{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《Different signature for each elliptic curve signat》','https://www.manongdao.com/q-896939.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am using elliptic curve for generating signature. The issue is it generates a different signature every time with the same key pair. I tried the Bouncy Castle libraries as well as ECDsa. The signature get verified with both, but I want the same signature every time I use the same key pair.
What could possibly do to generate the same signature every time? Or is this not possible using elliptic curve?
No, standard DSA is non-deterministic, which for ECDSA means that it relies on a cryptographically secure random number generator (in step 3 in the description on Wikipedia, to be precise).
If a constant is used with different input then ECDSA will leak the private key. This is what happened to the Sony private key used to sign games, which was cracked by the German Chaos Computer Club (but only at page 122!). Of course, ECDSA cannot tell if the same data is used or not.
There is a deterministic way of generating ECDSA signatures specified in RFC 6979, " Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)".
You can do this using the following Bouncy Castle code in C#:
which apparently is used for blockchain technology such as bitcoin.