[1478] in cryptography@c2.net mail archive
Re: Speeding up DH
daemon@ATHENA.MIT.EDU (Phil Karn)
Sat Sep 13 13:25:03 1997
Date: Sat, 13 Sep 1997 02:16:30 -0700 (PDT)
From: Phil Karn <karn@qualcomm.com>
To: colin@nyx.net
CC: cryptography@c2.net, stewarts@ix.netcom.com, karn@qualcomm.com
In-reply-to: <199709121023.EAA17770@nyx10.nyx.net> (message from Colin Plumb
on Fri, 12 Sep 1997 04:23:57 -0600 (MDT))
>The Photuris criteria (that's the one with the 64 msbs and lsbs set to
>1, isn't it?) are nice, and I might have used them if I'd though of it,
>but I wanted to have a few published criteria and then use a one-way
>function to document the lack of hidden properties in the primes
>chosen. The furthest out on a limb I went was to set the two msbs to 1,
The DH moduli I generated for Photuris a while back used random() to
generate a random starting point, and then searched forward from that
point using an overlaid sieve to find the first prime p for which
(p-1)/2 was also prime. I suppose it would have been better to pick an
"open" starting point, but I didn't know that it was possible to pick
a "devious" DH moduli -- is it?
I didn't manually set any bits, other than to make the msb and lsb both 1 :-).
Phil
