refers to FIPS 186-5 document, I have a question about RSA Key generation A.1.6 method, "Generation of Probable Primes with Conditions Based on Auxiliary", my understanding is that, this method sets restriction on the size of Auxiliary prime only, so it is possible to generate P and Q with different bit size. Compared to A.1.3, it sets restriction on P and Q, force P and Q be same size, and must be half size of n. Do my understanding correct? But I use OpenSSL to run the test with A.1.6 method, P and Q always return with same bit size and are half of n as well.
Asked
Active
Viewed 247 times
1 Answers
3
Do my understanding correct?
No; when it generates $P$ (in step 5.3) and $Q$ (in step 6.3), it passes the intended key length (nlen) to the algorithm in appendix B.9. That algorithm will find a (probable) prime in the range $$(\sqrt{2}(2^{nlen/2 - 1}), 2^{nlen/2}-1)$$
This means that both $P$ and $Q$ will be $nlen/2$ bits in length.
poncho
- 154,064
- 12
- 239
- 382