= edx specification

.revisions
[options='header', cols='1,1,2,4']
|===
|version |status |date |remarks

|0.1 |draft |2024-11-14 |
|===

edx is an ECDH key exchange scheme. The keys used in the key exchange are derived from Ed25519 keys.

.definitions
base key::
	Ed25519 key from which the keys used in key exchange are derived.
derive factor::
	256-bit integer parameter used in key derivation.

== choosing the derive factor

The derive factor SHOULD be different for each message. For convenience, it COULD be the first 256 bits of the BLAKE3 hash of a human readable seed, in which case the seed MUST be prefixed with the string "edxderivefactor:" (without the quotes) before hashing.

== key derivation

For base key A with scalar _S_ and public point _P_, derive factor _D_, Ed25519 generator point _G_, and Curve25519 group order _l_,

The derived scalar _S'_ is calculated as

	S' = S + (clamp(D) mod l)

The derived point _P'_ is calculated as

	P' = P + (G * (clamp(D) mod l))
	   = G * S'

The derived key is only used in exchange, so there is no need to define an external representation.

== key exchange

For base keys A with scalar _Sa_ and public point _Pa_, and B with scalar _Sb_ and public point _Pb_, the shared secret _s_ is calculated as

	s = Sa' * G * Sb'
	  = Pa' * Sb'
	  = Sa' * Pb'