EP1269683A1 - Method for probabilistic digital signatures - Google Patents

Method for probabilistic digital signatures

Info

Publication number
EP1269683A1
EP1269683A1 EP01917165A EP01917165A EP1269683A1 EP 1269683 A1 EP1269683 A1 EP 1269683A1 EP 01917165 A EP01917165 A EP 01917165A EP 01917165 A EP01917165 A EP 01917165A EP 1269683 A1 EP1269683 A1 EP 1269683A1
Authority
EP
European Patent Office
Prior art keywords
signatures
algorithm
message
signature
probabilistic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01917165A
Other languages
German (de)
French (fr)
Inventor
David Naccache
Pascal Paillier
Jacques Stern
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gemplus SA
Original Assignee
Gemplus Card International SA
Gemplus SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemplus Card International SA, Gemplus SA filed Critical Gemplus Card International SA
Publication of EP1269683A1 publication Critical patent/EP1269683A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3013Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Definitions

  • the present invention relates to a method for generating probabilistic digital signatures in order to allow verification of the integrity of a transmitted message.
  • the present invention applies in particular to the field of smart cards with or without contact.
  • Such cards in fact constitute secure information carriers and generally include a microcontroller incorporated on an integrated circuit chip.
  • a microcontroller has an architecture similar to that of a computer. It includes a processing unit made up of a microprocessor or CPU (from the English Central Processing Unit) associated with different types of memories.
  • a non-volatile memory, of ROM type for example, generally comprises at least one program for implementing a signature algorithm.
  • the invention applies in particular to algorithms for generating and verifying digital signatures.
  • the objective of these algorithms is to calculate one or more integers, in general a pair, called the signature and associated with a given message in order to certify the identity of the signatory and the integrity of the signed message.
  • Such algorithms allow on the one hand to generate signatures and on the other hand to verify these signatures.
  • the signature is said to be probabilistic when the algorithm calls for a hazard in the generation of the signature, this hazard being secret and regenerated with each new signature. So the same message transmitted by the same user can have several distinct signatures.
  • DSA Digital Signature Algonthm
  • the generation of the signature was carried out with the secret key x and a secret and different random number k for each signature, and its verification with the public key y.
  • the use of the hash function in the generation of the signature is found in almost all the algorithms for generating probabilistic signatures based on a discrete logarithm calculation. It makes it possible to guarantee the non reproducibility of the signature by breaking its linearity.
  • this hash function nevertheless has drawbacks because it supposes on the one hand that this function h behaves like a random function, which is not always true, and on the other hand that this function h is implemented in the memory of the integrated circuit chip of the secure device (the chip card for example).
  • the code size required for implementing the hash function is very large, around 1 to 2 kilobytes.
  • the invention aims to resolve these constraints and proposes a solution which is suitable for microcontrollers having few computing resources.
  • the subject of the present invention is a method for generating probabilistic digital signatures which allows to get rid of the hash function, without altering the security of the messages exchanged.
  • the invention provides a method for transforming a probabilistic signature algorithm using a hash function into another algorithm which does not use this function.
  • the initial probabilistic algorithm is used twice instead of once to sign the message directly, ie the initial message, not hashed. This generates twin signatures associated with the same message.
  • the invention relates more particularly to a method of probabilistic digital signatures of a message, between a signatory and a creditor, from an algorithm based on the calculation of a discrete logarithm, characterized in that it consists, for the signatory, to generate at least two signatures of the same message, not hashed, said signatures being calculated by the algorithm by means of the same parameters with public and private key by calling respectively on different hazards, and in that it consists, for the buyer, to verify all the signatures of the said message.
  • the probabilistic algorithm is the DSA (Digital Signature Algonthm).
  • the probabilistic algorithm is the Schnorr algorithm.
  • the invention advantageously applies to any secure device of the smart card type, and in particular to devices comprising an 8-bit microcontroller.
  • the method according to the invention has the advantage of eliminating the hash function and thus minimizing the memory occupancy rate.
  • the calculation speed is increased, even if a double calculation is required.
  • the call to a hash function is delicate on simple 8-bit microcontrollers, inexpensive and increasingly used to contain the manufacturing costs of the devices.
  • the method according to the invention makes it possible to guarantee security in the execution of any algorithm for generating probabilistic digital signatures.
  • the description refers to the DSA signature algorithm, but also applies to all other probabilistic signature algorithms and their variants such as ElGamal, Schnorr, EC-DSA, Abe-Okamoto, for example which also use the function hash in the generation of signature pairs.
  • the method of generating signatures according to the invention is based on the calculation of at least two signatures, which are then said to be twin, of the same initial message m not hashed.
  • the signature thus comprises at least two signatures calculated using the same parameters with public key y and private key x by making use respectively of distinct hazards k 1; k 2 , ... k n .
  • the signature of the message thus becomes (r 1 , s 1 , r 2 , s 2 , ... r n , s n ), with the n pairs (r ⁇ s (for î going from 1 to n) calculated and checked according to conventional methods for generating and verifying signatures, whether it be the DSA, Schnorr or any other algorithm using a hash function.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

