Deterministic signing #26

issue celil-kj openend this issue on June 6, 2014
  1. celil-kj commented at 5:39 pm on June 6, 2014: none
    Does signing a messge using secp256k1_ecdsa_sign in this library require a random number generator? Are there any plans to implement RFC 6979 which describes a scheme that would make the signing process completeley determinisitc? That would make the library useful for signing messages on embedded systems where there isn’t sufficient entropy such as the recently released trezor.
  2. sipa commented at 1:13 am on June 12, 2014: contributor

    You pass the signing secret nonce in as a parameter. You can either generate it randomly (which requires a good RNG), or you can use RFC 6979 yourself to come up with it. The current API is just too low-level to say it implements or doesn’t implement it - it depends on how you use it.

    I do plan on implementing a slightly higher level API, where you pass in function pointers for generating randomness, and hashing. In that setting, we could have natively implemented RFC 6979.

  3. sipa commented at 11:07 pm on June 15, 2014: contributor
    This is probably a part of #4.
  4. sipa closed this on Jun 15, 2014

  5. sipa cross-referenced this on Jun 15, 2014 from issue Add a high-level API by sipa


celil-kj sipa


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 20:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me