Re: Order question
From: Peter Fairbrother (zenadsl6186_at_zen.co.uk)
Date: 04/30/04
- Next message: David Wagner: "Re: Help needed with a proof..."
- Previous message: Mok-Kong Shen: "Re: Algorithm to generate prime number from fix SERIAL"
- In reply to: Michael Scott: "Re: Order question"
- Next in thread: An Metet : "Re: Order question"
- Reply: An Metet : "Re: Order question"
- Reply: Michael Amling: "Re: Order question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Apr 2004 23:14:45 +0100
Michael Scott wrote:
>> Next question. Can you simply show that the subgroup of order q is the
> same
>> group as the group of QR's? I've done this before, but I lost it.
>>
>
> Because an element x is a QR iff x^[(p-1)]/2 =1, that is iff x^q=1. And such
> values of x are, evidently, of order q
>
Wow, that was quick. Probably not what I had in mind, but it'll do. Thanks.
And yet another question, if no-one minds (I'm doing some final revision to
a paper, and polishing up the obiter dictae. Brain's not in full-function
mode, so I'm concentrating on the new bits, and I do appreciate the help
with the known stuff):
A typical DH with optimisation will have p = mq+1, and use a generator of
the subgroup of order q. Are there any security implications to using a q of
the usual say 160 bits size, but with small Hamming weight?
Thanks
-- Peter Fairbrother
- Next message: David Wagner: "Re: Help needed with a proof..."
- Previous message: Mok-Kong Shen: "Re: Algorithm to generate prime number from fix SERIAL"
- In reply to: Michael Scott: "Re: Order question"
- Next in thread: An Metet : "Re: Order question"
- Reply: An Metet : "Re: Order question"
- Reply: Michael Amling: "Re: Order question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
