IETF Logo Mail Archive

Re: Suggested changes for DSA2

Ben Laurie <ben@algroup.co.uk> Sun, 26 March 2006 15:09 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNWrk-0002IR-IE for openpgp-archive@lists.ietf.org; Sun, 26 Mar 2006 10:09:16 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FNWrj-0003oC-6G for openpgp-archive@lists.ietf.org; Sun, 26 Mar 2006 10:09:16 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2QEmdP7028514; Sun, 26 Mar 2006 07:48:39 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2QEmdkD028513; Sun, 26 Mar 2006 07:48:39 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.links.org (mail.links.org [217.155.92.109]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2QEmcOI028507 for <ietf-openpgp@imc.org>; Sun, 26 Mar 2006 07:48:38 -0700 (MST) (envelope-from ben@algroup.co.uk)
Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 7D10033C1C; Sun, 26 Mar 2006 15:48:37 +0100 (BST)
Message-ID: <4426A94F.6050806@algroup.co.uk>
Date: Sun, 26 Mar 2006 15:46:39 +0100
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: Hal Finney <hal@finney.org>
CC: dshaw@jabberwocky.com, ietf-openpgp@imc.org
Subject: Re: Suggested changes for DSA2
References: <20060324202142.8E06257FAE@finney.org>
In-Reply-To: <20060324202142.8E06257FAE@finney.org>
X-Enigmail-Version: 0.93.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228

Hal Finney wrote:
>     DSA signatures MUST use hashes that are equal to or larger than the
>     size of q, the group generated by the DSA key's generator value.
>     If the chosen hash is larger than the size of q, the hash result
>     is truncated to fit by taking a number of leftmost bits equal to
>     the number of bits in q.  This (possibly truncated) hash function
>     result is treated as a number and used directly in the DSA signature
>     algorithm.
> 
> Note that this truncation (or non-truncation) could still leave the
> hash as bigger than q, but that is OK as the signature and validation
> algorithms will either explicitly or implicitly take it mod q as it
> is used.  So I don't think we have to tell them to take it mod q.

Not sure what you mean by this - the point is that the hash should end
up with the same number of bits as q.

BTW, I don't believe truncation is actually required mathematically, but
it is presumably more efficient to truncate.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

v2.23.0 | Report a Bug | By Email