Bitcoin Forum
May 23, 2022, 02:55:09 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
   Home   Help Search Login Register More  
Pages: [1]
Author Topic: Secret keys could be memorizable  (Read 1778 times)
Full Member
Offline Offline

Activity: 168
Merit: 101

View Profile
July 01, 2011, 08:23:10 AM
Last edit: July 01, 2011, 09:33:41 AM by bcearl

CAUTION: Don't understand this as a tutorial. You should not use any of this ideas for important key generation! This may affect security in the very core, because the security of ECDSA is based on the assumption that each possible key is as likely as any other!

This thread is meant as an idea for a techie and crypto-geek discussion.

Why generate random ECDSA private keys and encrypt them with AES then using weaker passwords?

In principle it should be possible to use the password directly as private key. How?

You have the eliptic curve, and the generator element A. You chose a password p and calculate q = (pA). p is not easy to calculate from q (discrete logarithm on eliptic curves), that's the basis of the whole ECDSA system.

New weaknisses:
- you can brute force private keys (e.g. via dictionary attacks) now and test whether they imply the known public key

Possible advantages:
- brute forcing private keys may be harder than brute forcing AES (or other) file encryption

What do you think? I got this idea a few minutes ago, there may be flaws I just didn't see yet.

Misspelling protects against dictionary attacks NOT
Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!