what is the maximum size of the payload data when using ed25519

Question

When using ed25519 what is the maximum size of the message/payload data?

From the specs:

The Diffie-Hellman key exchange is then defined as follows: each party generates a random number 1 <= d < N (the private key), computes Q = d G (the public key). The parties exchange their public keys and compute the shared secret as Z = d Q_peer.

So once both parties have computed the shared secret, what is the maximum size of the message data that could be encrypted and therefore decrypted by the "secret"?

Note that Ed25519 is only a signature scheme strictly speaking. — SEJPM, Mar 26 '17 at 10:22

score 2 · Accepted Answer · answered Mar 25 '17 at 21:34

That depends really on which symmetric cipher and cipher mode is used. Basically, the strength provided by the secret is 128 bits, as indicated in the page you linked to.

Usually the secret is then converted into a key using a Key Derivation Function (KDF) or even into multiple keys, which will each have a security level of 128 bits (as long as the KDF is strong enough, but that's commonly the case).

After that it is up to the scheme used. Probably you don't want to go over $2^{128}$ blocks of encryption, but that's kind of nonsense in the first place.

what is the maximum size of the payload data when using ed25519

1 Answers1