# Quai Network: Implementation of Ristretto Signing Curve

### Overview

Ristretto is a prime order elliptic curve technique ensuring non-malleable encodings. The integration of Ristretto will enhance the Quai Network’s security, speed, and capability.

### Benefits:

- Enhanced Security: Prevent various elliptic curve related attacks.
- High-Speed Transactions: Utilize the efficiency of Curve25519 in combination with Ristretto.
- Unique Encodings: Ensure non-malleability across cryptographic operations.
- Privacy Potential: Enables the introduction of advanced privacy-preserving protocols like Confidential Transactions or the ZK-STARKs.
- Community Support: Rely on a well-researched and widely adopted cryptographic foundation.

Curve25519 and secp256k1 (current Quai curve) are two different elliptic curves used in public-key cryptography.

**Definition and Shape**:

**Curve25519**: It’s defined over the prime field`2^255 - 19`

and uses Montgomery form. Its equation is (y^2 = x^3 + 486662x^2 + x).**secp256k1**: It’s defined over the prime field`2^256 - 2^32 - 977`

and uses short Weierstrass form. Its equation is (y^2 = x^3 + 7).

### Implementations

- The recommended pure go implementation of ristretto255 over filippo.io/edwards25519.

- ChainSafe implementation of go-schnorrkel

- Compatible with the substrate-bip39 implementation
- Schnorr Signatures over Ristretto255 in pure Go
- Utilizes the above ristretto255
- Used by tendermint
- Used by polkadot

### Questions

- Do we want to have a prefix on public to an address as encoded base58? (Polkadot does this)

- a modification of Base-58-check from Bitcoin with some minor changes. Notably, the format contains an address type prefix that identifies an address belonging to a specific network. For example: Polkadot addresses always start with the number 1.

- How do we want to convert a pubkey to an address?
- How do we define the mapping? Like this? https://github.com/paritytech/ss58-registry/blob/main/ss58-registry.json
- Are we okay with putting public keys in the tx data themselves?
- Do we even want to support secp256k at all?
- Do we want to have a SigningContext?
- Do we want to utilize Schnorr Signature Aggregation?