JPH1084341A - Message added system digital signature method and verification method therefor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the length of a signature by adopting the method that a first part of the signature is obtained based on a hash code generated in relation to a message and on a random number generated at the time of signature and a latter part of the signature is obtained based on a cryptographic key of a person signing the signature, a random number generated at the signature time and the first part of the signature. SOLUTION: After the digital signature method is started, at first a hash code H(M) is generated based on a message M in the step 100 on one hand, and a code g<k> is calculated based on a random number K and a variable (g) in the steps 110, 120 on the other hand. Then a modular (p) is calculated by multiplying the H(M) with the code g<k> in the step 130, then a first part R of the signature is obtained by cutting off the result of the arithmetic operation above into Lq-bit in the step 140. Then a latter part S of the signature is calculated by using a cryptographic key X of the signer in the step 150, and the parts R, S are merged in the step 160 to obtain the signature ΣR||S. This signature Σ is added to the message M in the step 170 and the resulting message is transmitted together with a signature verification key Y. Thus, the length of the signature is decreased.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a digital signature and, more particularly, to a message-added digital signature method capable of providing a signature function to an electronic document or data, and a verification method therefor.

[0002]

2. Description of the Related Art In general, a digital signature refers to a technique in which, in electronic exchange of information, a function of directly signing a conventional paper directly by hand is provided by an electronic document. With the development of computers and information and communication, the information society has begun, and all documents are being converted from paper to electronic data. In response to such a new environment, there has been a need for a technology capable of providing an electronic document with a paper-like signature function. On the other hand, electronic contracts, documents, and the like transmitted between organizations, such as individuals and individuals, individuals and organizations, and companies and companies, may be forged or altered.

That is, in the information processing system and the communication environment system, data authentication,
There is a need for a message-added digital signature technology that can provide information protection services such as integrity and blockade. A digital signature technology that can prevent theft, forgery, falsification, and the like of an electronic document requires a cryptographic technology.

[0004] Cryptographic systems using cryptographic techniques can be broadly classified into public key systems and private key systems. In the secret key cryptosystem, it is difficult to manage the keys because both users who want to communicate must share the same secret key, and cannot provide functions such as denial and blockade, which should be provided by the signature. Signature cannot be provided. The public key cryptosystem calculates the public key and secret key using one-way mathematically difficult to solve, publishes the public key for anyone to use, and keeps only the private key for each user By doing so, any user who has the public key of the disclosed partner can perform confidential communication with the partner.

On the other hand, a digital signature using a public key method uses a pair of keys, a secret key used when signing a message and a public key used when verifying the signature. That is, a pair of keys used for a digital signature includes a public key to be verified and a secret key used for the signature.

[0006] Among the signatures of messages using the public key method, there is a message restoration type digital signature. This is a way to recover the message in the process of verifying the signature,
ISO (the International Organization for Standardiza
tion: International Organization for Standardization / IEC (the International Elect)
rotechnical Commission (International Electrotechnical Commission) The digital signature technique presented in 9796 belongs to this. Here, the difficulty of prime factorization is based on the security-based RSA (Rivest Shami
r Adleman) algorithm, but there is a difficulty in digitally signing messages of arbitrary length since messages of limited length should be received as input.

[0007] In addition to a digital signature using a public key, there is a message-attached digital signature. The message-attached digital signature uses a hash function to obtain a message.However, since the message is simplified using the hash function and then the message is signed, the signature can be quickly signed and verified. . Elgamal digital signatures, as an example of message-attached digital signatures, are based on the security of a discrete logarithm calculation. However, there is a disadvantage that the size is doubled while generating the signature.

[0008]

SUMMARY OF THE INVENTION The present invention has been created to solve the above-mentioned problems, and a message-added digital signature method using a hash function to reduce the length of a signature, and a digital signature method therefor. The purpose is to provide a verified verification method. Another object of the present invention is to provide a verification method for the message-added digital signature method.

[0009]

According to the present invention, there is provided a message-added digital signature method according to the present invention, wherein Lp and Lq represent p and q bit lengths for prime numbers p and q, respectively. <a <p-1 and ^{a (p-1) / q} modp> 1 g with respect to a satisfying
= A ^{(p-1) / q} modp, multiplying a hash code H (M) for the message M to be transmitted by g ^K calculated by a random number K generated at each signature time; After performing a modular multiplication on the modular p by the multiplied result value, cutting it into Lq bits to obtain R at the front of the signature, the signer's private key X, and a random number generated for each signature. K, obtaining the S of the end of the signature through S = (K−RX) mod q using the calculated value R, and generating a signature verification key Y and a message M for verifying the digital signature including the R and S. And transmitting.

According to another aspect of the present invention, there is provided a method for verifying a message-attached digital signature according to the present invention.
Lp and Lq respectively indicate p and q bit lengths for prime numbers p and q, and 1
For a that satisfies <a <p−1 and a (p−1) ^{/ q} modp> 1, g = a
When limiting to ^{(p-1) / q} modp, the message “Receive the message Y, M, S, R sent from the digital signature method and set 0 <R <q, 0 <S
<Q, and a hash function value H (M) for the received message M, the received S and
Is the same as compared g ^S by R, and performing modular multiplication with respect to modular p by calculating the Y ^R, and R values and the received result value and cut into Lq bits the modular multiplication result value And confirming that the user having the public verification key Y has signed with the private signature key X.

