The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces
Designs, Codes and Cryptography
Hi-index | 0.00 |
We show that, under some natural conditions, the pairs (@r, @s) produced by the elliptic curve ElGamal signature scheme are uniformly distributed. In particular, this implies that values of @r and @s are not correlated. The result is based on some new estimates of exponential sums. For the ElGamal signature over a finite field, a similar result has been obtained by the second author.