[Cryptech Tech] why not deterministic ecdsa?
Simon Josefsson
simon at josefsson.org
Mon Sep 7 08:27:46 UTC 2015
Leif Johansson <leifj at sunet.se> writes:
>> 3) Generality and separation of components (someone who uses your
>> ecdsa might not necessarily trust your rng).
>
> afaiu this is the usual argument for 6979 but haven't we failed if folks
> don't trust our rng?
Not necessarily. Maybe they trust cryptech to protect private keys and
perform ecdsa signing, but wants to generate keys elsewhere.
Trusting a rng is different from trusting a device carrying out
verifiable computations. I wouldn't trust a rng without proof or at
least a convincing argument that quantify the amount of entropy it can
generate.
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <https://lists.cryptech.is/archives/tech/attachments/20150907/92173cba/attachment-0001.sig>
More information about the Tech
mailing list