https://katexochen.aro.bz/tags/cryptography/ Recent content in Cryptography on blog katexochen Hugo en-us Paul Meyer Wed, 29 Apr 2026 09:00:00 +0200 https://katexochen.aro.bz/posts/reproducible-secure-signatures/ Wed, 29 Apr 2026 09:00:00 +0200 https://katexochen.aro.bz/posts/reproducible-secure-signatures/ <p><em>Reproducible builds allow anyone to verify that a binary matches its source code. But what if the build artifact must contain a cryptographic signature? Reproducing the signature requires the private key, which defeats the purpose of reproducibility. In this post, we present a technique based on ECDSA public key recovery that produces signatures which are both secure and fully reproducible, without anyone ever knowing a private key.</em></p> <h2 id="build-artifacts-with-signatures---a-reproducibility-issue">Build artifacts with signatures - a reproducibility issue</h2> <p>Remote attestation is a fundamental part of Confidential Computing. It can be used to prove what software is running in a remote environment. Users of such an attested environment do not need to trust the software vendor, excluding them from the trusted computing base<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup>.</p>