SECURITY OF DIGITAL SIGNATURE ALGORITHM USED BY STEEMIT(continued of my post about security of hash algorithm used by steemit)

in #steemit8 years ago (edited)

Previously I have reviewed the hash algorithm used in steemit. The results of the review I posted in https://steemit.com/steemit/@ibnu/nice-selection-of-steemit-in-choosing-256-as-hash-algorithm . and now I will continue to review the security of a digital signature algorithm used in steemit. Just as in my previous posting comments that appropriate questions I asked on 8th july 2016, with the title of cyber • Fund all-in on Steem (at https://steemit.com/cyberfund/@hipster/cyber-fund-all-in-on-steem#@ibnu/re-hipster-cyber-fund-all-in-on-steem-20160708t063322878z) that steemit is using SHA 256 as hash algorithm and ECDSA digital signature algorithm as the security appliance.
as the information, the basis of ECDSA is the elliptic curve cryptography dan Digital Signature Algorithm.

  1. Elliptic curve cryptography (ECC)
    Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys compared to non-ECC cryptography (based on plain Galois fields) to provide equivalent security.
    The primary benefit promised by ECC is a smaller key size, reducing storage and transmission requirements, i.e. that an elliptic curve group could provide the same level of security afforded by an RSA-based system with a large modulus and correspondingly larger key: for example, A 256-BIT ECC PUBLIC KEY SHOULD PROVIDE COMPARABLE SECURITY TO A 3072-BIT RSA PUBLIC KEY.

    Elliptic curves are applicable for encryption, digital signatures, pseudo-random generators and other tasks. They are also used in several integer factorization algorithms that have applications in cryptography, such as Lenstra elliptic curve factorization.
  2. Digital Signature Algorithm
    It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS) and adopted as FIPS 186 in 1993. Four revisions to the initial specification have been released: FIPS 186-1 in 1996, FIPS 186-2 in 2000, FIPS 186-3 in 2009, and FIPS 186-4 in 2013.
  3. Security of ECDSA
    Proper implementation and usage of a cryptographic signature algorithm require taking into account many parameters. In particular, private key generation, storage, access control, and disposal are sensitive operations, which this document does not address in any way. Deterministic (EC)DSA shows how to achieve the security characteristics of a standard DSA or ECDSA signature scheme while removing the need for a source of strong randomness, or even any source of randomness, during signature generation.
    • In December 2010, a group calling itself fail0verflow announced recovery of the ECDSA private key used by Sony to sign software for the PlayStation 3 game console. However, this attack only worked because Sony did not properly implement the algorithm.
    • On March 29, 2011, two researchers published an IACR paper demonstrating that it is possible to retrieve a TLS private key of a server using OpenSSL that authenticates with Elliptic Curves DSA over a binary field via a timing attack.The vulnerability was fixed in OpenSSL 1.0.0e.
    • In August 2013, it was revealed that bugs in some implementations of the Java class SecureRandom sometimes generated collisions. As discussed above, this allowed solution of the private key, in turn allowing stealing BITCOIN from the containing wallet on Android app implementations, which use Java and rely on ECDSA to authenticate transactions.
    All of the case above we know that to implement ECDSA, we must use a good protocol. This is the case of the bad protocol of using ECDSA or the other Digital Signature algorithm.
    imagine a smartcard that generates its private key while still in the factory under controlled environmental conditions, but for which random data generation cannot be guaranteed once deployed in the field, when physically in the hands of potential attackers.

BASED ON THAT RESEARCH WE CAN CONCLUDE THAT ECDSA HAS BEEN USED AS A STANDARD SECURITY. AND THE MOST IMPORTANT THAT THE USE ECC WHERE A 256-BIT ECC PUBLIC KEY SHOULD PROVIDE COMPARABLE SECURITY TO A 3072-BIT RSA PUBLIC KEY. SO BY USING INPUTS THAT ARE NOT TOO LONG, IT WILL GENERATE A HIGH LEVEL OF SECURITY. AS THE INFORMATION THAT IS UNTIL NOW, RSA HAS SOLVED IN 768 BITS (http://www.emc.com/emc-plus/rsa-labs/historical/the-rsa-challenge-numbers.htm) .
SO USING THE 256 BIT ECC, YOU CAN IMAGINE HOW THE SAFETY LEVEL OF THE ECDSA. SO TO GAIN THE SECURITY OF ECDSA, STEEMIT MUST HAVE A GOOD PROTOCOL.
At least this is my opinion

This is where I got the information
https://steemit.com/cyberfund/@hipster/cyber-fund-all-in-on-steem#@ibnu/re-hipster-cyber-fund-all-in-on-steem-20160708t063322878z
https://tools.ietf.org/html/rfc6979#section-4
http://www.emc.com/emc-plus/rsa-labs/historical/the-rsa-challenge-numbers.htm
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

My Facebook account
https://www.facebook.com/ibnu.tryrosadi

Sort:  

Thanks for the research. Learned something I never knew of.

Thank you very much

Great post very informative thankyou:)

Thank you very much

Smart information, Thanks @ibnu !

Thank you for reading my post

Thank you for the research information!