Re: DSS/DSA
From: Anton Stiglic (stiglic_at_cs.mcgill.ca)
Date: 03/17/04
- Next message: AE: "Re: Unbreakable Encryption ? Scenarios - What encryption method would be best?"
- Previous message: Valerio: "Re: new idea for symmetric cryptography"
- In reply to: Atom 'Smasher': "DSS/DSA"
- Next in thread: DJohn37050: "Re: DSS/DSA"
- Reply: DJohn37050: "Re: DSS/DSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Mar 2004 14:21:07 -0500
They came up with a new standard for hashing:
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf
with larger outputs.
I'm expecting they will come up with a new DSS standard that uses a larger
prime
modulus and one of these new hash algorithms.
For hash functions, you sometimes need to consider the birthday paradox.
For a
given x, I can find x' different from x, such that H(x) = H(x') in
2^hash_length
work factor, where hash_length is the length in bits of the ouput of the
hash function
(160 for SHA1). But I can find two arbitrary inputs, x and x', such that
H(x) = H(x'),
in 2^(hash_length / 2) work factor, with good probability. That would be
2^80 for SHA1.
So it depends how you are using your hash function.
In the analyses of DSA, you need to consider discrete log on the subgroup of
size
2^160, which can be done in 2^80 work factor.
--Anton
- Next message: AE: "Re: Unbreakable Encryption ? Scenarios - What encryption method would be best?"
- Previous message: Valerio: "Re: new idea for symmetric cryptography"
- In reply to: Atom 'Smasher': "DSS/DSA"
- Next in thread: DJohn37050: "Re: DSS/DSA"
- Reply: DJohn37050: "Re: DSS/DSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
