Some DSA Code

It would be useful to have code that performed the no-tricks-up-my-sleeve protocols spelled out in FIPS PUB 186-4 which discusses the ElGamal Galois field algorithm, the RSA algorithm and the elliptic curve version of the ElGamal scheme. This is not that. These programs illustrate generating random domain parameters fitting the mathematical requirements, and the key-pair creation and use. FIPS 186 specifies what is required of domain parameters and dpg computes such parameters of the preferred size. FIPS 186 also specifies how to choose them given a seed which we do not follow. File dpg generates domain parameters from a seed but in a different method. Here are the domain parameters derived from seed “floop”. FIPS 186 describes how to choose a key pair from a string; kpg does that for string “siglemazt”. This is the public key and this is the private key. This generates a signature for an imaginary file with hash 2398769810227758848 and entropy “floosh”. A signer must generate unguessable entropy for each signature and then expunge that entropy, lest his secret key be deduced. The signature. This verifies the signature.
k must not be disclosed. A hash of the concatenation of the document hash and the secret key would provide a secure value for k, I think, while avoiding the hazards of deterministic programs relying on exogenous sources of “true entropy”. Furthermore such a standard allows auditing signature software for information leakage by comparing the signatures produced by more than one implementation of the standard.

To actually implement that function in Scheme requires an implementation of SHA-1 in Scheme which I have not done.


Loose ends; Unification of DSA & ECDSA?
Elliptic Curve DSA (ECDSA)
Certicom’s document is less encumbered with standards jargon. “ANS X9.62-2005” is a $100 standard for financial stuff.