How can I use ECDSA in C# with a key size of less than the built in minimum of 256-bits
https://stackoverflow.com/questions/11244333
-
17-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a very limited channel within which to send messages and signatures, and have been indicated (over at https://crypto.stackexchange.com/questions/3075/asymmetric-algorithm-to-generate-compact-unique-messages-that-can-be-validated/) that ECDSA offers the most compact asymmetrical algorithm going.
I've got this going fairly easily as:
void Main()
{
byte[] publickey;
byte[] data;
byte[] signature;
using (var dsa = new ECDsaCng(256))
{
dsa.HashAlgorithm = CngAlgorithm.Sha256;
publickey = dsa.Key.Export(CngKeyBlobFormat.EccPublicBlob);
data = new byte[] { 21, 5, 8, 12, 207 };
signature = dsa.SignData(data);
}
Console.WriteLine(signature.Length);
Console.WriteLine(Convert.ToBase64String(signature));
using (var dsa = new ECDsaCng(CngKey.Import(publickey, CngKeyBlobFormat.EccPublicBlob)))
{
dsa.HashAlgorithm = CngAlgorithm.Sha256;
if (dsa.VerifyData(data, signature))
Console.WriteLine("Data is good");
else
Console.WriteLine("Data is bad");
}
}
But I'd like to be able to sacrifice some strength and use less than the minimum 256-bit key size that the BCL offers, and I haven't found an implementation that will do what I need.
I've tried BouncyCastle and that seems to out of the box have the same limitation.
What are my options? Is there another implementation out there that lifts the implementation limitation?
La solution
You can use the lightweight Bouncy Castle library to perform EC cryptography with almost any curve over F(2m) or F(P), including those with smaller bitsizes. I would recommend you to use standard curves such as the ones defined in the Org.BouncyCastle.Asn1.Nist.NistNamedCurves class.
The smallest NIST curve is 163 bit although I would recommend going for 192 bit minimum for non-real time communications. Note that that would only save you about 16 bytes in total compared to a 256 bit named curve (256 - 192 = 64 bits, 64 * 2 / 8 = 16 bytes).
Brainpool curves are also well rather safely generated and well defined. You can find them in the Org.BouncyCastle.Asn1.TeleTrusT namespace.
