Cryptography Reference
In-Depth Information
2. For the security reasons already mentioned in relation with the ephemeral key,
it is important that the function
DSASign
uses a freshly generated random seed
each time it is used.
We next give the function that implements the ECDSA verification algorithm.
The input parameters are the same as in
ECDSASign
except that
privatekey
is
replaced by
publickey
,
seed
is no longer required, and there is a new parameter
signature
, used to specify the signature pair. The output of the function is either
"Valid"
, if the signature is accepted, or
"Invalid"
otherwise.
> ECDSAVer := proc(domain::list, publickey::list, message::string, signature::list,
{messagetype::identical(hex, text) := hex, H::name := 'SHA256'})
local dom, Q, sig, r, s, p, a, b, G, n, E, w, e, u1, u2, R;
dom := stringposint
∼∼
(domain);
Q := stringposint
∼
(publickey);
sig := stringposint
∼
(signature);
r := sig[1]; s := sig[2];
p := dom[1]; a := dom[2]; b := dom[3]; G := dom[4]; n := dom[5];
E := EllipticCurve(a, b, p);
ifr=0ors=0orn<=rorn<=sthen
error "invalid signature"
end if;
w := sˆ(-1) mod n;
e := OS2IP(H(message, messagetype));
u1 := e*w mod n;
u2 := r*w mod n;
R := EllipticAdd(EllipticMult(u1, G, E), EllipticMult(u2, Q, E), E);
if R <> 0 and evalb(R[1] mod n = r) then
"Valid"
else
"Invalid"
end if
end proc:
Exercise 11.27
Modify the functions
ECDSASign
and
ECDSAVer
so that they are
able to accept values of
n
whose length is less than the output length of the hash
function used (see the remarks after
ECDSASign
).
Exercise 11.28
Write a Maple function that tests the functions
ECDSASign
and
ECDSAVer
by generating pseudo-random strings and, given valid domain parame-
ters, compute signatures for these messages and verify them.
Example 11.27
We use ECDSA to sign and verify a couple of messages in different
formats. Consider the messages:
> m1 := "This is a message to test ECDSA signatures":
m2 := "0123456789abcdefedcba98765432101":
We are going to use the EC domain parameters
dp256
of Example 11.25 and
the key pair
eckey
generated in Example 11.26. To sign each message we need a
randomly generated seed and we will use the following:
> snseed1 := "c34070a96e17de75ad3dd5a6d7945996":
snseed2 := "36a56ab2e6eedf6a0781863af96fff7c":