Re: RSA moduli sizes
- From: tom@xxxxxxx
- Date: Tue, 31 Mar 2009 06:13:53 -0700 (PDT)
On Mar 31, 8:51 am, Thomas Pornin <por...@xxxxxxxxx> wrote:
According to <t...@xxxxxxx>:
The reality is "bit string" is just a representation, and not
representative of how the information is to be used.
It still pays off to remember that conversions may lose information.
When you convert a bit string into an integer, information on how many
leading zero bits there were is lost, and cannot be recovered.
This means that you really should not think about AES keys as integers.
Conversely, you should not think about RSA keys as bit strings either.
They really live in different worlds.
I disagree, they're implicit. AES *uses* keys as 32-bit words. If I
told you my AES key was say {1,2,3,4} and those were 32-bit words,
then you could infer from that that the 128-bit string would be [in
hex] 00000001000000020000000300000004. No zeroes were lost because
you know they're 32-bit words, so you can reconstruct the redundant
encoding at will.
Similarly, by most conventions if you tried to store a 1023-bit
modulus it'd be stored in 1024 bits with the leading bit zero. Sure
*additional* bits would be lost, but if your convention was to
represent all integers by say 2048-bit strings, then you can
reconstruct the bits at will.
The fact that we treat AES keys as 16, 24, 32-byte strings is merely
convention. You could view them as 128, 192, 256 bit integers if you
pleased, and I could strip off [or add] as many leading zeros as I
pleased. If I told you my 128-bit AES key was 5, you'd know it's
actually a whole slew of zeros followed by a 5. It's 100% entirely
arbitrary and a trivial distinction to make.
The AES key schedule is presented as taking a bit string, and
converting it to 32-bit words which are then processed to make round
keys. But you could just as easily [and correctly] write up an AES
key schedule that takes decimal notation for keys, or heck even
base64. Provided you had an function that maps 32-bit words into your
representation and back it's makes no never mind whatsoever. The fact
that the AES designers chose bit strings is more a matter of
convention than actual mathematical need.
An RSA modulus can be thought of as a bit-string, where only certain
bit strings are valid. Kinda like DES, where strictly speaking the
weak keys are NOT VALID KEYS. Is DES therefore not defined as taking
bit-strings as keys?
Not looking to pick a fight here, but this really is a nonsense issue
to debate. Representation does not change meaning. The medium is not
the message in this case.
Tom
.
- References:
- RSA moduli sizes
- From: K. Jennings
- Re: RSA moduli sizes
- From: tom
- Re: RSA moduli sizes
- From: Thomas Pornin
- Re: RSA moduli sizes
- From: tom
- Re: RSA moduli sizes
- From: Thomas Pornin
- RSA moduli sizes
- Prev by Date: Re: RSA moduli sizes
- Next by Date: Re: do you get frustrated when people say random instead of pseudorandom?
- Previous by thread: Re: RSA moduli sizes
- Next by thread: Re: RSA moduli sizes
- Index(es):
Relevant Pages
|
Loading
