The Pure Crypto Project's Hash Function

Ralf Senderek ralf at senderek.de
Sun May 4 05:06:59 EDT 2003


On Sun, 4 May 2003, Bill Stewart wrote:

> It's also not clear whether the Public Key Modulus you're using
> is the modulus of the sender or recipient of a message,
> or what to do if you're signing something and encrypting it.

PCP uses the hash for signatures, so the modulus of my signignkey is used,
the recipient needs to have my signingkey to verify. If he doesn't have
the right one he cannot even do that and that is fine.


> Comment 3 - Is the Modexp implementation you're using dependent on the
> first parameter being less than the prime?
> If so, you've got a high probability of overflow and need to do
> (mod(Hi+Ho), Prime) instead of (Hi+H0).

I'v given the code of ModExp in a different posting, no, there is no
overflow, only a "slightly bigger base" to be processed.


> Comment 4 - The output isn't evenly distributed.  It's always < Prime.

Thats what I wanted, the Prime gives the upper bound of hash values.
I took the prime from the RSA-155 challenge (512 bit), the second factor,
with factoring results in August 1999. As far as I can see from my
analysis there is no reason to assume, that the hash does not scatter
its output properly.

Thank you for your comments.

Ralf.



*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
* Ralf Senderek  <ralf at senderek.de> http://senderek.de  * What is privacy *
* Sandstr. 60   D-41849 Wassenberg  +49 2432-3960       *     without     *
* PGP: AB 2C 85 AB DB D3 10 E7  CD A4 F8 AC 52 FC A9 ED *   Pure Crypto?  *
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list