[13179] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: The Pure Crypto Project's Hash Function

daemon@ATHENA.MIT.EDU (Ralf Senderek)
Sun May 4 09:51:05 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 4 May 2003 08:29:20 +0200 (CEST)
From: Ralf Senderek <ralf@senderek.de>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <kjwuh7eq85.fsf@romeo.rtfm.com>

On 3 May 2003, Eric Rescorla wrote:

> Can you explain every single line of the modular exponentiation
> routine you're using?

Yes, of course I can, otherwise the Pure Crypto Project would lack its
second most important feature, clarity, security being the most important.
Fortunately I have to explain only 10 lines of code:

          def ModExp (Base, Exp, Mod):
                Hash = 1
                X = Exp
                Factor = Base

                while X > 0 :
                      Remainder = X % 2
                      X = X / 2
                      if Remainder == 1:
                               Hash = Hash * Factor % Mod
                      Factor = Factor * Factor %  Mod
                return Hash


I have explained this sucessfully even to 18 year olds who wanted to
learn about computer security. I will explain off-list on request.

> Every single line of the compiler you're
> using to compile the code?

No, I cannot. As I'm using bare multiplication and addition of long
integers, I cannot rule out the possibility that the Python-interpreter
executes some malicous code when multiplying x and y. But I don't have
any reason to assume that.


> The amount of math you would need to demonstrate the security
> or insecurity of your hash algorithm is incredibly prohibitive,
> and vastly larger than the amount of effort required to analyze the
> C code in SHA-1.

I'm not sure, primes sometimes make an argument simple, please read
my remarks on security.


Ralf.


*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
* Ralf Senderek  <ralf@senderek.de> http://senderek.de  * What is privacy *
* Sandstr. 60   D-41849 Wassenberg  +49 2432-3960       *     without     *
* PGP: AB 2C 85 AB DB D3 10 E7  CD A4 F8 AC 52 FC A9 ED *   Pure Crypto?  *
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
home help back first fref pref prev next nref lref last post