jcryptool / core

JCrypTool Core Plug-ins
https://www.cryptool.org
Eclipse Public License 1.0
161 stars 43 forks source link

McEliece with the default key parameters checked doesn't work #3

Closed dschadow closed 11 years ago

dschadow commented 13 years ago

Generating a McEliece key pair (FlexiProvider view) with the default key parameters checked doesn't work, or at least the generation of the key takes forever.

Using the default key parameters, the McElieceKeyPairGenerator uses the ECPRNG (PRNG based on elliptic curves) from FlexiProvider, which is extremly slow even for generating a single random number and therefore generating the key pair takes probably hours or days.

If you insert instead manually a key size of e.g. 1024, the McElieceKeyPairGenerator uses the SHA1PRNG, which is a lot faster and the McEliece key is generated in an acceptable time (few seconds).

The following line is responsible for the selection of the PRNG in the 'default parameters'-case and in the 'manually selected key size'-case:

'default parameters'-case (McElieceKeyPairGenerator.java, method initializeDefault()): initialize(paramSpec, Registry.getSecureRandom());

'manually selected key size'.case (NewKeyPairAction.java, Method run()): generator.initialize(spec, FlexiProviderKeystorePlugin.getSecureRandom());

It looks like that this is a JCrypTool issue. If you test McEliece outside of JCrypTool and doesn't initialize the generator manually, the method Registry.getSecureRandom() returns the faster SHA1PRNG.

Registry.getSecureRandom() returns 'new DefaultPRNG()', which is a wrapper for the default PRNG obtained via JCA.

To demonstrate the runtime difference in SHA1PRNG and ECPRNG you can execute the following code: Security.addProvider(new FlexiCoreProvider()); Security.addProvider(new FlexiPQCProvider()); KeyPairGenerator kpg = Registry.getKeyPairGenerator("McEliece"); //kpg.initialize(1024, new ECPRNG()); //Force to use ECPRNG as rand-source //kpg.initialize(1024, new SHA1PRNG()); //Force to use SHA1PRNG as rand-source KeyPair keyPair = kpg.genKeyPair();

I'm not quite sure why the Registry in JCrypTool selects the ECPRNG as the default SecureRandom-Generator, but it should be changed.

dschadow commented 11 years ago

Fixed with https://github.com/jcryptool/core/issues/32