What encryption algorithm do you prefer for asymmetric keys, specifically signing?

@freemo I don't regularly use this stuff, particularly for signing, but I did see an interesting paper recently that illustrated how ECC can be broken with < 1 bit of nonce leakage.

eprint.iacr.org/2020/615

Which seems to be caused by the need of uniformly distributed nonce values, which can unexpectedly broken via modulo bias as shown: research.kudelskisecurity.com/

@johnabs Most crytographic ciphers can be cracked if their parameters arent generated securely

Follow

@freemo Well yeah, but <1 bit is pretty rough, no? Admittedly, I don't have anything to compare that number to, so some perspective would be great :)

@johnabs <1 bit would be 0 bits... so that number cant be the actual number.

@freemo I think it's the expected number of bits, in that they can determine the most significant bit of the nonce but with probability <1.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.