Key Takeaways
ED25519 is an asymmetric signature algorithm that offers strong security and high performance.
It relies on the hard elliptic curve discrete logarithm problem and is resistant to various cryptographic attacks.
When compared to traditional algorithms like RSA, ED25519 has significantly faster signing and verification speeds, making it suitable for real-time applications and blockchain systems.
Binance fully supports ED25519 for API security, offering tools and libraries to easily generate keys, sign requests, and integrate secure authentication for trading and account management.
Introduction
In this article, we explore ED25519, providing an overview of the algorithm and its historical background. We also discuss the limitations of older cryptographic algorithms that ED25519 overcomes, highlighting why it has become popular and widely adopted.
Then, we offer some guidance on generating private and public keys, explaining the basics of signing and verifying messages, and demonstrating how to use these keys with Binance APIs.
Why Was ED25519 Created?
Although asymmetric algorithms like RSA (created in 1977) and DSA (from 1991) have been widely used, they have certain limitations that ED25519 addresses.
1. Security
Resistance to attacks: ED25519 is designed to resist a broad range of cryptographic attacks, including side-channel and timing attacks that have impacted older algorithms like RSA and DSA. Older algorithms were vulnerable because attackers might extract secret information by observing timing differences during signing or verification.
Stronger cryptographic assumptions: The ED25519 relies on the hardness of the elliptic curve discrete logarithm problem, which is considered more secure against certain types of attacks compared to the integer factorization problem used in RSA.
2. Performance
Signing Speed: ED25519 is designed to be faster than RSA-2048 for generating signatures. This significant speed advantage makes it highly suitable for applications requiring rapid signature generation, such as high-frequency trading and real-time communications.
Verification Speed: ED25519 is also faster than RSA-2048 for verifying signatures. Faster verification speeds are crucial for systems that need to validate a large number of signatures quickly, such as blockchain networks and secure messaging platforms.
3. Deterministic signatures
Consistency: ED25519 generates the same signature for the same message every time, eliminating the need for a secure random number generator during the signing process. This consistency reduces the risk of implementation errors and vulnerabilities associated with poor randomness.
Simplified Implementation: The deterministic nature simplifies the implementation process, making it easier to develop secure and reliable cryptographic systems.
4. Small key size
Efficiency: ED25519 uses smaller key sizes compared to RSA, which results in faster computations and reduced storage requirements. This efficiency is particularly beneficial for environments with limited resources, such as embedded systems, IoT devices, and mobile applications.
Bandwidth Savings: Smaller key sizes also lead to reduced bandwidth usage, which is advantageous for networked applications and systems with constrained communication channels.
Use Cases
ED25519 is widely used in secure communications due to its strong security and high performance. Its ability to quickly generate and verify signatures makes it ideal for applications like encrypted messaging, email security, and secure file transfers.
By ensuring that messages and files are authenticated and untampered with, ED25519 helps maintain the integrity and confidentiality of sensitive information. Its deterministic nature also simplifies implementation, reducing the risk of errors and vulnerabilities associated with randomness in cryptographic operations.
Another key use case for ED25519 is in blockchain and cryptocurrency systems. The algorithm's efficiency in signing and verifying transactions is crucial for maintaining the speed and security of blockchain networks.
ED25519's small key size and fast performance are particularly beneficial for environments with limited resources, such as IoT devices and embedded systems. These devices often require secure communication protocols that can operate efficiently within constrained computational and storage capacities. By leveraging ED25519, developers can ensure their IoT solutions are both secure and performant, enabling a wide range of applications from smart home devices to industrial automation systems.
How Are ED25519 Keys Generated?
The preferred method to generate private and public keys is to use the Binance key generator, which makes the process easy, as the generation can be fully done through a clear User Interface.
The generation can also be done using openssl via the command line.
Generate the private key:
openssl genpkey -algorithm ed25519 -out my-prv-key.pemGenerate the private key with pass:
openssl genpkey -aes256 -algorithm ed25519 -out my-prv-key.pemGenerate the public key from private key:
openssl pkey -pubout -in my-prv-key.pem -out my-pub-key.pemExample: Generating and verifying an ED25519 signature
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.exceptions import InvalidSignature
def generate_private_key():
return Ed25519PrivateKey.generate()
def sign_message(private_key: Ed25519PrivateKey, message: bytes) -> bytes:
"""
Sign the message using the Ed25519 private key.
Returns the signature bytes.
"""
signature = private_key.sign(message)
return signature
def verify_message(public_key, signature: bytes, message: bytes) -> bool:
"""
Verify the signature of the message using the Ed25519 public key.
Returns True if signature is valid, False otherwise.
