search

openpgp-pqc / draft-ehlen-openpgp-nist-bp-comp

PQ/T composite schemes for OpenPGP using NIST and Brainpool domain parameters.
Other
0 stars 0 forks source link

Clarify that `ECDSA.Sign(ecdsaSecretKey, dataDigest)` does not involve a further hashing step #5

Closed falko-strenzke closed 2 months ago

falko-strenzke commented 2 months ago

Our document in the current state does not actually clearly define the ECDSA signature. It mentions

    (ecdsaSignatureR, ecdsaSignatureS) <- ECDSA.Sign(ecdsaSecretKey, dataDigest)

without saying what ECDSA.Sign() actually means. In my understanding is that this is raw signing and no further hash is calculated on dataDigest. But indeed that needs clarification in the document.

For NIST definition of ECDSA sign we should use: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf#page=33. We might also point to the BSI's specification in parallel: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03111/BSI-TR-03111_V-2-1_pdf.pdf?__blob=publicationFile&v=1#page=22

I would like to hear also Johannes judgement if what I say above about the hashing is correct.

@TJ-91

TJ-91 commented 2 months ago

I agree, and this needs to be clarified.