Cryptology ePrint Archive: Report 2009/620

Security of ECQV-Certified ECDSA Against Passive Adversaries

Daniel R. L. Brown and Matthew J. Campagna and Scott A. Vanstone

Abstract: We show that the elliptic curve Qu-Vanstone implicit certificate scheme (ECQV), when composed with the Elliptic Curve Digital Signature Algorithm (ECDSA), is secure against passive adversaries under the combined assumption of the random oracle model and the generic group model,---if the ECQV certificate itself is excluded from the signable message space, because of an attack of Kravitz. In contrast, we detail an attack on the composition of another implicit certificate scheme, proposed by Pintsov and Vanstone for Optimal Mail Certificates (OMC), and ECDSA. This composition attack forges an implicitly certified ECDSA signature, and is passive in the sense of needing no interaction with the signer or the certification authority. (Pintsov and Vanstone did not propose combining OMC with ECDSA.)

Category / Keywords: public-key cryptography / digital signatures, elliptic curve cryptosystem, ECDSA, certificates, composition

Date: received 16 Dec 2009, last revised 9 Mar 2011

Contact author: dbrown at certicom com

Available formats: PDF | BibTeX Citation

Note: Corrections to address an attack by David Kravitz. (Further correction to eprint version of abstract.)

Version: 20110309:191131 (All versions of this report)

Discussion forum: Show discussion | Start new discussion