c# - Custom Asymmetric Cryptography Algorithm -

-

i want use asymmetric cryptography algorithm, need have short key size(not rsa @ least 384). need around 20. possible?

there several ways have short key size.

1. rsa

a rsa public key consists in big number n (the "modulus") , (usually small) number e (the public exponent). e can small 3, , in closed setup (where control key generation) can force use of conventional e, same everybody. typical size n 1024 bits (i.e. 128 bytes).

n product of 2 prime numbers (n = p*q). knowledge of p , q sufficient rebuild private key (nominally value d multiplicative inverse of e modulo p-1 , q-1). assuming n known, knowledge of p alone sufficient (if know n , p, can compute q simple division). proper security, p , q should have similar sizes, taking smaller of two, still need store 512 bits or -- that's 64 bytes).

it has been suggested select small d (the "private exponent"). makes e random, hence large; can no longer use conventional small value e. doubles public key size. also, forcing small d can make key weak (it has been shown case when size of d no more 29% of size of n, not prove in way d of 30% size of n safe). considered bad idea.

2. dsa / diffie-hellman

dsa digital signature algorithm. diffie-hellman key exchange algorithm. both "asymmetric cryptographic algorithms" , use 1 or other, or both, depending on needs. in both cases, there public mathematical group (numbers modulo big prime number p basic dsa , dh; elliptic curve variants use elliptic curve group); public key group element, , private key discrete logarithm of element relatively conventional generator. in other words, prime p , number g modulo p given (they can shared key holders, even); private key number x corresponding public key y = gx mod p. private key chosen modulo small prime q. q known , must large enough defeat generic discrete logarithm algorithms; in practice, want 160-bit or more q.

this means private key fits in 20 bytes. that's not 20 decimal digits, closer.

3. cryptographic algorithm

when generate key pair, with:

  1. a deterministic procedure;
  2. a source of random bits.

for instance, rsa, generate p , q creating random odd numbers of right size , looping until prime number found. given random source, whole process deterministic: given same random bits, find same primes p , q.

hence can develop prng seeded secret key k , use random source key generation process. whenever need private key, run key generation process again, using k input. , voilà! private key, 1 need store, k.

with rsa, makes private key usage quite expensive (rsa key generation not easy). however, dsa / diffie-hellman, inexpensive: private key random number modulo q (the group order) can generated less cost using private key digital signature or asymmetric key exchange.

this leads following procedure:

  • the "private key", stored, k.
  • the group parameters dsa / diffie-hellman hardcoded in application; uses same group , not problem. group order q, known prime of @ least 160 bits. if use elliptic curve variant, q property of curve, hence given.
  • when need sign or perform key exchange (key exchange used emulate asymmetric encryption), compute sha-512(k), yields 512-bit sequence. take first half (256 bits), interpret number (with big-endian or little-endian convention, wish, provided use same convention), , reduce modulo q private dsa key. similarly, use second half of sha-512 output private dh key.

the key generation biased not imply security trouble. note if need dsa key and dh key, can use same group should not use same private key (hence use of both halves of sha-512 output).

how big should k ? hash function such sha-512, k can arbitrary sequence of bits. however, k should wide enough defeat exhaustive search. 1024-bit rsa key, or 1024-bit dsa modulus (the p modulus dsa), provide security level equivalent 80-bit symmetric key. similarly, 160-bit group order dsa/dh provides same level. 80 bits not much; cannot go lower if want taken seriously. means k should chosen among space of @ least 280 possible keys; in other words, if k selected uniformly random bytes, must @ least 10 bytes long. decimal digits, need @ least 24 digits. below intrinsically weak, , that's unavoidable.

standard warning: if of above not obvious or crystal clear you, not think implementing it. implementation of cryptographic algorithm tricky, since deadliest errors cannot tested (it not because program runs , appears work not contain security weaknesses).


Comments

Post a Comment

Popular posts from this blog

c++ - Convert big endian to little endian when reading from a binary file -

-
this question has answer here: how convert between big-endian , little-endian values in c++? 28 answers i've been looking around how convert big-endian little-endians. didn't find solve problem. seem there's many way can conversion. anyway following code works ok in big-endian system. how should write conversion function work on little-endian system well? this homework, since systems @ school running big-endian system. it's got curious , wanted make work on home computer also #include <iostream> #include <fstream> using namespace std; int main() { ifstream file; file.open("file.bin", ios::in | ios::binary); if(!file) cerr << "not able read" << endl; else { cout << "opened" << endl; int i_var; double d_var; while(!file.eof()) {...
Read more

C#: Application without a window or taskbar item (background app) that can still use Console.WriteLine() -

-
i'm trying create application adheres following: no taskbar no console or form window can utilize console.writeline() . (i.e. if executes app command prompt write console.) the problem if create windows form (or wpf) application can have there no taskbar, console or window show up, console.writeline() nothing. if create console app, writes console, can't figure out how hide (and if did hide it, write command prompt window?)... how do this? just create standard console application. callers responsibility hide window caused program (from how run c# console application console hidden ): system.diagnostics.processstartinfo start = new system.diagnostics.processstartinfo(); start.filename = dir + @"\myprocesstostart.exe"; start.windowstyle = system.diagnostics.processwindowstyle.hidden;
Read more

unicode - Are email addresses allowed to contain non-alphanumeric characters? -

-
i'm building website using `django. website have significant users non-english speaking countries. i want know if there technical restrictions on types of characters email address contain. are email addresses allowed contain english alphabets, numbers, "_", "@" , "."? are allowed contain non-english alphabets "é" or "ü"? are allowed contain chinese or japanese or other unicode characters? email address consists of 2 parts local before @ , domain goes after. rules these parts different: for local part can use ascii: latin letters - z - z digits 0 - 9 special characters !#$%&'*+-/=?^_`{|}~ dot ., not first or last, , not in sequence space , "(),:;<>@[] characters allowed restrictions (they allowed inside quoted string, backslash or double-quote must preceded backslash) plus since 2012 can use international characters above u+007f , encoded as utf-8 . domain part more res...
Read more