Difference between revisions of "83Plus:BCALLs:80A5"
From WikiTI
m (→Comments) |
m (→Comments) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | [[Category:83Plus:BCALLs:By_Name|TransformHash]] | + | [[Category:83Plus:BCALLs:By_Name:Cryptography|TransformHash]] [[Category:83Plus:BCALLs:By Name:Math:Big Integer|TransformHash]] [[Category:83Plus:BCALLs:By_Name:Math|TransformHash]] [[Category:83Plus:BCALLs:By_Name|TransformHash]] [[Category:83Plus:BCALLs:By_Address|80A5 - TransformHash]] |
| − | [[Category:83Plus:BCALLs:By_Name:Math|TransformHash]] | + | |
| − | [[Category:83Plus:BCALLs:By_Address|80A5 - TransformHash]] | + | |
== Synopsis == | == Synopsis == | ||
'''Official Name:''' TransformHash | '''Official Name:''' TransformHash | ||
| Line 10: | Line 8: | ||
=== Inputs === | === Inputs === | ||
| − | * [[83Plus:RAM:8291|8291]]: The MD5 hash as a big integer | + | * [[83Plus:RAM:8291|8291]]: The MD5 hash as a [[83Plus:OS:Big Integers|big integer]] |
* [[83Plus:RAM:83E6|83E6]]: The parameter ''f'' as a big integer | * [[83Plus:RAM:83E6|83E6]]: The parameter ''f'' as a big integer | ||
* [[83Plus:RAM:8000|8000]]: The modulus | * [[83Plus:RAM:8000|8000]]: The modulus | ||
| Line 23: | Line 21: | ||
== Comments == | == Comments == | ||
| − | Given ''p'', ''q'' prime, ''p'' | + | Given ''p'', ''q'' prime, ''p'' ≡ 3 mod 8, ''q'' ≡ 7 mod 8, and ''m'' relatively prime to both, exactly one of the following is a quadratic residue modulo ''pq'': |
* ''pq''-2''m'' | * ''pq''-2''m'' | ||
* ''pq''-''m'' | * ''pq''-''m'' | ||
| Line 30: | Line 28: | ||
Which of the transformations is used is specified by the parameter ''f''. In order to ensure that the message is nonzero, or perhaps just to make life difficult, ''m'' is defined to be the MD5 of the application, multiplied by 256, plus 1. Therefore: | Which of the transformations is used is specified by the parameter ''f''. In order to ensure that the message is nonzero, or perhaps just to make life difficult, ''m'' is defined to be the MD5 of the application, multiplied by 256, plus 1. Therefore: | ||
| − | * If f=0, the result is ''n''-2*(''MD5''*256+1) | + | * If ''f''=0, the result is ''n''-2*(''MD5''*256+1) |
| − | * If f=1, the result is ''n''-(''MD5''*256+1) | + | * If ''f''=1, the result is ''n''-(''MD5''*256+1) |
| − | * If f=2, the result is ''MD5''*256+1 | + | * If ''f''=2, the result is ''MD5''*256+1 |
| − | * If f=3, the result is 2*(''MD5''*256+1) | + | * If ''f''=3, the result is 2*(''MD5''*256+1) |
If the signature is valid, that number is a quadratic residue mod ''n'', and more to the point, it is the square of the Rabin signature. That square is computed by the [[83Plus:BCALLs:80A2|Rabin]] B_CALL, and only if the two numbers match is the application considered valid. | If the signature is valid, that number is a quadratic residue mod ''n'', and more to the point, it is the square of the Rabin signature. That square is computed by the [[83Plus:BCALLs:80A2|Rabin]] B_CALL, and only if the two numbers match is the application considered valid. | ||
Latest revision as of 08:26, 11 April 2005
Synopsis
Official Name: TransformHash
BCALL Address: 80A5
Applies one of the four f-transformations as appropriate for the application to be validated.
Inputs
- 8291: The MD5 hash as a big integer
- 83E6: The parameter f as a big integer
- 8000: The modulus
Outputs
- MD5Buffer: The MD5 hash appropriately transformed.
Destroys
- 8100: 130-byte area which the multiplication routine uses to store its result
- 8182: 65-byte area used as the first argument to the multiplication routine
- 81C3: 65-byte area used as the second argument to the multiplication routine
Comments
Given p, q prime, p ≡ 3 mod 8, q ≡ 7 mod 8, and m relatively prime to both, exactly one of the following is a quadratic residue modulo pq:
- pq-2m
- pq-m
- m
- 2m
Which of the transformations is used is specified by the parameter f. In order to ensure that the message is nonzero, or perhaps just to make life difficult, m is defined to be the MD5 of the application, multiplied by 256, plus 1. Therefore:
- If f=0, the result is n-2*(MD5*256+1)
- If f=1, the result is n-(MD5*256+1)
- If f=2, the result is MD5*256+1
- If f=3, the result is 2*(MD5*256+1)
If the signature is valid, that number is a quadratic residue mod n, and more to the point, it is the square of the Rabin signature. That square is computed by the Rabin B_CALL, and only if the two numbers match is the application considered valid.
