[tahoe-dev] [pycryptopp] #13: DSA "semi-private"/intermediate keys

pycryptopp trac at allmydata.org
Wed May 13 05:26:56 PDT 2009


#13: DSA "semi-private"/intermediate keys
------------------------+---------------------------------------------------
Reporter:  warner       |           Owner:       
    Type:  enhancement  |          Status:  new  
Priority:  major        |         Version:  0.5.1
Keywords:               |   Launchpad_bug:       
------------------------+---------------------------------------------------

Comment(by swillden):

 Replying to [comment:2 warner]:
 > So I think that Shawn's concern is that the range of "y" is reduced
 (perhaps
 > by 1.0 or 0.5 bits), and therefore the range of the {{{x*y}}} signing
 key
 > will be reduced, weakening the security of the system.

 My concern is that {{{x*y mod q}}} is not uniformly distributed, even if x
 and y are uniformly distributed.  I think, though that I may be
 incorrectly assuming the product is modulo q, since I don't see that in
 the paper.  If the signing key is {{{x*y}}}, not {{{x*y mod q}}}, then my
 whole analysis was misguided.

-- 
Ticket URL: <http://allmydata.org/trac/pycryptopp/ticket/13#comment:3>
pycryptopp <http://allmydata.org/trac/pycryptopp>
Python bindings for the Crypto++ library


More information about the tahoe-dev mailing list