This preview shows page 1. Sign up to view the full content.
Unformatted text preview: s (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
 Proofs for the mathematical relationships are found in [1154]. Table 20.1 provides a summary. Speed Precomputations
Table 20.2 gives sample software speeds of DSA [918]. Realworld implementations of DSA can often be speeded up through precomputations. Notice that the value r does not depend on the message. You can create a string of random k values, and then precompute r values for each of them. You can also precompute k1 for each of those k values. Then, when a message comes along, you can compute s for a given r and k1. This precomputation speeds up DSA considerably. Table 20.3 is a comparison of DSA and RSA computation times for a particular smart card implementation [1479]. Table 20.1 DSA Signatures Public Key: p 512bit to 1024bit prime (can be shared among a group of users) q 160bit prime factor of p – 1 (can be shared among a group of users) g = h(p  1)/q mod p, where h is less than p – 1 and h(p  1)/q mod p > 1 (can be shared among a group of users) y = gx mod p (a pbit number) Private Key: x < q (a 160bit number) Signing: k choose at random, less than q r (signature) = (gk mod p) mod q s (signature) = (k1 (H(m) + xr)) mod q Verifying: w = s1 mod q u1 = (H(m) * w) mod q u2 = (rw) mod q v = ((gu1 * yu2) mod p) mod q If v = r, then the signature is verified. DSA Prime Generation
Lenstra and Haber pointed out that certain moduli are much easier to crack than others [950]. If someone forced a network to use one of these “cooked” moduli, then their signatures would be easier to forge. This isn’t a problem for two reasons: These moduli are easy to detect and they are so rare that the chances of using one when choosing a modulus randomly are almost negligible—smaller, in fact, than the chances of accidentally generating a composite number using a probabilistic prime generation routine. In [1154] NIST recommended a specific...
View Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details