Paper 2022/938

Truncated EdDSA/ECDSA Signatures

Thomas Pornin, NCC Group
Abstract

This note presents some techniques to slightly reduce the size of EdDSA and ECDSA signatures without lowering their security or breaking compatibility with existing signers, at the cost of an increase in signature verification time; verifying a 64-byte Ed25519 signature truncated to 60 bytes has an average cost of 4.1 million cycles on 64-bit x86 (i.e. about 35 times the cost of verifying a normal, untruncated signature).

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
EdDSA ECDSA truncated signature
Contact author(s)
thomas pornin @ nccgroup com
History
2022-07-20: approved
2022-07-19: received
See all versions
Short URL
https://ia.cr/2022/938
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/938,
      author = {Thomas Pornin},
      title = {Truncated EdDSA/ECDSA Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2022/938},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/938}},
      url = {https://eprint.iacr.org/2022/938}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.