EP1523823A2 - Procede de generation de cles electroniques pour procede de cryptographie a cle publique et objet portatif securise mettant en oeuvre le procede - Google Patents
Procede de generation de cles electroniques pour procede de cryptographie a cle publique et objet portatif securise mettant en oeuvre le procedeInfo
- Publication number
- EP1523823A2 EP1523823A2 EP03760742A EP03760742A EP1523823A2 EP 1523823 A2 EP1523823 A2 EP 1523823A2 EP 03760742 A EP03760742 A EP 03760742A EP 03760742 A EP03760742 A EP 03760742A EP 1523823 A2 EP1523823 A2 EP 1523823A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- prime
- length
- calculation
- couple
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/30—Compression, e.g. Merkle-Damgard construction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the invention relates to a method for generating electronic keys for a public key cryptography method. It also relates to a secure portable object implementing the method.
- the invention relates more particularly to the generation of keys of an RSA type cryptographic system and their storage on a secure object with a view to their use in an application requiring security.
- the invention is particularly applicable to secure objects having no significant memory resource such as electrically programmable memory, or powerful computing resources as is the case for smart cards.
- An application of the invention is electronic commerce via a mobile phone.
- the keys can be found on the SIM card of the phone.
- this RSA cryptography protocol allows the encryption of information and / or authentication between two entities and / or the electronic signature of messages.
- the RSA cryptography protocol is the most used because it has properties that allow it to be used both in encryption and in signature generation.
- the RSA cryptography system includes a "public" algorithm performing the encryption or signature verification function and a "private” algorithm performing the decryption or signature generation function. Its security is based on the difficulty of factoring a large public integer N which is the product of two large prime numbers p and q, the couple (p, q) entering into the calculation of the secret key d used by the decryption function or by the function for calculating a signature.
- Parameters p and q They are generated at the end of a time-consuming calculation. They are generally the same length (even
- This length is conventionally 512 bits.
- this length can range from 512 bits to 2048, 2048 bits being envisaged for the future.
- N is the public module and is calculated from the following relation:
- the key of the algorithm is said to be of length i, when the public module N is of length i. This length is set by the application (or service provider).
- each service provider When several applications are planned, each service provider provides its public exponent e and the length of the public module N, so that the corresponding private key d can be generated.
- N p * q an integer of length 2.
- the portable object stores sets of keys and certificates corresponding to each application likely to be used, without knowing whether these keys will be really useful later.
- a large memory location is used unnecessarily. For example 0.3 Kbytes are required for an RSA key of 1024bits module, while the current cards have at most 32 Kbytes of programmable memory.
- a large number of certificates are purchased from the trusted entity which is expensive. The ultimate but equally important disadvantage is that it is not possible to add new keys as new applications could be considered.
- the calculation can be carried out within the secure object. This solves the first drawback of the previous solution but creates a heavy processing at the level of the secure object which has a low computing capacity.
- this solution still has the second drawback of the previous solution, namely the need for memory resource.
- the present invention aims to solve these problems.
- an object of the present invention relates to a method for generating electronic keys for a public key cryptography method by means of an electronic device, mainly characterized in that it comprises two dissociated calculation steps:
- step A1) consists in calculating pairs of prime numbers (p, q) without knowledge of the public exponent e or of the length 1 of the key, by using a parameter ⁇ which is the product of small prime numbers.
- the couple (P q) obtained in step A has a maximum probability of being able to correspond to a future couple
- step B (e, l) and will calculate a key d during the implementation of step B.
- the calculation A1) also takes into account the fact that a high probability of being part of the set ⁇ 3, 17, ..., 2 16 + 1 ⁇ , we use for that in the calculation of step A, a seed ⁇ which makes it possible to calculate not couples (P / q) but a representative value called image of couples (p, q).
- Storage A-2) then consists in memorizing this image. This saves memory space since an image is smaller than a prime number p or q, for example 32 bytes compared to 128 bytes.
- couples (p, q) are calculated for different probable couples (e, l).
