lib25519

lib25519 draws on many previous implementations listed below, plus new speedups from Kaushik Nath and new infrastructure work and factoring from Daniel J. Bernstein. Nath's work on this project was funded through the Internet Hardening Fund, a fund established by NLnet with financial support from the Netherlands Ministry of Economic Affairs and Climate Policy.

Some code was originally copied from public-domain code in the SUPERCOP benchmarking framework. See https://bench.cr.yp.to/supercop.html for SUPERCOP releases. The following small changes from code available in SUPERCOP are made in lib25519 without further comment:

Larger changes from code in SUPERCOP, such as new code divisions across lib25519 primitives, are indicated below.

Sources of Curve25519 software (this is not a comprehensive list, just the software that lib25519 is derived from):

Almost all of the crypto_pow/inv25519 implementations use exponentiation, but there is also a different implementation from the following source:

For lower-layer SHA-512 functions:

Most of the lib25519 infrastructure, such as the run-time implementation selector automatically guided by CPU type and previous benchmarks, is new in lib25519 from Daniel J. Bernstein. Portions of autogen/speed (generating lib25519-speed.c) and autogen/test (generating lib25519-test.c) are based on benchmarking software and test software in SUPERCOP by Daniel J. Bernstein. The symmetric-cryptography code for generating pseudorandom test inputs and hashing test outputs is adapted from TweetNaCl, a library by Daniel J. Bernstein, Wesley Janssen, Tanja Lange, and Peter Schwabe.


Version: This is version 2023.06.28 of the "People" web page.