Hi,
On Tue, 18 Sep 2001, Tom Biggs wrote:
> OK, so I'm not very maths-literate...
>
> I was just wondering what the odds are of a modular exponentiation
> returning a result of zero in any OpenSSL usage of the modexp.
>
> It seems like odds are very much against it, but is it still
> possible? Or is it ruled out by some property of the inputs
> that are used by OpenSSL? (large primes or whatever, I don't know.)
>
> It would be nice to know, because I'm dealing with some hardware
> that does modexp. Currently I flag a zero result as an error because
> it aided debugging the hardware interface. But if zero is legal I
> need to remove that test.
It's possible for modular exponentiation to return zero, but I doubt it's
possible in the uses of modular exponentiation you care about. RSA for
example, would not do this - the simple reason being that RSA
exponentiations (encrypts, decrypts, signs, or verifies) are invertible by
other exponentiations. As zero will always yield zero after an
exponentiation of any kind, you are therefore confronted with the fact that
no (invertible) RSA operation can yield a zero result except a zero input.
Presumably if "zero" represents an error marker, then your code wouldn't
let zero input in to begin with anyway? (needless to say, RSA is never used
in the real world with zero input, padding takes care of that).
However, I can't see why you would need to use zero as an error indicator,
and if you are hooking all *arbitrary* mod_exp operations, you would
theoretically have to consider the possibility of a zero result (even from
non-zero input).
Cheers,
Geoff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
