我正在尝试实现 El Gamal 数字签名方案,使用 BigInteger 类生成大素数。Samantha 生成公钥、私钥,选择一条消息,对其进行签名,然后 Victor 验证签名。
问题:输出总是说签名没有被验证,即验证算法在每次执行时都返回假,这会再次随机化数字。但是,当使用小的常数进行测试时,我得到了正确的结果。
问题:我在哪里做错了什么?我似乎无法得出结论。
到目前为止我的代码:
ElGamal_test - 用于预计算步骤和测试的方法
public static void ElGamal_test(){
// Samantha picks q, a 1024 bit prime and computes p = 2q + 1
Random rng = new SecureRandom();
BigInteger q = BigInteger.probablePrime(1024, rng);
BigInteger p = q.multiply(BigInteger.valueOf(2)).add(BigInteger.ONE);
// BigInteger p = BigInteger.valueOf(467);
// Samantha computes g, a primitive root modulo p
BigInteger g;
while(true){
g = new BigInteger(1024, rng);
if(g.compareTo(BigInteger.ONE) > 0 &&
g.compareTo(p) < 0 &&
!(g.multiply(g).mod(p).equals(BigInteger.ONE)) &&
!(g.modPow(q, p).equals(BigInteger.ONE)))
break;
}
// g = BigInteger.valueOf(2);
// Samantha computes her private key
BigInteger s;
while(true){
s = new BigInteger(1024, rng);
if(s.compareTo(BigInteger.ONE) > 0 &&
s.compareTo(p.subtract(BigInteger.ONE)) < 0)
break;
}
// s = BigInteger.valueOf(127);
// Samantha computes her public key
BigInteger v = g.modPow(s, p);
// Samantha chooses her message, m
BigInteger m = new BigInteger("100");
// Samantha signs her message
BigInteger[] key = Cryptography.ElGamalSignature(p, g, s, m);
// Victor verifies the signature
boolean result = Cryptography.ElGamalVerification(p, g, v, m, key);
String str = (result == true) ? "The signature has been verified" : "The signature has not been verified";
System.out.println(str);
}
ElGamalSignature - 用于签名算法的方法
public static BigInteger[] ElGamalSignature(BigInteger prime, BigInteger generator, BigInteger privExp, BigInteger doc){
BigInteger[] signature = new BigInteger[2];
Random rng = new SecureRandom();
// Samantha picks the ephemeral key
BigInteger e;
while(true){
e = new BigInteger(1024, rng);
if(e.compareTo(BigInteger.ONE) > 0 &&
e.compareTo(prime.subtract(BigInteger.ONE)) < 0 &&
e.gcd(prime.subtract(BigInteger.ONE)).equals(BigInteger.ONE))
break;
}
// e = BigInteger.valueOf(213);
// Samantha computes the signature
signature[0] = generator.modPow(e, prime);
signature[1] = (doc.subtract(privExp.multiply(signature[0])))
.multiply(e.modInverse(prime.subtract(BigInteger.ONE)))
.mod(prime.subtract(BigInteger.ONE));
return signature;
}
ElGamalVerification - 用于验证算法的方法
public static boolean ElGamalVerification(BigInteger prime, BigInteger generator, BigInteger publicExp, BigInteger doc, BigInteger[] key){
BigInteger part1 = (publicExp.modPow(key[0], prime).multiply(key[0].modPow(key[1], prime))).mod(prime);
BigInteger part2 = generator.modPow(doc, prime);
if(part1.equals(part2))
return true;
else
return false;
}