EdDSA verify signature

The EdDSA signature verification algorithm (RFC 8032) takes as input a text message msg + the signer's EdDSA public key pubKey + the EdDSA signature {R, s} and produces as output a boolean value (valid or invalid signature). EdDSA verification works as follows (with minor simplifications):

EdDSA_signature_verify(msg, pubKey, signature { R, s } ) --> valid / invalid

  1. Calculate h = hash(R + pubKey + msg) mod q

  2. Calculate P1 = s * G

  3. Calculate P2 = R + h * pubKey

  4. Return P1 == P2

Source

PreviousEdDSA signNextSDK Signature

Last updated