The invention concerns a method for probabilistic signatures of a message, between a signatory and a verifier, from an algorithm based on the calculation of a discrete logarithm. The invention is characterised in that it consists: for the signatory, in generating at least two signatures for the same non-hash coded message, said signatures being calculated by the algorithm with common public and private parameters using respectively different random variables, and for the verifier, in verifying all the signatures of said message.

Description

PROCEDE DE SIGNATURES NUMERIQUES PROBABILISTES PROBABILISTIC DIGITAL SIGNATURE PROCESS
La présente invention concerne un procédé de génération de signatures numériques probabilistes afin de permettre la vérification de l'intégrité d'un message transmis. La présente invention s'applique en particulier au domaine des cartes à puce avec ou sans contact . De telles cartes constituent en effet des supports d'informations sécurisés et comportent en général un micro-contôleur incorporé sur une puce de circuit intégré. Un micro-contrôleur possède une architecture semblable à celle d'un ordinateur. Il comporte une unité de traitement constituée d'un microprocesseur ou CPU (de l'anglais Central Processing Unit) associée à différents types de mémoires. Une mémoire non volatile, de type ROM par exemple, comporte en général au moins un programme de mise en œuvre d'un algorithme de signature .The present invention relates to a method for generating probabilistic digital signatures in order to allow verification of the integrity of a transmitted message. The present invention applies in particular to the field of smart cards with or without contact. Such cards in fact constitute secure information carriers and generally include a microcontroller incorporated on an integrated circuit chip. A microcontroller has an architecture similar to that of a computer. It includes a processing unit made up of a microprocessor or CPU (from the English Central Processing Unit) associated with different types of memories. A non-volatile memory, of ROM type for example, generally comprises at least one program for implementing a signature algorithm.
L'invention s'applique en particulier à des algorithmes de génération et de vérification de signatures numériques. L'objectif de ces algorithmes est de calculer un ou plusieurs entiers, en général une paire, appelés la signature et associés à un message donné afin de certifier l'identité du signataire et l'intégrité du message signé. De tels algorithmes permettent d'une part de générer des signatures et d'autre part de vérifier ces signatures.The invention applies in particular to algorithms for generating and verifying digital signatures. The objective of these algorithms is to calculate one or more integers, in general a pair, called the signature and associated with a given message in order to certify the identity of the signatory and the integrity of the signed message. Such algorithms allow on the one hand to generate signatures and on the other hand to verify these signatures.
La signature est dite probabiliste lorsque l'algorithme fait appel à un aléas dans la génération de la signature, cet aléas étant secret et régénéré à chaque nouvelle signature. Ainsi, un même message transmis par un même utilisateur peut avoir plusieurs signatures distinctes.The signature is said to be probabilistic when the algorithm calls for a hazard in the generation of the signature, this hazard being secret and regenerated with each new signature. So the same message transmitted by the same user can have several distinct signatures.
Un exemple d'un tel algorithme peut être illustré par le DSA (de l'anglais Digital Signature Algonthm) . Les paramètres du DSA sont : p, un grand premier connu, de 512 ou 1024 bits, q, un premier qui divise p-1, de 160 bits, g, un entier choisi tel que gq = 1 mod p avec g ≠ 1 mod p . La clé secrète x est un nombre aléatoirement fixé entre 0 et 2ιeo-l, et la clé publique y est liée à x par la relation y = gx mod p.An example of such an algorithm can be illustrated by the DSA (from the English Digital Signature Algonthm). The parameters of the DSA are: p, a large known prime, of 512 or 1024 bits, q, a prime which divides p-1, of 160 bits, g, a chosen integer such that g q = 1 mod p with g ≠ 1 mod p. The secret key x is a random number fixed between 0 and 2 ιeo -l, and the public key y is linked to x by the relation y = g x mod p.
Soit m, le message à envoyer. La signature DSA de m est la paire (r,s) définie comme suit : r = (gk mod p) mod q ; s = ( h (m) + r-x) / k mod q ; avec k un nombre aléatoire de 160 bits tel que k<q, régénéré à chaque signature, et h (m) le message initial m chiffré au moyen d'une fonction de hachage qui est une fonction cryptographique pseudo aléatoire.Let m be the message to send. The DSA signature of m is the pair (r, s) defined as follows: r = (g k mod p) mod q; s = (h (m) + rx) / k mod q; with k a 160-bit random number such that k <q, regenerated at each signature, and h (m) the initial message m encrypted by means of a hash function which is a pseudo-random cryptographic function.