- the parameter ⁇ will contain the usual values of e, for example 3, 17.
- step A-1 comprises an operation of compressing the calculated pairs (p, q) and step A-2) then consists in storing the compressed values thus obtained.
- Step B includes verifying the following conditions for a given couple (e,):
- step B comprises, for a couple (p, q) obtained in step A, and a given couple (e, l):
- the subject of the invention is also a portable secure object capable of generating electronic keys d of an RSA-type cryptography algorithm, characterized in that it comprises at least:
- Communication means to receive at least one couple (e, l), - A memory for storing the results of a step A consisting of:
- the portable secure object also comprises a program for the implementation of step A, steps A and B being dissociated over time.
- the portable secure object may be constituted by a smart card.
- the generation of keys is done in two separate steps.
- the first Step A includes a calculation of pairs of prime numbers (p, q) or of values representative of pairs of prime numbers called an image.
- the couples (p, q) obtained are stored. This calculation is cumbersome and it is all the more cumbersome if a conventional prime number generation algorithm is used.
- a preferred embodiment for implementing this step makes it possible to lighten the calculations and to limit the memory space necessary for the storage of the couples (p, q) obtained by storing an image of these couples. .
- the second Step B comprises the calculation proper of the key d from the results of step A and the knowledge of the couple (e, l).
- This calculation includes, for a couple (p, q) obtained in step A, and a given couple (e, l):
- the first step which corresponds to a relatively cumbersome calculation compared to the second step, can be executed by a body other than the card to puce for example by a server.
- the results of the calculation of this first step may be loaded onto a smart card at the time of personalization.
- the calculation of step A can also be done by the card itself at any time which does not bother the user of this card. For example, this calculation can be done when personalizing the card or later: In practical terms, when using the card,. To obtain a service, if a private key is required, then the public key is provided by the service provider (possibly remotely if it is not already stored in the card) in order to generate the private key.
- This generation step (step B of calculation) is carried out quickly by the card.
- the generation of a private key can be done on board, ie by the card itself with a gain of a factor of 10 in execution time compared to the key generation methods known to date. .
- step A we will describe in the following a preferred embodiment for the implementation of step A.
- This embodiment is particularly advantageous for boarding a smart card because it allows to optimize both the memory space but also the calculation time.
- min (p) min (q) is between 2, * 0 u -l and N, and max (p) max (q) is between N and 2 l as requested.
- This parameter ⁇ is the product of small prime numbers in which we can find in particular 3, 17, 2 16 + 1 'prime numbers generally used as public exponents.
- the first phase of the method consists in generating and recording a prime number k of short length with respect to the length of an RSA key in the interval of whole numbers ⁇ , ...., ⁇ -l ⁇ , (k , ⁇ ) being co-first, ie having no common factor.
- the second phase then consists in starting from this number k to construct the first candidate q which satisfies the condition of being co-first with ⁇ .
- this first candidate does not satisfy this condition, then it is updated, that is to say that another candidate is chosen until a value of q satisfying the condition is found.
- One way to test the primacy of a number is for example to use the Rabin-Miller test.
- a simple way to implement this algorithm can consist, for each envisaged RSA key length, of storing the values of k and j so as to re-construct q.
- step 2 Rather than choosing a random number j as indicated in step 2) another embodiment can consist in constructing j from a short random number.
- This execution mode makes it possible to considerably reduce the memory space requirements because there is only to store the values of ⁇ and k in memory EEPROM.
- the value of ⁇ is in ROM (in the calculation program).
- k ( D ) [PRNG 2 ( ⁇ ) + b PRNG3 ( ⁇ ) (PRNG 2 ( ⁇ ) ⁇ ( ⁇ , -l)] (mod ⁇ ) b being an element of order ⁇ (II) belonging to Z * ff-
- f is equal to 2 8 . This means that f can be coded on 1 byte or 8 bytes.
