doc

https://www.rfc-editor.org/rfc/rfc8937.html

cryptographically secure” pseudorandom number generators (CSPRNGs) 的问题在于,熵值的强度。

naxos把随机数x用H(x, sk)处理一下作为random用,其中sk为sender的私钥。

借鉴naxos的思路,把H(x, sk)替换为签名操作Sig(sk, tag1),tag1/tag2固定,G(L)为原始random生成器,G'(n) = Expand(Extract(H(Sig(sk, tag1)), G(L)), tag2, n)

Sig(sk, tag1)的值可缓存,hsm接口兼容性好一点?!

issue

When private keys are public: results from the 2008 Debian OpenSSL vulnerability seed问题

Dual EC: A Standardized Back Door 算法问题



Published

10 February 2022

Categories

Tags


Share On