Paper 2009/620

Security of ECQV-Certified ECDSA Against Passive Adversaries

Daniel R. L. Brown, Matthew J. Campagna, and Scott A. Vanstone


We show that the elliptic curve Qu-Vanstone implicit certificate scheme (ECQV), when composed with the Elliptic Curve Digital Signature Algorithm (ECDSA), is secure against passive adversaries under the combined assumption of the random oracle model and the generic group model,---if the ECQV certificate itself is excluded from the signable message space, because of an attack of Kravitz. In contrast, we detail an attack on the composition of another implicit certificate scheme, proposed by Pintsov and Vanstone for Optimal Mail Certificates (OMC), and ECDSA. This composition attack forges an implicitly certified ECDSA signature, and is passive in the sense of needing no interaction with the signer or the certification authority. (Pintsov and Vanstone did not propose combining OMC with ECDSA.)

Note: Corrections to address an attack by David Kravitz. (Further correction to eprint version of abstract.)

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
digital signatureselliptic curve cryptosystemECDSAcertificatescomposition
Contact author(s)
dbrown @ certicom com
2011-03-09: last of 3 revisions
2009-12-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel R.  L.  Brown and Matthew J.  Campagna and Scott A.  Vanstone},
      title = {Security of ECQV-Certified ECDSA Against Passive Adversaries},
      howpublished = {Cryptology ePrint Archive, Paper 2009/620},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.