[tahoe-dev] [pycryptopp] #13: DSA "semi-private"/intermediate keys
pycryptopp
trac at allmydata.org
Wed May 13 05:26:56 PDT 2009
#13: DSA "semi-private"/intermediate keys
------------------------+---------------------------------------------------
Reporter: warner | Owner:
Type: enhancement | Status: new
Priority: major | Version: 0.5.1
Keywords: | Launchpad_bug:
------------------------+---------------------------------------------------
Comment(by swillden):
Replying to [comment:2 warner]:
> So I think that Shawn's concern is that the range of "y" is reduced
(perhaps
> by 1.0 or 0.5 bits), and therefore the range of the {{{x*y}}} signing
key
> will be reduced, weakening the security of the system.
My concern is that {{{x*y mod q}}} is not uniformly distributed, even if x
and y are uniformly distributed. I think, though that I may be
incorrectly assuming the product is modulo q, since I don't see that in
the paper. If the signing key is {{{x*y}}}, not {{{x*y mod q}}}, then my
whole analysis was misguided.
--
Ticket URL: <http://allmydata.org/trac/pycryptopp/ticket/13#comment:3>
pycryptopp <http://allmydata.org/trac/pycryptopp>
Python bindings for the Crypto++ library
More information about the tahoe-dev
mailing list