以下のLT会で発表した資料です。 https://mob-security.connpass.com/event/209884/

1. EdDSAͬͯͳΜͩʁ
by Hiromasa Takeda

2. Who?

3. ஛ా େক(λέμ ώϩϚα)
‫ؠ‬ख‫ཱݝ‬େֶɹM2
http://t-takeda.work

4. ୅දऔక໾ De
fi
os Lab ॴ௕
https://de
fi
os.jp
SecHack365 ༏लमྃ
ηΩϡϦςΟɾΩϟϯϓ मྃ
ηΩϡϦςΟɾωΫετΩϟϯϓߨࢣ …
ͳΜ͔৭ʑͯ͠·͢
IoTLT੝Ԭ ओ࠵
ηΩϡϦςΟؔ܎ɿ

5. ͦΕ͸ͱ΋͔͘

6. EdDSAͬͯͳΜͩʁ

7. &E%4"ͱ͔
͍͍Μ͡Όͳ͍
(16ͰͳΜ͔‫͍ͨ͠ࢉܭ‬

8. ͦͷ1
֓ཁͳΜ΋Θ͔ΒΜ

9. σδλϧॺ໊ΞϧΰϦζϜͷҰͭΒ͍͠ʁ
σδλϧॺ໊ɿ
σʔλͷૹ৴ऀΛূ໌͢Δɻσʔλ͕վ᜵͞ΕΔͱΘ͔Δɻ
EdDSAɿ
Τυϫʔζ‫ۂ‬ઢσδλϧॺ໊ΞϧΰϦζϜ͕ϑϧωʔϜʁ
Τυϫʔζ‫ۂ‬ઢΛ࢖͏͔Β͜ͷ໊લ
OpenSSH, OpenSSL,OpenPGPͱ͔Ͱ‫͑࢖ʹط‬ΔΒ͍͠
࢖͏ପԁ‫ۂ‬ઢʹΑͬͯΑΓࡉ໊͔͍લ͕͋Δ(IRTF: RFC7748)
Curve25519 - Ed25519
Curve448 - Ed448

10. σδλϧॺ໊ΞϧΰϦζϜͷҰͭΒ͍͠ʁ
σδλϧॺ໊ɿ
σʔλͷૹ৴ऀΛূ໌͢Δɻσʔλ͕վ᜵͞ΕΔͱΘ͔Δɻ
EdDSAɿ
Τυϫʔζ‫ۂ‬ઢσδλϧॺ໊ΞϧΰϦζϜ͕ϑϧωʔϜʁ
Τυϫʔζ‫ۂ‬ઢΛ࢖͏͔Β͜ͷ໊લ
OpenSSH, OpenSSL,OpenPGPͱ͔Ͱ‫͑࢖ʹط‬ΔΒ͍͠
࢖͏ପԁ‫ۂ‬ઢʹΑͬͯΑΓࡉ໊͔͍લ͕͋Δ(IRTF: RFC7748)
Curve25519 - Ed25519
Curve448 - Ed448
͜ΕͰ‫ʹ͡ײ͍͍͕͏΄ͨ͠ࡧݕ‬ग़Δ

11. ͦͷ2
EdDSAͳΜ΋Θ͔ΒΜ

12. ࢖ΘΕͯΔͷʁ
ʮEdDSA͸ൺֱత৽͍͠҉߸Ͱ͋ΔͨΊɺ
ɹRSA΍DSAʹൺ΂Δͱ࣮૷΍‫׵ޓ‬ੑͷ໘ͰྼΓ·͕͢ɺ
ɹߴ͍ύϑΥʔϚϯε΍ηΩϡϦςΟΛ͓࣋ͬͯΓɺ
ɹެ։伴‫ج‬൫‫ۀ‬ք͸ঃʑʹEdDSAʹҠߦͭͭ͋͠Δʯ
ʮύϑΥʔϚϯε΍ηΩϡϦςΟΛॏࢹ͢Δ৔߹͸EdDSAΛਪ঑ʯ
by ιϑτ΢ΣΞ‫ۀا‬ʮGravitationalʯͷVirag Modyࢯ (2020೥08݄)
Ҿ༻ɿ
SSHͷެ։伴҉߸ʹ͸ʮRSAʯʮDSAʯʮECDSAʯʮEdDSAʯͷͲΕΛ࢖͑͹Α͍ͷ͔ʁ - GIGAZINE
https://gigazine.net/news/20200828-ssh-encryption-algorithm/

