group of the base point…
knaccc
  • 8,518
  • 17
  • 23
3
votes
1 answer

Is a mnemonic for view only wallet possible?

It occurred to me that one may wish to restore a wallet on a compromised computer. Perhaps they need to prove that a payment was received. Regardless of whether this is a good idea, is it possible to use a mnemonic to restore a view-only wallet, in…
scoobybejesus
  • 5,515
  • 21
  • 42
1
2