diff --git a/contrib/yggdrasil-brute-simple/LICENSE b/contrib/yggdrasil-brute-simple/LICENSE
new file mode 100644
index 00000000..2d61b400
--- /dev/null
+++ b/contrib/yggdrasil-brute-simple/LICENSE
@@ -0,0 +1,150 @@
+This software is released into the public domain. As such, it can be
+used under the Unlicense or CC0 public domain dedications.
+
+
+
+The Unlicense
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to
+
+
+
+CC0 1.0 Universal
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer
+exclusive Copyright and Related Rights (defined below) upon the creator and
+subsequent owner(s) (each and all, an "owner") of an original work of
+authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for the
+purpose of contributing to a commons of creative, cultural and scientific
+works ("Commons") that the public can reliably and without fear of later
+claims of infringement build upon, modify, incorporate in other works, reuse
+and redistribute as freely as possible in any form whatsoever and for any
+purposes, including without limitation commercial purposes. These owners may
+contribute to the Commons to promote the ideal of a free culture and the
+further production of creative, cultural and scientific works, or to gain
+reputation or greater distribution for their Work in part through the use and
+efforts of others.
+
+For these and/or other purposes and motivations, and without any expectation
+of additional consideration or compensation, the person associating CC0 with a
+Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
+and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
+and publicly distribute the Work under its terms, with knowledge of his or her
+Copyright and Related Rights in the Work and the meaning and intended legal
+effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be
+protected by copyright and related or neighboring rights ("Copyright and
+Related Rights"). Copyright and Related Rights include, but are not limited
+to, the following:
+
+ i. the right to reproduce, adapt, distribute, perform, display, communicate,
+ and translate a Work;
+
+ ii. moral rights retained by the original author(s) and/or performer(s);
+
+ iii. publicity and privacy rights pertaining to a person's image or likeness
+ depicted in a Work;
+
+ iv. rights protecting against unfair competition in regards to a Work,
+ subject to the limitations in paragraph 4(a), below;
+
+ v. rights protecting the extraction, dissemination, use and reuse of data in
+ a Work;
+
+ vi. database rights (such as those arising under Directive 96/9/EC of the
+ European Parliament and of the Council of 11 March 1996 on the legal
+ protection of databases, and under any national implementation thereof,
+ including any amended or successor version of such directive); and
+
+ vii. other similar, equivalent or corresponding rights throughout the world
+ based on applicable law or treaty, and any national implementations thereof.
+
+2. Waiver. To the greatest extent permitted by, but not in contravention of,
+applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
+unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
+and Related Rights and associated claims and causes of action, whether now
+known or unknown (including existing as well as future claims and causes of
+action), in the Work (i) in all territories worldwide, (ii) for the maximum
+duration provided by applicable law or treaty (including future time
+extensions), (iii) in any current or future medium and for any number of
+copies, and (iv) for any purpose whatsoever, including without limitation
+commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
+the Waiver for the benefit of each member of the public at large and to the
+detriment of Affirmer's heirs and successors, fully intending that such Waiver
+shall not be subject to revocation, rescission, cancellation, termination, or
+any other legal or equitable action to disrupt the quiet enjoyment of the Work
+by the public as contemplated by Affirmer's express Statement of Purpose.
+
+3. Public License Fallback. Should any part of the Waiver for any reason be
+judged legally invalid or ineffective under applicable law, then the Waiver
+shall be preserved to the maximum extent permitted taking into account
+Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
+is so judged Affirmer hereby grants to each affected person a royalty-free,
+non transferable, non sublicensable, non exclusive, irrevocable and
+unconditional license to exercise Affirmer's Copyright and Related Rights in
+the Work (i) in all territories worldwide, (ii) for the maximum duration
+provided by applicable law or treaty (including future time extensions), (iii)
+in any current or future medium and for any number of copies, and (iv) for any
+purpose whatsoever, including without limitation commercial, advertising or
+promotional purposes (the "License"). The License shall be deemed effective as
+of the date CC0 was applied by Affirmer to the Work. Should any part of the
+License for any reason be judged legally invalid or ineffective under
+applicable law, such partial invalidity or ineffectiveness shall not
+invalidate the remainder of the License, and in such case Affirmer hereby
+affirms that he or she will not (i) exercise any of his or her remaining
+Copyright and Related Rights in the Work or (ii) assert any associated claims
+and causes of action with respect to the Work, in either case contrary to
+Affirmer's express Statement of Purpose.
+
+4. Limitations and Disclaimers.
