introduction
This commit is contained in:
@@ -77,8 +77,11 @@ abstract
|
|||||||
%Hauptteil der Arbeit
|
%Hauptteil der Arbeit
|
||||||
|
|
||||||
\section{Introduction}
|
\section{Introduction}
|
||||||
|
Ed25519 is a signature scheme introduced by Bernstein, Duif, Lange, Schwabe, and Yang in 2011 \cite{bernstein_high-speed_nodate}. Ed25519 is a signature scheme defined for the Ed25519 twisted edwards curve. In 2015 the paper "EdDSA for more curves" expanded the Ed25519 signature scheme to the more general EdDSA signature scheme \cite{bernstein_eddsa_nodate}. Due its high performance the EdDSA signature scheme is very popular and widely used in applications like TLS, SSH and the Signal protocol.
|
||||||
|
|
||||||
\cite{brendel_provable_2021}
|
Despite the wide use of EdDSA there is little security analysis of this signature scheme. The EdDSA signature scheme is based on the Schnorr signature scheme, which uses the Fiat-Schamir transformation to create a signature scheme from a secure identification scheme. even though the EdDSA scheme is close to the original Schnorr signature scheme the standard security proof of the Schnorr signature scheme does not apply. The paper "The Provable Security of Ed25519: Theory and Practice" by Brendel et al. shows the security of Ed25519 by extracting the underlying identification scheme and proofing the security of this scheme as well as the applied Fiat-Schamir transformation. Due to the use of the Reset Lemma this yields a non tight security proof of the Ed25519 signature scheme.
|
||||||
|
|
||||||
|
This work uses a different approche by using the Algebraic Group Model (AGM) to directly reducing the security of EdDSA signature scheme to a special variant of the discrete logarithm problem. This approche yields a tight security proof.
|
||||||
|
|
||||||
\subsection{}
|
\subsection{}
|
||||||
|
|
||||||
|
|||||||
@@ -17,3 +17,40 @@
|
|||||||
pages = {1659--1676},
|
pages = {1659--1676},
|
||||||
file = {Brendel et al. - 2021 - The Provable Security of Ed25519 Theory and Pract.pdf:/home/rixxc/Zotero/storage/6I9NJFIX/Brendel et al. - 2021 - The Provable Security of Ed25519 Theory and Pract.pdf:application/pdf},
|
file = {Brendel et al. - 2021 - The Provable Security of Ed25519 Theory and Pract.pdf:/home/rixxc/Zotero/storage/6I9NJFIX/Brendel et al. - 2021 - The Provable Security of Ed25519 Theory and Pract.pdf:application/pdf},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@techreport{moody_digital_2023,
|
||||||
|
address = {Gaithersburg, MD},
|
||||||
|
title = {Digital {Signature} {Standard} ({DSS})},
|
||||||
|
url = {https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf},
|
||||||
|
language = {en},
|
||||||
|
number = {NIST FIPS 186-5},
|
||||||
|
urldate = {2023-02-16},
|
||||||
|
institution = {National Institute of Standards and Technology},
|
||||||
|
author = {Moody, Dustin},
|
||||||
|
year = {2023},
|
||||||
|
doi = {10.6028/NIST.FIPS.186-5},
|
||||||
|
pages = {NIST FIPS 186--5},
|
||||||
|
file = {Moody - 2023 - Digital Signature Standard (DSS).pdf:/home/rixxc/Zotero/storage/5947EJ57/Moody - 2023 - Digital Signature Standard (DSS).pdf:application/pdf},
|
||||||
|
}
|
||||||
|
|
||||||
|
@article{bernstein_high-speed_nodate,
|
||||||
|
title = {High-speed high-security signatures},
|
||||||
|
abstract = {This paper shows that a \$390 mass-market quad-core 2.4GHz Intel Westmere (Xeon E5620) CPU can create 108000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2128 security level. Public keys are 32 bytes, and signatures are 64 bytes. These performance figures include strong defenses against software sidechannel attacks: there is no data flow from secret keys to array indices, and there is no data flow from secret keys to branch conditions.},
|
||||||
|
language = {en},
|
||||||
|
author = {Bernstein, Daniel J and Duif, Niels and Lange, Tanja and Schwabe, Peter and Yang, Bo-Yin},
|
||||||
|
file = {Bernstein et al. - High-speed high-security signatures.pdf:/home/rixxc/Zotero/storage/2JAYEHFU/Bernstein et al. - High-speed high-security signatures.pdf:application/pdf},
|
||||||
|
}
|
||||||
|
|
||||||
|
@article{bernstein_high-speed_nodate-1,
|
||||||
|
title = {High-speed high-security signatures},
|
||||||
|
abstract = {This paper shows that a \$390 mass-market quad-core 2.4GHz Intel Westmere (Xeon E5620) CPU can create 108000 signatures per second and verify 71000 signatures per second on an elliptic curve at a 2128 security level. Public keys are 32 bytes, and signatures are 64 bytes. These performance figures include strong defenses against software sidechannel attacks: there is no data flow from secret keys to array indices, and there is no data flow from secret keys to branch conditions.},
|
||||||
|
language = {en},
|
||||||
|
author = {Bernstein, Daniel J and Duif, Niels and Lange, Tanja and Schwabe, Peter and Yang, Bo-Yin},
|
||||||
|
file = {Bernstein et al. - High-speed high-security signatures.pdf:/home/rixxc/Zotero/storage/K6N4TY6P/Bernstein et al. - High-speed high-security signatures.pdf:application/pdf},
|
||||||
|
}
|
||||||
|
|
||||||
|
@article{bernstein_eddsa_nodate,
|
||||||
|
title = {{EdDSA} for more curves},
|
||||||
|
author = {Bernstein, Daniel J. and Josefsson, Simon and Lange, Tanja and Schwabe, Peter and Yang, Bo-Yin},
|
||||||
|
file = {eddsa-20150704.pdf:/home/rixxc/Zotero/storage/JK693Q38/eddsa-20150704.pdf:application/pdf},
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user