EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ECC Signature Size

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#15335
Posted: 12/20/2010 03:19:02
by Kevin Blackman (Priority Standard support level)
Joined: 12/19/2007
Posts: 4

Hi,
We would like to generate a "raw" ECDSA signature using SecureBlackBox signature (ECDSA). Are these functions available?
What would be the size of a signature using an ECC key of size
192 bits? 2 x 192 bits?
256 bits? 2 x 256 bits?
#15336
Posted: 12/20/2010 03:36:57
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Hi. Yes, you can do this via ElECDSAPublicKeyCrypto (http://www.eldos.com/documentation/sbb/documentation/ref_cl_ecdsapublickeycrypto.html)

Size is twice of ECC key size plus some overhead bytes (at most 16, but it can vary depending on ASN.1 encoding), so for 192 bits key it would be up to 64 bytes, for 256 bits - 80 bytes.
However, you can use only 'raw' R and S values, in such case you will not need to store those overhead ASN.1 encoding bytes.

What do you mean under 2x192 bits key?
#15337
Posted: 12/20/2010 03:51:07
by Kevin Blackman (Priority Standard support level)
Joined: 12/19/2007
Posts: 4

Hi, "What do you mean under 2x192 bits key?"
We mean twice the size of the ECC key, ... in that case twice 192 bits.
Thanks for your explanation. We will examine this function.
#15338
Posted: 12/20/2010 04:01:24
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Quote

We mean twice the size of the ECC key, ... in that case twice 192 bits.

I see. Usually they are referred as 384/512 bit keys.
#15339
Posted: 12/20/2010 04:41:58
by Kevin Blackman (Priority Standard support level)
Joined: 12/19/2007
Posts: 4

We intend to use 256 bit keys. Will that pose a problem for SBB?
#15340
Posted: 12/20/2010 04:52:09
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

It depends on which curve you will need to use, and on which level (just binary signing, or x.509 certificates/CMS/whatever else).
#15341
Posted: 12/20/2010 05:09:42
by Kevin Blackman (Priority Standard support level)
Joined: 12/19/2007
Posts: 4

We would like to use a curve and key size that is equivalent to 2048 bits, that is fast, that creates the most economical (in terms of size) raw signature possible. The actual key will be in an X.509 certificate, however we would use a signature form that uses the least space possible.
Can you recommend:
Key Size
Curve
Signature form?
#15342
Posted: 12/20/2010 05:37:58
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

NIST P256 curve would be enough, it stated to have the strength which corresponds to RSA 3072 bits key, 256 bit hash (SHA-256), and AES-128.

To store signature in a shortest form, you'll need to call .DecodeSignature method to divide it into 2 parts, each of 32 bytes.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 2822 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!