13. ࢖ΘΕͯΔͷʁ
ʮEdDSA͸ൺֱత৽͍͠҉߸Ͱ͋ΔͨΊɺ
ɹRSA΍DSAʹൺ΂Δͱ࣮૷΍‫׵ޓ‬ੑͷ໘ͰྼΓ·͕͢ɺ
ɹߴ͍ύϑΥʔϚϯε΍ηΩϡϦςΟΛ͓࣋ͬͯΓɺ
ɹެ։伴‫ج‬൫‫ۀ‬ք͸ঃʑʹEdDSAʹҠߦͭͭ͋͠Δʯ
ʮύϑΥʔϚϯε΍ηΩϡϦςΟΛॏࢹ͢Δ৔߹͸EdDSAΛਪ঑ʯ
by ιϑτ΢ΣΞ‫ۀا‬ʮGravitationalʯͷVirag Modyࢯ (2020೥08݄)
Ҿ༻ɿ
SSHͷެ։伴҉߸ʹ͸ʮRSAʯʮDSAʯʮECDSAʯʮEdDSAʯͷͲΕΛ࢖͑͹Α͍ͷ͔ʁ - GIGAZINE
https://gigazine.net/news/20200828-ssh-encryption-algorithm/
ී‫్ٴ‬தͬͯ‫͡ײ‬ɾɾɾʁ

14. ͱΓ͋͑ͣԿΛࢀরͨ͠Β͍͍͔
EdDSAͷ‫ݪ‬ஶ࿦จ(2011೥)
http://ed25519.cr.yp.to/ed25519-20110926.pdf
RFC 8032(2017೥)
‫ݪ‬ஶ͔Βগ͠վྑ͞Ε͍ͯΔ….?
https://www.rfc-editor.org/rfc/rfc8032.html
Ed25519 home page(͜͜ʹؔ࿈࿦จ·ͱ·ͬͯΔΑ)
http://ed25519.cr.yp.to

15. ͪΐͬͱಡΜͰΈΑ͏

16. ͳʹ͕ಛ௃ͳͷʁ
1. EdDSA ͸༷ʑͳϓϥοτϑΥʔϜͰߴ͍ύϑΥʔϚϯεΛఏ‫͢ڙ‬Δɻ
2. ॺ໊͝ͱʹϢχʔΫͳཚ਺Λ࢖༻͢Δඞཁ͕ͳ͍ɻ
3. αΠυνϟωϧ߈ܸʹରͯ͠ΑΓճ෮ྗ͕͋Δɻ
4. EdDSA ͸ Ed25519 ͱ Ed448 ͷ྆ํͰ
খ͞ͳެ։伴 (32 ·ͨ͸ 57 όΠτ) ͱॺ໊ (64 ·ͨ͸ 114 όΠτ) Λ࢖༻͢Δɻ
5. ਺͕ࣜ ‫׬‬શ Ͱ͋Δɻͭ·Γ‫ۂ‬ઢ্ͷ͢΂ͯͷ఺Ͱ༗ޮͰ͋Γྫ֎͸ͳ͍ɻ
͜ΕʹΑΓ EdDSA ͕৴པͰ͖ͳ͍ެͷ஋ʹରͯ͠ߴՁͳ఺‫ূݕ‬Λ࣮ߦ͢Δඞཁ͕ͳ͍ɻ
6. EdDSA ͸িಥ଱ੑΛ࣋ͭɻ
͜Ε͸ϋογϡؔ਺ͷিಥ͕͜ͷγεςϜΛഁյ͠ͳ͍͜ͱΛҙຯ͍ͯ͠Δɻ
(PureEdDSA ͷΈʹ౰ͯ͸·Δ)

