Hi Zooko, > One of my earlier notes on this subject to this > list, [2], says that I experimented with... > ... > So, I ask everyone, what is the simplest efficient way > to take a secret 96-bit input, and produce an output > between [1, n) ... sci.crypt is probably better equipped to answer the question. There are quite a few PhDs and consultants who are active in the group.
Jeff On 3/3/09, zooko <[email protected]> wrote: > > On Feb 24, 2009, at 10:39 AM, Wei Dai wrote: > > > CTR_Mode<AES> should also work, but there's a bug (which will be > > fixed soon) that makes the RandomNumberGenerator interface > > inaccessible. > > So a CTR_Mode<AES> instance can be passed as an argument of type RNG > starting with Crypto++ v5.6? > > I am about to implement "deterministic generation of private key from > small seed" [1] for Tahoe, so I need to come up with a function that > takes an input of 96 bits and produces a 192-bit ECDSA private key. > I'm going to have to support this functon forever (approximately) for > backwards-compatibility reasons. I would really like the next > release of Tahoe to be compatible with older Crypto++ versions. Also > I would really like for this function to be as simple and clear as > possible so that I can easily explain to other people how to > implement it compatibly. > > My current code to do this is below (and I've earlier posted it to > this list: [2]), but I'm not entirely satisfied with it because it > seems rather ad-hoc. One of my earlier notes on this subject to this > list, [2], says that I experimented with using X917RNG with a > customization of Salsa20 to pretend that it has a block size of 32. > > So, I ask everyone, what is the simplest efficient way to take a > secret 96-bit input, and produce an output between [1, n) such that > > a) if you know the 96-bit secret and use this algorithm, you always > get the same output, and > b) if you don't know the 96-bit secret, you can't learn anything > about the output > > Unless I, or someone, can think of a problem with this way to do it, > or can propose a better way to do it, then I guess I'm going to > proceed with this and then I'll be committed to maintaining it for a > while. > > Regards, > > Zooko > > [1] http://allmydata.org/trac/pycryptopp/ticket/2 # deterministic > generation of private key from small seed > [2] http://groups.google.com/group/cryptopp-users/browse_thread/ > thread/f30427601a5884f6 > [3] http://groups.google.com/group/cryptopp-users/msg/c1041e508c8d8705 > > [SNIP] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
