This preview shows page 1. Sign up to view the full content.
Unformatted text preview: SA prime generation, one that embeds q and the parameters used to generate the primes within p. Whether this scheme reduces the security of DSA is still unknown. (1) Choose an arbitrary sequence of at least 160 bits and call it S. Let g be the length of S in bits. (2) Compute U = SHA(S) • SHA ((S + 1) mod 2g), where SHA is the Secure Hash Algorithm (see Section 18.7). (3) Form q by setting the most significant bit and the least significant bit of U to 1. (4) Check whether q is prime. (5) Let p be the concatenation of q, S, C, and SHA(S). C is set to 32 zero bits. (6) p = p – (p mod q) + 1. (7) p = p + q. (8) If the C in p is 0x7fffffff, go to step (1). (9) Check whether p is prime. (10) If p is composite, go to step (7). The neat thing about this variant is that you don’t have to store the values of C and S used to generate p and q; they are embedded within p. For applications without a whole lot of memory, like smart cards, this can be a big deal. 20.3 GOST Digital Signature Algorithm
This is a Russian digital signature standard, officially called GOST R 34.1094 [656]. The algorithm is very similar to DSA, and uses the following parameters p = a prime number, either between 509 and 512 bits long, or between 1020 and 1024 bits long. q = a 254 to 256bit prime factor of p – 1. a = any number less than p – 1 such that aq mod p = 1. x = a number less than q. y = ax mod p. The algorithm also makes use of a oneway hash function: H(x). The standard specifies GOST R 34.1194 (see Section 18.11), a function based on the GOST symmetric algorithm (see Section 14.1) [657]. The first three parameters, p, q, and a, are public and can be common across a network of users. The private key is x; the public key is y. To sign a message, m (1) Alice generates a random number, k, less than q (2) Alice generates r = (ak mod p) mod q s = (xr + k(H(m))) mod q If H(m) mod q = 0, then set it equal to 1. If r = 0, then choose another k and start again. The signature is two numbers: r mod 2256...
View Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details