Add an algorithm identifier to the nonce generation for ECDSA signatures
ClosedPublic
Actions

Authored by Fabien on Dec 15 2018, 13:21.

Details

Reviewers

Group Reviewers

Restricted Project

Commits

rSTAGING5801452e54b1: Add an algorithm identifier to the nonce generation for ECDSA signatures
rABC5801452e54b1: Add an algorithm identifier to the nonce generation for ECDSA signatures

Summary

Adding an algorithm dependent identifier to the nonce seed ensures that
no information can be retrieved when signing with the same key and
different algorithms.

Test Plan

make check

Diff Detail

Repository

rABC Bitcoin ABC

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

Fabien created this revision.Dec 15 2018, 13:21

Herald added a reviewer: Restricted Project. · View Herald TranscriptDec 15 2018, 13:21

Herald added a reviewer: deadalnix. · View Herald Transcript

Herald added a subscriber: schancel. · View Herald Transcript

Build Bitcoin-ABC / Diffs / Bitcoin-ABC Diff Testing started.

Build Bitcoin-ABC / Diffs / Bitcoin-ABC Diff Testing passed.

Harbormaster completed remote builds in B4314: Diff 6344.Dec 15 2018, 13:32

deadalnix requested changes to this revision.Dec 20 2018, 10:29

deadalnix added inline comments.

src/secp256k1/src/ecdsa.h
16 ↗	(On Diff #6344)	Move to main_impl.h There are also no reason to use the same for different algorithms. Using different values for k is never a problem, but reusing values for k can reveal the private key.
src/secp256k1/src/modules/recovery/main_impl.h
145 ↗	(On Diff #6344)	ECDSA+DER
src/secp256k1/src/secp256k1.c
369 ↗	(On Diff #6344)	ECDSA+Recovery