I tried to blind some big message using pythons RSA from Crypto.PublicKey. The problem is, even if i generate big key, like 6400 bits, key.blind() method still crushes with "message too large" error. I know, that my message can't be bigger than N in key, because every computation is in modulo N, but how can big things be blind signed then?
Asked
Active
Viewed 189 times
0
-
Although you put this down as a python question the question itself seems rather generic. So in that case it's better to go to crypto.stackexchange.com instead - possibly next time you run into a crypto issue anyway. – Maarten Bodewes Jan 28 '16 at 13:15
-
@ArtjomB. OK, it'll cost me some points, but lets test my gold crypto badge powers :) ... yup they work. – Maarten Bodewes Jan 28 '16 at 19:26
1 Answers
1
Just like normal signatures: first perform a cryptographic (one-way) hash over the message and blind & sign that instead of the message.
Maarten Bodewes
- 90,524
- 13
- 150
- 263
-
For blind-signatures, you should use a full-domain hash to make sure your hash is an adequate size. Too big and the RSA math doesn't add up (and you get "message too large" errors), too small and you open yourself up to an Index Calculation Attack. I would recommend using keys that are at least 4096 bits in size, and a full-domain-hash to hash the message to 2048 bits. (or, if you're paranoid, double both to 8192 / 4096). You could also use SHAKE-256 in place of a full-domain-hash, with the same caveats about the length. – phayes Sep 23 '17 at 07:02