Document:
Add XEDDSA signature mechanism to PKCS#11

Draft (A preliminary unapproved sketch, outline, or version.)

Details

Submitted By Stefan Marsiske on 2017-12-19 2:15 pm UTC

Publication Type

None at this time.

Group / Folder

OASIS PKCS 11 TC / Working Drafts

Modified by

Not modified.

Copy

This document is not a copy.

Technical Contact

None at this time.

Download Count

309

Download Agreement

None at this time.

Description

XEDDSA[1] is an addition to Darren Johnsons EDDSA proposal, his proposal introduces the curves 25519 and 448 in Montgomery and Edwards representations. These curves can be used for DH key exchanges or signing depending on the representation.

XEDDSA allows Montgomery curves (intended for DH) to be internally converted to Edwards representation and subsequently used for signing. This means the same key can be used for both - DH and signing. This is necessary for the Extended Triple DH key exchange in another proposal.

In this draft i create a new type enumerating the allowed hash mechanisms used for XEDDSA. but i'm inclined to instead simply use CK_MECHANISM_TYPE and let the implementer decide which hash algorithms to support.

Note unlike the EDDSA mechanism this mechanism is randomized and not deterministic.

[1] https://signal.org/docs/specifications/xeddsa/