search

status-im / nim-blscurve

Nim implementation of BLS signature scheme (Boneh-Lynn-Shacham) over Barreto-Lynn-Scott (BLS) curve BLS12-381
Apache License 2.0
26 stars 11 forks source link

Deterministic ECDSA signature #8

Closed mratsim closed 6 years ago

mratsim commented 6 years ago

cc @cheatfate

ECDSA is supposed to be deterministic but for some reason message signing in Milagro Crypto requires a Cryptographically secure RNG:

https://github.com/status-im/nim-milagro-crypto/blob/290f927865f9e575920dca5f415c58b554dbe92e/src/milagro_crypto/generated/ecdh_BLS381.h#L118-L142

So it seems like we are actually looking at ECDH.

mratsim commented 6 years ago

After reading https://www.maximintegrated.com/en/app-notes/index.mvp/id/5767 and the paragraph from Wikipedia:

Another way ECDSA signature may leak private keys is when k is generated by a faulty random number generator. Such a failure in random number generation caused users of Android Bitcoin Wallet to lose their funds in August 2013. To ensure that k is unique for each message one may bypass random number generation completely and generate deterministic signatures by deriving k from both the message and the private key.

there is a csprng-backed ECDSA signature (exported in Milagro) and a deterministic one that we must implement for our use-case.

See also the wiki: https://github.com/status-im/nim-milagro-crypto/wiki/Resources-&-TODO

mratsim commented 6 years ago

Done: https://github.com/status-im/nim-milagro-crypto/blob/6a67740a7df8e77447cdc2aa23eca68850680e6e/src/scheme1.nim#L447-L457