fed-prims: Phase E — Ed25519 verify (RFC 8032), pure-OCaml bignum + edwards25519

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

plans/fed-sx-host-primitives.md

@@ -105,7 +105,7 @@ check** → tests → commit → tick box → Progress-log line → push.
 - **Acceptance:** matches reference CIDs; determinism holds; WASM links. Satisfies
   fed-sx Milestone 1 Step 1.
 
-### Phase E — Ed25519 verify, pure OCaml
+### Phase E — Ed25519 verify, pure OCaml ✅ DONE
 - Curve25519/edwards25519 field arith (mod 2^255-19), point decompress,
   SHA-512-based verify per RFC 8032 §5.1.7. (Reuse Phase A sha512.)
 - Primitive `ed25519-verify (pubkey msg sig) -> bool`. Bad-length args → false,
@@ -205,6 +205,14 @@ printf '(epoch 1)\n(crypto-sha256 "abc")\n' | \
 
 _Newest first._
 
+- 2026-05-18 — Phase E: pure-OCaml `lib/sx_ed25519.ml` (minimal
+  base-2^26 bignum, edwards25519 extended-coord points, RFC 8032
+  §5.1.7 cofactorless verify reusing Phase-A sha512). Primitive
+  `ed25519-verify` is total (bad/short/non-string args → false).
+  8 tests: RFC 8032 §7.1 TEST 1-3 (re-derived independently via
+  python-cryptography), tampered msg/sig, wrong-length, non-string.
+  WASM boot green with new lib module; Erlang 530/530; run_tests +8.
+  Satisfies fed-sx Milestone 1 Step 2 (Ed25519 sig-suite).
 - 2026-05-18 — Phase D: pure-OCaml `lib/sx_cid.ml` (unsigned-varint,
   multihash, CIDv1, multibase base32-lower), primitives `cid-from-bytes`
   / `cid-from-sx` (cbor→sha2-256→mh→cidv1, dag-cbor codec 0x71). 5 tests: