Guidance in Implementation for Cryptographic Schemes

I have a task of Implementing standard signature schemes which will involve Public Key Cryptography primitives like :

Cyclic groups,

Exponentiation,

Random prime generation,

modular arithmetic,

hash functions and so on.

It would be of great help if you can provide me with some good links which will guide me in implementing the schemes.

C/C++/Java/Python preferre开发者_C百科d or any other language which is convenient!

Thanks!

For modular arithmetics, you may want to have a look at the Handbook of Applied Cryptography, especially chapters 2 and 14 (chapter 14 is about implementation, but chapter 2 rehearses the underlying mathematics, and you will not go far if you do not master those). IEEE 1363-2000 is also a good source, because it describes many algorithms in full details (especially in Annex A)(unfortunately, this document is not freely available, a fact which generated a bit of a strife because many contributors did contribute under the assumption that the result would be free; google for "P1363-Main-11-12-99.pdf" and "P1363-A-11-12-99.pdf" to find some downloads of questionable legality for the last draft version). However it is much easier to simply use an existing big-integers library. In particular, Java comes with java.math.BigInteger which is quite efficient.

For elliptic curves, the best reference I know is the Guide to Elliptic Curve Cryptography which is not free, but really worth its price.

For the algorithms themselves, follow the standards. RSA is described in full details in PKCS#1. For DSA (also known as DSS), see FIPS 186-3. Both standards are quite readable. For ECDSA, the standard is ANSI X9.62-2005, which can be purchased for a hundred bucks (as a PDF).

Standard warning: implementing cryptographic primitives is hard. Not really getting the expected result, but doing so in a safe way. Any time you use a private key, you may leak some information on that private key, e.g. through timing (the time your code takes to compute the signature over a given input). Protected against side-channel attacks is a whole research subject and requires thorough understanding of cryptography and mathematics. So you really really should not implement your own primitives. Sony did, and failed. However, if you are implementing only signature verification (which involves only public elements, hence nothing to leak) then you are probably safe. Using existing implementations is still a much better idea. E.g. what standard Java already provides in java.security and javax.crypto.