This preview shows page 1. Sign up to view the full content.
Unformatted text preview: s (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
----------- Proofs for the mathematical relationships are found in . Table 20.1 provides a summary. Speed Precomputations
Table 20.2 gives sample software speeds of DSA . Real-world implementations of DSA can often be speeded up through precomputations. Notice that the value r does not depend on the message. You can create a string of random k values, and then precompute r values for each of them. You can also precompute k-1 for each of those k values. Then, when a message comes along, you can compute s for a given r and k-1. This precomputation speeds up DSA considerably. Table 20.3 is a comparison of DSA and RSA computation times for a particular smart card implementation . Table 20.1 DSA Signatures Public Key: p 512-bit to 1024-bit prime (can be shared among a group of users) q 160-bit prime factor of p – 1 (can be shared among a group of users) g = h(p - 1)/q mod p, where h is less than p – 1 and h(p - 1)/q mod p > 1 (can be shared among a group of users) y = gx mod p (a p-bit number) Private Key: x < q (a 160-bit number) Signing: k choose at random, less than q r (signature) = (gk mod p) mod q s (signature) = (k-1 (H(m) + xr)) mod q Verifying: w = s-1 mod q u1 = (H(m) * w) mod q u2 = (rw) mod q v = ((gu1 * yu2) mod p) mod q If v = r, then the signature is verified. DSA Prime Generation
Lenstra and Haber pointed out that certain moduli are much easier to crack than others . If someone forced a network to use one of these “cooked” moduli, then their signatures would be easier to forge. This isn’t a problem for two reasons: These moduli are easy to detect and they are so rare that the chances of using one when choosing a modulus randomly are almost negligible—smaller, in fact, than the chances of accidentally generating a composite number using a probabilistic prime generation routine. In  NIST recommended a specific...
View Full Document
- Fall '10