Context Navigation

← Previous Change
Ticket Comment History
Next Change →

Changes between Initial Version and Version 1 of Ticket #2, comment 4

Timestamp:: 2011-01-03T08:27:27Z (14 years ago)
Author:: zooko
Comment:

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #2, comment 4

-                      initial
+                      v1
 -------
 I am about to implement "deterministic generation of private key from small seed" [1] for Tahoe, so I need to come up with a function that takes an input of 96 bits and produces a 192-bit ECDSA private key.  I'm going to have to support this functon forever (approximately) for backwards-compatibility reasons.  I would really like the next release of Tahoe to be compatible with older Crypto++ versions.  Also I would really like for this function to be as simple and clear as possible so that I can easily explain to other people how to implement it compatibly.
+ I am about to implement "deterministic generation of private key from small seed" [1] for Tahoe, so I need to come up with a function that takes an input of 96 bits and produces a 192-bit ECDSA private key.  I'm going to have to support this functon forever (approximately) for backwards-compatibility reasons.  I would really like the next release of Tahoe to be compatible with older Crypto++ versions.  Also I would really like for this function to be as simple and clear as possible so that I can easily explain to other people how to implement it compatibly.
 My current code to do this is below (and I've earlier posted it to this list: [2]), but I'm not entirely satisfied with it because it seems rather ad-hoc.  One of my earlier notes on this subject to this list, [2], says that I experimented with using X917RNG with a customization of Salsa20 to pretend that it has a block size of 32.
+ My current code to do this is below (and I've earlier posted it to this list: [2]), but I'm not entirely satisfied with it because it seems rather ad-hoc.  One of my earlier notes on this subject to this list, [2], says that I experimented with using X917RNG with a customization of Salsa20 to pretend that it has a block size of 32.
 So, I ask everyone, what is the simplest efficient way to take a secret 96-bit input, and produce an output between [1, n) such that
+ So, I ask everyone, what is the simplest efficient way to take a secret 96-bit input, and produce an output between [1, n) such that
 a) if you know the 96-bit secret and use this algorithm, you always get the same output, and
 b) if you don't know the 96-bit secret, you can't learn anything about the output
+ a) if you know the 96-bit secret and use this algorithm, you always get the same output, and
+ b) if you don't know the 96-bit secret, you can't learn anything about the output
 Unless I, or someone, can think of a problem with this way to do it, or can propose a better way to do it, then I guess I'm going to proceed with this and then I'll be committed to maintaining it for a while.
+ Unless I, or someone, can think of a problem with this way to do it, or can propose a better way to do it, then I guess I'm going to proceed with this and then I'll be committed to maintaining it for a while.
 Regards,
+ Regards,
 Zooko
 [1] http://allmydata.org/trac/pycryptopp/ticket/2 # deterministic generation of private key from small seed
 [2] http://groups.google.com/group/cryptopp-users/browse_thread/thread/f30427601a5884f6
 [3] http://groups.google.com/group/cryptopp-users/msg/c1041e508c8d8705
+ Zooko
+ [1] http://allmydata.org/trac/pycryptopp/ticket/2 # deterministic generation of private key from small seed
+ [2] http://groups.google.com/group/cryptopp-users/browse_thread/thread/f30427601a5884f6
+ [3] http://groups.google.com/group/cryptopp-users/msg/c1041e508c8d8705
 ------- begin appended code
+{{{
 static const char* TAG_AND_SALT = "102:pycryptopp v0.5.3 key derivation algorithm using Tiger hash to generate ECDSA 192-bit secret exponents," \
     "16:H1yGNvUONoc0FD1d,";
 …
     return 0;
+}
+}}}