[Cryptech Tech] why not deterministic ecdsa?

Simon Josefsson simon at josefsson.org
Sun Sep 6 20:17:25 UTC 2015

Previous message (by thread): [Cryptech Tech] RSA-CRT fault based key leakage
Next message (by thread): [Cryptech Tech] why not deterministic ecdsa?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was reading https://cryptech.is/ecdsa/ that contains:

   On the one hand, every signature uses a new random number, and, since
   we think we have a pretty good TRNG, this doesn’t give an attacker
   much to work with.

Am I reading this right that your ECDSA code generated a fresh k from
your TRNG?

You want to read and consider RFC 6979.

/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <https://lists.cryptech.is/archives/tech/attachments/20150906/45a86507/attachment.sig>

Previous message (by thread): [Cryptech Tech] RSA-CRT fault based key leakage
Next message (by thread): [Cryptech Tech] why not deterministic ecdsa?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list