Robert Zuccherato <robert(_dot_)zuccherato(_at_)entrust(_dot_)com> writes:
I have one further comment on the X9.42 draft. Presently it states:
X9.42 requires that the private key x be in the interval [2^(m-1) + 1,
(q - 2)].
The latest (ballot) version of X9.42 actually only requires that private
keys be in the interval [2, q-2]. Restricting the key space to
[2^(m-1)+1, (q-2)] only results in a smaller key space, which is
(slightly) easier to attack. There is no reason to restrict it like
this.
Works for me.
I took that restriction directly from an X9.42 draft. I'm perfectly
happy to relax it.
-Ekr
--
[Eric Rescorla ekr(_at_)rtfm(_dot_)com]