0

I'm trying to create a simple DS for a project, where public keys are q (random 224 bit int), p(random 2048 bit int) and a g such that: pow(g,q,p) == 1. Upon generating signature with function:

def SignGen(message, q, p, g, alpha):
    h = int(hashlib.sha3_256(message).hexdigest(),16) % q
    k = random.randint(1,q-2) % (p-1)
    r = pow(g,k,p) % q
    s = ((alpha*r) - (k*h)) % q
    return s,r

and verifying with

def SignVer(message, s, r, q, p, g, beta):#beta is pow(g,alpha,p) where secret alpha = random.randrange(1,q-1)
    h = int(hashlib.sha3_256(message).hexdigest(),16) % q
    v,y = egcd(h,q) #egcd to find h*v = 1 % q
    z1 = ((s*v) % q)
    z2 = ((r*v) % q)
    u = (pow(g, -z1, p) * pow(beta, z2, p)) % q

    if u == r: #U IS NEVER EQUAL TO R
        return 0
    else :
        return -1

always returns -1, upon printing various results, I saw that u and r values are never same thus failing to create a proper sign tuple.

Ozgur Idis
  • 1
  • *...always returns -1...*. No, it actually **never** returns -1. Or 0. Or anything. It always raises an exception `ValueError: pow() 2nd argument cannot be negative when 3rd argument specified` when you attempt to compute `pow(g, -z1, p)`, except in the rare case when `z1==0`. – President James K. Polk Dec 07 '19 at 20:45
  • I guess there is some confusion here what inversion actually is. – Maarten Bodewes Dec 08 '19 at 02:42

0 Answers0