From c54fdac500a8233599e784540ecda7e3a0f21560 Mon Sep 17 00:00:00 2001
From: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Wed, 10 Mar 2021 08:54:03 +0100
Subject: -implementation notice for our ECC

---
 src/util/crypto_ecc.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 7110a2c4d..efbf2ee17 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -33,6 +33,22 @@
 
 #define EXTRA_CHECKS 0
 
+/**
+ * IMPLEMENTATION NOTICE:
+ *
+ * ECDSA: We use a non-standard curve for ECDSA: Ed25519.
+ * For performance reasons, we use cryptographic operations from
+ * libsodium wherever we can get away with it, even though libsodium
+ * itself does not support ECDSA.
+ * This is why the sign and verifiy functionality from libgcrypt is
+ * required and used.
+ *
+ * EdDSA: We use a standard EdDSA construction.
+ * (We still use libgcrypt for hashing and RNG, but not EC)
+ *
+ * ECDHE: For both EdDSA and ECDSA keys, we use libsodium for
+ * ECDHE due to performance benefits over libgcrypt.
+ */
 
 /**
  * Name of the curve we are using.  Note that we have hard-coded
-- 
cgit v1.2.3