On Fri, Mar 30, 2012 at 06:06, Robert Ransom <rransom.8...@gmail.com> wrote:
> Shallot computes a single public modulus p*q and searches for a public
> exponent e which produces a SHA-1 hash with the desired properties.
For some reason I thought that that would produce non-standard RSA
keys, perhaps because the old ssl-genrsa only supported e={3,65537}
(whereas the new ssl-genpkey doesn't have this limitation). Isn't the
point of e like 3 or 65537 (with few bits set) to make encryption
fast? Do you know whether Shallot-produced RSA keys have any
noticeable detrimental effect on relays load because of the
unrestricted exponent?
> That's much faster than doing a 512-bit-by-512-bit bignum multiply for
> each hash, *and* the search for a suitable exponent could (in theory)
> be performed in parallel across many (untrusted) computers.
Sure, but you don't have to do it in the most straightforward way. You
can multiply once, and then add 2p for each hash. The overhead for a
GPU / FPGA implementation should be negligible, and the search can be
parallelized as well. If adding large multiples of p, the nodes can be
untrusted, too, I guess.
--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