- a last mode of execution making it possible to reduce the memory space consists in storing in the calculation program, that is to say in program memory, several values of ⁇ and the corresponding values of ⁇ ( ⁇ ) for different lengths of keys considered. We can notice that a large value of ⁇ leads to the smallest values for f.
- the program implementing the card process does not need to know a priori the public exhibitor e. This exhibitor can therefore be supplied at any time by an application loaded into the card. However, we know that for most applications (more than 95%), the values of e used are the values ⁇ 3, 17, 2 16 + l ⁇ .
- the condition required for k ( 0 ) can be obtained by the Chinese remainder theorem.
- step A1 another alternative may consist for step A1) in calculating pairs of prime numbers (p, q) for different probable pairs (e, l).
- the invention proposes a method in two dissociated steps, the second step very fast compared to known solutions, can be executed in real time. This process is also inexpensive in memory space.
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
- Calculators And Similar Devices (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0207688A FR2841411B1 (fr) | 2002-06-19 | 2002-06-19 | Procede de generation de cles electroniques pour procede de crytographie a cle publique et objet portatif securise mettant en oeuvre le procede |
FR0207688 | 2002-06-19 | ||
PCT/FR2003/001871 WO2004002058A2 (fr) | 2002-06-19 | 2003-06-18 | Procede de generation de cles electroniques pour procede de cryptographie a cle publique et objet portatif securise mettant en oeuvre le procede |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1523823A2 true EP1523823A2 (fr) | 2005-04-20 |
Family
ID=29719931
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP03760742A Withdrawn EP1523823A2 (fr) | 2002-06-19 | 2003-06-18 | Procede de generation de cles electroniques pour procede de cryptographie a cle publique et objet portatif securise mettant en oeuvre le procede |
Country Status (6)
Country | Link |
---|---|
US (1) | US20050226411A1 (fr) |
EP (1) | EP1523823A2 (fr) |
JP (1) | JP4765108B2 (fr) |
AU (1) | AU2003258815A1 (fr) |
FR (1) | FR2841411B1 (fr) |
WO (1) | WO2004002058A2 (fr) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7597250B2 (en) | 2003-11-17 | 2009-10-06 | Dpd Patent Trust Ltd. | RFID reader with multiple interfaces |
US7762470B2 (en) | 2003-11-17 | 2010-07-27 | Dpd Patent Trust Ltd. | RFID token with multiple interface controller |
US7213766B2 (en) | 2003-11-17 | 2007-05-08 | Dpd Patent Trust Ltd | Multi-interface compact personal token apparatus and methods of use |
WO2008030184A1 (fr) * | 2006-07-04 | 2008-03-13 | Khee Seng Chua | Systeme d'authentification perfectionne |
US8472620B2 (en) | 2007-06-15 | 2013-06-25 | Sony Corporation | Generation of device dependent RSA key |
US8170216B2 (en) * | 2008-06-18 | 2012-05-01 | Apple Inc. | Techniques for validating and sharing secrets |
KR20130097985A (ko) * | 2012-02-27 | 2013-09-04 | 삼성전자주식회사 | 양방향 커뮤니케이션을 위한 방법 및 장치 |
EP3562092A1 (fr) | 2018-04-26 | 2019-10-30 | Thales Dis Design Services Sas | Procédé pour générer une clé cryptographique embarquée à l'aide d'une fonction physiquement non clonable |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4736423A (en) * | 1985-04-30 | 1988-04-05 | International Business Machines Corporation | Technique for reducing RSA Crypto variable storage |
GB9410337D0 (en) * | 1994-05-24 | 1994-07-13 | Cryptech Systems Inc | Key transmission system |
JPH09261217A (ja) * | 1996-03-27 | 1997-10-03 | Nippon Telegr & Teleph Corp <Ntt> | 通信装置及びその方法 |
