Key Pair Agreement?
Anton Stiglic
astiglic at okiok.com
Tue Jan 21 09:49:59 EST 2003
> I do not know what the proper terminology is to discuss this. Assuming
> there is none, I will call the solution Key Pair Agreement.
Call it kosherized public key generation. Kosherization is not a term often
used in theoretical cryptography, but it is often used in practice
> It would seem that the DSA key structure facilitates this:
>
> 1. Scott sends SEED1 to Alice.
> 2. Alice picks a random number SEED2.
> 3. Alice sets SEED=SHA1(SEED1 || SEED2).
> 4. Alice generates a set of DSA parameters P, Q, G using the
> algorithm in Appendix 2, FIP-186-2.
> 5. Alice generates a key pair (x,y) using the parameters from (4).
> 6. Alice sends SEED2, counter, P, Q, G, y to Scott.
> 7. Scott generates P', Q', G' based on SEED=SHA1(SEED1 || SEED2),
> counter, and compares them to P, Q, G.
Hold on, what you have kosherized is the public parameters of DSA, but
you haven't really kosherized the public key, y (IINM).
Given P, Q, G (chosen by say Scott, or kosherized by Alice), Alice could
come
up with a cooked-up public key y.
It would seem difficult to impose some structure on y, since Scott will want
to
choose a random x, in which case G^y % P will look random.
This is different from RSA, where the public key is the pair e, N, e can be
set
to 3, and you can impose some structure on N (as Wagner pointed out).
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list