[Cryptech Tech] why not deterministic ecdsa?

Simon Josefsson simon at josefsson.org
Mon Sep 7 08:27:46 UTC 2015

Previous message (by thread): [Cryptech Tech] why not deterministic ecdsa?
Next message (by thread): [Cryptech Tech] why not deterministic ecdsa?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Leif Johansson <leifj at sunet.se> writes:

>> 3) Generality and separation of components (someone who uses your
>> ecdsa might not necessarily trust your rng).
>
> afaiu this is the usual argument for 6979 but haven't we failed if folks
> don't trust our rng?

Not necessarily.  Maybe they trust cryptech to protect private keys and
perform ecdsa signing, but wants to generate keys elsewhere.

Trusting a rng is different from trusting a device carrying out
verifiable computations.  I wouldn't trust a rng without proof or at
least a convincing argument that quantify the amount of entropy it can
generate.

/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <https://lists.cryptech.is/archives/tech/attachments/20150907/92173cba/attachment-0001.sig>

Previous message (by thread): [Cryptech Tech] why not deterministic ecdsa?
Next message (by thread): [Cryptech Tech] why not deterministic ecdsa?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list