Digital signatures are typically used for authentication, non-repudiation, and verifying the integrity of signed data. In particular, a digital signature refers to some mathematical scheme employing some type of cryptography (commonly asymmetric) that may be used to demonstrate that a digital message, documents, etc., is authentic. Digital signatures may also be utilized to prevent a digital “signer” from claiming that they did not sign a message/document, (at times also suggesting that their private key is still secret), (non-repudiation). Additionally, a sender and receiver of a message or document may wish to ensure that the message or document communicated therebetween has not be changed in some way (even if still encrypted), where any change in the message or document after signature will invalidate the signature (verifying integrity).
A digital signature scheme generally includes three algorithms, e.g., a key generation algorithm for randomly selecting a private key and outputting a corresponding public key. The next algorithm is a signature algorithm that, with a message/document and private key, outputs a signature. Lastly, the digital signature scheme includes a signature verification algorithm that given a message, a public key, and a signature, verifies the authenticity of the message.
Different types of cryptography may be utilized in digital signature schemes. The most widely used digital signature algorithms are Rivest, Shamir, and Adleman (RSA) and Elliptic Curve-based digital signature algorithm (ECDSA). ECDSA is commonly used in many industry applications, for example, in digital rights management (DRM) solutions utilized in, e.g., smart phones, gaming consoles, various Internet Engineering Task Force (IETF) standards, National Security Agencys (NSA) Suite-B cryptographic algorithms, etc.
One example of the use of ECDSA is in the context of DRM-protected content from a digital application/media store, e.g., commercial content, which typically has copyright protection. In order to obtain access to such protected content, a device requesting the protected content creates a license request, which is signed using ECDSA. The ECDSA signature is required to guarantee that the store can verify that the device that originated the license request is a DRM-compliant device. After receipt of a valid license request, the store may return a license response to the verified device containing instructions regarding how to access the protected content, including encrypted content-specific keys. The returned DRM license is also ECDSA signed, so that DRM-compliant device is able to verify that the originator of the license (in this case the store) is also a valid and accepted party.
The security of an ECDSA algorithm relies on the quality of the pseudo random numbers used, and conventional systems rely on instructing implementers to use “decent” quality random numbers. In fact, good quality pseudo random numbers are typically considered to be a vital starting point for secure cryptographic implementations. The idea behind random number generation is, typically, that a hardware platform can collect a certain amount of entropy, for example, from electromagnetic properties of a device, temperature, key strokes from a user, etc. This entropy is then used as a source of randomness, where generally, a relatively short and truly random seed can be extracted from the entropy. Alternatively, it is possible to derive more random data from a relatively short random seed value by using a well-designed Pseudo Random Generator (PRNG). However the device may be limited in its capabilities, and thus may not produce decent/sufficient quality random numbers. Additionally, there might be an implementation bug either in the software or hardware, which may cause random numbers to be generated that lack the requisite quality in terms of achieving security. In fact, and in very limited devices, there might only be a fixed secret seed value for the PRNG.