NBitcoin : Deterministic ECDSA Signature + full test suite of RFC

[Nicolas Dorier]

I did not release that in public packages of NBitcoin yet, but I just implemented deterministic signature from http://tools.ietf.org/html/rfc6979
This allow to protect your users against any weak rng that would create the signature.

The code is coupled with BouncyCastle, so Java developers should easily translate it.
This is an adjusted version of the code present in the specification.
https://github.com/NicolasDorier/NBitcoin/blob/master/NBitcoin/Crypto/DeterministicECDSA.cs

The test suite tests all vectors from the specification.
It is separated into the test code https://github.com/NicolasDorier/NBitcoin/blob/master/NBitcoin.Tests/DeterministicSignatureTests.cs with test vector parser.
And the test data dump from the specification https://github.com/NicolasDorier/NBitcoin/blob/master/NBitcoin.Tests/data/determiniticECDSA.txt

Happy coding,

[ganabb]

I'm not sure if ECDSA is somehow cryptographically better than RSA. Let me know your views.

[Nicolas Dorier]

I'm not sure if ECDSA is somehow cryptographically better than RSA. Let me know your views.

For bitcoin I never asked such question. Bitcoin expects signature are ECDSA, you don't have any choice.
Whether RSA or ECDSA is better is a cryptography problem, such question is more suited for expert mathematician. (which I am not)

Economically speaking, I would say actors have more incentives to break RSA than ECDSA, because RSA is more used. But such claim comes only from personal observation and not backed by fact.

The weakness of ECDSA lies in the basic signature creation, the non-deterministic method.
The problem is that if people are using a RNG with poor entropy for the signature creation, the signature of any data will compromise their private key.
The point of http://tools.ietf.org/html/rfc6979 is too find a way to get deterministic signature that does not depends on an underlying, possibly rooted, RNG.