Bitcoin Forum
September 23, 2018, 01:17:23 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: NBitcoin : Deterministic ECDSA Signature + full test suite of RFC  (Read 961 times)
Nicolas Dorier
Hero Member
*****
Offline Offline

Activity: 700
Merit: 501


View Profile
June 17, 2014, 07:26:49 PM
 #1

I did not release that in public packages of NBitcoin yet, but I just implemented deterministic signature from http://tools.ietf.org/html/rfc6979
This allow to protect your users against any weak rng that would create the signature.

The code is coupled with BouncyCastle, so Java developers should easily translate it.
This is an adjusted version of the code present in the specification.
https://github.com/NicolasDorier/NBitcoin/blob/master/NBitcoin/Crypto/DeterministicECDSA.cs

The test suite tests all vectors from the specification.
It is separated into the test code https://github.com/NicolasDorier/NBitcoin/blob/master/NBitcoin.Tests/DeterministicSignatureTests.cs with test vector parser.
And the test data dump from the specification https://github.com/NicolasDorier/NBitcoin/blob/master/NBitcoin.Tests/data/determiniticECDSA.txt

Happy coding,

Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537708643
Hero Member
*
Offline Offline

Posts: 1537708643

View Profile Personal Message (Offline)

Ignore
1537708643
Reply with quote  #2

1537708643
Report to moderator
ganabb
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


View Profile
June 18, 2014, 05:27:57 AM
 #2

I'm not sure if ECDSA is somehow cryptographically better than RSA. Let me know your views.

Nicolas Dorier
Hero Member
*****
Offline Offline

Activity: 700
Merit: 501


View Profile
June 18, 2014, 03:00:51 PM
 #3

I'm not sure if ECDSA is somehow cryptographically better than RSA. Let me know your views.
For bitcoin I never asked such question. Bitcoin expects signature are ECDSA, you don't have any choice.
Whether RSA or ECDSA is better is a cryptography problem, such question is more suited for expert mathematician. (which I am not)

Economically speaking, I would say actors have more incentives to break RSA than ECDSA, because RSA is more used. But such claim comes only from personal observation and not backed by fact.

The weakness of ECDSA lies in the basic signature creation, the non-deterministic method.
The problem is that if people are using a RNG with poor entropy for the signature creation, the signature of any data will compromise their private key.
The point of http://tools.ietf.org/html/rfc6979 is too find a way to get deterministic signature that does not depends on an underlying, possibly rooted, RNG.


Bitcoin address 15sYbVpRh6dyWycZMwPdxJWD4xbfxReeHe
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!