On 08/14/2011 10:06 PM, Niels Möller wrote:
Nikos Mavrogiannopoulos nmav@gnutls.org writes:
Indeed but they are not limited to a particular digest. Any hash can be used.
And the hash algorithm is not encoded into the signature process (copmare to rsa pkcs#1 signatures)? I have to read up on how these ecc signatures are done. I think a comment said that it was analogous to dsa, but dsa is tied quite hard to a particular hash function (and the digest size should also match the size of the subgroup where the group operations take place).
ECDSA is very similar to DSA. Specific hash functions are used for specific curves, but it always depends on the profile. E.g. rfc5480 has a table with the allowed combinations and a table with the recommended combinations.
Unfortunately DSA (and ECDSA) require a profile, or are practically unimplementable.
I've never seen multiplication being used to describe this operation (either in cryptography or pure mathematics).
I think the group operation of an arbitrary group is usually written as a multiplication in abstract algebra textbooks. E.g., Herstein's Topics in Algebra. Maybe the reason for this tradition is that it is natural when group elements are functions (in particular, permutations), and the group operation is composition (but then Herstein has an unusual convention for the argument order of compositions...). Do I understand you correctly that the group operations is usually written as an addition in the context of elliptic curves?
You always can avoid the term addition by using the generic term group operation or so. I've also seen the dot notation to describe operations in a group, but I've rarely seen the actual term multiplication. Note however that here you also have the "scalar multiplication", so if you use this term, addition would be the appropriate for the group operation.
regards, Nikos