Bitcoin Forum
November 09, 2024, 10:51:31 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: For Crypto Experts: Removing random numbers from the mix?  (Read 645 times)
westkybitcoins (OP)
Legendary
*
Offline Offline

Activity: 980
Merit: 1004

Firstbits: Compromised. Thanks, Android!


View Profile
October 28, 2013, 10:47:02 PM
 #1

Arstechnica had an interesting article, a basic primer on ECC.

http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

In the comments, someone made a statement that I found surprising, considering it seems like a no-brainer.


Quote from: makomk
Quote
The ECDSA digital signature has a drawback compared to RSA in that it requires a good source of entropy. Without proper randomness, the private key could be revealed.

Interestingly enough, this doesn't have to be the case. While traditional ECDSA does rely on a good source of randomness it's possible to modify it so that signing is entirely deterministic, yet it's still secure and the resulting signatures are still accepted by all existing ECDSA implementation. Loosely speaking, the trick is to hash the private key and the message hash being signed together with something like SHA-256 and use the result as k instead of a random value (I'm omitting some important details).

This is generally believed secure because it's unlikely two distinct signatures will have the same k, and it shouldn't be possible for an attacker to use the way k is generated to guess it unless they already know the target's private key anyway.

Is this possible to implement into Bitcoin? Would it work? Can we actually leave behind reliance on random numbers, and by relying more on fewer algorithms (SHA-256 in particular here) reduce potential problem spots?... or is there some problem with this method that the poster wasn't aware of?

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
riplin
Member
**
Offline Offline

Activity: 116
Merit: 10


View Profile
October 28, 2013, 11:12:12 PM
 #2

IIRC, this is already being done:

https://bitcointalk.org/index.php?topic=285142.0
stevenh512
Full Member
***
Offline Offline

Activity: 137
Merit: 100



View Profile
October 29, 2013, 05:12:32 AM
 #3

It isn't released yet, but Electrum 1.9 will support RFC 6979 deterministic signatures and BIP32 deterministic wallets. The only thing it'll rely on random numbers for is the initial seeding of a new wallet.

Hopefully most other Bitcoin wallets (especially the ones for mobile devices) will take the same approach, it's safer than relying on random number generators that might not be strong enough for cryptographic use.

This signature intentionally left blank.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!