Hi Jean-Pierre, Thanks for your reply.I looked at the code and I would say that depending on the definition of NDEBUG it's either possible to have zeros for 'r' and 's' or the program aborts. I'm not an expert on this subject but can a "good" PRNG by itself prevent 'r' and 's' from being zero independently of the contents of the message being signed?
Best regards, Dinis segunda-feira, 18 de Maio de 2015 às 22:02:07 UTC+1, jean-pierre.muench escreveu: > > Hey Dinis, > > I just re-read the specification on wikipedia and it explicitly excluded r > and s from being zero. (because it would be a security threat) > Hence it should be the case that r or s being zero will never happen and > will trigger a re-choice of k. > > Well I just re-looked into the code and it looks like Wei Dai decided to > go a different route and just assume that this will never happen with a > "good" PRNG and hence just trigger an assertion error. > > You can verify yourself in the class DL_Algorithm_GDSA<>::Sign() in the > file gfpcrypt.h . The ECDSA implementation is an EC-instantiation of this, > as can be read in eccrypto.h from the following line > > class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA<typename EC::Point> > > > BR > > JPM > > Am 18.05.2015 um 12:05 schrieb Dinis Paes: > > Hi all, > > Is it possible for crypto++ to generate an ECDSA signature where either > 'r' or 's' are zero or does it try again with a different 'k' if any of > those values is zero? > I apologize if this question was asked before but I couldn't find it in > the forum. > > I'm using: > crypto++ 5.6.2 > Linux 2.6.32-431.29.2.el6.x86_64 > gcc 4.8.2 > > Thanks for your help, > > Dinis > -- > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to [email protected] > <javascript:>. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google Groups > "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > > -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
