Different signature for each elliptic curve signat

2019-07-24 06:46发布

问题:

I am using elliptic curve for generating signature. The issue is it generates a different signature every time with the same key pair. I tried the Bouncy Castle libraries as well as ECDsa. The signature get verified with both, but I want the same signature every time I use the same key pair.

What could possibly do to generate the same signature every time? Or is this not possible using elliptic curve?

回答1:

No, standard DSA is non-deterministic, which for ECDSA means that it relies on a cryptographically secure random number generator (in step 3 in the description on Wikipedia, to be precise).

If a constant is used with different input then ECDSA will leak the private key. This is what happened to the Sony private key used to sign games, which was cracked by the German Chaos Computer Club (but only at page 122!). Of course, ECDSA cannot tell if the same data is used or not.

There is a deterministic way of generating ECDSA signatures specified in RFC 6979, " Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)".

You can do this using the following Bouncy Castle code in C#:

ECDsaSigner signer = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest()));

which apparently is used for blockchain technology such as bitcoin.