Cryptography Reference
In-Depth Information
W:=0;
for j from 0 to n-1 do
V := OS2IP(H(I2OSP((OS2IP(seed)+offset+j) mod 2ˆN), hex));
W := W+V*2ˆ(j*outlen)
end do;
V := OS2IP(H(I2OSP((OS2IP(seed)+offset+n) mod 2ˆN), hex)) mod 2ˆb;
W := W+V*2ˆ(n*outlen);
X := W+2ˆ(L-1);
c := X mod (2*q);
p := X-c+1;
if 2ˆ(L-1) < p then
prime := isprime(p)
end if;
offset := offset+n+1
end do;
if prime then
found := true
end if
end do;
e := (p-1)/q;
g:=1;
RandomTools:-MersenneTwister:-SetState();
while g=1do
g := Power(RandomTools:-MersenneTwister:-GenerateInteger(range = 2.. p-2), e) mod p;
end do;
if format = decimal then
[p, q, g]
else
StringTools:-LowerCase (convert ([p, q, g], hex))
end if
end proc:
This function closely follows the steps in [75, A.1.1.2], where the generation
of the primes is described, and [75, A.2.1], where the generation of the generator
g is given, and, as usual, it uses other previous functions, including SHA256 and
its auxiliary functions from Sect. 5.6.3 . We use Maple's function isprime which,
as already mentioned, combines Miller-Rabin's test with a Lucas test, in line with
the recommendations in [75, Appendix C3]. The required input parameters of the
function are L and N , where the lengths of the primes are specified, with default
values 2048 and 256, respectively. The optional keyword parameters are H ,usedto
specify the hash function (with SHA256 as default), outlen for the output length
of the hash function (with 256 as default) and, finally, format , where the output
format is specified (either hex or decimal , with the former as default). The output
is a 3-element list
[
p
,
q
,
g
]
containing the primes and the generator of the group.
Remark 9.1 DSADomainGen will automatically use the value N
256 and hence
the input parameter N is not necessary and could be replaced by setting it to 256 in the
body of the function. However, we let it stand because this makes it easy to modify
the function to accept other values for N by just adding them to the specifying set. For
example, writing N::{224, 256} := 256 in the parameter declarations of the
function, the values 224 and 256 will be allowed, with the latter being the default.
This would permit, for example, the use of
=
together with either
SHA-256 or SHA-224 (implementing the latter requires just a trivial modification of
the SHA-256 code, consisting of a change of the 'initial hash values' and truncating
the final hash value to the leftmost 224 bits).
(
L
,
N
) = (
2048
,
224
)
 
Search WWH ::




Custom Search