Hi Wei,
Below is ValidateGroup for MODP (gfpcrypt.cpp:115). Forgive my
ignorance, but shouldn't the code make sure the generator and group
order are good "as a whole"? Something like:
Integer v = ModularExponentiation(g, q, p);
if(v != Integer::One())
throw runtime_error("Failed to verify order of the subgroup");
I have total trust in Crypto++ generated parameters. But it seems like
"GetGroupOrder() % q" is not sufficient if the keys were imported via
Initialize(p, q, g).
Jeff
bool DL_GroupParameters_IntegerBased::ValidateGroup(
RandomNumberGenerator &rng,
unsigned int level) const
{
const Integer &p = GetModulus(), &q = GetSubgroupOrder();
bool pass = true;
pass = pass && p > Integer::One() && p.IsOdd();
pass = pass && q > Integer::One() && q.IsOdd();
if (level >= 1)
pass = pass && GetCofactor() > Integer::One() &&
GetGroupOrder() % q == Integer::Zero();
if (level >= 2)
pass = pass && VerifyPrime(rng, q, level-2) &&
VerifyPrime(rng, p, level-2);
return pass;
}
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
