[Cryptography] ElGamal, DSA randomness (was Re: Why prefer symmetric crypto over public key crypto?)

Perry E. Metzger perry at piermont.com
Sat Sep 7 20:09:24 EDT 2013


On Sat, 7 Sep 2013 10:05:22 -0400
"Jeffrey I. Schiller" <jis at mit.edu> wrote:
> Fragile public key systems (such as Elgamal and all of the variants
> of DSA) require randomness at signature time. The consequence for
> failure is catastrophic.

Note that such systems should at this point be using deterministic
methods (hashes of text + other data) to create the needed nonces. I
believe several such methods have been published and are considered
good, but are not well standardized. Certainly this eliminates a *very*
important source of fragility in such systems and should be universally
implemented.

References to such methods are solicited -- I'm operating without my
usual machine at the moment while its hard drive restores from backup.

Perry


More information about the cryptography mailing list