Skip to main content

Posts

Showing posts from July, 2018

Micali-Schnorr Generator (MS-DRBG) Part III - Zero Knowledge Proof Wanted!!

See  also Part I and Part II   of this series This is going to be a short blog post about the (in)famous Micali-Schnorr  Random Number Generator (MS-DRBG). See Part I and Part II   of this series  for more information about this topic. WHO: NIST published the specification for Micali-Schnorr  Random Number Generator (MS-DRBG) in NIST Special Publication 800-90 ISO 18031.  Along with the explanation of the core algorithm the documents contains the specification's moduli with the claim to be of the form  n = pq with p = 2p1 + 1 , q = 2q1 + 1 , where p1 and q1 are ( lg(n)/2 – 1 )-bit primes. N.B. a prime of the form p = 2p1 + 1 where p1 is also a prime goes under the name of Safe Prime and they are often used in cryptography for both RSA and DH. WHAT: Now we can look at the NIST Special Publication 800-90 ISO 18031's moduli and simply believe that those modulis are of the claimed form but maybe is not a great idea (see the WHY section). Go