#13: DSA "semi-private"/intermediate keys
------------------------+---------------------------------------------------
Reporter: warner | Owner:
Type: enhancement | Status: new
Priority: major | Version: 0.5.1
Keywords: | Launchpad_bug:
------------------------+---------------------------------------------------
Comment(by swillden):
Replying to [comment:2 warner]:
> So I think that Shawn's concern is that the range of "y" is reduced
(perhaps
> by 1.0 or 0.5 bits), and therefore the range of the {{{x*y}}} signing
key
> will be reduced, weakening the security of the system.
My concern is that {{{x*y mod q}}} is not uniformly distributed, even if x
and y are uniformly distributed. I think, though that I may be
incorrectly assuming the product is modulo q, since I don't see that in
the paper. If the signing key is {{{x*y}}}, not {{{x*y mod q}}}, then my
whole analysis was misguided.
--
Ticket URL: <http://allmydata.org/trac/pycryptopp/ticket/13#comment:3>
pycryptopp <http://allmydata.org/trac/pycryptopp>
Python bindings for the Crypto++ library
_______________________________________________
tahoe-dev mailing list
[email protected]
http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