La vérification de la signature s'effectue commeSignature verification is carried out as
On réalise un premier calcul intermédiaire w = s"1 mod qOne carries out a first intermediate calculation w = s "1 mod q
On vérifie si ( (gw h(ra) yr w)mod p)mod q D r. Si cette égalité est vrai, la signature est authentique .We check if ((g wh (ra) y rw ) mod p) mod q D r. If this equality is true, the signature is authentic.
La génération de la signature (r,s) a été réalisée avec la clé secrète x et un nombre aléatoire k secret et différent pour chaque signature, et sa vérification avec la clé publique y. Ainsi, n'importe qui peut authentifier une carte et son porteur sans détenir sa clé secrète . L'utilisation de la fonction de hachage dans la génération de la signature se retrouve dans quasiment tous les algorithmes de génération de signatures probabilistes basés sur un calcul de logarithme discret. Elle permet en effet de garantir la non reproductibilité de la signature en brisant sa linéarité .The generation of the signature (r, s) was carried out with the secret key x and a secret and different random number k for each signature, and its verification with the public key y. Thus, anyone can authenticate a card and its holder without holding their secret key. The use of the hash function in the generation of the signature is found in almost all the algorithms for generating probabilistic signatures based on a discrete logarithm calculation. It makes it possible to guarantee the non reproducibility of the signature by breaking its linearity.
L'emploi de cette fonction de hachage présente néanmoins des inconvénients car elle suppose d'une part que cette fonction h se comporte comme une fonction aléatoire, ce qui n'est pas toujours vrai, et d'autre part que cette fonction h est implementée dans la mémoire de la puce de circuit intégré du dispositif sécurisé (la carte à puce par exemple) . Or la taille de code nécessaire à 1 ' implementation de la fonction de hachage est très élevée, environ 1 à 2 kilo octets.The use of this hash function nevertheless has drawbacks because it supposes on the one hand that this function h behaves like a random function, which is not always true, and on the other hand that this function h is implemented in the memory of the integrated circuit chip of the secure device (the chip card for example). However, the code size required for implementing the hash function is very large, around 1 to 2 kilobytes.
Les contraintes économiques liées au marché de la carte à puce obligent à une constante recherche en vue de maîtriser ses coûts de revient. Cet effort passe souvent par l'utilisation de composants plus simples. Dans un tel cadre, 1 ' implementation d'algorithmes à clé publique sur des micro-contrôleurs peu chers de types 8 bits à cœur de 8051 (Intel) ou 6805 (Motorola) par exemple représente un intérêt grandissant. Il n'est cependant pas possible d' implémenter un algorithme de signature numérique tel que le DSA ou du même type, faisant appel à une fonction de hachage, sur de tels micro-contrôleurs .The economic constraints linked to the smart card market require constant research in order to control its production costs. This effort often involves the use of simpler components. In such a framework, the implementation of public key algorithms on inexpensive 8-bit microcontrollers of the 8051 (Intel) or 6805 (Motorola) core, for example, represents a growing interest. However, it is not possible to implement a digital signature algorithm such as the DSA or of the same type, using a hash function, on such microcontrollers.
L'invention a pour but de résoudre ces contraintes et propose une solution qui soit adaptée à des microcontrôleurs possédant peu de ressources de calcul .The invention aims to resolve these constraints and proposes a solution which is suitable for microcontrollers having few computing resources.
La présente invention a pour objet un procédé de génération de signatures numériques probabilistes qui permet de s'affranchir de la fonction de hachage, sans altérer la sécurité des messages échangés.The subject of the present invention is a method for generating probabilistic digital signatures which allows to get rid of the hash function, without altering the security of the messages exchanged.
L'invention propose à cet effet un procédé permettant de transformer un algorithme de signature probabiliste utilisant une fonction de hachage en un autre algorithme ne faisant pas appel à cette fonction. A cette fin, l'algorithme probabiliste de départ est utilisé deux fois au lieu d'une pour signer le message directement, c'est à dire le message initial non haché. On génère ainsi des signatures jumelles associées au même message.To this end, the invention provides a method for transforming a probabilistic signature algorithm using a hash function into another algorithm which does not use this function. To this end, the initial probabilistic algorithm is used twice instead of once to sign the message directly, ie the initial message, not hashed. This generates twin signatures associated with the same message.
