Oops. Secret nonce/seed for blinding for DH and ElGamal was 2^x mod p.

However if the group generator is 2, that's precisely the public key, which is hardly secret at all. Instead use y^x mod p, which while a little dubious in terms of mathematical structure is probably OK after being hashed through SHA-512 with some high resolution timestamps.
author: lloyd <[email protected]> 2010-03-09 14:14:31 +0000
committer: lloyd <[email protected]> 2010-03-09 14:14:31 +0000
commit: 358769448aae3200da3d56055d253f63a02be6bf (patch)
tree: fd1f2222c1c4b5f8b3ef462526e08b87f1c50509 /src/pubkey/dh
parent: 339c10806c2011c3fc0075b9d4d20895fc6cd313 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp
index b491be7bc..1a6c6986d 100644
--- a/src/pubkey/dh/dh.cpp
+++ b/src/pubkey/dh/dh.cpp
@@ -78,7 +78,7 @@ MemoryVector<byte> DH_PrivateKey::public_value() const
 DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) :
    p(dh.group_p()), powermod_x_p(dh.get_x(), p)
    {
-   BigInt k = Blinder::choose_nonce(powermod_x_p(2), p);
+   BigInt k = Blinder::choose_nonce(powermod_x_p(dh.get_y()), p);
    blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p);
    }
author	lloyd <[email protected]>	2010-03-09 14:14:31 +0000
committer	lloyd <[email protected]>	2010-03-09 14:14:31 +0000
commit	358769448aae3200da3d56055d253f63a02be6bf (patch)
tree	fd1f2222c1c4b5f8b3ef462526e08b87f1c50509 /src/pubkey/dh
parent	339c10806c2011c3fc0075b9d4d20895fc6cd313 (diff)