aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-03-09 14:14:31 +0000
committerlloyd <[email protected]>2010-03-09 14:14:31 +0000
commit358769448aae3200da3d56055d253f63a02be6bf (patch)
treefd1f2222c1c4b5f8b3ef462526e08b87f1c50509
parent339c10806c2011c3fc0075b9d4d20895fc6cd313 (diff)
Oops. Secret nonce/seed for blinding for DH and ElGamal was 2^x mod p.
However if the group generator is 2, that's precisely the public key, which is hardly secret at all. Instead use y^x mod p, which while a little dubious in terms of mathematical structure is probably OK after being hashed through SHA-512 with some high resolution timestamps.
-rw-r--r--src/pubkey/dh/dh.cpp2
-rw-r--r--src/pubkey/elgamal/elgamal.cpp2
2 files changed, 2 insertions, 2 deletions
diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp
index b491be7bc..1a6c6986d 100644
--- a/src/pubkey/dh/dh.cpp
+++ b/src/pubkey/dh/dh.cpp
@@ -78,7 +78,7 @@ MemoryVector<byte> DH_PrivateKey::public_value() const
DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) :
p(dh.group_p()), powermod_x_p(dh.get_x(), p)
{
- BigInt k = Blinder::choose_nonce(powermod_x_p(2), p);
+ BigInt k = Blinder::choose_nonce(powermod_x_p(dh.get_y()), p);
blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p);
}
diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp
index b9c4803f3..3ae0f5aae 100644
--- a/src/pubkey/elgamal/elgamal.cpp
+++ b/src/pubkey/elgamal/elgamal.cpp
@@ -118,7 +118,7 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private
powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p);
mod_p = Modular_Reducer(p);
- BigInt k = Blinder::choose_nonce(powermod_x_p(2), p);
+ BigInt k = Blinder::choose_nonce(powermod_x_p(key.get_y()), p);
blinder = Blinder(k, powermod_x_p(k), p);
}