US5884270A (en) * | 1996-09-06 | 1999-03-16 | Walker Asset Management Limited Partnership | Method and system for facilitating an employment search incorporating user-controlled anonymous communications |
US5848159A (en) * | 1996-12-09 | 1998-12-08 | Tandem Computers, Incorporated | Public key cryptographic apparatus and method |
US6192474B1 (en) * | 1998-07-31 | 2001-02-20 | Lucent Technologies Inc. | Method for establishing a key using over-the-air communication and password protocol and password protocol |
JP3518672B2 (ja) * | 1998-11-27 | 2004-04-12 | 村田機械株式会社 | 素数生成装置及び暗号システム |
CN1408154A (zh) * | 1999-01-27 | 2003-04-02 | 法国电信公司 | 验证实体真实性和/或消息的完整性和/或真实性的方法,系统,设备 |
US6868160B1 (en) * | 1999-11-08 | 2005-03-15 | Bellsouth Intellectual Property Corporation | System and method for providing secure sharing of electronic data |
FR2807246B1 (fr) * | 2000-03-28 | 2002-12-27 | Gemplus Card Int | Procede de generation de cles electroniques a partir de nombres entiers premiers entre eux et dispositif de mise en oeuvre du procede |
FR2811442B1 (fr) * | 2000-07-10 | 2002-09-13 | Gemplus Card Int | Procede de generation d'une cle electronique a partir d'un nombre premier compris dans un intervalle determine et dispositif de mise en oeuvre du procede |
US6959091B1 (en) * | 2000-07-28 | 2005-10-25 | Atmel Corporation | Cryptography private key storage and recovery method and apparatus |
US7120248B2 (en) * | 2001-03-26 | 2006-10-10 | Hewlett-Packard Development Company, L.P. | Multiple prime number generation using a parallel prime number search algorithm |
US7016494B2 (en) * | 2001-03-26 | 2006-03-21 | Hewlett-Packard Development Company, L.P. | Multiple cryptographic key precompute and store |
TWI244610B (en) * | 2001-04-17 | 2005-12-01 | Matsushita Electric Ind Co Ltd | Information security device, prime number generation device, and prime number generation method |
JP4457651B2 (ja) * | 2003-11-27 | 2010-04-28 | 日本電気株式会社 | 証明装置及び証明方法並びにプログラム |
FR2879866B1 (fr) * | 2004-12-22 | 2007-07-20 | Sagem | Procede et dispositif d'execution d'un calcul cryptographique |
US20080123842A1 (en) * | 2006-11-03 | 2008-05-29 | Nokia Corporation | Association of a cryptographic public key with data and verification thereof |
-
2002
- 2002-06-19 FR FR0207688A patent/FR2841411B1/fr not_active Expired - Fee Related
-
2003
- 2003-06-18 JP JP2004514946A patent/JP4765108B2/ja not_active Expired - Fee Related
- 2003-06-18 EP EP03760742A patent/EP1523823A2/fr not_active Withdrawn
- 2003-06-18 US US10/518,639 patent/US20050226411A1/en not_active Abandoned
- 2003-06-18 WO PCT/FR2003/001871 patent/WO2004002058A2/fr active Application Filing
- 2003-06-18 AU AU2003258815A patent/AU2003258815A1/en not_active Abandoned
Non-Patent Citations (3)
Title |
---|
JOYCE M ET AL: "EFFICIENT GENERATION OF PRIME NUMBERS", CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS. 2ND INTERNATIONAL WORKSHOP, CHES 2000, WORCHESTER, MA, AUG. 17 - 18, 2000 PROCEEDINGS; [LECTURE NOTES IN COMPUTER SCIENCE], BERLIN : SPRINGER, DE, vol. VOL. 1965, 17 August 2000 (2000-08-17), pages 340 - 354, XP001049142, ISBN: 978-3-540-41455-1 * |
MARC JOYE ET AL: "Constructive Methods for the Generation of Prime Numbers (*** Submission to NESSIE ***)", 13 September 2001 (2001-09-13), XP055190231, Retrieved from the Internet <URL:http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.8.1212&rep=rep1&type=pdf> [retrieved on 20150519] * |
See also references of WO2004002058A3 * |
Also Published As
Publication number | Publication date |
---|---|
JP2005530212A (ja) | 2005-10-06 |
FR2841411B1 (fr) | 2004-10-29 |
AU2003258815A1 (en) | 2004-01-06 |
