Elliptic Curve DSA - Signature Generation Algorithm

Signature Generation Algorithm

Parameter
q field size
FR the basis used
a, b field elements defining the point of the curve
DPS DomainParameterSeed, optional
G base point
n order of G
h cofactor

Suppose Alice wants to send a signed message to Bob. Initially, the curve parameters must be agreed upon. is the field size; is an indication of the basis used; and are two field elements that define the equation of the curve; is an optional bit string that is present if the elliptic curve was randomly generated in a verifiable fashion; is a base point of prime order on the curve (i.e., ); is the order of the point ; and is the cofactor (which is equal to the order of the curve divided by ).

Also, Alice must have a key pair suitable for elliptic curve cryptography, consisting of a private key (a randomly selected integer in the interval ) and a public key (where ). Let be the bit length of the group order .

For Alice to sign a message, she follows these steps:

  1. Calculate, where HASH is a cryptographic hash function, such as SHA-1, and let be the leftmost bits of .
  2. Select a random integer from .
  3. Calculate, where . If, go back to step 2.
  4. Calculate . If, go back to step 2.
  5. The signature is the pair .

When computing, the string resulting from shall be converted to an integer. Note that can be greater than but not longer.

It is crucial to select different for different signatures, otherwise the equation in step 4 can be solved for, the private key: Given two signatures and, employing the same unknown for different known messages and, an attacker can calculate and, and since (all operations in this paragraph are done modulo ) the attacker can find . Since, the attacker can now calculate the private key . This cryptographic failure was used, for example, to extract the signing key used in the PlayStation 3 gaming console.

Read more about this topic:  Elliptic Curve DSA

Famous quotes containing the words signature and/or generation:

    The childless experts on child raising also bring tears of laughter to my eyes when they say, “I love children because they’re so honest.” There is not an agent in the CIA or the KGB who knows how to conceal the theft of food, how to fake being asleep, or how to forge a parent’s signature like a child.
    Bill Cosby (20th century)

    Women born at the turn of the century have been conditioned not to speak openly of their wedding nights. Of other nights in bed with other men they speak not at all. Today a woman having bedded with a great general feels free to tell us that in bed the general could not present arms. Women of my generation would have spared the great general the revelation of this failure.
    Jessamyn West (1907–1984)