[Cryptech Tech] why not deterministic ecdsa?

Linus Nordberg linus at nordberg.se
Sun Sep 6 21:06:36 UTC 2015


Rob Austein <sra at hactrn.net> wrote
Sun, 06 Sep 2015 16:28:53 -0400:

| At Sun, 06 Sep 2015 22:17:25 +0200, Simon Josefsson wrote:
| > 
| > Am I reading this right that your ECDSA code generated a fresh k
| > from your TRNG?
| 
| Yes.  Given that we think the TRNG is fairly solid, this is not
| particularly expensive.
| 
| > You want to read and consider RFC 6979.
| 
| Read it a while back.  Haven't seen anything suggesting serious
| uptake, but will defer to the usual suspects if they have advice.

What'd the downside be?

As for uptake, Certificate Transparency will require deterministic ECDSA
for privacy reasons.


More information about the Tech mailing list