gnunet-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECDSA attack


From: Martin Schanzenbach
Subject: Re: ECDSA attack
Date: Wed, 08 Mar 2023 12:52:41 +0000

No it is not because as they note in the paper:

" Deterministic variants (e.g. deterministic ECDSA
and EdDSA [25]) make use of cryptographic hash functions to generate the
nonces and are thus inherently resistant to the attacks described here."

We use deterministic ECDSA exclusively (afaik). So unless the hash algo is 
broken, we are
fine.
For some reason (my guess is ignorance), bitcoin uses the
non-deterministic ECDSA variant.
Why is that a bad idea? Well because of this (and the simpler attack
where you re-use the nonce).

BR
Martin

Bernd Fix <brf@hoi-polloi.org> writes:

> Hi,
>
> reading a recent paper (https://eprint.iacr.org/2023/305) I wonder if 
> this has any impact on GNUnet - especially GNS, which uses ECDSA 
> signatures for PKEY-signed payloads. Do we need to phase out PKEYs and 
> replace them with EDKEYs in the future?
>
> Cheers, Bernd.

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]