Why Does golang.org/x/crypto/ed25519 Return Unexpected Public Keys for BitTorrent BEP-0044 Test Data?

ed25519.Public Result Discrepancy

Problem Description

Using the Golang package golang.org/x/crypto/ed25519, an attempt to retrieve the public key corresponding to a given private key yields a different result than expected. Specifically, the library returns the last 32 bytes of the Private Verification Key (PVK), whereas the provided test data suggests this is incorrect.

Explanation

The discrepancy arises from the different formats used for ed25519 private keys. The Golang implementation follows the RFC 8032 convention, which defines a private key as a concatenation of a 32-byte seed with the 32-byte public key.

However, the private keys provided in the BitTorrent BEP-0044 test data are the 64-byte result of a SHA512 hash of the seed, and these formats cannot be directly converted due to the one-way nature of the hashing function.

Solution

To use the Golang library with the given test data, a modified version of the library is required that allows for custom generation of the public key and signature from the hashed private key format. This can be achieved by copying relevant code from the library and modifying the implementation to accommodate the different format.

The modified code includes:

• getPublicKey: Generates the public key from the hashed private key (seed).
• sign: Calculates the signature based on the hashed private key, public key, and message.

Using these modified functions, it is possible to replicate the expected test vectors, which include the public key and signature.

The above is the detailed content of Why Does golang.org/x/crypto/ed25519 Return Unexpected Public Keys for BitTorrent BEP-0044 Test Data?. For more information, please follow other related articles on the PHP Chinese website!