L'invention concerne plus particulièrement un procédé de signatures numériques probabilistes d'un message, entre un signataire et un vénfïeur, à partir d'un algorithme basé sur le calcul d'un logarithme discret, caractérisé en ce qu'il consiste, pour le signataire, à générer au moins deux signatures du même message non haché, lesdites signatures étant calculées par l'algorithme au moyen des mêmes paramètres à clé publique et privée en faisant respectivement appel à des aléas distincts, et en ce qu'il consiste, pour le vénfïeur, à vérifier toutes les signatures dudit message .The invention relates more particularly to a method of probabilistic digital signatures of a message, between a signatory and a creditor, from an algorithm based on the calculation of a discrete logarithm, characterized in that it consists, for the signatory, to generate at least two signatures of the same message, not hashed, said signatures being calculated by the algorithm by means of the same parameters with public and private key by calling respectively on different hazards, and in that it consists, for the buyer, to verify all the signatures of the said message.
Selon une application, l'algorithme probabiliste est le DSA (Digital Signature Algonthm) .According to one application, the probabilistic algorithm is the DSA (Digital Signature Algonthm).
Selon une autre application, l'algorithme probabiliste est l'algorithme de Schnorr.According to another application, the probabilistic algorithm is the Schnorr algorithm.
L'invention s'applique avantageusement à tout dispositif sécurisé de type carte à puce, et en particulier à des dispositifs comportant un microcontrôleur 8 bits.The invention advantageously applies to any secure device of the smart card type, and in particular to devices comprising an 8-bit microcontroller.
Le procédé selon l'invention présente l'avantage de s'affranchir de la fonction de hachage et de minimiser ainsi le taux d'occupation mémoire. En outre, la vitesse de calcul est accrue, même si un double calcul est requis. En effet, l'appel à une fonction de hachage est délicate sur de simples micro-contrôleurs 8 bits, peu chers et de plus en plus souvent utilisés pour contenir les coûts de fabrication des dispositifs.The method according to the invention has the advantage of eliminating the hash function and thus minimizing the memory occupancy rate. In addition, the calculation speed is increased, even if a double calculation is required. Indeed, the call to a hash function is delicate on simple 8-bit microcontrollers, inexpensive and increasingly used to contain the manufacturing costs of the devices.
En outre, le procédé selon l'invention permet de garantir la sécurité dans l'exécution de n'importe quel algorithme de génération de signatures numériques probabilistes . La description fait référence à l'algorithme de signature DSA, mais s'applique également à tous les autres algorithmes de signatures probabilistes et à leurs variantes tels que ElGamal , Schnorr, EC-DSA, Abe- Okamoto, par exemple qui utilisent également la fonction de hachage dans la génération de paires de signatures .In addition, the method according to the invention makes it possible to guarantee security in the execution of any algorithm for generating probabilistic digital signatures. The description refers to the DSA signature algorithm, but also applies to all other probabilistic signature algorithms and their variants such as ElGamal, Schnorr, EC-DSA, Abe-Okamoto, for example which also use the function hash in the generation of signature pairs.
Le procédé de génération de signatures selon l'invention est basé sur le calcul d'au moins deux signatures, que l'on dit alors jumelles, du même message initial m non haché. La signature comprend ainsi au moins deux signatures calculées à l'aide des mêmes paramètres à clé publique y et privée x en faisant respectivement appel à des aléas distincts k1; k2, ... kn. La signature du message devient ainsi (r1 , s1 , r2, s2, ...rn,sn), avec les n paires (r^s (pour î allant de 1 à n) calculées et vérifiées selon les procédés classiques de génération et de vérification de signatures qu'il s'agisse du DSA, de Schnorr ou de tout autre algorithme utilisant une fonction de hachage. The method of generating signatures according to the invention is based on the calculation of at least two signatures, which are then said to be twin, of the same initial message m not hashed. The signature thus comprises at least two signatures calculated using the same parameters with public key y and private key x by making use respectively of distinct hazards k 1; k 2 , ... k n . The signature of the message thus becomes (r 1 , s 1 , r 2 , s 2 , ... r n , s n ), with the n pairs (r ^ s (for î going from 1 to n) calculated and checked according to conventional methods for generating and verifying signatures, whether it be the DSA, Schnorr or any other algorithm using a hash function.

