Questions tagged [dsa]

The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186, adopted in 1993. A minor revision was issued in 1996 as FIPS 186-1. The standard was expanded further in 2000 as FIPS 186-2 and again in 2009 as FIPS 186-3.

558 questions

votes

2 answers

Signatures: RSA compared to ECDSA

I'm signing very small messages using RSA, and the signature and public key are added to every message, which requires a lot of space compared to the actual content. I'm considering switching to ECDSA, would this require less space with the same…

asked Jul 12 '12 at 19:37

Maestro

1,069
1
10
17

votes

3 answers

How does recovering the public key from an ECDSA signature work?

It is possible to recover the public key from an ECDSA signature values $(r,s)$? Please explain how this works.

elliptic-curves dsa

asked Jul 12 '14 at 21:56

Jan Moritz

votes

1 answer

ECDSA, EdDSA and ed25519 relationship / compatibility

I'm trying to understand the relationship between those three signature schemes (ECDSA, EdDSA, and ed25519) and mainly to what degree they are mutually compatible in the sense of key-pair derivation, signing, and signature verification. But I was…

elliptic-curves dsa ed25519 eddsa

asked Apr 15 '18 at 22:00

Rafael Korbas

votes

2 answers

HMAC vs ECDSA for JWT

I will be implementing JSON web tokens into my website and have a question about implementing them. I have a choice of using two algorithms, HMAC-SHA256 and ECDSA-SHA256. I have used HMAC-SHA256 in the past for jwt, but now I noticed ECDSA is being…

algorithm-design hmac dsa jwt

asked Nov 18 '15 at 18:48

user2924127

votes

4 answers

Can ECDSA signatures be safely made "deterministic"?

Using the terminology of the ECDSA Wikipedia page, ECDSA (and DSA) signatures require a random k value for each signature which ensures that the signature is different each time even if the message and key are the same. For some applications, a…

signature elliptic-curves dsa

asked Sep 29 '11 at 03:24

ByteCoin

votes

2 answers

ECDSA Compressed public key point back to uncompressed public key point

From the ECDH demo here, if I generate a private key for Alice I can get _ P = 1175846487558108474218546536054752289210804601041 Which gives the following public key point. X = 583857549063195252150226340830731484791130788759 Y =…

elliptic-curves dsa

asked Jun 28 '13 at 09:30

Ian Purton

votes

1 answer

How strong is the ECDSA algorithm?

Some cryptographic algorithms are as strong as the size of their key is, while other have some weaknesses that limit their strength (such as SHA-1). How strong is the ECDSA algorithm, and does that strength depend on anything (for example, the curve…

dsa key-size elliptic-curves

asked Apr 28 '12 at 22:14

ThePiachu

1,689
2
18
26

votes

2 answers

Using same keypair for Diffie-Hellman and signing

Are there any security risks using a single key-pair for both key-exchange and signing? I'm mainly interested in using Curve25519 for key-exchange and Ed25519 for signing. But similar combinations, such as EC-DH and EC-Schnorr or even EC-DSA with…

diffie-hellman dsa elliptic-curves schnorr-signature

asked Jul 17 '12 at 20:51

CodesInChaos

25,121
2
90
129

votes

2 answers

Difference between X25519 vs. Ed25519

I am reading https://en.wikipedia.org/wiki/Curve25519 and it states Also in 2018, RFC 8446 was published as the new Transport Layer Security v1.3 standard. It requires mandatory support for X25519, Ed25519, X448, and Ed448 algorithms.[24] I…

elliptic-curves dsa ed25519 x25519

asked Oct 08 '20 at 13:07

ams

votes

1 answer

Reasons for Chinese SM2 Digital Signature Algorithm

In the IETF RFC draft named "SM2 Digital Signature Algorithm" a signature algorithm is specified. The RFC does however not mention why this signature algorithm has been defined. Nor does it specify what the advantages of this scheme are over ECDSA.…

signature elliptic-curves dsa

asked Aug 22 '13 at 11:08

Maarten Bodewes

96,351
14
169
323

votes

1 answer

What is the difference between ECDSA and EdDSA?

As I understand it, both work with elliptic curves, but there seems to be a difference as EdDSA is generally recommended over ECDSA.

dsa eddsa

asked Jun 28 '18 at 19:50

Tartori

votes

2 answers

What is the intuition for ECDSA?

I understand DH and ElGamal and RSA encryption/signatures. But when I look at ECDSA (or plain DSA), it seems like the formulas are just pulled out of thin air. I can verify that the algebra used in the verification formula does in fact work out,…

signature dsa

asked Mar 10 '16 at 02:05

Fixee

4,258
3
26
39

votes

1 answer

How to provide secure "vanity" bitcoin address service?

Bitcoin addresses are RIPEMD-160 hashes of the public portion of a public/private ECDSA keypair (along with an abbreviated hash of the hash to provide a check code, as @pulpspy notes in a comment). They are generally base-58-encoded. See Address -…

dsa cryptocurrency ripemd

asked Jul 12 '11 at 19:38

nealmcb

votes

3 answers

Can deterministic ECDSA be protected against fault attacks?

In a paper by Barenghi and Pelosi, it was described that fault attacks could be used to derive the secret key when using deterministic ECDSA as described in RFC6979 by @Thomas_Pornin Deterministic (EC)DSA. The purpose of the attacker in this case…

public-key elliptic-curves dsa side-channel-attack fault-attack

asked Jul 18 '17 at 20:28

Yustack

votes

1 answer

How does the "biased-$k$ attack" on (EC)DSA work?

I recently stumbled across Thomas Pornin's old answer about deterministic (EC)DSA again. There he states the following: Note that $k$ must be generated uniformly in the $[1, q-1]$ range (where $q$ is the subgroup order). Any information on $k$,…

cryptanalysis dsa

asked Mar 11 '17 at 18:07

SEJPM

46,697
9
103
214

2 3

…

37 38 Next