WO2004002058A3 (fr) | 2004-04-15 |
JP4765108B2 (ja) | 2011-09-07 |
WO2004002058A2 (fr) | 2003-12-31 |
US20050226411A1 (en) | 2005-10-13 |
FR2841411A1 (fr) | 2003-12-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1151576B1 (fr) | Procede cryptographique a cles publique et privee | |
FR2948793A1 (fr) | Procede securise de reconstruction d'une mesure de reference d'une donnee confidentielle a partir d'une mesure bruitee de cette donne, notamment pour la generation de cles cryptographiques | |
WO2003056750A2 (fr) | Systeme cryptographique de signature de groupe | |
EP2415199B1 (fr) | Procede pour effectuer une tache cryptographique dans un composant electronique | |
EP1807967B1 (fr) | Procede de delegation securisee de calcul d'une application bilineaire | |
EP2296086A1 (fr) | Protection d'une génération de nombres premiers contre des attaques par canaux cachés | |
WO2000062477A1 (fr) | Procede d'authentification et de signature de message utilisant des engagements de taille reduite et systemes correspondants | |
EP0795241B1 (fr) | Procede de cryptographie a cle publique base sur le logarithme discret | |
WO2004002058A2 (fr) | Procede de generation de cles electroniques pour procede de cryptographie a cle publique et objet portatif securise mettant en oeuvre le procede | |
EP0909495B1 (fr) | Procede de cryptographie a cle publique | |
EP2572470A1 (fr) | Procédé d'obtention de clés de chiffrement, terminal, serveur, et produits programmes d'ordinateurs corresupondants. | |
WO2003055134A1 (fr) | Procede cryptographique permettant de repartir la charge entre plusieurs entites et dispositifs pour mettre en oeuvre ce procede | |
EP3857810B1 (fr) | Procédé cryptographique de comparaison sécurisée de deux données secrètes x et y | |
EP1520370B1 (fr) | Procédé et dispositifs cryptographiques permettant d'alleger les calculs au cours de transactions | |
FR2880149A1 (fr) | Procede de traitement de donnees et dispositif associe | |
EP3729720A1 (fr) | Procédé cryptographique de signature de groupe | |
EP3008851B1 (fr) | Procédé et système de délégation d'un calcul d'une valeur de couplage bilinéaire à un serveur de calcul | |
WO2023242429A1 (fr) | Procédé de détermination homomorphe du signe d'un message par dilatation, procédés et dispositifs associés | |
FR2837335A1 (fr) | Procede et systeme cryptographiques | |
FR2892875A1 (fr) | Procede de securisation des paiements par decoupage des montants | |
FR2827722A1 (fr) | Procede de generation de cles electroniques pour la mise en oeuvre d'un algorithme crytographique,carte a puce mettant en oeuvre le procede | |
Robert | L'ORGANISATION DE LA CRYPTOLOGIE MODERNE | |
WO2003023606A1 (fr) | Procede pour le calcul d'une exponentiation dans un groupe et son application a l'authentification d'un utilisateur | |
FR2903258A1 (fr) | Systeme et procede cryptographique a cle publique pour l'authentification d'une premiere entite par une seconde entite | |
EP1297504A1 (fr) | Procede et systeme pour limiter la possibilite de transformation de donnees destinees a constituer, notamment, des jetons de pre-paiement |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20050119 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK |
|
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GEMALTO SA |
|
17Q | First examination report despatched |
Effective date: 20100714 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/30 20060101ALI20150519BHEP Ipc: G06F 7/72 20060101ALI20150519BHEP Ipc: H04L 9/08 20060101AFI20150519BHEP |
|
INTG | Intention to grant announced |
Effective date: 20150612 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20151023 |