[curves] Sig nonce generation

Jon Callas jon at callas.org
Sun Jul 27 19:39:13 PDT 2014

> The reason to include the message is that if the nonce repeats and the message does not, then you leak the secret key.  This only matters if you’re worried about the RNG repeating, but it seems like a valid concern.

Then there must be something I don't understand. This may very well be my underlying point -- if you throw lots of stuff together so that it's hard to understand, then you don't necessarily get something secure, you just get something hard to understand. 

I've been re-reading and it sounds like you're trying to design crypto that works even when the crypto is broken. I'm not sure that even makes sense.


More information about the Curves mailing list