International Association for Cryptologic Research

International Association
for Cryptologic Research


How Provably Secure are (EC)DSA Signatures?

Eike Kiltz , Ruhr-University Bochum
Search ePrint
Search Google
Honor: Invited talk
Abstract: Today, digital signatures are an omnipresent cryptographic primitive. They are extensively used for message and entity authentication and find widespread application in real-world protocols. Without much doubt, the specific schemes deployed most often are the RSA-based PKCS#1 v1.5, and the discrete logarithm-based DSA and ECDSA. For instance, current versions of TLS - the standard technology for securing internet connections - exclusively employ signatures of these types to authenticate servers. Furthermore, most cryptocurrencies like Bitcoin and Ethereum use ECDSA for signing transactions. The popularity of (EC)DSA signatures stands in stark contrast to the absence of rigorous security analyses. In this talk we will survey known provable security results about DSA and ECDSA. We will also discuss limitations of current provable security approaches.
Video from PKC 2021
  title={How Provably Secure are (EC)DSA Signatures?},
  note={Invited talk},
  author={Eike Kiltz},