Questions tagged [signature]
Algorithms and protocols for creating signatures to documents, and verifying such signatures. These are normally asymmetric, for symmetric signatures see [mac].
1,524 questions
1
vote
1
answer
67
views
Is it secure to store only the aggregated BLS public key in a smart contract for signature verification?
I have a question regarding BLS signatures and aggregate signature verification in smart contracts.
Let’s say I have 3 honest signers, each with their own private key. They all sign the same message, ...
- 13
0
votes
0
answers
30
views
Is this hybrid encryption + signature scheme secure enough for storing small config files locally?
I'm working on a system where I need to securely store small local configuration files (like appsettings.json) that may contain secrets (API keys, tokens, etc.). ...
- 101
1
vote
1
answer
64
views
Why is digital signature in ECDSA using (r, s) instead of (r, s_inverse)? [duplicate]
In ECDSA, there are two main components: the public key p and the private key d
p = d * G
...
3
votes
1
answer
83
views
Speed difference between SLH-DSA Fast and SLH-DSA Small
I was wondering if someone has experimental values concerning the speed difference between the two SLH-DSA versions "Fast" and "Small", in each security category.
Thanks for your ...
- 33
2
votes
0
answers
56
views
Can a valid Schnorr signature be used to create a signature for another key?
Given any number of signatures for the messages you choose, is it possible to construct a valid signature for another key that is somehow related to the first one?
Let $P$ be the initial public key ...
- 107
1
vote
1
answer
120
views
What are the other cases of nonce reuse in ECDSA?
We do know about the common case or vulnerability of the nonce reuse in two signatures of an address transaction which leads to calculation of $k$ and retrieval of the private key. Apart from that ...
- 15
0
votes
0
answers
39
views
Compatibility between Python/cryptography DSA signature verification and Openssl
Sorry if my question is not fully related to the mailing list.
I'd like to show the interoperability between openssl 3.4.1 and ...
10
votes
1
answer
486
views
Signature schemes secure against re-signing
A signature scheme is secure against re-signing when knowledge of signature(s) of some unknown message under some honestly drawn key pair(s) with their public key(s) public does not allow ...
- 148k
1
vote
0
answers
31
views
deterministic threshold signatures
I would like to know if it is possible to make threshold signing of many transactions, but one for each address? i.e. - some application that generates a new address (public key) each time and then ...
- 107
3
votes
1
answer
176
views
Multiplication in ML-DSA
I am trying to understand ML-DSA PQC and the cs1 multiplication done in ML-DSA-44 signature generation
Printed value of s1 after unpacking and get the values(for s1....
- 83
2
votes
0
answers
55
views
Verifying a signature without keys
My project requires me to develop a cryptographic system. I'm in need of some help since I'm a novice at this.
I have a secret key and I want to create:
$$ \sigma_a = sk_a(m)$$
Is there a function ...
- 21
2
votes
1
answer
68
views
signature algorithm vs signature scheme?
what is the exact difference between a signature algorithm and a signature scheme? and what are the examples for them?
it there any specific place to find difference between these cryptographic terms ...
- 23
3
votes
0
answers
67
views
What are proper use cases for the context string in ML-DSA-87 (FIPS 204)?
The FIPS 204 document states that applications may choose a non-empty context string of up to 255 bytes and it seems near-fetched these may be used for distinguishing different types or use cases for ...
- 31
4
votes
1
answer
527
views
Possible to modify ECDSA equations?
I'm completely new to elliptic curve math and modular arithmetic but I was chewing over the signing/verification equations for ECDSA:
$$
\frac{H(m) + rd}{k} = s
$$
$$
\frac{H(m)}{s} \cdot G + \frac{r}{...
- 143
3
votes
2
answers
238
views
SIS on Dillithium
I was reading the Dillithium spec : https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf#equation.6.13
And in the specification, they mention using LWE for key recovery ...
- 85