Opened 4 years ago

Last modified 2 years ago

#1735 new enhancement

I2P-Bote: Add Curve25519 ECC curve

Reported by: dllud Owned by: str4d
Priority: minor Milestone: undecided
Component: apps/plugins Version: 0.9.23
Keywords: I2P-Bote, security Cc:
Parent Tickets: Sensitive: no

Description

Taking into account the controversy around NIST curves, not only in regards to chosen parameters, but also regarding ease of implementation, the crypto community is now adopting Curve25519 as a sound alternative. Take for instance GnuPG, which supports Curve25519 since version GnuPG 2.1.7 (August 2015), and is adopting it as their default, even despite not being part of OpenPGP standards.

I believe Bote should follow along and add Curve25519 as one of the key choices. "Better safe than sorry" as the saying goes.

This task should be straightforward, as Bouncy Castle (the cryptographic library used by Bote) already includes a Curve25519 implementation: org.bouncycastle.math.ec.custom.djb.Curve25519 Javadoc source.

I also found another implementation by WhisperSystems? (under GPLv3): curve25519-java.

This might serve as a starting point for widespread replacement of NIST curves in I2P. (Later, Bote should add curves providing stronger ECC, such as E-521, when these become available in Bouncy Castle or other crypto library.)

Subtickets

Change History (1)

comment:1 Changed 2 years ago by str4d

Migrated to https://github.com/i2p/i2p.i2p-bote/issues - I will close these tickets as things are resolved rather than right now, but please make future comments on GitHub?.

Note: See TracTickets for help on using tickets.