diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java | 36 |
1 files changed, 31 insertions, 5 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java index d5f5fc8..4f46a38 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/ECKeyPairGenerator.java @@ -11,7 +11,10 @@ import org.bouncycastle.crypto.params.ECKeyGenerationParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.math.ec.ECConstants; +import org.bouncycastle.math.ec.ECMultiplier; import org.bouncycastle.math.ec.ECPoint; +import org.bouncycastle.math.ec.FixedPointCombMultiplier; +import org.bouncycastle.math.ec.WNafUtil; public class ECKeyPairGenerator implements AsymmetricCipherKeyPairGenerator, ECConstants @@ -40,19 +43,42 @@ public class ECKeyPairGenerator public AsymmetricCipherKeyPair generateKeyPair() { BigInteger n = params.getN(); - int nBitLength = n.bitLength(); - BigInteger d; + int nBitLength = n.bitLength(); + int minWeight = nBitLength >>> 2; - do + BigInteger d; + for (;;) { d = new BigInteger(nBitLength, random); + + if (d.compareTo(TWO) < 0 || (d.compareTo(n) >= 0)) + { + continue; + } + + /* + * Require a minimum weight of the NAF representation, since low-weight primes may be + * weak against a version of the number-field-sieve for the discrete-logarithm-problem. + * + * See "The number field sieve for integers of low weight", Oliver Schirokauer. + */ + if (WNafUtil.getNafWeight(d) < minWeight) + { + continue; + } + + break; } - while (d.equals(ZERO) || (d.compareTo(n) >= 0)); - ECPoint Q = params.getG().multiply(d); + ECPoint Q = createBasePointMultiplier().multiply(params.getG(), d); return new AsymmetricCipherKeyPair( new ECPublicKeyParameters(Q, params), new ECPrivateKeyParameters(d, params)); } + + protected ECMultiplier createBasePointMultiplier() + { + return new FixedPointCombMultiplier(); + } } |