GDSA: Bit length of private key

[Ingo Naumann]

Hi Wei and All,

I am experiencing problems with DSA key generation. For some reasons,
when I select the pair (2048 bit, 256 bit) as parameter size, only the
prime divisor q is of 256 bit, but the private key (x) is of 224 bit.
The other three values are ok. It does work properly with the other
two "long" combinations (3072 bit, 256 bit) and (2048 bit, 224 bit),
as specified by FIPS 186-3, chapter 4.2.

See code and example below.

Any clues? Is that a bug in the library or am I missing something?

Ingo

Source:

        CryptoPP::AutoSeededRandomPool rng;
        CryptoPP::GDSA<CryptoPP::S (see below)>::Signer GDSAprKey;
        // Generate Private Key
       GDSAprKey.AccessKey().GenerateRandom(rng,
CryptoPP::MakeParameters(CryptoPP::Name::M
odulusSize(), L)(CryptoPP::Name::SubgroupOrderSize(), N));

Table:

S: SHA1

L: 1024, N: 160 -- q:  bits, x:  bits

S: SHA224

L: 2048, N: 224 -- q: 224 bits, x: 224 bits
L: 2048, N: 256 -- q: 256 bits, x: 224 bits (!)
L: 3072, N: 256 -- q: 256 bits, x: 256 bits

S: SHA256

L: 2048, N: 256 -- q: 256 bits, x: 224 bits (!)
L: 3072, N: 256 -- q: 256 bits, x: 256 bits

Key (S=SHA256, L=2048, N=256):

30 : SEQUENCE (Length: 0x261)
 02 : Integer (Length: 0x01)
      00
 30 : SEQUENCE (Length: 0x239)
  06 : Object Identifier (OID): 1.2.840.10040.4.1 dsa
  30 : SEQUENCE (Length: 0x22C)
   02 : Integer (Length: 0x101)
        00
        AF A3 1E F2 96 B6 2B 67 FB BA 25 E3 CB F4 AC C0 A1 65 37 32
        28 0E 79 82 7B DD D3 A4 21 09 99 5F F8 BB 19 4F 5E 26 CB F4
        6A 55 B0 D1 CF BE B7 73 47 16 90 76 A8 88 1E 0B 47 C1 68 58
        E7 E7 75 33 BC 2B 5F 34 38 C0 60 0B B1 62 5A 4D 44 CB 62 BA
        [0xB0 bytes skipped.]
   02 : Integer (Length: 0x21)
        00
        A1 FA 6E 89 04 90 F7 8C 26 69 69 EB 5E 57 01 B8 1A 8C 76 E9
        E7 6E F8 B6 64 AE F2 B5 2F C1 E2 D7
   02 : Integer (Length: 0x100)
        0C 8E 25 A6 59 FB F6 87 6D 04 0E CD D3 8B A8 40 AD 49 BC 36
        97 F7 D1 15 83 66 9C CD A5 E9 FD FA 77 50 7D 86 23 CC 37 F0
        71 8B 21 63 24 13 4C 48 A6 2D F9 20 FE F6 49 DE B3 94 C4 93
        CB D4 BD 60 97 DF 8E 11 5B 20 B6 01 EC C6 3F 95 4D 27 F0 35
        [0xB0 bytes skipped.]
 04 : Octet String (Length: 0x1F)
 02 : Integer (Length: 0x1D)
      03 3E 86 6B 8C 09 DD BB 39 01 F6 A3 72 1C 97 F5 47 87 55 DC
      C8 3D 12 14 8E D4 5C F2 9A

-- 
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.