Ed25519

Ed25519 is a modern public-key signature scheme, the EdDSA instantiation over the twisted Edwards curve Curve25519, specified in RFC 8032. Designed by Bernstein and collaborators in 2011 (original paper), it produces 64-byte signatures from 32-byte keys and is built for speed and misuse resistance: it derives its per-signature nonce deterministically from the message and secret key, removing the reused-nonce failure that has broken ECDSA implementations. It is widely deployed in OpenSSH, TLS, and software package signing.

Security and quantum status

Ed25519 is a classical scheme. Its security rests on the elliptic-curve discrete logarithm problem over Curve25519, so like all elliptic-curve cryptography it is broken by Shor's algorithm on a large quantum computer. NIST added deterministic EdDSA to FIPS 186-5 in 2023, while the post-quantum signature standard ML-DSA is a quantum-resistant successor. During migration, Ed25519 is often the classical half of a hybrid signing scheme.

Sources

  1. RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA) (IETF, 2017)
  2. High-speed high-security signatures (Bernstein et al., 2011)
  3. FIPS 186-5, Digital Signature Standard (DSS) (NIST, 2023)
Cite this entry
"Ed25519." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/ed25519@misc{pqwiki-ed25519, title = {Ed25519}, howpublished = {\url{https://postquantum.wiki/ed25519}}, year = {2026}, note = {postquantum.wiki, updated 2026-07-11} }