Hi, I'm about to implement the DSA algorithm, but there is a problem:
choose "p", a prime number with L bits, where 512 <= L <= 1024 and L is a multiple of 64
How to implement a random generator of that number? Int64 has "only" 63 bits length
+8
A:
You can generate a random number with n bits using this code:
var rng = new RNGCryptoServiceProvider();
byte[] bytes = new byte[n / 8];
rng.GetBytes(bytes);
BigInteger p = new BigInteger(bytes);
The result is, of course, random and not necessarily a prime.
The BigInteger class was introduced in the .NET 4.0 Framework.
For generating large prime numbers, Wikipedia says:
For the large primes used in cryptography, it is usual to use a modified form of sieving: a randomly-chosen range of odd numbers of the desired size is sieved against a number of relatively small odd primes (typically all primes less than 65,000). The remaining candidate primes are tested in random order with a standard primality test such as the Miller-Rabin primality test for probable primes.
So you could do something like this:
var p = Enumerable.Range(0, numberOfCandidates)
.Select(i => RandomOddNumber(bits))
.Where(x => !primesLessThan65000.Contains(x))
.Where(x => PrimalityTest(x))
.FirstOrDefault();
dtb
2010-06-03 12:05:10
@AakashM - Likely enough. Guessing is a good strategy for getting a prime number, not to mention a prime random number.
Kobi
2010-06-03 12:08:15
Why are you dividing by 8? Does that ensure it to be a multiple of 64 ?
Filip Ekberg
2010-06-03 12:12:30
i downvoted because `Random` class is not good for cryptographic purposes. and your quote from wiki gives only slight sense of how to make prime.
Andrey
2010-06-03 12:15:41
@Andrey: edited for more randomness.
dtb
2010-06-03 12:17:34
http://msdn.microsoft.com/en-us/library/system.security.cryptography.randomnumbergenerator(v=VS.100).aspx
Mitch Wheat
2010-06-03 12:18:02
@Filip Ekberg: I'm dividing the number of bits by 8 to get the size of the byte array, because there are 8 bits in a byte.
dtb
2010-06-03 12:18:11
@dtb this is much better. But i think that security is the place where you should not reinvent bicycles and use well proven implementations, because your system might be vulnerable, or algorithm inefficient. i am sure that there are very well done algorithms for key generation for DSA
Andrey
2010-06-03 12:21:11
@Mitch Wheat public **abstract** class RandomNumberGenerator
Andrey
2010-06-03 12:21:43
Of course... :)
Filip Ekberg
2010-06-03 12:21:47
@Henk Holterman: Is `RandomNumberGenerator.Create()` preferable to `new RNGCryptoServiceProvider`?
dtb
2010-06-03 12:25:35
@Andrey: lol! sorry wrong crypto link!! Thanks for pointing out...
Mitch Wheat
2010-06-03 12:33:53
+4
A:
If you are implementing DSA as a homework, or self learning or other educational purpose then you can use small keys, Int64 (or even Int32) will be enough.
If you are writing production code them use DSACryptoServiceProvider and save your time.
Andrey
2010-06-03 12:13:51
I don't see how this adds any value at all to his question? He isn't looking for another way to solve it.. This might just be one of the cases where he needs that type of code, maybe the other use-case wasn't defined here.
Filip Ekberg
2010-06-03 12:15:28
@Filip Ekberg: do not try to guess for asker. he wrote very clear - DSA. May be he doesn't know that there is implementation in .net. People should not implement such critical things unless they are security pros, because their system will be vulnerable. If use case is different - there are all needed classes in .net for security.
Andrey
2010-06-03 12:17:38
@Andrey, I did not "guess" for the asker. I simply point out that You didn't answer anything of what he asked, why would the reason for him doing this matter? If he wants to create this algorithm himself, fine, let him. And you actually don't know if he is a security pro or not, he might just not know the framework well enough to find the BigInteger..
Filip Ekberg
2010-06-03 12:20:49
@Filip Ekberg - yes, i didn't directly answered the question, but gave more general and preferred solution. If he wants to do this for himself he don't need that big keys. if it is for real so he should not do this at all. and i don't think that person asking for such basic things is security pro. i am not one also, but i have some sense. implementing security algorithms for real use it great hole.
Andrey
2010-06-03 12:25:54
@Andrey, you gotta learn it somehow, otherwise, how do we get new pros?
Filip Ekberg
2010-06-03 12:35:00
@Filip Ekberg "you can use small keys, Int64 (or even Int32) will be enough."
Andrey
2010-06-03 12:35:46
Yeah I gathered that, but still, I think this could be left as a comment. :)
Filip Ekberg
2010-06-03 16:47:49