Claims

REVENDICATIONS
1. Procédé de signatures numériques probabilistes d'un message (m), entre un signataire et un vénfïeur, à partir d'un algorithme basé sur le calcul d'un logarithme discret, caractérisé en ce qu'il consiste, pour le signataire, à générer au moins deux signatures1. Method of probabilistic digital signatures of a message (m), between a signatory and a venger, from an algorithm based on the calculation of a discrete logarithm, characterized in that it consists, for the signatory, to generate at least two signatures
(rx,sι) et (r2,s2) du même message non haché (m), lesdites signatures étant calculées par l'algorithme au moyen des mêmes paramètres à clé publique et privée(r x , sι) and (r 2 , s 2 ) of the same unchopped message (m), said signatures being calculated by the algorithm using the same parameters with public and private key
(y,x) en faisant respectivement appel à des aléas distincts (ki) et (k2) , et en ce qu'il consiste, pour le vénfïeur, à vérifier toutes les signatures (rι,Sι) et(y, x) by calling respectively on separate hazards (ki) and (k 2 ), and in that it consists, for the buyer, in verifying all the signatures (r ι , S ι ) and
(r2,s2) dudit message (m) .(r 2 , s 2 ) of said message (m).
2. Procédé selon la revendication 1, caractérisé en ce que l'algorithme probabiliste est le DSA (Digital2. Method according to claim 1, characterized in that the probabilistic algorithm is the DSA (Digital
Signature Algonthm) .Algonthm signature).
3. Procédé selon la revendication 1, caractérisé en ce que, l'algorithme probabiliste est l'algorithme de Schnorr.3. Method according to claim 1, characterized in that, the probabilistic algorithm is the Schnorr algorithm.
4. Dispositif sécurisé, de type carte à puce, caractérisé en ce qu'il comporte un composant électronique apte à mettre en œuvre le procédé de signature selon les revendications 1 à 3.4. Secure device, of the smart card type, characterized in that it comprises an electronic component capable of implementing the signature method according to claims 1 to 3.
5. Dispositif selon la revendication 4, caractérisé en ce que le composant électronique est un microcontrôleur 8 bits. 5. Device according to claim 4, characterized in that the electronic component is an 8-bit microcontroller.
EP01917165A 2000-03-28 2001-03-16 Method for probabilistic digital signatures Withdrawn EP1269683A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0003918 2000-03-28
FR0003918A FR2807248B1 (en) 2000-03-28 2000-03-28 PROBABILISTIC DIGITAL SIGNATURE PROCESS
PCT/FR2001/000795 WO2001074009A1 (en) 2000-03-28 2001-03-16 Method for probabilistic digital signatures

