Hello,
My team is looking into using ECDSA for signing and verifying our S5D9 applications, using the SCE7 HAL drivers. I started with a feasibility test using the secp256k1 parameters and Gary Jacobson's sample code (ECC create key, sign and verify sample code - Forum - Renesas Synergy︎ Platform - Renesas Community). We're using a bootloader plus two application images built for MMF, and the testing has been successful.
One of the secure signing servers we are looking at doesn't support secp256k1, so we changed the algorithm to use secp256r1. So far so good. But that has led us to ask a question on the security of our private keys.
Say our private key is stolen and a bad actor wants to build his own image, sign it, and have it accepted as authentic by our bootloader (using our public key). If he does steal the private key, doesn't he also have to know the underlying ECC curve we are using? Otherwise how can he sign his image so our bootloader will successfully verify it? Our bootloader will be set to permanent read-only in the field, so our public key and the curve used for signature verification cannot be changed.
Thanks,
tom
The value of your private secp256k1 defines the parameters of the curve you are using. The points on the curve are unique to your key value.
If you private key is compromised, you should be prepared to rekey your system with whatever means possible, new image download, or a key transfer protocol like SCIP, etc.