[13208] in cryptography@c2.net mail archive
Re: The Pure Crypto Project's Hash Function
daemon@ATHENA.MIT.EDU (Bill Frantz)
Mon May 5 21:03:57 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <kjwuh7eq85.fsf@romeo.rtfm.com>
Date: Mon, 5 May 2003 16:24:05 -0700
To: EKR <ekr@rtfm.com>, Ralf Senderek <ralf@senderek.de>
From: Bill Frantz <frantz@pwpconsult.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
At 1:21 PM -0700 5/3/03, Eric Rescorla wrote:
>Can you explain every single line of the modular exponentiation
>routine you're using? Every single line of the compiler you're
>using to compile the code?
The need to show that the object code is a correct implementation of the
algorithm described by the source code is a general problem for validating
any kind of code. My approach, and why I have some sympathy for Ralf's
minimum code approach is:
(1) Code the algorithm in assembler.
(2) Explain each instruction as a comment on the instruction.
(3) Run the code thru the assembler
(4) Show that the output of the assembler matches the input, thereby
avoiding the need to prove the assembler.
YMMV!
Note that I fully agree with the many others who are seriously concerned
about the security of new, unexamined algorithms.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Due process for all | Periwinkle -- Consulting
(408)356-8506 | used to be the | 16345 Englewood Ave.
frantz@pwpconsult.com | American way. | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
