Hal Finney wrote:
DSA signatures MUST use hashes that are equal to or larger than the
size of q, the group generated by the DSA key's generator value.
If the chosen hash is larger than the size of q, the hash result
is truncated to fit by taking a number of leftmost bits equal to
the number of bits in q. This (possibly truncated) hash function
result is treated as a number and used directly in the DSA signature
algorithm.
Note that this truncation (or non-truncation) could still leave the
hash as bigger than q, but that is OK as the signature and validation
algorithms will either explicitly or implicitly take it mod q as it
is used. So I don't think we have to tell them to take it mod q.
Not sure what you mean by this - the point is that the hash should end
up with the same number of bits as q.
BTW, I don't believe truncation is actually required mathematically, but
it is presumably more efficient to truncate.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff