Wait, that's obviously foolish, isn't it? Because reducing mod p then mod N will probably reintroduce patterns mod N due to taking the low rather than high bits of the mod-p value. (If N divided p, that would be literally true, but even though it doesn't, it's probably not ideal.)
So it would probably make more sense to take your value in 1,...,p-1 and reduce it to one of N possible outputs by division rather than modular reduction, i.e. compute ((g^input mod p)-1)/k, where k = (p-1)/N.
no subject
Date: 2012-08-08 10:59 am (UTC)So it would probably make more sense to take your value in 1,...,p-1 and reduce it to one of N possible outputs by division rather than modular reduction, i.e. compute ((g^input mod p)-1)/k, where k = (p-1)/N.