Provably Correct Crypto?

Jiri Baum jirib at
Thu Aug 3 00:59:27 PDT 1995

Hello Ray Cromwell <rjc at>, patl at
  and tcmay at (Timothy C. May)
  and cypherpunks at

> At 4:15 PM 8/1/95, Ray Cromwell wrote:
> >PGP, but in the algorithm itself. RSA-in-4-lines-perl is probably
>                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >provably correct.  To guard against trapdoors in PGP, you should
>  ^^^^^^^^^^^^^^^^^
[emphasis tcmay]

To which tcmay responded:

> This doesn't seem likely. I mean, doesn't "RSA-in-4-lines-of-Perl" *of
> necessity* make use of external library/utility functions? Such as the "dc"
> math routines for the PRNG? Part of its compactness is that it makes use of
> available libraries.

AFAIK (my 4 lines might differ from yours), there is no PRNG in the
4 lines of perl. The key is supplied as a parameter, and no guidance
to its generation is given in the implementation.

You are right about the dc, but it only uses that for modular exponentiation,
which is a lot easier to prove correct than PRNG.
Which is not to say that it *has* been proven.

I guess that makes me a nit-picker...

If you want an answer, please mail to <jirib at>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)

More information about the Testlist mailing list