Mod operation while verifying an ECDSA signature with SECT233R1

Karthik B K

11/22/23, 5:54 AM

I'm trying to perform ECDSA verification in hardware. I'm using the SECT233R1 curve (NIST B-233). I have a question about the hash function used while doing so.

I want to use the SHA256 hash function while signing and verifying. In this case, the hash function will have a larger message length (256-bits) than the elliptic curve finite field element (233-bits).

I have the same question as this. Is it sufficient to operate on the lower 233-bits?

Thanks in advance!

1 + 0

elliptic-curves

sha-256

Score:0

Crypto

fgrieu

11/22/23, 6:19 AM

Is it sufficient to operate on the lower 233-bits (of the SHA-256 hash)?

No. That's not my reading of the de-facto reference: sec1v2's statement of ECDSA, section 5 (with the second case of section 5.2 applicable), combined with the endianness specification of SHA-256.

When signing per ECDSA with curve sect233r1 and SHA-256, one should keep the leftmost/first/high-order 233 bits of the SHA-256 hash, and consider this as an integer per big-endian convention.

That is keep the first 29 out of 32 bytes, and the high-order bit of the 30^th byte. That later bit will be the parity of the integer $e$ used in next steps.

+ 1

Karthik B K

11/22/23, 11:52 AM

Thanks for your answer!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Mod operation while verifying an ECDSA signature with SECT233R1

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.