Difference between revisions of "83Plus:BCALLs:80A5"

From WikiTI
Jump to: navigation, search
m (Comments)
m (Comments)
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:83Plus:BCALLs:By_Name|TransformHash]]
+
[[Category:83Plus:BCALLs:By_Name:Cryptography|TransformHash]] [[Category:83Plus:BCALLs:By Name:Math:Big Integer|TransformHash]] [[Category:83Plus:BCALLs:By_Name:Math|TransformHash]] [[Category:83Plus:BCALLs:By_Name|TransformHash]] [[Category:83Plus:BCALLs:By_Address|80A5 - TransformHash]]
[[Category:83Plus:BCALLs:By_Name:Math|TransformHash]]
+
[[Category:83Plus:BCALLs:By_Address|80A5 - TransformHash]]
+
 
== Synopsis ==
 
== Synopsis ==
 
'''Official Name:''' TransformHash
 
'''Official Name:''' TransformHash
Line 10: Line 8:
  
 
=== Inputs ===
 
=== Inputs ===
* [[83Plus:RAM:8291|8291]]: The MD5 hash as a big integer
+
* [[83Plus:RAM:8291|8291]]: The MD5 hash as a [[83Plus:OS:Big Integers|big integer]]
 
* [[83Plus:RAM:83E6|83E6]]: The parameter ''f'' as a big integer
 
* [[83Plus:RAM:83E6|83E6]]: The parameter ''f'' as a big integer
 
* [[83Plus:RAM:8000|8000]]: The modulus
 
* [[83Plus:RAM:8000|8000]]: The modulus
Line 23: Line 21:
  
 
== Comments ==
 
== Comments ==
Given ''p'', ''q'' prime, ''p'' = 3 mod 8, ''q'' = 7 mod 8, and ''m'' and relatively prime to both, exactly one of the following is a quadratic residue modulo ''pq'':
+
Given ''p'', ''q'' prime, ''p'' ≡ 3 mod 8, ''q'' ≡ 7 mod 8, and ''m'' relatively prime to both, exactly one of the following is a quadratic residue modulo ''pq'':
 
* ''pq''-2''m''
 
* ''pq''-2''m''
 
* ''pq''-''m''
 
* ''pq''-''m''
Line 30: Line 28:
  
 
Which of the transformations is used is specified by the parameter ''f''.  In order to ensure that the message is nonzero, or perhaps just to make life difficult, ''m'' is defined to be the MD5 of the application, multiplied by 256, plus 1.  Therefore:
 
Which of the transformations is used is specified by the parameter ''f''.  In order to ensure that the message is nonzero, or perhaps just to make life difficult, ''m'' is defined to be the MD5 of the application, multiplied by 256, plus 1.  Therefore:
* If f=0, the result is ''n''-2*(''MD5''*256+1)
+
* If ''f''=0, the result is ''n''-2*(''MD5''*256+1)
* If f=1, the result is ''n''-(''MD5''*256+1)
+
* If ''f''=1, the result is ''n''-(''MD5''*256+1)
* If f=2, the result is ''MD5''*256+1
+
* If ''f''=2, the result is ''MD5''*256+1
* If f=3, the result is 2*(''MD5''*256+1)
+
* If ''f''=3, the result is 2*(''MD5''*256+1)
  
 
If the signature is valid, that number is a quadratic residue mod ''n'', and more to the point, it is the square of the Rabin signature.  That square is computed by the [[83Plus:BCALLs:80A2|Rabin]] B_CALL, and only if the two numbers match is the application considered valid.
 
If the signature is valid, that number is a quadratic residue mod ''n'', and more to the point, it is the square of the Rabin signature.  That square is computed by the [[83Plus:BCALLs:80A2|Rabin]] B_CALL, and only if the two numbers match is the application considered valid.

Latest revision as of 07:26, 11 April 2005

Synopsis

Official Name: TransformHash

BCALL Address: 80A5

Applies one of the four f-transformations as appropriate for the application to be validated.

Inputs

Outputs

  • MD5Buffer: The MD5 hash appropriately transformed.

Destroys

  • 8100: 130-byte area which the multiplication routine uses to store its result
  • 8182: 65-byte area used as the first argument to the multiplication routine
  • 81C3: 65-byte area used as the second argument to the multiplication routine

Comments

Given p, q prime, p ≡ 3 mod 8, q ≡ 7 mod 8, and m relatively prime to both, exactly one of the following is a quadratic residue modulo pq:

  • pq-2m
  • pq-m
  • m
  • 2m

Which of the transformations is used is specified by the parameter f. In order to ensure that the message is nonzero, or perhaps just to make life difficult, m is defined to be the MD5 of the application, multiplied by 256, plus 1. Therefore:

  • If f=0, the result is n-2*(MD5*256+1)
  • If f=1, the result is n-(MD5*256+1)
  • If f=2, the result is MD5*256+1
  • If f=3, the result is 2*(MD5*256+1)

If the signature is valid, that number is a quadratic residue mod n, and more to the point, it is the square of the Rabin signature. That square is computed by the Rabin B_CALL, and only if the two numbers match is the application considered valid.