Reusing additional data k' nonce from RFC6979 ECDSA

Paul Miller

5/1/23, 6:29 PM

It is known that you must not reuse k in ECDSA; doing so will leak your private key. That's one of the reasons RFC6979 deterministic signatures were invented.

Now, RFC6979 sec 3.6 specifies a possibility of using additional data k' which would feed entropy to the deterministic scheme.

It suffices that the additional data k' is non-repeating (e.g., a signature counter or a monotonic clock) to ensure "random-looking" signatures are indistinguishable, in a cryptographic way, from plain (EC)DSA signatures.

Is reusing k' as bad as reusing k? E.g. could it lead to private key leak?

0 + 0

dsa

secp256k1

rfc6979

Score:2

Crypto

poncho

5/1/23, 6:37 PM

Is reusing k' as bad as reusing k? E.g. could it lead to private key leak?

No; reusing the same k' would cause the signature to be deterministic (that is, signing the same message twice would result in the same signature), but would have no other effect.

If so, why does the RFC state that k' should be nonrepeating?

Well, that section is all about 'variants that are NOT deterministic"; repeating k' would leak the data, but would also fail to achieve the nondeterministic property (which you would presumably interested in if you're looking at the 3.6 method).

0 + 0

Paul Miller

5/1/23, 6:51 PM

What about reusing `k'` for different messages?

poncho

5/1/23, 7:00 PM

There's no issue with that. You could use a fixed `k'` for all messages if you didn't care about determinism (however, that would appear to have no advantage over not using `k'` at all)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Reusing additional data k' nonce from RFC6979 ECDSA

TH: ใช้ข้อมูลเพิ่มเติม k' nonce จาก RFC6979 ECDSA ซ้ำ

RO: Reutilizarea datelor suplimentare k' nonce din RFC6979 ECDSA

RU: Повторное использование дополнительных данных k' nonce из RFC6979 ECDSA

VI: Sử dụng lại dữ liệu bổ sung k' nonce từ RFC6979 ECDSA

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.