Nonce Generation For The Digital Signature Standard

Digital Signature Algorithm (DSA) is an underlying algorithm to form a signature in the Digital Signature Standard (DSS). DSA uses a new random number (or nonce) each time a signature is generated for a message. In this paper, we present a Linear Congruential Generator (LCG) based approach to generate nonce for DSS. LCG has been shown to be insecure for nonce generation. If two message-signature pairs are known along with the parameters of the LCG used to generate the nonce then the private key in the signature scheme can be found, with high probability, by solving three congruences over different moduli. We use a comparison of the output of two LCGs to generate the nonces and show that our approach is secure. We also show that coupled multiple recursive generators which are similar to LCGs are also safe for nonce generation. Congruences can no longer be set up to solve for the private key. The advantage of LCG based schemes for pseudo-random number generation is their efficiency.