RFC 6979
E831965
RFC 6979 is an IETF standard that defines a deterministic method for generating nonces in digital signature algorithms like ECDSA to improve security and reproducibility.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| Deterministic ECDSA | 1 |
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
IETF Request for Comments
ⓘ
technical standard ⓘ |
| addresses |
nonce generation in digital signature algorithms
ⓘ
vulnerabilities due to poor randomness in nonces ⓘ |
| aimsTo |
eliminate dependence on random number generators for nonces
ⓘ
improve reproducibility of digital signatures ⓘ improve security of digital signatures ⓘ |
| appliesTo |
DSA
NERFINISHED
ⓘ
EC-DSA-style signature schemes ⓘ ECDSA NERFINISHED ⓘ |
| area | Security ⓘ |
| author | Thomas Pornin NERFINISHED ⓘ |
| authorName | Thomas Pornin NERFINISHED ⓘ |
| basedOn | FIPS 186-4 Digital Signature Standard concepts NERFINISHED ⓘ |
| category | Informational ⓘ |
| compatibleWith |
existing DSA implementations
ⓘ
existing ECDSA implementations ⓘ |
| defines |
deterministic nonce generation for DSA
ⓘ
deterministic nonce generation for ECDSA ⓘ deterministic usage of DSA ⓘ deterministic usage of ECDSA ⓘ |
| documentType | RFC NERFINISHED ⓘ |
| ensures |
nonces are unpredictable to adversaries without the private key
ⓘ
same message and key produce same nonce ⓘ |
| focusesOn |
cryptographic nonce generation
ⓘ
digital signatures ⓘ |
| language | English ⓘ |
| motivatedBy |
attacks exploiting biased or repeated nonces
ⓘ
failures of random number generators in signature implementations ⓘ |
| number | 6979 ⓘ |
| obsoletedBy | none ⓘ |
| obsoletes | none ⓘ |
| publicationDate | 2013-08 ⓘ |
| publishedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
Internet Engineering Task Force ⓘ |
| publishedYear | 2013 ⓘ |
| securityProperty |
prevents private key leakage from nonce reuse
ⓘ
resistance to bad randomness in nonce generation ⓘ |
| series | Request for Comments NERFINISHED ⓘ |
| specifies | algorithm for computing deterministic k (nonce) from private key and message hash ⓘ |
| standardizedBy | Internet Engineering Task Force NERFINISHED ⓘ |
| status | Informational RFC ⓘ |
| title | Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) NERFINISHED ⓘ |
| usedIn |
TLS and other security protocols implementations
ⓘ
blockchain and cryptocurrency software ⓘ cryptographic libraries ⓘ |
| uses |
HMAC-based deterministic random bit generation
ⓘ
HMAC_DRBG NERFINISHED ⓘ |
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
Deterministic ECDSA