Home

ed448ph

Ed448ph is the pre-hashed variant of the Ed448 digital signature scheme. It belongs to the Ed448 family defined in RFC 8032 and uses the same Edwards-curve (Ed448-Goldilocks) as Ed448, but signs the hash of a message rather than the raw message itself. The “ph” suffix stands for pre-hash, indicating that a cryptographic hash of the message is produced first and then passed to the signing algorithm with appropriate domain separation to distinguish it from the non-prehashed variant.

In Ed448ph, a private key yields a signing scalar and a corresponding public key on the Ed448

Usage and interoperability: Ed448ph is intended for environments where the message may be large or streaming,

See also: Ed448, Ed25519, Ed25519ph.

curve.
To
create
a
signature,
the
message
is
first
hashed
by
a
designated
hash
function
to
produce
a
digest,
and
this
digest,
together
with
the
signer’s
private
material,
is
processed
through
the
Ed448
signing
procedure.
Verification
uses
the
public
key
and
the
digest
to
confirm
the
signature’s
validity.
The
ph
variant
preserves
the
same
high-level
security
properties
and
structure
as
Ed448,
but
its
input
to
the
signature
algorithm
is
the
pre-hashed
digest
rather
than
the
original
message.
or
where
pre-hashing
is
desirable
for
protocol
design.
It
is
standardized
alongside
Ed448
in
RFC
8032
and
is
implemented
in
several
modern
cryptographic
libraries
that
support
the
Ed448
family.
As
with
other
EdDSA
variants,
Ed448ph
aims
for
deterministic
signing
and
fast
verification
on
supported
platforms.