"""
try:
public_key.verify(signature, message)
return True
except InvalidSignature:
return False
# Example usage
message = b"my authenticated message"
private_key = generate_private_key()
signature = sign_message(private_key, message)
verified = verify_message(private_key.public_key(), signature, message)
if verified:
print("Signature is valid")
else:
print("Signature is invalid")How to sign API requests to Binance
Prepare the request parameters:
For WebSocket APIs, all parameters must be sorted in ascending order before generating the signature. This ensures consistency in signature generation.
For REST APIs, parameters do not need to be sorted before signing. The signature is generated based on the exact request parameters as they are provided.
Generate the ED25519 signature:
ED25519 with the API secret key can be used to sign the relevant parameters.
The ED25519 private key can be used by registering a public key on Binance. For detailed steps, refer to How to Generate an Ed25519 Key Pair to Send API Requests on Binance.
Include the signature in the request:
Attach the generated signature to the API request as the signature parameter.
Example: how to sign a request using ED25519 private key for Binance APIs
import time
import urllib.parse
from base64 import b64encode
from Crypto.Hash import SHA256
from Crypto.PublicKey import ECC
from Crypto.Signature import pkcs1_15, eddsa
api_key = "your_api_key"
# Define request parameters
params = {
"symbol": "BTCUSDT",
"side": "BUY",
"type": "LIMIT",
"quantity": 1,
"price": 45000,
"timestamp": int(time.time() * 1000)
}
def ed25519_signature(private_key, payload, private_key_pass=None):
private_key = ECC.import_key(private_key, passphrase=private_key_pass)
signer = eddsa.new(private_key, "rfc8032")
signature = signer.sign(payload.encode("utf-8"))
return b64encode(signature)
# Create the query string
query_string = urllib.parse.urlencode(params)
with open("myprivatekey.pem", "rt") as f:
data = f.read()
signature = ed25519_signature(data, query_string)
# Final request URL
url = f"https://api.binance.com/api/v3/order?{query_string}&signature={signature}"
print("Signed Request URL:", url)Binance recommends using the connectors, which makes the integration smoother and takes care of generating the signature.
Example: how to use Binance connectors
from binance_sdk_spot.spot import Spot, ConfigurationRestAPI
# ED25519 Keys
configuration_rest_api = ConfigurationRestAPI(
api_key="YOUR_API_KEY",
private_key="./private_key.pem",
base_url="https://api.binance.com"
)
client = Spot(config_rest_api=configuration_rest_api)
# Get account and balance information
print(client.account())
# Post a new order
params = {
'symbol': 'BTCUSDT',
'side': 'SELL',
'type': 'LIMIT',
'timeInForce': 'GTC',
'quantity': 0.002,
'price': 9500
}
client = Spot(config_rest_api=configuration_rest_api)
response = client.rest_api.new_order(**params)
print(response.data())Automated signature generation
For developers looking to automate the signature generation process across different programming languages, Binance provides an open-source repository with examples in Python, JavaScript, Java, and more. This can be accessed in the GitHub repository binance-signature-examples.
Using this resource, developers can quickly integrate ED25519-based authentication into their applications with minimal effort.
For those testing Binance API integrations in a sandbox environment, you can generate an ED25519 private key using the Binance Testnet. This allows developers to experiment with API authentication without affecting live trading accounts.
Closing Thoughts
ED25519 strikes the perfect balance between security and performance, making it an excellent choice for modern cryptographic needs. Its asymmetric nature provides stronger security compared to symmetric algorithms like HMAC, which can be more vulnerable to certain attacks.
Performance-wise, ED25519 excels in both generating and verifying signatures. It is faster than traditional algorithms like RSA, with signing speeds up to 30 times faster. This efficiency makes it ideal for applications requiring rapid and frequent signature operations, such as secure communications and blockchain transactions.
At Binance, ED25519 is the preferred algorithm due to its superior security and performance. It is fully supported by all Binance APIs, ensuring seamless integration and compatibility across various platforms and services. By using ED25519, Binance ensures that its cryptographic operations are both secure and efficient, providing a reliable foundation for its financial and trading services.
After learning about ED25519 and how to generate keys and signatures, these can be used to securely place market orders on Binance.
When placing a market order, the private key is used to sign the request, proving that it comes from a legitimate source.
Further Reading
Disclaimer: This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Where the article is contributed by a third party contributor, please note that those views expressed belong to the third party contributor, and do not necessarily reflect those of Binance Academy. Please read our full disclaimer here for further details. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance Academy is not liable for any losses you may incur. This material should not be construed as financial, legal or other professional advice. For more information, see our Terms of Use and Risk Warning.