On Nov 28, 11:20 am, Vadym Fedyukovych <[email protected]> wrote: > On Sat, Nov 27, 2010 at 08:54:42AM -0800, Jeffrey Walton wrote: > > On Nov 17, 5:34pm, smu johnson <[email protected]> wrote: > > > > Does it take a long time to do DH bignum math (powMod) with sizes higher > > > than 8192 bit prime groups? The RFC spec says it will take an impractical > > > amount of time @http://tools.ietf.org/html/rfc3526, but I am thinking > > > maybe the times have changed with faster computers. > > I believe Crypto++ uses Montgomery, which I think is k(k+1) or k^2. > > You'll spend most of the time looking for the safe prime. > > I'm curious whether a strong prime is the best option here. > It looks rather practical to choose a group of a reasonable order and of > reasonable modulus instead. Agreed. My experience has been that when you ask a crypto library for DH parameter, you get a safe prime (and [nearly] full subgroup order). I don't recall ever seeing a library which generates using Schnorr groups, or even taking the required parameters.
With that said, Crypto++ probably has a way to generate from Schnorr groups. Crypto++'s behavior fro MODP is explained by DL_GroupParameters_GFP_DefaultSafePrime (http://www.cryptopp.com/docs/ ref/dh_8h.html). I image a Schnorr group can be implemented in similar fashion (if not already available). Jeff -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
