[Cryptech Tech] djb on How to design an elliptic-curve signature system

Joachim Strömbergson joachim at secworks.se
Mon Mar 24 10:09:20 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Randy Bush wrote:
> http://blog.cr.yp.to/20140323-ecdsa.html

A good writeup. The main gist of it seems to be in line with what others
are saying re side channel leaks and EC. It is really hard to do EC
without side channel issues.

What I found interesting and concern us in short term is how DJB points
to similar problems with RSA:

"RSA provides even faster signature verification than ECC. But RSA has
much slower signing, much slower key generation, much larger signatures,
and much larger public keys. It's hard to find applications where this
is a sensible tradeoff, and it's easy to find applications where RSA's
poor performance profile has compromised security. RSA also has many
implementation traps, and even a state-of-the-art RSA implementation is
more worrisome from a security perspective than ECC is, but that's a
topic for another blog post."

I hope he writes that post and I will be looking at the papers he points to.

I'm working on the first drafts of a RSA core that will support up to
8192 bit keys and have looked a bit at RSA-blinding. But there seems to
be more things to consider.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJTMARQAAoJEF3cfFQkIuyNKS8QAMi8DaIKFrnBGme0a+uS13ds
6Ly4xcNMRI1XBKo+te/QUTWnVSrQKOr8ZXDpGIASNb56aNqVliVPyTWB/8MZHNp5
sStTgPKGuQekNJpyi7/HnyZzQc1U3NDVuyvX5JK23nFSV3nGRwRtG676QZ847T5+
kTZI8+ocCMB7kmoXGPLuRqi2fXdhJhZ1iG6iFe72IRJFnjgUN65bB5mH8agQ5yWu
fmCZFUhiQX9TMBRDsJt0LEI/f5QDvr/cOnDQxOzA5hLf11SQqdiRGvKExxE3MSQr
+CMtSeyglr7n720aKZp+MjVKZVBFJu073JVJaR+o/p8n/Qy5qOZdWtKYQeSF2BF9
McVcYxXmZHbKaoQy2hZdfQywUDNDz5afMSB6hlLemMFjphPf7jkQ7lppp+s4qprd
zDpnfhDC4Xzke5zbX0kiGbMvpkkFXs/Qurme0MqqKmJkn1OsfHkcfrZ609nhv29N
jx2cCs/5jAAkNDiQqLOdOwXATDdUUloc5lbkrluSg3PgnxWl2pU7yoCs/x//KfaP
/5zUyW8MqVbZKvu7jljjBQYOL/ILuxM9eKBVCawsJJCf+vAo61iLkIcN4j2tNQvm
ZBxucTtlRkhXID1B9OYIjkNqHfhXHVeMRUGkXsEtCSuMjkPqXiTsHy0naIka1tH4
zHvvnNWciQ5yAwpXeeru
=pS/Y
-----END PGP SIGNATURE-----



More information about the Tech mailing list