yet another tiny feature: deterministic ECDSA

[Christian Grothoff]

On 04/12/2013 01:58 PM, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
>> No, that's insufficient as the encrypted message must be verifiable for
>> intermediaries that do
>> not have access to the key, so public key crypto is required.
>>
> Then sign in top of it. Thing is any non-randomness in DSA parameters,
> no matter how small, is exploitable
I believe a 'k' value derived via cryptographic hash (of data that the 
adversary
does not have) function will be sufficiently random. After all, the 
*secret* 'd'
is derived by the same method in our application.

Signing on top of it doesn't help, as I want identical binary output --- 
if two
users share the same file (or file meta data in this case), the 
resulting data
in the database should also be identical so that I can detect duplicates.

-Christian