+
+ a. No trademark or patent rights held by Affirmer are waived, abandoned,
+ surrendered, licensed or otherwise affected by this document.
+
+ b. Affirmer offers the Work as-is and makes no representations or warranties
+ of any kind concerning the Work, express, implied, statutory or otherwise,
+ including without limitation warranties of title, merchantability, fitness
+ for a particular purpose, non infringement, or the absence of latent or
+ other defects, accuracy, or the present or absence of errors, whether or not
+ discoverable, all to the greatest extent permissible under applicable law.
+
+ c. Affirmer disclaims responsibility for clearing rights of other persons
+ that may apply to the Work or any use thereof, including without limitation
+ any person's Copyright and Related Rights in the Work. Further, Affirmer
+ disclaims responsibility for obtaining any necessary consents, permissions
+ or other rights required for any use of the Work.
+
+ d. Affirmer understands and acknowledges that Creative Commons is not a
+ party to this document and has no duty or obligation with respect to this
+ CC0 or use of the Work.
+
+For more information, please see
+
diff --git a/contrib/yggdrasil-brute-simple/Makefile b/contrib/yggdrasil-brute-simple/Makefile
new file mode 100644
index 00000000..aa2adc86
--- /dev/null
+++ b/contrib/yggdrasil-brute-simple/Makefile
@@ -0,0 +1,12 @@
+.PHONY: all
+
+all: util yggdrasil-brute-multi-curve25519 yggdrasil-brute-multi-ed25519
+
+util: util.c
+ gcc -Wall -std=c89 -O3 -c -o util.o util.c
+
+yggdrasil-brute-multi-ed25519: yggdrasil-brute-multi-ed25519.c util.o
+ gcc -Wall -std=c89 -O3 -o yggdrasil-brute-multi-ed25519 -lsodium yggdrasil-brute-multi-ed25519.c util.o
+
+yggdrasil-brute-multi-curve25519: yggdrasil-brute-multi-curve25519.c util.o
+ gcc -Wall -std=c89 -O3 -o yggdrasil-brute-multi-curve25519 -lsodium yggdrasil-brute-multi-curve25519.c util.o
diff --git a/contrib/yggdrasil-brute-simple/README.md b/contrib/yggdrasil-brute-simple/README.md
new file mode 100644
index 00000000..f7b68765
--- /dev/null
+++ b/contrib/yggdrasil-brute-simple/README.md
@@ -0,0 +1,8 @@
+# yggdrasil-brute-simple
+
+Simple program for finding curve25519 and ed25519 public keys whose sha512 hash has many leading ones.
+Because ed25519 private keys consist of a seed that is hashed to find the secret part of the keypair,
+this program is near optimal for finding ed25519 keypairs. Curve25519 key generation, on the other hand,
+could be further optimized with elliptic curve magic.
+
+Depends on libsodium.
diff --git a/contrib/yggdrasil-brute-simple/util.c b/contrib/yggdrasil-brute-simple/util.c
new file mode 100644
index 00000000..fd17e496
--- /dev/null
+++ b/contrib/yggdrasil-brute-simple/util.c
@@ -0,0 +1,62 @@
+#include "yggdrasil-brute.h"
+
+int find_where(unsigned char hash[64], unsigned char besthashlist[NUMKEYS][64]) {
+ /* Where to insert hash into sorted hashlist */
+ int j;
+ int where = -1;
+ for (j = 0; j < NUMKEYS; ++j) {
+ if (memcmp(hash, besthashlist[j], 64) > 0) ++where;
+ else break;
+ }
+ return where;
+}
+
+void insert_64(unsigned char itemlist[NUMKEYS][64], unsigned char item[64], int where) {
+ int j;
+ for (j = 0; j < where; ++j) {
+ memcpy(itemlist[j], itemlist[j+1], 64);
+ }
+ memcpy(itemlist[where], item, 64);
+}
+
+void insert_32(unsigned char itemlist[NUMKEYS][32], unsigned char item[32], int where) {
+ int j;
+ for (j = 0; j < where; ++j) {
+ memcpy(itemlist[j], itemlist[j+1], 32);
+ }
+ memcpy(itemlist[where], item, 32);
+}
+
