Score:0

Why does RFC 6979 need so many loops?

se flag

I recently started reading RFC 6979. I'm curious why it needs so many loops.

This post asks a similar question: "RFC 6979 - Why not simply hash the message & the private key for deterministic ECDSA?", but my doubts are still unanswered.

Why can't the $k$ used in ECDSA be just like $k = SHA256(sk + HASH(m))$ ?

Is it just because HMAC_DRBG has a better security proof ?

Score:2
si flag

The existing security proofs for DSA and ECDSA require k to be chosen uniformly at random. HMAC_DRBGB is already an approved CSPRNG for use in either signature scheme. So this just changes the instantiation and entropy source, making it a minimal change for existing implementations to add. See section 3.5, "Rationale"

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.