[noise] Thoughts on semi-deterministic encryption
moore at eds.org
Wed Aug 27 15:12:11 PDT 2014
On Wed, Aug 27, 2014 at 11:05 AM, Tony Arcieri <bascule at gmail.com> wrote:
> On Tue, Aug 26, 2014 at 9:43 PM, Jonathan Moore <moore at eds.org> wrote:
>> I can imagine a few, but in practice the our down fall often due to the
>> ones we don't imagine. After this paper:
>> and this paper:
> These papers are both about bad random numbers being used for key
> generation. There's little to be done if you have a bad entropy source for
> generating keys.
Two things the errors in the bitcoin cases were do to nonce reuse. What the
research actually did is look for reused r, where r is derived from the
nonce and private key, values in the dsa signatures. I know that some of
the reuse was explicitly due to bad counter implementation. Others are
knows to be due to the bad android RNG.
> Why not protect against these possible flaws? And even more so why not at
>> least discuss mitigation possibilities?
> Combining the time and some random data or a counter and some random data
> should prevent nonce reuse, at least within the granularity of your
> counting scheme, in the event that the data coming out of the RNG repeats.
Why would you refer to my scheme as counting?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Noise