Paper 2009/620

Security of ECQV-Certified ECDSA Against Passive Adversaries

Daniel R. L. Brown, Matthew J. Campagna, and Scott A. Vanstone

Abstract

We show that the elliptic curve Qu-Vanstone implicit certificate scheme (ECQV), when composed with the Elliptic Curve Digital Signature Algorithm (ECDSA), is secure against passive adversaries under the combined assumption of the random oracle model and the generic group model,---if the ECQV certificate itself is excluded from the signable message space, because of an attack of Kravitz. In contrast, we detail an attack on the composition of another implicit certificate scheme, proposed by Pintsov and Vanstone for Optimal Mail Certificates (OMC), and ECDSA. This composition attack forges an implicitly certified ECDSA signature, and is passive in the sense of needing no interaction with the signer or the certification authority. (Pintsov and Vanstone did not propose combining OMC with ECDSA.)

Note: Corrections to address an attack by David Kravitz. (Further correction to eprint version of abstract.)

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
digital signatureselliptic curve cryptosystemECDSAcertificatescomposition
Contact author(s)
dbrown @ certicom com
History
2011-03-09: last of 3 revisions
2009-12-17: received
See all versions
Short URL
https://ia.cr/2009/620
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/620,
      author = {Daniel R.  L.  Brown and Matthew J.  Campagna and Scott A.  Vanstone},
      title = {Security of ECQV-Certified ECDSA Against Passive Adversaries},
      howpublished = {Cryptology ePrint Archive, Paper 2009/620},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/620}},
      url = {https://eprint.iacr.org/2009/620}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.