applied cryptography - protocols, algorithms, and source code in c

After picking x alice could break step 2 into two

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: SA prime generation, one that embeds q and the parameters used to generate the primes within p. Whether this scheme reduces the security of DSA is still unknown. (1) Choose an arbitrary sequence of at least 160 bits and call it S. Let g be the length of S in bits. (2) Compute U = SHA(S) • SHA ((S + 1) mod 2g), where SHA is the Secure Hash Algorithm (see Section 18.7). (3) Form q by setting the most significant bit and the least significant bit of U to 1. (4) Check whether q is prime. (5) Let p be the concatenation of q, S, C, and SHA(S). C is set to 32 zero bits. (6) p = p – (p mod q) + 1. (7) p = p + q. (8) If the C in p is 0x7fffffff, go to step (1). (9) Check whether p is prime. (10) If p is composite, go to step (7). The neat thing about this variant is that you don’t have to store the values of C and S used to generate p and q; they are embedded within p. For applications without a whole lot of memory, like smart cards, this can be a big deal. 20.3 GOST Digital Signature Algorithm This is a Russian digital signature standard, officially called GOST R 34.10-94 [656]. The algorithm is very similar to DSA, and uses the following parameters p = a prime number, either between 509 and 512 bits long, or between 1020 and 1024 bits long. q = a 254- to 256-bit prime factor of p – 1. a = any number less than p – 1 such that aq mod p = 1. x = a number less than q. y = ax mod p. The algorithm also makes use of a one-way hash function: H(x). The standard specifies GOST R 34.11-94 (see Section 18.11), a function based on the GOST symmetric algorithm (see Section 14.1) [657]. The first three parameters, p, q, and a, are public and can be common across a network of users. The private key is x; the public key is y. To sign a message, m (1) Alice generates a random number, k, less than q (2) Alice generates r = (ak mod p) mod q s = (xr + k(H(m))) mod q If H(m) mod q = 0, then set it equal to 1. If r = 0, then choose another k and start again. The signature is two numbers: r mod 2256...
View Full Document

Ask a homework question - tutors are online