Cryptography Reference
In-Depth Information
while q-2 < c do
c := convert(cat(seq(B(), i=1..N)), decimal, binary)
end do;
x := c+1;
y := Power(g, x) mod p;
if format = decimal then
[x, y]
else
StringTools:-LowerCase
∼
(convert
∼
([x, y], hex))
end if
end proc:
Let us now generate a DSA private key/public key pair corresponding to the
previously generated domain parameters contained in the global variable
dparams
,
using an externally supplied 128-bit random seed:
> dsakey := DSAKeyGen(dparams, "dc8f0b897e0b9a235ee74551601c69c8");
["35a1df865d99c9b4ecc409601d4030c599471418067478841c62e88f10e5791e",
"6d9b54150b12e336cc99fc49550ce9128b93730ae7a5b10664bd880e67bb9570e2bd0e513b559c5\
b39faf8b45e3853bd14a812069e5a7ff0c181331db9e2d8b720b0fbdd61b6aea8e3bfde54a9b1630\
822eb43840c8f510397fc68ab8f4aa074a26668508f3c3fc2724dd4d0276ea4848f653b44663f940\
723da4893dc808a6fa6959e48a9e67bc6bb75d01528654eca9b5971eb327cfdd8182df1a7edb1ac7\
0f395a6335658d7c9c79dfb9314414e009aa9f369914925f5f20d0fc9f70ab4f1ef666dcc4d3f4cb\
f5941b0285f4916890870406ddc32b02a80efc4f44aa2eb6a64b271e1edcf4e1ce97949da279d7d1\
7ce474c1fce42af07d04e88c67b3fe42d"]
Before proceeding further, we next briefly consider the problem of checking
whether the domain parameters and the keys generated by the preceding functions
are correct. For this purpose, we give a function that is simpler than the validation
procedure established in [75]. The latter uses optional domain parameters—which
we have not implemented—to check that the method indicated in [75] has been fol-
lowed. Here we only check the (probable) primality of
p
and
q
, the length of
p
and
q
, that
q
divides
p
−
1 and that
g
is a generator. We also omit all checks that
(
L
,
N
)
is a valid pair because
DSADomainGen
only allows
(
L
,
N
)
=
(
2048
,
256
)
or
, but we remark that these checks are easy to add to the
function. The input parameters are
domain
, used to specify the list of domain para-
meters to be tested,
L
and
N
. The output is either an error message or a message
stating that the parameters are valid.
> DSADomainTest := proc(domain::list, L::posint, N::posint)
local d, p, q, g;
d := stringposint
∼
(domain);
p := d[1];
q := d[2];
g := d[3];
if not (isprime(p) and isprime(q)) then
error "p and q must be prime"
end if;
if ilog2(p) <> L-1 or ilog2(q) <> N-1 then
error "incorrect prime length"
end if;
if p mod q <> 1 then
error "q does not divide p-1"
end if;
ifg=1orp<gorPower(g, q) mod p <> 1 then
error "incorrect value of g"
end if;
printf("Valid parameters")
end proc:
(
L
,
N
)
=
(
3072
,
256
)