[0011]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the attached drawings. First, before describing the present invention, reference numerals used in the present invention will be described. M tries to transmit
Indicates a message, p and q indicate prime numbers, and Lp and Lq are p
And the bit length of q. g is 1 <a <p-1 and a (p-1) ^{/ q} modp>
For a that satisfies 1, g is limited to g = a ^{(p-1) / q} modp. X
Represents a signer's private key, Y corresponds to a signature verification key published for verifying a digital signature, and Y = g ^× m
odp. K is a random number and the set {1, 2, ..., q−1}
Represents an arbitrary element. The digital signature Σ is made by connecting R and S, and R and S are all smaller than q.

X, Y, p, q, and g are fixed variables. Among them, p, q, and g are variables used by all users in common. Select and use a new one every time. K and X are used in the signing process, but must not be known elsewhere, and choose between 0 and the prime q as random numbers. H is a collision-resistant hash function, and h = H
(M) is a hash code resulting from processing a message to be signed by a hash function. ‖ Means message concatenation. Based on the above limitation and explanation, the message-attached digital signature according to the present invention can be generated as follows. FIG. 1 is a flowchart for a method for generating a digital signature according to the present invention.

First, a hash code H (M) is generated for an arbitrary message M using a hash function of a one-way function.
(100 steps). On the other hand, the random number generator generates an arbitrary random number K from {1, 2,..., Q−1} every time a signature is generated (step 110). While calculating the g ^K using the so generated random number value (step 120), this value is definitive calculated in advance a independent values and messages.

Next, after performing a modular p operation by multiplying the hash code by a value calculated in advance (step 130), the data is cut into Lq bit lengths. Here, disconnecting means that all but the Lq bit length are discarded. The result is a value R corresponding to the front part of the signature (step 140). Then, S = (K−RX) mod q is calculated using the private signature key X of the signer in order to generate the tail of the signature (step 150). Then, the S is connected to the R and a signature Σ = R‖S is output (step 160). This signature is added to the message, and {Y, M, R, S} is transmitted together with the signature verification key Y (step 170).

FIG. 2 is a flowchart illustrating a method for verifying the generated digital signature. In order to verify the signature, the verifier first confirms that 0 <R <q and 0 <S <q for Σ = R‖S in the signed message received by the verifier (step 200). . If all of the above two conditions are satisfied, the signature is verified as shown in FIG. Received message M to against hash function value H (M), the received S and R by g ^S, calculates the Y ^R (210 stages), the modular multiplication with respect to modular p (220 steps) . Then the modular multiplication result values to generate a result value V _R cut into Lq bits (step 230), compared with the R value received the V _R (240 steps). As a result of the comparison, if the user has the same signer's public verification key Y, the signature Σ = R‖S is the signer's private signature key X with respect to the received message M.
It can be confirmed that the signature has been obtained (step 250). Conversely, if the comparison result is not the same as the comparison result R, it indicates that the message M was signed in an illegal manner or that the message was transformed by an attacker. In this case, the message M was regarded as worthless data. (Step 260).

[0016]

According to the present invention, the function of a signature signed on paper can be provided to an electronic document, and the document can prove the original document creator in the electronic document. If the contents of the original document are transformed by a third party,
It is possible to provide a necessary electronic signature on the electronic money by notifying that the electronic money has been deformed. Also, digital signatures can be applied to authentication systems, which can speed up the digital signature verification phase.

[Brief description of the drawings]

FIG. 1 is a flowchart for a method for generating a digital signature according to the present invention.

FIG. 2 is a flowchart for a method of verifying a generated digital signature.

Claims (2)

[Claims] 1. Lp and Lq respectively denote p and q bit lengths for prime numbers p and q, and satisfy a <1 <a <p−1 and a ^{(p−1) / q} modp> 1
Is limited to g = a ^{(p-1) / q} modp, the hash code H for the message M to be transmitted
And (M), the steps of multiplying g ^K calculated by the random number K which occurs when signing each, after modular multiplying the multiplied result values for modular p, signing and cut into Lq bits Obtaining the front R, the signer's secret key X, a random number K generated at each signature time, and the calculated value R to obtain the rear of the signature through S = (K−RX) mod q.
A digital signature method with message addition, comprising: determining S; and transmitting a signature verification key Y and a message M for verifying a digital signature including the R and S. 2. Lp and Lq represent p and q bit lengths for prime numbers p and q, respectively, and satisfying 1 <a <p−1 and a (p−1) ^{/ q} modp> 1
When limiting to g = a ^{(p-1) / q} modp, the message Y, M, S, R transmitted from claim 1 is received
Checking that 0 <R <q, 0 <S <q; and hash function value H (M) for the received message M,
G ^S by the received S and R, and performing modular multiplication with respect to modular p by calculating the Y ^R, and said modular multiplication result value R value received as the result value obtained by cutting the Lq bits Confirming that the user having the public verification key Y is signed to the received message M as being identical to each other. Verification method.