Publications (1)

Publication Number Publication Date
EP1269683A1 true EP1269683A1 (en) 2003-01-02

Family

ID=8848578

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01917165A Withdrawn EP1269683A1 (en) 2000-03-28 2001-03-16 Method for probabilistic digital signatures

Country Status (5)

Country Link
US (1) US20010056537A1 (en)
EP (1) EP1269683A1 (en)
AU (1) AU4425901A (en)
FR (1) FR2807248B1 (en)
WO (1) WO2001074009A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5347581A (en) * 1993-09-15 1994-09-13 Gemplus Developpement Verification process for a communication system
US5511121A (en) * 1994-02-23 1996-04-23 Bell Communications Research, Inc. Efficient electronic money
US6292897B1 (en) * 1997-11-03 2001-09-18 International Business Machines Corporation Undeniable certificates for digital signature verification
US6108783A (en) * 1998-02-11 2000-08-22 International Business Machines Corporation Chameleon hashing and signatures

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0174009A1 *

Also Published As

Publication number Publication date
FR2807248B1 (en) 2002-06-28
FR2807248A1 (en) 2001-10-05
WO2001074009A1 (en) 2001-10-04
AU4425901A (en) 2001-10-08
US20010056537A1 (en) 2001-12-27

Similar Documents

Publication Publication Date Title
EP0656710B1 (en) Method for generating DSA dignatures with low cost portable devices
FR2759226A1 (en) PROTOCOL FOR VERIFYING A DIGITAL SIGNATURE
EP0661846A1 (en) Method for authenticating at least one identification device by a verification device using a zero-knowledge protocol
EP1151576B1 (en) Public and private key cryptographic method
WO2001080481A1 (en) Cryptography method on elliptic curves
EP0909495B1 (en) Public key cryptography method
EP0795241A1 (en) Public key cryptography process based on the discrete logarithm
EP1400056A1 (en) Cryptographic authentication process
EP0666664B1 (en) Method for digital signature and authentication of messages using a discrete logarithm with a reduced number of modular multiplications
FR2747257A1 (en) METHOD OF IDENTIFICATION AND / OR SIGNATURE
WO2001074009A1 (en) Method for probabilistic digital signatures
WO2003055134A9 (en) Cryptographic method for distributing load among several entities and devices therefor
EP0980607A1 (en) Pseudo-random generator based on a hash coding function for cryptographic systems requiring random drawing
FR2842052A1 (en) CRYPTOGRAPHIC METHOD AND DEVICES FOR REDUCING CALCULATION DURING TRANSACTIONS
FR2818846A1 (en) Method for protecting electronic component executing cryptographic algorithm against current measurement attack, comprises factorization of exponential in algorithm and permutation of the factors
WO2002028011A1 (en) Method for accelerated transmission of electronic signature
WO2001097009A1 (en) Method for cryptographic calculation comprising a modular exponentiation routine
FR2713420A1 (en) Digital Signal Algorithm generation for portable computers
WO2003021864A2 (en) Method of reducing the size of an rsa or rabin signature
WO2003069841A1 (en) Method for detection of attacks on cryptographic algorithms by trial and error
FR2834155A1 (en) Generation of electronic cryptographic keys, uses electronic component reading secret number and generating pseudo-random number as basis for key
WO2002019613A1 (en) Method for generating unchallengeable signatures, in particular by an integrated system, and integrated system therefor
FR2850502A1 (en) Method of authenticating digital signatures using a low cost computer, used in authenticating bankcards or credit cards etc., allows a verifier system to exchange data with a signature system
FR3014582A1 (en) METHOD FOR TESTING MOV CONDITION AND DEVICE THEREFOR
WO2003010921A1 (en) Method for generating electronic keys for implementing a cryptographic algorithm, smart card therefor

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20021028

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20031024