diff options
author | lloyd <[email protected]> | 2010-03-09 14:14:31 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-03-09 14:14:31 +0000 |
commit | 358769448aae3200da3d56055d253f63a02be6bf (patch) | |
tree | fd1f2222c1c4b5f8b3ef462526e08b87f1c50509 | |
parent | 339c10806c2011c3fc0075b9d4d20895fc6cd313 (diff) |
Oops. Secret nonce/seed for blinding for DH and ElGamal was 2^x mod p.
However if the group generator is 2, that's precisely the public key,
which is hardly secret at all.
Instead use y^x mod p, which while a little dubious in terms of
mathematical structure is probably OK after being hashed through
SHA-512 with some high resolution timestamps.
-rw-r--r-- | src/pubkey/dh/dh.cpp | 2 | ||||
-rw-r--r-- | src/pubkey/elgamal/elgamal.cpp | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index b491be7bc..1a6c6986d 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -78,7 +78,7 @@ MemoryVector<byte> DH_PrivateKey::public_value() const DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) : p(dh.group_p()), powermod_x_p(dh.get_x(), p) { - BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(dh.get_y()), p); blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index b9c4803f3..3ae0f5aae 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -118,7 +118,7 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p); mod_p = Modular_Reducer(p); - BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(key.get_y()), p); blinder = Blinder(k, powermod_x_p(k), p); } |