Closed ryanxcharles closed 9 years ago
:+1:
+1
Should be relatively easy to port from bitcoinjs (provided they actually have a correct RFC6979 implementation)
:+1:
@martindale Maybe it's time?
elliptic.js ecdsa, which is the crypto for v0.8, supports a deterministic k (RFC6979) exclusively, we should probably use it. However, in the RFC it states "This document is not an Internet Standards Track specification; it is published for informational purposes." Thus if there is a high-quality randomness available, we should likely default to it?
I think we should default to deterministic k. As greg maxwell states on the linked thread, bitcoin private keys have been revealed due to bad randomness several times in the past (one very recently, by the bc.i wallet, and I remember that Android had a similar problem). It's very hard to secure DSA if you rely on randomness, especially because on most platforms you don't control the source of randomness, you rely on the operating system, which may be broken.
please add tests that assert specific signatures for some transactions and private keys before closing this issue
Backported from @ryanxcharles' fullnode, tests for deterministic signatures already in place. Closing
See: https://github.com/bitpay/bitcore/pull/309#issuecomment-41955087