[openssl-users] ECDSA with random number

Viktor Dukhovni openssl-users at dukhovni.org
Thu May 7 15:17:40 UTC 2015


On Thu, May 07, 2015 at 10:28:49AM +0200, Piotr ?obacz wrote:

> According to the documentation of ECDSA uses RNG so it would be
> difficult to find out private key from signature but i want just to test
> my data to check if signature is being generated properly and I have'nt
> found any possible place where I would be able to pass random value. Any
> ideas?

To check that signatures are produced properly, verify the signature
by running the signature verification algorithm.  Unfortunately,
ECDSA does not easily admit determininistic test vectors.

The CFRG is discussing next negeration EC signature schemes right
now, and a consensus seems to be emerging around de-randomized
designs, where "k" is a pseudo-random function of the message and
a key-dependent secret.  Such a design admits test vectors.

-- 
	Viktor.


More information about the openssl-users mailing list