I just became aware of RFC 6979 "Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)" (Informational).
I think determinstic signatures are a good thing, and using the secret key also as a HMAC key to generate the random input is a natural idea. But then one could arrange the details in many different ways. Is the method in RFC 6979 a good way? After a quick reading, the steps c. and d. (Sec. 3.2) seems questionable; HMAC with a known constant key just seems more complicated than a simple hashing operation, and no more secure. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