17. ͳʹ͕ಛ௃ͳͷʁ
1.EdDSA ͸༷ʑͳϓϥοτϑΥʔϜͰߴ͍ύϑΥʔϚϯεΛఏ‫͢ڙ‬Δɻ
2.ॺ໊͝ͱʹϢχʔΫͳཚ਺Λ࢖༻͢Δඞཁ͕ͳ͍ɻ
3. αΠυνϟωϧ߈ܸʹରͯ͠ΑΓճ෮ྗ͕͋Δɻ
4. EdDSA ͸ Ed25519 ͱ Ed448 ͷ྆ํͰ
খ͞ͳެ։伴 (32 ·ͨ͸ 57 όΠτ) ͱॺ໊ (64 ·ͨ͸ 114 όΠτ) Λ࢖༻͢Δɻ
5. ਺͕ࣜ ‫׬‬શ Ͱ͋Δɻͭ·Γ‫ۂ‬ઢ্ͷ͢΂ͯͷ఺Ͱ༗ޮͰ͋Γྫ֎͸ͳ͍ɻ
͜ΕʹΑΓ EdDSA ͕৴པͰ͖ͳ͍ެͷ஋ʹରͯ͠ߴՁͳ఺‫ূݕ‬Λ࣮ߦ͢Δඞཁ͕ͳ͍ɻ
6. EdDSA ͸িಥ଱ੑΛ࣋ͭɻ
͜Ε͸ϋογϡؔ਺ͷিಥ͕͜ͷγεςϜΛഁյ͠ͳ͍͜ͱΛҙຯ͍ͯ͠Δɻ
(PureEdDSA ͷΈʹ౰ͯ͸·Δ)

18. ͳʹ͕ಛ௃ͳͷʁ
1.EdDSA ͸༷ʑͳϓϥοτϑΥʔϜͰߴ͍ύϑΥʔϚϯεΛఏ‫͢ڙ‬Δɻ
2.ॺ໊͝ͱʹϢχʔΫͳཚ਺Λ࢖༻͢Δඞཁ͕ͳ͍ɻ
→ ൿີ伴͸୯७ʹϥϯμϜͳόΠτྻΛੜ੒͢Ε͹ͦΕͰϤγʂ
΍ͬͺΓ଎͍ͷͱɺָͳͷ͸͍͍ΑͶʂ

19. ͦͷ3
ཧ࿦͸͍͍͔Β࣮૷͡Όʂ

20. ࣮૷ͷࢀߟ
ͳΜͱʂ
RFC 8032ʹPythonͷϥΠϒϥϦ࣮૷͕ࡌͬͯΔʂ
https://www.rfc-editor.org/rfc/rfc8032.html
͞Βʹʂ
Ed25519 home pageʹPythonͰͷ؆қ࣮૷͕͋Δʂ
ʮඇৗʹ஗͍͕ඇৗʹ؆ܿͳPython࣮૷Ͱ͢ʯ(ҙ༁Ҿ༻)
https://ed25519.cr.yp.to/software.html

21. Ed25519 home pageͷPython࣮૷
ɾ100ߦ͘Β͍͔͠ແ͍
ɹˠ ษ‫͠ڧ‬΍ͦ͢͏ͩͶ
‫ج‬ຊతʹҎԼͷ‫ػ‬ೳ͕͋Δ
ɾެ։伴ͷੜ੒ɿ publickey(sk)
ɾॺ໊ɿsignature(m,sk,pk)
ɾॺ໊֬ೝɿcheckvalid(s,m,pk)

