[7530] in cryptography@c2.net mail archive
Re: Elgamal
daemon@ATHENA.MIT.EDU (John Kelsey)
Sat Jul 22 12:24:42 2000
Message-Id: <4.1.20000721150740.00956850@email.plnet.net>
Message-Id: <4.1.20000721150740.00956850@email.plnet.net>
Date: Fri, 21 Jul 2000 16:11:09 -0500
To: "Steven M. Bellovin" <smb@research.att.com>,
"Simon Aronson" <sip99sma@rdg.ac.uk>
From: John Kelsey <kelsey.j@ix.netcom.com>
Cc: cryptography@c2.net
In-Reply-To: <20000720023721.26A0635DD1@smb.research.att.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
-----BEGIN PGP SIGNED MESSAGE-----
At 10:37 PM 7/19/00 -0400, Steven M. Bellovin wrote:
>The important thing is that the random number really has to be
>random and unguessable.
There was a clever trick for doing signatures like this without a
random number generator, using the one way hash function and the
private key only. I am away from my library right now, so I can't
look up the reference, but the gist of the idea is:
r = hash(hash(private key),hash(message))
and then expand r to the necessary length by one of the standard
mechanisms, e.g.
r0 = hash(0,r)
r1 = hash(1,r)
...
r_n = hash(n,r)
The idea is that if the hash has some nice pseudorandomness
properties and is really one-way, we get everything we need from r
(or r0,r1,...,r_n) without a random number generator.
> --Steve Bellovin
- --John Kelsey, kelsey@counterpane.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
Comment: foo
iQCVAwUBOXi8YyZv+/Ry/LrBAQG/vwP9FobkadCISdMVYvJrXyqy0wl8KUQ7tBI9
GRN65CO0AFGYj22gydrTOMvnrVYO8x126h8vhMn3lo5+gXG7XeWeCszojeoUOC57
zR2/IuYMbKTnZ9vjK9RG0OoR1lwmY12wOQjeOhELZuy+5Fc6xd9HCwpcpxG2tyUW
XDWv23YwC4k=
=g34l
-----END PGP SIGNATURE-----
