Category: RSA-based signatures
Algorithms for solving special cases of ECDLP – Elliptic Curves
8.4.2 Algorithms for solving special cases of ECDLP Because of their mathematical properties, some elliptic curves allow you to take shortcuts when solving ECDLP. In 1991, mathematicians Alfred Menezes, Scott Vanstone, and Tatsuaki Okamoto published an algorithm that reduces ECDLP to a DLP in the multiplicative group of a finite field. They showed that for…
Explore MoreSecure elliptic curves: security engineering perspective – Elliptic Curves
8.4.5 Secure elliptic curves: security engineering perspective As illustrated by the Dual_EC_DRBG example, the mathematical perspective on the security of elliptic curves is not sufficient. As cryptographers Dan Bernstein and Tanja Lange explain in their SafeCurves initiative [22], preventing backdoors in cryptographic mechanisms based on elliptic curves requires rigidity. Rigidity refers to a curve generation…
Explore MoreCurve 448 – Elliptic Curves
8.5.5 Curve 448 Curve 448 is also defined in RFC 7748 where it is referred to as curve448. It was proposed in 2015 by the American computer scientist and cryptographer Mike Hamburg [79] for inclusion in TLS, in order to equip the TLS standard with a cryptographically strong curve alongside curve25519. curve448 is named after…
Explore MoreExample: ECDH with curve x25519 – Elliptic Curves
8.5.8 Example: ECDH with curve x25519 RFC 7748 [86] specifies how Alice and Bob must perform ECDH using curve 25519. The protocol is illustrated in Figure 8.12 and we will follow the notation in RFC 7748 in case you want to look into that standard for more detailed information. Figure 8.12: ECDHE with curve 25519…
Explore MoreDigital signatures based on discrete logarithms 2 – Digital Signatures
To generate her signing key, Alice performs the following steps: To sign a message m, Alice takes the following steps: 3. Finally, Alice finds an integer s such that or equivalently, Her signature is the pair sigAlice(m) = (r,s). She sends (m,sigAlice(m)) = (m,(r,s)) to Bob. To verify Alice’s signature, Bob first obtains an authentic…
Explore MoreDigital signatures based on discrete logarithms – Digital Signatures
9.3 Digital signatures based on discrete logarithms Other than for RSA signatures, we cannot create a signature based on discrete logarithms simply by encrypting the message m with a private key. This is because in the Diffie-Hellman protocol, we only agree on a shared secret between Alice and Bob. In the ElGamal scheme, Alice uses…
Explore MoreDigital signatures in TLS 1.3 – Digital Signatures
9.4 Digital signatures in TLS 1.3 To agree upon the signature algorithms they want to use during their TLS session, Alice and Bob use two TLS 1.3 extensions. The algorithms for verifying digital signatures in certificates – a topic we will cover in detail in Chapter 10, Digital Certificates and Certification Authorities – are transmitted…
Explore MoreRSASSA-PSS algorithms – Digital Signatures
9.4.2 RSASSA-PSS algorithms The TLS 1.3 SignatureScheme data structure defines two types of RSASSA-PSS algorithms: algorithms with public key OID rsaEncryption and algorithms with public key OID RSASSA-PSS. An Object Identifier (OID) is a unique number standardized by the International Telecommunication Union (ITU) and ISO/IEC to globally and unambiguously identify an object, attribute, or concept.…
Explore MoreECDSA algorithms – Digital Signatures
9.4.3 ECDSA algorithms The ECDSA algorithms ecdsa˙secp256r1˙sha256, ecdsa˙secp384r1˙sha384 as well as ecdsa˙secp521r1˙sha512 are defined in the American National Standards Institute (ANSI) X9.62 standard [6]. The corresponding elliptic curves are defined in the ANSI X9.62 and FIPS 186-4 [128] standards, and the hash functions are defined in the FIPS 180-4 standard [129]. We already learned how…
Explore MoreEdDSA algorithms – Digital Signatures
9.4.4 EdDSA algorithms The ed25519 and ed448 algorithms are instantiations of the Edwards-Curve Digital Signature Algorithm (EdDSA) with the elliptic curves edwards25519 and edwards448, respectively. The algorithms are defined in RFC 8032 Edwards-Curve Digital Signature Algorithm (EdDSA). The ed25519 algorithm offers roughly 128-bit security. This is in line with the security level recommended by common…
Explore More