[PATCH] Truncate hash values for ECDSA signature scheme
dbaryshkov at gmail.com
Mon Dec 16 19:05:22 CET 2013
On Mon, Dec 16, 2013 at 9:03 PM, Werner Koch <wk at gnupg.org> wrote:
> On Mon, 16 Dec 2013 17:34, dbaryshkov at gmail.com said:
>> * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign, _gcry_ecc_ecdsa_verify):
>> as required by ECDSA scheme, truncate hash values to bitlength of
>> used curve.
> Please explain and name the specs. In particular I wonder about
> truncating the less significant bits.
I don't have access to specs (thanks ANSI), I'm still researching this topic.
Wikipedia slighlty mentions that: https://en.wikipedia.org/wiki/ECDSA
At least this is what other libraries do:
Note: we are truncating hash, so there should be no difference in truncating
LSB or MSB. Both should be equally distributed.
With best wishes
More information about the Gcrypt-devel