What is Ed25519 on XRPL?

Ed25519 is the recommended and default signature algorithm on the XRP Ledger, representing modern cryptographic best practices with superior performance and security properties compared to older elliptic curve systems.

Technical Foundation

Ed25519 is an Edwards curve digital signature algorithm (EdDSA) operating on the Curve25519 elliptic curve. The curve equation in twisted Edwards form is:

−x² + y² = 1 − (121665/121666)x²y²

Key specifications: - Security level: 128-bit (quantum) or 256-bit (classical) - Private key: 256 bits (32 bytes) - Public key: 256 bits (32 bytes) - Signature size: 512 bits (64 bytes, fixed) - Performance: 2-7x faster than secp256k1

Why Ed25519 is XRPL's Default

Ripple chose Ed25519 as the preferred algorithm for compelling reasons:

1. Speed: Extremely fast signature generation and verification 2. Deterministic: No need for random number generation during signing 3. Side-channel resistance: Designed to resist timing attacks 4. Simplicity: Cleaner implementation reduces bugs 5. Fixed-length signatures: Easier to handle and validate 6. Modern design: Incorporates decades of cryptographic research

Performance Benchmarks

On typical server hardware: - Signing: ~15,000-20,000 signatures/second - Verification: ~40,000-50,000 verifications/second - Key generation: Nearly instantaneous

This is approximately 2-3x faster for signing and 5-7x faster for verification compared to secp256k1.

Key Generation and Usage

```javascript const xrpl = require('xrpl');

// Ed25519 is the default algorithm const wallet = xrpl.Wallet.generate(); // or explicitly: generate('ed25519')

console.log('Algorithm: Ed25519'); console.log('Private Key:', wallet.privateKey); console.log('Public Key:', wallet.publicKey); // Starts with 'ED' console.log('Address:', wallet.address);

// Signing a transaction const tx = { TransactionType: 'Payment', Account: wallet.address, Destination: 'rN7n7otQDd6FczFgLdlqtyMVrn3HMfgnZh', Amount: '1000000', Fee: '12', Sequence: 1 };

const signed = wallet.sign(tx); console.log('Signature:', signed.tx_blob); ```

Public Key Encoding

Ed25519 public keys on XRPL are prefixed with 'ED' when hex-encoded:

``` ED + [32-byte public key] ```

Example: `ED9434799226374926EDA3B54B1B461B4ABF7237962EAE18528FEA67595397FA32`

Address Derivation

Ed25519 addresses are generated differently than secp256k1:

1. Take the 32-byte Ed25519 public key 2. Compute SHA-512Half 3. Compute RIPEMD-160 4. Prepend account type (0x00) 5. Base58Check encode with checksum

The process is similar but uses the native Ed25519 public key format.

Deterministic Signatures

One of Ed25519's key advantages is deterministic signing:

```python # Pseudo-code for Ed25519 signing def sign(message, private_key): # No randomness required! r = hash(hash(private_key) || message) R = r * B # B is base point h = hash(R || public_key || message) s = (r + h * private_key) mod L return (R, s) # 64-byte signature ```

This eliminates the entire class of vulnerabilities related to poor random number generation that has plagued ECDSA implementations.

Security Properties

Ed25519 provides several security guarantees:

1. Collision resistance: Cannot forge signatures 2. Non-malleability: Signatures cannot be modified without invalidating them 3. Batch verification: Multiple signatures can be verified together efficiently 4. Small subgroup resistance: Immune to certain mathematical attacks

When to Use Ed25519

Use Ed25519 for XRPL accounts when: - Maximum performance is desired - Building new applications (it's the default) - Security is paramount - Working in resource-constrained environments - You don't need specific secp256k1 compatibility

Comparison to secp256k1

| Feature | Ed25519 | secp256k1 | |---------|---------|----------| | Signing speed | Faster (2-3x) | Slower | | Verification speed | Much faster (5-7x) | Slower | | Signature size | 64 bytes (fixed) | 64-72 bytes (variable) | | Deterministic | Yes | Via RFC 6979 | | Side-channel resistance | Excellent | Requires careful impl. | | Ecosystem support | Growing | Mature |

Future-Proofing

Ed25519 is considered more resistant to future cryptanalysis and quantum computing threats. While both Ed25519 and secp256k1 would fall to a sufficiently powerful quantum computer, Ed25519's design makes it easier to transition to post-quantum alternatives.

Implementation Quality

XRPL uses well-audited Ed25519 implementations (typically based on ref10 or libsodium), ensuring: - Constant-time operations (prevents timing attacks) - Proper domain separation - Canonical signature enforcement - Small-order point checking

Ed25519 represents the state-of-the-art in elliptic curve cryptography, and its adoption as XRPL's default signature algorithm demonstrates Ripple's commitment to modern, high-performance, secure cryptographic practices.