Cryptography Reference
In-Depth Information
2. For the security reasons already mentioned in relation with the ephemeral key,
it is important that the function DSASign uses a freshly generated random seed
each time it is used.
We next give the function that implements the ECDSA verification algorithm.
The input parameters are the same as in ECDSASign except that privatekey is
replaced by publickey , seed is no longer required, and there is a new parameter
signature , used to specify the signature pair. The output of the function is either
"Valid" , if the signature is accepted, or "Invalid" otherwise.
> ECDSAVer := proc(domain::list, publickey::list, message::string, signature::list,
{messagetype::identical(hex, text) := hex, H::name := 'SHA256'})
local dom, Q, sig, r, s, p, a, b, G, n, E, w, e, u1, u2, R;
dom := stringposint ∼∼ (domain);
Q := stringposint (publickey);
sig := stringposint (signature);
r := sig[1]; s := sig[2];
p := dom[1]; a := dom[2]; b := dom[3]; G := dom[4]; n := dom[5];
E := EllipticCurve(a, b, p);
ifr=0ors=0orn<=rorn<=sthen
error "invalid signature"
end if;
w := sˆ(-1) mod n;
e := OS2IP(H(message, messagetype));
u1 := e*w mod n;
u2 := r*w mod n;
R := EllipticAdd(EllipticMult(u1, G, E), EllipticMult(u2, Q, E), E);
if R <> 0 and evalb(R[1] mod n = r) then
"Valid"
else
"Invalid"
end if
end proc:
Exercise 11.27 Modify the functions ECDSASign and ECDSAVer so that they are
able to accept values of n whose length is less than the output length of the hash
function used (see the remarks after ECDSASign ).
Exercise 11.28 Write a Maple function that tests the functions ECDSASign and
ECDSAVer by generating pseudo-random strings and, given valid domain parame-
ters, compute signatures for these messages and verify them.
Example 11.27 We use ECDSA to sign and verify a couple of messages in different
formats. Consider the messages:
> m1 := "This is a message to test ECDSA signatures":
m2 := "0123456789abcdefedcba98765432101":
We are going to use the EC domain parameters dp256 of Example 11.25 and
the key pair eckey generated in Example 11.26. To sign each message we need a
randomly generated seed and we will use the following:
> snseed1 := "c34070a96e17de75ad3dd5a6d7945996":
snseed2 := "36a56ab2e6eedf6a0781863af96fff7c":
Search WWH ::




Custom Search