+void make_addr(unsigned char addr[32], unsigned char hash[64]) {
+ /* Public key hash to yggdrasil ipv6 address */
+ int i;
+ int offset;
+ unsigned char mask;
+ unsigned char c;
+ int ones = 0;
+ unsigned char br = 0; /* false */
+ for (i = 0; i < 64 && !br; ++i) {
+ mask = 128;
+ c = hash[i];
+ while (mask) {
+ if (c & mask) {
+ ++ones;
+ } else {
+ br = 1; /* true */
+ break;
+ }
+ mask >>= 1;
+ }
+ }
+
+ addr[0] = 2;
+ addr[1] = ones;
+
+ offset = ones + 1;
+ for (i = 0; i < 14; ++i) {
+ c = hash[offset/8] << (offset%8);
+ c |= hash[offset/8 + 1] >> (8 - offset%8);
+ addr[i + 2] = c;
+ offset += 8;
+ }
+}
diff --git a/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-curve25519.c b/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-curve25519.c
new file mode 100644
index 00000000..a592f38b
--- /dev/null
+++ b/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-curve25519.c
@@ -0,0 +1,105 @@
+/*
+sk: 32 random bytes
+sk[0] &= 248;
+sk[31] &= 127;
+sk[31] |= 64;
+
+increment sk
+pk = curve25519_scalarmult_base(mysecret)
+hash = sha512(pk)
+
+if besthash:
+ bestsk = sk
+ besthash = hash
+*/
+
+#include "yggdrasil-brute.h"
+
+
+void seed(unsigned char sk[32]) {
+ randombytes_buf(sk, 32);
+ sk[0] &= 248;
+ sk[31] &= 127;
+ sk[31] |= 64;
+}
+
+
+int main(int argc, char **argv) {
+ int i;
+ int j;
+ unsigned char addr[16];
+ time_t starttime;
+ time_t requestedtime;
+
+ unsigned char bestsklist[NUMKEYS][32];
+ unsigned char bestpklist[NUMKEYS][32];
+ unsigned char besthashlist[NUMKEYS][64];
+
+ unsigned char sk[32];
+ unsigned char pk[32];
+ unsigned char hash[64];
+
+ unsigned int runs = 0;
+ int where;
+
+ if (argc != 2) {
+ fprintf(stderr, "usage: ./yggdrasil-brute-multi-curve25519 \n");
+ return 1;
+ }
+
+ if (sodium_init() < 0) {
+ /* panic! the library couldn't be initialized, it is not safe to use */
+ printf("sodium init failed!\n");
+ return 1;
+ }
+
+ starttime = time(NULL);
+ requestedtime = atoi(argv[1]);
+
+ if (requestedtime < 0) requestedtime = 0;
+ fprintf(stderr, "Searching for yggdrasil curve25519 keys (this will take slightly longer than %ld seconds)\n", requestedtime);
+
+ sodium_memzero(bestsklist, NUMKEYS * 32);
+ sodium_memzero(bestpklist, NUMKEYS * 32);
+ sodium_memzero(besthashlist, NUMKEYS * 64);
+ seed(sk);
+
+ do {
+ /* generate pubkey, hash, compare, increment secret.
+ * this loop should take 4 seconds on modern hardware */
+ for (i = 0; i < (1 << 16); ++i) {
+ ++runs;
+ if (crypto_scalarmult_curve25519_base(pk, sk) != 0) {
+ printf("scalarmult to create pub failed!\n");
+ return 1;
+ }
+ crypto_hash_sha512(hash, pk, 32);
+
+ where = find_where(hash, besthashlist);
+ if (where >= 0) {
+ insert_32(bestsklist, sk, where);
+ insert_32(bestpklist, pk, where);
+ insert_64(besthashlist, hash, where);
+
+ seed(sk);
+ }
+ for (j = 1; j < 31; ++j) if (++sk[j]) break;
+ }
+ } while (time(NULL) - starttime < requestedtime || runs < NUMKEYS);
+
+ fprintf(stderr, "--------------addr-------------- -----------------------------secret----------------------------- -----------------------------public-----------------------------\n");
+ for (i = 0; i < NUMKEYS; ++i) {
+ make_addr(addr, besthashlist[i]);
+ for (j = 0; j < 16; ++j) printf("%02x", addr[j]);
+ printf(" ");
+ for (j = 0; j < 32; ++j) printf("%02x", bestsklist[i][j]);
+ printf(" ");
+ for (j = 0; j < 32; ++j) printf("%02x", bestpklist[i][j]);
+ printf("\n");
+ }
+
+ sodium_memzero(bestsklist, NUMKEYS * 32);
+ sodium_memzero(sk, 32);
+
+ return 0;
+}
