Deterministic DSA and ECDSA signatures

30 Jan 2014


      I just became aware of RFC 6979 "Deterministic Usage of the Digital
Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm
(ECDSA)" (Informational).
I think determinstic signatures are a good thing, and using the secret
key also as a HMAC key to generate the random input is a natural idea.
But then one could arrange the details in many different ways. Is the
method in RFC 6979 a good way?
After a quick reading, the steps c. and d. (Sec. 3.2) seems
questionable; HMAC with a known constant key just seems more complicated
than a simple hashing operation, and no more secure.
Regards,
/Niels
-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Deterministic DSA and ECDSA signatures