The Ed25519 key pair creation from the seed is broken

[DieMyst]

If we create key pair from seed, sign and verify some random data, it will fail. I checked it by adding a test case in this repo (here https://github.com/libp2p/js-libp2p-crypto/blob/master/test/keys/ed25519.spec.ts).

    const seed = new Uint8Array(32).fill(1);
    const seededkey = await crypto.keys.generateKeyPairFromSeed('Ed25519', seed)
    const data = uint8ArrayFromString('hello world')
    const sig = await seededkey.sign(data)
    const valid = await seededkey.public.verify(data, sig)
    // `valid` is false
    expect(valid).to.eql(true)

example in fork: https://github.com/DieMyst/js-libp2p-crypto/blob/master/test/keys/ed25519.spec.ts#L151

[folex]

It seeems to me that derivePublicKey became quite unusual for ed25519

function derivePublicKey (privateKey: Uint8Array) {
  const hash = crypto.createHash('sha512')
  hash.update(privateKey)
  return hash.digest().subarray(32)
}

before, it was

function getKeyFromHash(hashed: Uint8Array) {
  // First 32 bytes of 64b uniformingly random input are taken,
  // clears 3 bits of it to produce a random field element.
  const head = adjustBytes25519(hashed.slice(0, 32));
  // Second 32 bytes is called key prefix (5.1.6)
  const prefix = hashed.slice(32, 64);
  // The actual private scalar
  const scalar = modlLE(head);
  // Point on Edwards curve aka public key
  const point = Point.BASE.multiply(scalar);
  const pointBytes = point.toRawBytes();
  return { head, prefix, scalar, point, pointBytes };
}

which made much for sense.

AFAIU, publicKey = sha512(privateKey) is not valid for ed25519 🤔

[github-actions]

🎉 This issue has been resolved in version 1.0.12 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