This preview shows page 1. Sign up to view the full content.
Unformatted text preview: not prime, go back to step (1). (6) Let C = 0 and N = 2. (7) For k = 0, 1,..., n, let Vk = SHA ((S + N + k) mod 2g) (8) Let W be the integer W = V0 + 2160V1 +...+ 2160(n - 1)Vn - 1 + 2160n(Vn mod 2b) and let X = W + 2L - 1 Note that X is an L-bit number. (9) Let p = X – ((X mod 2q) – 1). Note that p is congruent to 1 mod 2q. (10) (11) (12) (13) (14) (15) If p < 2L - 1, then go to step (13). Check whether p is prime. If p is prime, go to step (15). Let C = C + 1 and N = N + n + 1. If C = 4096, then go to step (1). Otherwise, go to step (7). Save the value of S and the value of C used to generate p and q. In , the variable S is called the “seed,” C is called the “counter,” and N the “offset.” The point of this exercise is that there is a public means of generating p and q. For all practical purposes, this method prevents cooked values of p and q. If someone hands you a p and a q, you might wonder where that person got them. However, if someone hands you a value for S and C that generated the random p and q, you can go through this routine yourself. Using a one-way hash function, SHA in the standard, prevents someone from working backwards from a p and q to generate an S and C. This security is better than what you get with RSA. In RSA, the prime numbers are kept secret. Someone could generate a fake prime or one of a special form that makes factoring easier. Unless you know the private key, you won’t know that. Here, even if you don’t know a person’s private key, you can confirm that p and q have been generated randomly. ElGamal Encryption with DSA
There have been allegations that the government likes the DSA because it is only a digital signature algorithm and can’t be used for encryption. It is, however, possible to use the DSA function call to do ElGamal encryption. Assume that the DSA algorithm is implemented with a single function call: DSAsign (p,q,g,k,x,h,r,s) You supply the numbers p, q, g, k, x, and h, and the function returns the signature parameters: r and s. To...
View Full Document
- Fall '10