Cryptography Reference
In-Depth Information
Exercise 9.8
Modify the function
DSADomainGen
in order to allow it to use any
one of the
(
,
)
(
,
)
(
,
)
(
,
)
L
N
-pairs
2048
224
,
2048
256
,
3072
256
.
Example 9.1
Let us build a set of DSA domain parameters with default values so
that, in particular,
(
L
,
N
)
=
(
2048
,
256
)
and
H
=
SHA-256. This can be done as
follows:
> dparams := DSADomainGen();
["97343aafd2a22338b609478ebf53dcd8f5c0f5846ee5b65cb2f9d38cbaa64a033ab41c012223d6\
2cbb8880c92622087b2891ad1f12a935c38f13b3496a37342f92cd0c90c15de39811aec22ff9957b\
e5bb612fbb0defd16dc2077de86546cfbaa7e075adbe2a745dc4fe21798bffd5b21bce2fde046bde\
05e4ce2a89208f0511eba8b04f6eae818bd45cc4697226776a3aa7dd8f3fd19965aa548a022cc468\
73851866bbf8fdcf6ed30d40eb0dd52bf8fe35283b0547c5afff2c0dc787023ea2f5a1671cdad08e\
7e347582f99e4c3b4e9ad12384d79c3c5eeb02b29c016d324e4961563e61e30f4c4adaa95fdd15af\
91e84a4a3f90704a2403d707a53237cb73",
"9eadd47526296e2a8d4d16e8b868724469da2fba75dee074d76bda0beca22a07",
"8d96001580b73d3877110e57d7f4cbf196e0dfe720a19433bc2f56caecaac9b42e5122d5fdc6a33\
9e1d7f1f37afaedac86a586e158c3dfbb4b0fde6d4d798c27fc09970750cfe99e8ba2cafe37818d5\
39f6e3211c49e7e30d79c3754dae0367cae4a2f5280a81eba0aee69a2b5bc2d084437af63337d8c5\
43c554c2249f77637928290d34f97a4ea6a4c99968e98868a95719986eb5972e97af9a9dbc9b6a29\
803c8d9800b7ee6f81d696aaf3577d69e160b29de1bd83f8c0fff64dbdd5d8af40881cb18f32eaa6\
6eb72db1047f726ebb0248711c053ccfb8b2253649612249dfed7efb0218772cf4d7bb541bc03894\
0b370db5e5f3169db5708b57b5ab43969"]
Next we give the key generation function. The private key is going to be pseudo-
randomly generated by this function and the PRG should be seeded with an externally
generated random seed. In [75] it is required that the 'security strength' of the PRG
is at least equal to the one of the
pair used which, for our selected values, is
128 bits according to [11].
3
Thus our seed should have at least 128 bits. Moreover,
the specification requires one of the NIST-approved PRGs but we shall simply use
Maple's Blum-Blum-Shub PRG, as we have usually done when a cryptographically
strong PRG is required. The input parameters are
domain
, for the list of domain
parameters,
seed
for the random seed,
bbslength
to select the length of the
primes to be used by Blum-Blum-Shub and
format
to select the output format.
The output is a list
[x, y]
, where
x
is the private key and
y
is the public key.
> DSAKeyGen := proc(domain::list, seed::{posint, string},
{bbslength::{512,768,1024}:= 1024, format::identical(decimal,hex):= hex})
local d, p, q, g, s, B, L, N, c, x, y;
d := stringposint
∼
(domain);
p := d[1];
q := d[2];
g := d[3];
L := intlog[2](p)+1;
N := intlog[2](q)+1;
if L <> 2048 and L <> 3072 or N <> 256 then
error "(L,N) pair not supported"
end if;
s := stringposint(seed);
B := RandomTools:-BlumBlumShub:-NewBitGenerator(s, primes = bbslength);
c := q-1;
(
L
,
N
)
3
We are not going to elaborate on the details of these 'security strengths' and refer the reader to
[11] instead.
