From: William D. Neumann <wneumann@cs...>  20030320 17:37:59

On Thu, 20 Mar 2003, Brian Hurt wrote: >  bitset is being rewritten into bitarray, with the new features suggested > by the change in name. The goal is to produce something you could write > elliptic curve cryptosystems in at least semiefficiently. Umm...when you say EC cryptosystems, I assume you're just talking about a package that's good for doing generic work over GF(2^n), right? That'd be pretty handy to have around... >  An elliptic curve crypto systems library. Well, I've got my modifications to Xavier's cryptokit library that I could contribute (I'd want to clear it with Xavier first though). I haven't done too much to it yet, the changes I've made are listed at the end of this mail. Anyway, I've been wanting to add an EC module to this library along with a number of other changes and additions, such as:  Repackage some stuff to create a bytearray type with easy conversion between 8bits/byte (for working with internally) 4bits/byte (for working with in a readible format), and appropriate manipulation routines (shifts, rotates, boolean functions, etc.). I need to put more thought into this, I've just been tossing things together in an adhoc fashion when I need something for work  perhaps your bitarrays would be all that I'm really looking for.  Fix arcfour so it can take a full 2048 bit key (I think Xavier misread the specs and limited it to 128 bits).  Add a generic Fiestel cipher construction.  Add other ciphers like Blowfish, RC5, and some of the AES and NESSIE applicants. I'd like to add SEAL, but I'm not sure what IBM's stance is on its licensing is.  Add a construction that allows for easy creation of LubyRackoff ciphers.  Add some qth root versions of PK ciphers.  Add some more number theory tools (so far all I have is CRTenabled modular exponentiation used in the RSA module).  Add some secret sharing tools.  Figure out why the included implementation of SHA1 runs so freakin' slow on the PPC G4 processor...  Perhaps add factoring and DL computation routines, but I'm not sure this belongs here...  Oh yeah...and fix my screwed up Ocamldoc documentation. If you can think of anything else that should be added (or if you want to help with the development of this let me know.  My changes to cryptokit (v1.0) so far: * Replaced the bigint part of the library with much faster calls to GMP using mlgmp (so I suppose I might need to talk to David Monniaux as well  I forget what the license situations are). * Changed the RSA module so that it now has two keytypes, public and private, and uses those key types appropriately (note: this breaks compatability with the original cryptokit. Obviously.) * Added DSA signatures (with the fix for Bleichenbacher's potential attack) * Added SHA256, SHA384, and SHA512 (currently only compiles with compilers that support the 64bit long long type, e.g. gcc) * Added Markus Jakobsson style hash chains. * Added two new PRNGs (the crappy GMP default PRNG  good for testing  and a stronger, slower PRNG described by Peter Guttman) * Added some random number routines for generating a specific number of bits, rather than bytes, and returning the number either as a string or as a GMP MP Integer. * Added a number of random prime generation routines (probabilistic primes, strong primes, proveable primes, and DSA primes) * Added the cipherX construction that allows you to build DESX style extensions out of any block cipher. William D. Neumann  "Well I could be a genius, if I just put my mind to it. And I...I could do anything, if only I could get 'round to it. Oh we were brought up on the spacerace, now they expect you to clean toilets. When you've seen how big the world is, how can you make do with this? If you want me, I'll be sleeping in  sleeping in throughout these glory days."  Jarvis Cocker 