Difference between revisions of "83Plus:BCALLs:80A5"

From WikiTI
Jump to: navigation, search
(Inputs)
m (Comments)
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:83Plus:BCALLs:By_Name|TransformHash]]
+
[[Category:83Plus:BCALLs:By_Name:Cryptography|TransformHash]] [[Category:83Plus:BCALLs:By Name:Math:Big Integer|TransformHash]] [[Category:83Plus:BCALLs:By_Name:Math|TransformHash]] [[Category:83Plus:BCALLs:By_Name|TransformHash]] [[Category:83Plus:BCALLs:By_Address|80A5 - TransformHash]]
[[Category:83Plus:BCALLs:By_Name:Math|TransformHash]]
+
[[Category:83Plus:BCALLs:By_Address|80A5 - TransformHash]]
+
 
== Synopsis ==
 
== Synopsis ==
 
'''Official Name:''' TransformHash
 
'''Official Name:''' TransformHash
Line 23: Line 21:
  
 
== Comments ==
 
== Comments ==
Given ''p'', ''q'' prime, ''p'' = 3 mod 8, ''q'' = 7 mod 8, and ''m'' and relatively prime to both, exactly one of the following is a quadratic residue modulo ''pq'':
+
Given ''p'', ''q'' prime, ''p'' ≡ 3 mod 8, ''q'' ≡ 7 mod 8, and ''m'' relatively prime to both, exactly one of the following is a quadratic residue modulo ''pq'':
 
* ''pq''-2''m''
 
* ''pq''-2''m''
 
* ''pq''-''m''
 
* ''pq''-''m''

Latest revision as of 07:26, 11 April 2005

Synopsis

Official Name: TransformHash

BCALL Address: 80A5

Applies one of the four f-transformations as appropriate for the application to be validated.

Inputs

Outputs

  • MD5Buffer: The MD5 hash appropriately transformed.

Destroys

  • 8100: 130-byte area which the multiplication routine uses to store its result
  • 8182: 65-byte area used as the first argument to the multiplication routine
  • 81C3: 65-byte area used as the second argument to the multiplication routine

Comments

Given p, q prime, p ≡ 3 mod 8, q ≡ 7 mod 8, and m relatively prime to both, exactly one of the following is a quadratic residue modulo pq:

  • pq-2m
  • pq-m
  • m
  • 2m

Which of the transformations is used is specified by the parameter f. In order to ensure that the message is nonzero, or perhaps just to make life difficult, m is defined to be the MD5 of the application, multiplied by 256, plus 1. Therefore:

  • If f=0, the result is n-2*(MD5*256+1)
  • If f=1, the result is n-(MD5*256+1)
  • If f=2, the result is MD5*256+1
  • If f=3, the result is 2*(MD5*256+1)

If the signature is valid, that number is a quadratic residue mod n, and more to the point, it is the square of the Rabin signature. That square is computed by the Rabin B_CALL, and only if the two numbers match is the application considered valid.