yet another tiny feature: deterministic ECDSA

Vladimir 'φ-coder/phcoder' Serbinenko phcoder at
Fri Apr 12 13:58:50 CEST 2013

On 12.04.2013 13:13, Christian Grothoff wrote:

> On 04/12/2013 01:06 PM, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
>>>> Why not just use a standard protocol? There are loads of standard
>>>> protocols for nearly every possible use.
>>> But not for what we're doing.  If you want to read up on the
>>> details, see
>> It sounds like you just need salted hash or HMAC if I understand the
>> algorithm
> No, that's insufficient as the encrypted message must be verifiable for
> intermediaries that do
> not have access to the key, so public key crypto is required.

Then sign in top of it. Thing is any non-randomness in DSA parameters,
no matter how small, is exploitable

> Christian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 294 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130412/ce2b3b35/attachment.sig>

More information about the Gcrypt-devel mailing list