[cryptography] Error in PKCS #1 v2.1?

James Muir muir.james.a at gmail.com
Thu Feb 17 11:19:27 EST 2011


On 11-02-17 11:17 AM, James Muir wrote:
> On 11-02-17 07:08 AM, Paul Crowley wrote:
>> http://www.rsa.com/rsalabs/node.asp?id=2125
>>
>> Page 27 of PKCS #1 v2.1 states (step 1):
>>
>> "EMSA-PSS encoding: Apply the EMSA-PSS encoding operation (Section
>> 9.1.1) to the message M to produce an encoded message EM of length
>> ceil((modBits – 1)/8) octets such that the bit length of the integer
>> OS2IP (EM) (see Section 4.2) is at most modBits – 1, where modBits is
>> the length in bits of the RSA modulus n"
>>
>> Surely where it says ceil((modBits – 1)/8) it has to mean floor((modBits
>> – 1)/8)?  For a simple example, suppose the modulus were 10 bits.  Then
>> ceil((modBits – 1)/8) = 2, so EM will be two bytes long, too long for a
>> 10 bit modulus.  If the floor function is used, then EM will always be
>> exactly the maximum length in bytes that a modulus of length modBits can
>> be guaranteed to handle properly.
>>
>> The same problem I think applies to the references to the ceiling
>> function on pages 35 and 36. Note that where I write "ceil", the
>> standard uses the usual notation for this, as defined on page 5. I can't
>> find this in the errata or by searching - is this a real error, or am I
>> misreading the standard?
> 
> I think the standard is correct (i.e. it is ceiling rather than floor).
>  Remember that the numbers involved in the RSA computation are all
> encoded as strings of octets.
> 
> In your example, a 10-bit modulus would be represented using
> ceiling(10/8) = 2 octets.  And EM is represented using ceiling((10-1)/2)
> = 2 octets.

sorry.  typo in last sentence:  "ceiling((10-1)/8) = 2 octets".

-James

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110217/ed77893c/attachment.asc>


More information about the cryptography mailing list