From 40cd5d627593e4789f97121a78bfd46120fa7a2c Mon Sep 17 00:00:00 2001 From: Marcella Hastings Date: Wed, 15 Jan 2025 14:49:05 -0500 Subject: [PATCH] ecdsa: update readme to reflect generic hash #98 --- Primitive/Asymmetric/Signature/ECDSA/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Primitive/Asymmetric/Signature/ECDSA/README.md b/Primitive/Asymmetric/Signature/ECDSA/README.md index e12fd65..b9a38df 100644 --- a/Primitive/Asymmetric/Signature/ECDSA/README.md +++ b/Primitive/Asymmetric/Signature/ECDSA/README.md @@ -1,10 +1,10 @@ # Elliptic curve digital signature algorithm (ECDSA) -ECDSA is the elliptic-curve analog of the digital signature algorithm, specified in [FIPS 186-5](https://doi.org/10.6028/NIST.FIPS.186-5). The security of ECDSA depends on two primitives: the elliptic curve and the hash function. At this time, the implementation is generic over elliptic curve but fixes the hash function to SHA-256. +ECDSA is the elliptic-curve analog of the digital signature algorithm, specified in [FIPS 186-5](https://doi.org/10.6028/NIST.FIPS.186-5). The security of ECDSA depends on two primitives: the elliptic curve and the hash function. At this time, the implementation is generic over both primitives. Structurally, there are two separate specification files: -- `Specification.cry` matches the spec as closely as possible; -- `UnconstrainedSpec.cry` implements the same algorithms but omits some of the top-level domain parameter constraints (e.g. on the size of the curve; on the relative security of the curve and hash function) +- `UnconstrainedSpec.cry` implements the algorithms from the spec; +- `Specification.cry` uses the algorithms from the unconstrained spec and adds required constraints on the domain parameters. Specifically, it sets a minimum allowable bit length for the size of the elliptic curve and requires the hash function to be at least as secure as the elliptic curve. We recommend using `Specification.cry` for most applications to ensure compliance with FIPS 186-5. The FIPS 186-5 compliant implementation has been instantiated and tested with curve P-256 and SHA256 (see `Instantiations/` and `Tests/`, respectively). Both versions rely on the curve implementation in `Common/EC/PrimeField/`.