[cryptography] Error in PKCS #1 v2.1?
muir.james.a at gmail.com
Thu Feb 17 11:19:27 EST 2011
On 11-02-17 11:17 AM, James Muir wrote:
> On 11-02-17 07:08 AM, Paul Crowley wrote:
>> Page 27 of PKCS #1 v2.1 states (step 1):
>> "EMSA-PSS encoding: Apply the EMSA-PSS encoding operation (Section
>> 9.1.1) to the message M to produce an encoded message EM of length
>> ceil((modBits – 1)/8) octets such that the bit length of the integer
>> OS2IP (EM) (see Section 4.2) is at most modBits – 1, where modBits is
>> the length in bits of the RSA modulus n"
>> Surely where it says ceil((modBits – 1)/8) it has to mean floor((modBits
>> – 1)/8)? For a simple example, suppose the modulus were 10 bits. Then
>> ceil((modBits – 1)/8) = 2, so EM will be two bytes long, too long for a
>> 10 bit modulus. If the floor function is used, then EM will always be
>> exactly the maximum length in bytes that a modulus of length modBits can
>> be guaranteed to handle properly.
>> The same problem I think applies to the references to the ceiling
>> function on pages 35 and 36. Note that where I write "ceil", the
>> standard uses the usual notation for this, as defined on page 5. I can't
>> find this in the errata or by searching - is this a real error, or am I
>> misreading the standard?
> I think the standard is correct (i.e. it is ceiling rather than floor).
> Remember that the numbers involved in the RSA computation are all
> encoded as strings of octets.
> In your example, a 10-bit modulus would be represented using
> ceiling(10/8) = 2 octets. And EM is represented using ceiling((10-1)/2)
> = 2 octets.
sorry. typo in last sentence: "ceiling((10-1)/8) = 2 octets".
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: OpenPGP digital signature
More information about the cryptography