diff --git a/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-ed25519.c b/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-ed25519.c
new file mode 100644
index 00000000..02218e50
--- /dev/null
+++ b/contrib/yggdrasil-brute-simple/yggdrasil-brute-multi-ed25519.c
@@ -0,0 +1,106 @@
+/*
+seed: 32 random bytes
+sk: sha512(seed)
+sk[0] &= 248
+sk[31] &= 127
+sk[31] |= 64
+
+pk: scalarmult_ed25519_base(sk)
+
+
+increment seed
+generate sk
+generate pk
+hash = sha512(mypub)
+
+if besthash:
+ bestseed = seed
+ bestseckey = sk
+ bestpubkey = pk
+ besthash = hash
+*/
+
+#include "yggdrasil-brute.h"
+
+
+int main(int argc, char **argv) {
+ int i;
+ int j;
+ time_t starttime;
+ time_t requestedtime;
+
+ unsigned char bestsklist[NUMKEYS][64]; /* sk contains pk */
+ unsigned char besthashlist[NUMKEYS][64];
+
+ unsigned char seed[32];
+ unsigned char sk[64];
+ unsigned char pk[32];
+ unsigned char hash[64];
+
+ unsigned int runs = 0;
+ int where;
+
+ if (argc != 2) {
+ fprintf(stderr, "usage: ./yggdrasil-brute-multi-curve25519 \n");
+ return 1;
+ }
+
+ if (sodium_init() < 0) {
+ /* panic! the library couldn't be initialized, it is not safe to use */
+ printf("sodium init failed!\n");
+ return 1;
+ }
+
+ starttime = time(NULL);
+ requestedtime = atoi(argv[1]);
+
+ if (requestedtime < 0) requestedtime = 0;
+ fprintf(stderr, "Searching for yggdrasil ed25519 keys (this will take slightly longer than %ld seconds)\n", requestedtime);
+
+ sodium_memzero(bestsklist, NUMKEYS * 64);
+ sodium_memzero(besthashlist, NUMKEYS * 64);
+ randombytes_buf(seed, 32);
+
+ do {
+ /* generate pubkey, hash, compare, increment secret.
+ * this loop should take 4 seconds on modern hardware */
+ for (i = 0; i < (1 << 17); ++i) {
+ ++runs;
+ crypto_hash_sha512(sk, seed, 32);
+
+ if (crypto_scalarmult_ed25519_base(pk, sk) != 0) {
+ printf("scalarmult to create pub failed!\n");
+ return 1;
+ }
+ memcpy(sk + 32, pk, 32);
+
+ crypto_hash_sha512(hash, pk, 32);
+
+ /* insert into local list of good key */
+ where = find_where(hash, besthashlist);
+ if (where >= 0) {
+ insert_64(bestsklist, sk, where);
+ insert_64(besthashlist, hash, where);
+ randombytes_buf(seed, 32);
+ }
+ for (j = 1; j < 31; ++j) if (++seed[j]) break;
+ }
+ } while (time(NULL) - starttime < requestedtime || runs < NUMKEYS);
+
+ fprintf(stderr, "!! Secret key is seed concatenated with public !!\n");
+ fprintf(stderr, "---hash--- ------------------------------seed------------------------------ -----------------------------public-----------------------------\n");
+ for (i = 0; i < NUMKEYS; ++i) {
+ for (j = 0; j < 5; ++j) printf("%02x", besthashlist[i][j]);
+ printf(" ");
+ for (j = 0; j < 32; ++j) printf("%02x", bestsklist[i][j]);
+ printf(" ");
+ for (j = 32; j < 64; ++j) printf("%02x", bestsklist[i][j]);
+ printf("\n");
+ }
+
+ sodium_memzero(bestsklist, NUMKEYS * 64);
+ sodium_memzero(sk, 64);
+ sodium_memzero(seed, 32);
+
+ return 0;
+}
diff --git a/contrib/yggdrasil-brute-simple/yggdrasil-brute.h b/contrib/yggdrasil-brute-simple/yggdrasil-brute.h
new file mode 100644
index 00000000..8e39e0f3
--- /dev/null
+++ b/contrib/yggdrasil-brute-simple/yggdrasil-brute.h
@@ -0,0 +1,12 @@
+#include
+#include /* printf */
+#include /* memcpy */
+#include /* atoi */
+#include /* time */
+
+
+#define NUMKEYS 10
+void make_addr(unsigned char addr[32], unsigned char hash[64]);
+int find_where(unsigned char hash[64], unsigned char besthashlist[NUMKEYS][64]);
+void insert_64(unsigned char itemlist[NUMKEYS][64], unsigned char item[64], int where);
+void insert_32(unsigned char itemlist[NUMKEYS][32], unsigned char item[32], int where);