7.3.5. Non-deterministic Signature Primitives

7.3.5. Non-deterministic Signature Primitives

Some cryptographic primitives, such as RSA-PSS and ECDSA, have non- deterministic outputs, which include some amount of entropy within the algorithm. For such algorithms, multiple signatures generated in succession will not match. A lazy implementation of a verifier could ignore this distinction and simply check for the same value being created by re-signing the signature base. Such an implementation would work for deterministic algorithms such as HMAC and EdDSA but fail to verify valid signatures made using non-deterministic algorithms. It is therefore important that a verifier always use the correctly defined verification function for the algorithm in question and not do a simple comparison.