aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey/elgamal/elgamal.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-03-08 19:39:38 +0000
committerlloyd <[email protected]>2010-03-08 19:39:38 +0000
commitbd79f42e733a1119033f049effdd341916f38c62 (patch)
treec0d8a065e0b5e8106364bd355a5618d28627b0de /src/pubkey/elgamal/elgamal.cpp
parent868c7f7d9c306e6e15d24f2b32e529aa1956516e (diff)
Add back in blinding to RSA, RW, ElGamal, and DH.
There are multiple unsatisfactory elements to the current solution, as compared to how blinding was previously done: Firstly, blinding is only used in the baseline implementations; the code using OpenSSL and GMP is not protected by blinding at all. Secondly, at the point we need to set up blinding, there is no access to a PRNG. Currently I am going with a quite nasty solution, of using a private key parameter to seed a simple PRNG constructed as: SHA-512(TS1 || private_key_param || public_key_param || TS2) I really want to fix both of these elements but I'm not sure how to do so easily.
Diffstat (limited to 'src/pubkey/elgamal/elgamal.cpp')
-rw-r--r--src/pubkey/elgamal/elgamal.cpp9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp
index fe83b3b2b..b2ffe36f3 100644
--- a/src/pubkey/elgamal/elgamal.cpp
+++ b/src/pubkey/elgamal/elgamal.cpp
@@ -117,6 +117,9 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private
powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p);
mod_p = Modular_Reducer(p);
+
+ BigInt k = Blinder::choose_nonce(key.get_x(), p);
+ blinder = Blinder(k, power_mod(k, key.get_x(), p), p);
}
SecureVector<byte>
@@ -135,7 +138,11 @@ ElGamal_Decryption_Operation::decrypt(const byte msg[], u32bit msg_len) const
if(a >= p || b >= p)
throw Invalid_Argument("ElGamal decryption: Invalid message");
- return BigInt::encode(mod_p.multiply(b, inverse_mod(powermod_x_p(a), p)));
+ a = blinder.blind(a);
+
+ BigInt r = mod_p.multiply(b, inverse_mod(powermod_x_p(a), p));
+
+ return BigInt::encode(blinder.unblind(r));
}
}