On Wed, Jan 22, 2003 at 03:18:34PM +1300, Peter Gutmann wrote:
One cheap way the low order 64 bits can be set is to set the low order bits
of p to the target bitset and the low order bits of q to ...1 (63 0s and
one 1 in binary), and then to increase the stride of candidate values in the
- Original Message -
From: Jeroen C. van Gelderen [EMAIL PROTECTED]
Here is a scenario: Scott wants Alice to generate a key pair after
which he will receive Alice's public key. At the same time, Scott wants
to make sure that this key pair is newly generated (has not been used
before).
the proper terminology is to discuss this. Assuming
there is none, I will call the solution Key Pair Agreement.
Key Pair Agreement already means something though, I thought. In
Key Pair Agreement, Alice and Bob want to interact so that each
generates one-half of a key pair for an asymmetric
Jeroen writes:
Here is a scenario: Scott wants Alice to generate a key pair after
which he will receive Alice's public key. At the same time, Scott wants
to make sure that this key pair is newly generated (has not been used
before).
How about a discrete log key where you fix p, q, and g.
I do not know what the proper terminology is to discuss this. Assuming
there is none, I will call the solution Key Pair Agreement.
Call it kosherized public key generation. Kosherization is not a term often
used in theoretical cryptography, but it is often used in practice
It would seem
On Mon, Jan 20, 2003 at 09:08:31PM -0500, Radia Perlman wrote:
[...] I was going to suggest something similar to what David Wagner
suggested, but with Scott telling Alice the modulus size and the
*high* order 64 bits (with the top bit constrained to be 1). I can
see how Alice can easily
Another problem with this problem is that there are trivial solutions
because it is difficult to ensure that SEED1 is functionally essential
in the public key. For example, generate a public key PK using a
normal method, and define the new public key PK' = (PK, SEED1). Then to
encrypt to PK' the
At 09:08 PM 1/20/2003 -0500, Radia Perlman - Boston Center for Networking
wrote:
I was going to suggest something similar to what
David Wagner suggested, but with Scott telling Alice
the modulus size and the *high* order 64 bits (with the
top bit constrained to be 1). I can see how Alice
can
I can see how Alice
can easily generate two primes whose product will have
that *high* order part, but it seems hard to
generate an RSA modulus with a specific *low* order
64 bits.
It is easy in both cases, here are examples I easily came up
with:
(low order DEADBEEF))
p =
Adam Back [EMAIL PROTECTED] writes:
On Mon, Jan 20, 2003 at 09:08:31PM -0500, Radia Perlman wrote:
[...] I was going to suggest something similar to what David Wagner
suggested, but with Scott telling Alice the modulus size and the
*high* order 64 bits (with the top bit constrained to be 1). I can
On Mon, 20 Jan 2003, Jeroen C. van Gelderen wrote:
It would seem that the DSA key structure facilitates this:
1. Scott sends SEED1 to Alice.
2. Alice picks a random number SEED2.
3. Alice sets SEED=SHA1(SEED1 || SEED2).
4. Alice generates a set of DSA parameters P, Q, G using the
Jeroen C. van Gelderen wrote:
Here is a scenario: Scott wants Alice to generate a key pair after
which he will receive Alice's public key. At the same time, Scott wants
to make sure that this key pair is newly generated (has not been used
before).
You might be able to have Scott specify a
On 20 Jan 2003, David Wagner wrote:
If you're worried about the security of allowing Scott to choose the
low bits of Alice's public key, you could have Scott and Alice perform
a joint coin-flipping protocol to select a random 64-bit string that
neither can control, then proceed as before.
13 matches
Mail list logo