Author: Mike Hearn 2013-08-16 11:32:39
Published on: 2013-08-16T11:32:39+00:00
A proposal has been put forward to create a Bitcoin Improvement Proposal (BIP) that standardises a way to select K, as well as recommending a specific deterministic DSA derandomisation procedure and the use of even S values in signatures. It is suggested that these changes would allow for complete test vectors in signing, and complete confidence that there is no random number related weakness in a signing implementation. The primary argument against derandomising DSA is reasonable concerns about the risks of using a less reviewed cryptographic construct. However, it is suggested that widespread motion towards derandomised DSA makes this less of an issue. While fractional BIP numbers are not favoured, a new BIP that includes the above recommendations would be implemented if reviewed positively.
Updated on: 2023-06-07T16:04:42.241177+00:00