sacred-4----Page:4
1 2 3 4 5 6 7 8 9
|
OPAKE: Setup Assume that pw is mapped to an n-bit long codeword (via an error-correcting code of distance d) from now on when we talk about password, we really mean the encoded password Assume a known 2 x n table of small primes Let D = product of primes associated with password bits (yellow) Let R = product of primes associated to complement of password (white) Server will construct modulus N = PQ (P,Q large primes) such that: D | F(N), but gcd(R,F(N))=1 Note that F(N) is the order of multiplicative group modulo N, and there is a subgroup of order D in which discrete logarithms are easy Example: pw=1011000…1 |