22. ެ։伴ͷੜ੒
1. ൿີ伴͔Βsha512Λ‫ࢉܭ‬
64όΠτฦͬͯ͘Δ͕࢖͏ͷ͸্Ґ32όΠτͷΈ

23. ެ։伴ͷੜ੒
1. ൿີ伴͔Βsha512Λ‫ࢉܭ‬
64όΠτฦͬͯ͘Δ͕࢖͏ͷ͸্Ґ32όΠτͷΈ
2. ࠷্ҐόΠτͱ࠷ԼҐόΠτʹ
ҎԼͷΑ͏ʹܾΊଧͪͰϏοτΛॻ͖ࠐΉ
#ZUF #ZUF
99999 ɾɾɾ 999999

24. ެ։伴ͷੜ੒
1. ൿີ伴͔Βsha512Λ‫ࢉܭ‬
64όΠτฦͬͯ͘Δ͕࢖͏ͷ͸্Ґ32όΠτͷΈ
2. ࠷্ҐόΠτͱ࠷ԼҐόΠτʹ
ҎԼͷΑ͏ʹܾΊଧͪͰϏοτΛॻ͖ࠐΉ
3. LittleEndianͷਖ਼ͷ੔਺ͱͯ͠aʹ‫ه‬Ա
#ZUF #ZUF
99999 ɾɾɾ 999999

25. ެ։伴ͷੜ੒
1. ൿີ伴͔Βsha512Λ‫ࢉܭ‬
64όΠτฦͬͯ͘Δ͕࢖͏ͷ͸্Ґ32όΠτͷΈ
2. ࠷্ҐόΠτͱ࠷ԼҐόΠτʹ
ҎԼͷΑ͏ʹܾΊଧͪͰϏοτΛॻ͖ࠐΉ
3. LittleEndianͷਖ਼ͷ੔਺ͱͯ͠aʹ‫ه‬Ա
4. BΛεΧϥʔaഒͯ͠(ପԁ‫ۂ‬ઢ্ʁ)఺AΛ‫ࢉܭ‬
5. ఺Aͷ఺࠲ඪΛ࢖ͬͯͳΜ͔‫͢ࢉܭ‬Δ
#ZUF #ZUF
99999 ɾɾɾ 999999
}΋͏Θ͔ΒΜ

26. ͜ͷઌ͸ษ‫ڧ‬த~
αϯϓϧίʔυΛඥղ͘ͷʹҎԼͷϒϩά‫ͳʹߟࢀ͕͘͢͝ࣄه‬Γ·͢ʂ‫ँײ‬ʂ
ʮed25519ͷpython࣮૷Λඥղ͘ ͦͷ̎ ҉߸ฤΩʔϖΞੜ੒͔ΒϕϦϑΝΠ·Ͱʯ
https://pebble8888.hatenablog.com/entry/2017/10/07/231342

27. ͦͷ4
ͱΓ͋͑ͣಈ͚͹Ϥγʂ

29. ެ։伴Λ࡞ͬͯॺ໊͢Δ
ൿີ伴͸ϚδͰద౰ͳ32ByteྻͰྑ͍….? ͨͿΜ…
ൿີ伴Λ‫ެʹݩ‬։伴Λ࡞ͬͯɺ
ద౰ͳϝοηʔδʹॺ໊͢Δ

30. ॺ໊֬ೝͱվ᜵

31. ॺ໊֬ೝͱվ᜵
վ͟Μ͞Εͯͳ͚Ε͹Success!!

32. ॺ໊֬ೝͱվ᜵
్தͰΘ͟ͱϝοηʔδΛվ᜵ͯ͠ΈΔ
վ͟Μ͞Εͯͳ͚Ε͹Success!!

33. Ϥγʂ

34. Gistʹςετίʔυ্͛ͯ·͢
https://gist.github.com/TakedaHiromasa/ed5a3b69dc2ba2af2cab018087bb0956