Shard Detail

ed25519 v1.0.3

Ed25519 high-performance public-key signature system for crystal lang

Install & Use

Add the following code to your project's shard.yml under:

dependencies to use in production
- OR -
development_dependencies to use in development

  github: spider-gazelle/ed25519


ed25519 CI

A crystal lang implementation of the Ed25519 elliptic curve public-key signature system described in RFC 8032.

What is Ed25519?

Ed25519 is a modern implementation of a Schnorr signature system using elliptic curve groups.

Ed25519 provides a 128-bit security level, that is to say, all known attacks take at least 2^128 operations, providing the same security level as AES-128, NIST P-256, and RSA-3072.

Ed25519 Diagram

Ed25519 has a number of unique properties that make it one of the best-in-class digital signature algorithms:

  • Small keys: Ed25519 keys are only 256-bits (32 bytes), making them small enough to easily copy around. Ed25519 also allows the public key to be derived from the private key, meaning that it doesn't need to be included in a serialized private key in cases you want both.
  • Small signatures: Ed25519 signatures are only 512-bits (64 bytes), one of the smallest signature sizes available.
  • Deterministic: Unlike (EC)DSA, Ed25519 does not rely on an entropy source when signing messages. This can be a potential attack vector if the entropy source is not generating good random numbers. Ed25519 avoids this problem entirely and will always generate the same signature for the same data.
  • Collision Resistant: Hash-function collisions do not break this system. This adds a layer of defense against the possibility of weakness in the selected hash function.

You can read more on Dan Bernstein's Ed25519 site.


require "ed25519"

# Generate a new random signing key
signing_key =

# Sign a message with the signing key
message = "example message"
signature = signing_key.sign(message)

# Obtain the verify key for a given signing key
verify_key = signing_key.verify_key

# Check the validity of a signature
verify_key.verify(signature, message)

Serializing Keys

Keys can be serialized as 32-byte binary strings as follows:

signature_key_bytes = signing_key.key_bytes.hexstring
verify_key_bytes = verify_key.key_bytes.hexstring

The binary serialization can be passed directly into the constructor for a given key type

signing_key =
verify_key  =


The original crystal port was done by davidkellis based on the javascript implementation by paulmillr Interface copied from the Ruby implementation by tarcieri