Seed from keypair? - Githubissues

jedisct1 / libsodium

A modern, portable, easy to use crypto library.

https://libsodium.org

Other

12.15k stars 1.73k forks source link

Seed from keypair? #1018

Closed superpoincare closed 3 years ago

superpoincare commented 3 years ago

In the functions crypto_kx_seed_keypair, crypto_box_seed_keypair, crypto_sign_seed_keypair a keypair is calculated from a seed. Is it easy the other way round? Can the seed be known from a keypair?

jedisct1 commented 3 years ago

Generally, no. If a seed is used, the idea is to store the seed instead of the secret scalar derived from it.

crypto_sign is a bit of an exception here. The 32 first bytes of the key pair are the seed.

For the other ones, the secret is a hash of the seed, so the seed cannot be recovered.