iaik.security.ec.ecdsa

Class DeterministicSigning

java.lang.Object

iaik.security.ec.ecdsa.DeterministicSigning

All Implemented Interfaces:

AlgorithmParameterSpec

public final class DeterministicSigning
extends Object
implements AlgorithmParameterSpec

Algorithm parameter to enable deterministic ECDSA signing following RFC 6979. To enable deterministic signing create an instance of this class and then call Signature.setParameter(AlgorithmParameterSpec):

 Signature ecdsa = Signature.getInstance("...", ECCelerate.getInstance());
 ecdsa.setParameter(new DeterministicSigning());
 ecdsa.initSign(...);
 

Note that when using deterministic signing together with raw ECDSA signatures, the hash algorithm to used for building the PRNG to derive the ephemeral keys has to be specified explicitly.

References:

[1] T. Pornin, "Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)", https://tools.ietf.org/html/rfc6979

Author:

Sebastian Ramacher

Constructor Summary

Constructors

Constructor and Description
DeterministicSigning() Enable deterministic signing.
DeterministicSigning(iaik.asn1.structures.AlgorithmID hash) Enable/disable deterministic signing.
DeterministicSigning(iaik.asn1.structures.AlgorithmID hash, boolean enableDeterministic) Enable/disable deterministic signing.

Method Summary

Modifier and Type	Method and Description
static void	setECDSASignatureCheckEnabled(boolean enable) Decides whether to verify an ECDSA signature immediately after having been created.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DeterministicSigning

public DeterministicSigning(iaik.asn1.structures.AlgorithmID hash,
                            boolean enableDeterministic)

Enable/disable deterministic signing.

Parameters:

hash - hash algorithm to use for deterministic signing when using raw ECDSA signatures

enableDeterministic - flag indicating whether deterministic signing should be enabled

DeterministicSigning

public DeterministicSigning()

Enable deterministic signing.

DeterministicSigning

public DeterministicSigning(iaik.asn1.structures.AlgorithmID hash)

Enable/disable deterministic signing.

Parameters:

hash - hash algorithm to use for deterministic signing when using raw ECDSA signatures

Method Detail

setECDSASignatureCheckEnabled

public static void setECDSASignatureCheckEnabled(boolean enable)

Decides whether to verify an ECDSA signature immediately after having been created.

Verification of an ECDSA signature maybe appropriate as countermeasure against fault attacks on signatures (one that is correct and a second that has a fault) that are produced with the same nonce value. Verifying a signature immediately after creation may be appropriate especially when ECDSA is used in deterministic mode. For that reason this implementation by default verifies deterministic ECDSA signatures immediately after creation and (for performance reasons) does not verify non-deterministic ECDSA signatures.

An application can change the default behavior by either enabling automatic ECDSA signature verification for all (deterministic and non-deterministic) signatures (for the sake of security):

 ECCelerate.setECDSASignatureCheckEnabled(true);
 

or by disabling it for all (deterministic and non-deterministic) signatures (for the sake of performance):

 ECCelerate.setECDSASignatureCheckEnabled(false);
 

Parameters:

enable - true to verify any ECDSA signature immediately after creation, false to not verify any ECDSA signature immediately after creation