8.2. Randomness Considerations

EdDSA signatures are deterministic. This protects against attacks arising from signing with bad randomness; the effects of which can, depending on the algorithm, range up to full private key compromise. It can be surprisingly hard to ensure good-quality random numbers, and there have been numerous security failures relating to this.

Obviously, private key generation requires randomness, but due to the fact that the private key is hashed before use, a few missing bits of entropy doesn't constitute a disaster.

The basic signature verification is also deterministic. However, some speedups by verifying multiple signatures at once do require random numbers.

8.2. Randomness Considerations​

8.2. Randomness Considerations