What’s The Base Point for Ed25519?

Prof Bill Buchanan OBE
5 min readOct 5, 2021


Much of the foundation of your online security comes down to a basic thing: elliptic curves. It is these magical little curves that allow your browser and the server to talk openly and then agree on an encryption key. This key then stops people spying on you, and makes sure that no one hi-jacks your connection. to me, they are beautiful.

With the ECDH (Elliptic Curve Diffie Hellman) handshake method, we have an almost perfect way to generate a shared key between Bob and Alice, without Eve ever finding it out. So what curve can we use? Well, Curve 25519, is one of the best elliptic curves around (and free from backdoors, he hope). It uses the Montgomery curve form of:

And where we take a base point (G), and then create a private key (n), and then determine our public key (nG). With this, nG is the point G added n times (G+G+…G). Overall, Curve 25519 was created by Daniel J Bernstein, and who has contributed so much to cybersecurity. The form he chose was:

and where p=2²⁵⁵-19. It gives 128-bit security levels, and which is currently strong enough in most applications.

Finding the base point (G)

The way elliptic curve cryptography works is that we take a private key value (n), and then compute a public key point (nG), and where G is the base point on the curve. If n is large enough and random, it will be almost impossible to determine the private key (n) from the public key (nG).

For Ed25519, let’s determine the base point of the curve from [here]:

import nacl.bindings as b
import binascii
import sys
p = 2**255 - 19def inv(x):
return pow(x, p-2, p)
d = -121665 * inv(121666)
I = pow(2,(p-1)//4,p)
def findx(y):
xx = (y*y-1) * inv(d*y*y+1)
x = pow(xx,(p+3)//8,p)
if (x*x - xx) % p != 0: x = (x*I) % p
if x % 2 != 0: x = p-x
return x
def convert_to_little_int(val):
little_hex = bytearray.fromhex(val)
little = ''.join(format(x, '02x') for x in little_hex)
return little
i=1n = binascii.a2b_hex("0100000000000000000000000000000000000000000000000000000000000000")



Prof Bill Buchanan OBE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.