Questions tagged [dsa]
The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186, adopted in 1993. A minor revision was issued in 1996 as FIPS 186-1. The standard was expanded further in 2000 as FIPS 186-2 and again in 2009 as FIPS 186-3.
535
questions
2
votes
1
answer
121
views
Is it possible to use abstract groups to generalize DSA, ECDSA and EdDSA signature creation and verification?
It is known, that
DSA algorithm is defined as:
Bob
Creates private $x$ and public $Y=G^x\bmod p$ keys, where $G$ - generator, $p$ - group prime order
Selects random value $k$ from $1
\le k\le q-1$
$...
- 77
2
votes
1
answer
60
views
What Digital Signature Methods are Suitable for Microcontrollers?
Given the constraints in terms of processing power, memory, and energy, what digital signature schemes are commonly used and efficient for Microcontrollers? I have come across RSA with low public ...
1
vote
0
answers
58
views
ECDSA biased nonce with biased middle bits
The paper "Biased nonce sense" (https://eprint.iacr.org/2019/023.pdf) covers key recovery for MSB and LSB, the latter case being handled by doing modular inverse of 2 to the power of the ...
- 11
1
vote
0
answers
65
views
Does unlimited signing oracle leak the private key?
I am writing a PC software that uses a type of USB dongle as licensing key. The dongle functions as a signing oracle and does nothing more:
Given any message $M$, it first pads $M$ to $PadM$, then ...
- 111
1
vote
1
answer
100
views
RFC6979: Can deterministic ecdsa signature diverge with same key and message?
As I understands, RFC6979 uses deterministic K which is generated by HMAC-SHA256(private_key, message). In this way, I guess if same key with same message, ecdsa signature generated would be always ...
- 35
1
vote
0
answers
100
views
Math of Hint usage in Dilithium
For Dilithium, I understand that
$$\text{HighBits}(\mathbf{Ay}) = \text{HighBits}(\mathbf{Ay} - c\mathbf{s_2}) = \text{HighBits}(A_z - c\mathbf{t})$$
The first term of the equation is performed on the ...
- 31
1
vote
1
answer
98
views
Is it possible to break a DSA with k that increases statically?
I am currently studying cryptography. I came across this problem:
I had an exercise that as a vulnerability had that k is generated every 10 seconds:
...
- 11
1
vote
0
answers
216
views
Need help with Cryptohack's ProSign 3 ECDSA problem [closed]
I'm trying to solve the CTF challenge called ProSign 3 at Cryptohack platform which involves exploiting an ECDSA signing service that allows us to sign a fixed message being padded with the time ... ...
2
votes
1
answer
87
views
Small subgroup attack when using a Schnorr group for DHKE
One uses a Schnorr group both for Schnorr signature (or DSA), and for Diffie-Hellman Key Exchange. They target 128-bit security, and choose prime $q$ that's 256-bit, prime $p=q\,r+1$ that's 3072-bit, ...
- 143k
1
vote
0
answers
56
views
Single ecdsa signature valid for two different messages
I have been reading Flaws in Applying Proof Methodologies to Signature Schemes and ran into a bit I do not understand.
In section 4.2 the authors describe a scheme where a malicious signer crafts a ...
1
vote
1
answer
81
views
How should I map E'(Fp6) --> E'(Fp) starting from Bitcoin public key coordinates(x,y)?
Let $p$ be the prime number 115792089237316195423570985008687907853269984665640564039457584007908834671663
and let $E$ and $E'$ be the curve equations
$$E(\mathbb ...
- 23
6
votes
2
answers
385
views
Blinding an ECDSA private key without learning the private key
I am looking at ways to blind an ECDSA signing key (and verification key respectively).
Looking at proposed solutions like the IETF KBSS draft, and the IETF ARKG draft it seems that the ECDSA key ...
- 121
1
vote
2
answers
71
views
App for Secure delivery of the gray images using AES, DH, DSA - Help in implemeting the system structure
I have this uni project that I have to implement in code:
"App for Secure delivery of the gray images, encryption-decryption with AES in OFB mode + secret key delivery using Merkle–Hellman ...
3
votes
0
answers
74
views
Is it fine to use ECDSA with edwards25519?
The elliptic.js library allows instantiating ECDSA with the edwards25519 curve.
I've rarely seen this combination in the wild. ...
- 655
0
votes
0
answers
29
views
P256 signature verification was succeed with 2 public key [duplicate]
I tried to recover public key from P256 signature.
With 2 recovery id ( 0, 1 ), signature makes 2 public key.
And I tried to verify signature with public key and verification was succeed all of 2 keys....
- 1