Re: Initialising ECC private key with external random number generator

Mon, 01 Sep 2008 09:53:44 -0700 

Hi there Patrick.  I needed to do the same thing in my pycryptopp  
project [1] -- to generate an ECDSA key pair deterministically from a  
seed.  Here is the ticket for this feature request: [2].

Here's the relevant source code from what I did.  It has not yet been  
committed to pycryptopp trunk.  I intend at some point to publicize  
this, request comments from other experts, submit patches to get such  
a thing included in Crypto++ itself, and write unit tests with test  
vectors.

Regards,

Zooko

[1] http://allmydata.org/trac/pycryptopp
[2] http://allmydata.org/trac/pycryptopp/ticket/2
---
http://allmydata.org -- Tahoe, the Least-Authority Filesystem
http://allmydata.com -- back up all your files for $5/month

------- begin appended C++ source code
     OID curve;
     Integer grouporder;
     byte privexpbytes[24] = {0};
     Integer privexponent;
     privexponent.Decode(privexpbytes, sizeof(privexpbytes)); assert  
(priveexponent == 0); // just checking..

     curve = ASN1::secp192r1();
     grouporder = DL_GroupParameters_EC<ECP>(curve).GetGroupOrder();
     Tiger t;

     static const byte* TAG_AND_SALT = reinterpret_cast<const byte*>( \
         "102:pycryptopp v0.5.3 key derivation algorithm using Tiger  
hash to generate ECDSA 192-bit secret exponents," \
         "16:H1yGNvUONoc0FD1d," \
         );

     t.Update(TAG_AND_SALT, sizeof(TAG_AND_SALT));
     t.Update(reinterpret_cast<const byte*>(seed), seedlen);
     t.TruncatedFinal(privexpbytes, Tiger::DIGESTSIZE);
     privexponent.Decode(privexpbytes, sizeof(privexpbytes));

     while ((privexponent >= grouporder) || (privexponent == 0)) {
         Tiger t2;
         t2.Update(TAG_AND_SALT, sizeof(TAG_AND_SALT));
         t2.Update(privexpbytes, sizeof(privexpbytes));
         t2.TruncatedFinal(privexpbytes, Tiger::DIGESTSIZE);
         privexponent.Decode(privexpbytes, sizeof(privexpbytes));
     }

     SigningKey* signer = new SigningKey;
     signer->k = ECDSA<ECP, Tiger>::Signer(curve, privexponent);


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to [EMAIL PROTECTED]
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---

Reply via email to