%% You should probably cite draft-irtf-cfrg-det-sigs-with-noise-04 instead of this revision. @techreport{irtf-cfrg-det-sigs-with-noise-03, number = {draft-irtf-cfrg-det-sigs-with-noise-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-irtf-cfrg-det-sigs-with-noise/03/}, author = {John Preuß Mattsson and Erik Thormarker and Sini Ruohomaa}, title = {{Hedged ECDSA and EdDSA Signatures}}, pagetotal = 17, year = 2024, month = mar, day = 16, abstract = {Deterministic elliptic-curve signatures such as deterministic ECDSA and EdDSA have gained popularity over randomized ECDSA as their security does not depend on a source of high-quality randomness. Recent research, however, has found that implementations of these signature algorithms may be vulnerable to certain side-channel and fault injection attacks due to their deterministic nature. One countermeasure to such attacks is hedged signatures where the calculation of the per-message secret number includes both fresh randomness and the message. This document updates RFC 6979 and RFC 8032 to recommend hedged constructions in deployments where side- channel attacks and fault injection attacks are a concern. The updates are invisible to the validator of the signature and compatible with existing ECDSA and EdDSA validators.}, }