EP1832034A2 - Procede de generation rapide d'un nombre aleatoire non divisible par un ensemble predetermine de nombres premiers - Google Patents
Procede de generation rapide d'un nombre aleatoire non divisible par un ensemble predetermine de nombres premiersInfo
- Publication number
- EP1832034A2 EP1832034A2 EP05825311A EP05825311A EP1832034A2 EP 1832034 A2 EP1832034 A2 EP 1832034A2 EP 05825311 A EP05825311 A EP 05825311A EP 05825311 A EP05825311 A EP 05825311A EP 1832034 A2 EP1832034 A2 EP 1832034A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- rank
- random number
- parameters
- mod
- prime
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
Definitions
- a method of rapidly generating a non - divisible random number by a predetermined set of prime numbers is a method of rapidly generating a non - divisible random number by a predetermined set of prime numbers.
- the invention relates to a method for the rapid generation of a relatively prime random integer to a set of predetermined prime numbers and to a device for implementing the method.
- a decisive advantage of the invention lies in its very rapidity compared with similar prior techniques.
- the invention is particularly but not exclusively applicable to the generation of large random prime numbers.
- the generation of large random prime numbers has many practical applications, in particular in public key cryptography.
- asymmetric cryptography schemes for performing cryptographic functions such as information encryption, digital document signing, or remote identification of people.
- Popular examples of such schemes are RSA (Rivest, Shamir and Adelman), DSA, El Gamal, Schnorr, Cramer-Shoup, and so on.
- a common feature of asymmetric cryptography schemes is that they use one or more prime numbers whose size can vary between 160 and 2048 bits.
- the prime number (s) used by a scheme generally form one or more keys.
- some schemas like RSA require the generation of two large random numbers of neighboring size to constitute the private key. The generation of large random prime numbers is therefore a fundamental tool in public key cryptography.
- a simple and common way to generate a random prime number is to randomly draw a number q using a random number generator and then test its primacy using a test or a random number. a pseudo-test of primacy. If the test is unsuccessful, the value of q is incremented by 1 and the test is re-applied, and so on. Since all prime numbers are odd (except 2), a trivial improvement of this technique consists in choosing as an initial value of q an odd random number and then incrementing q by 2 until q is prime. Unfortunately, this simple technique is very inefficient in terms of speed and is therefore dissuasive when large prime numbers are to be generated. However, there are techniques for generating large prime numbers that are noticeably faster.
- the central unit of the device must for this purpose calculate the greatest common divisor (GCD) between the two numbers q and ⁇ and verify that the result is equal to 1. Indeed it is recalled that two numbers are prime between them if and only if their largest common divisor is 1.
- GCD common divisor
- the method of the invention also makes it possible to generate a relatively prime random number q ⁇ with the predetermined parameter ⁇ .
- An essential advantage of the invention lies in its extreme speed in comparison with the known methods described above.
- the method of the invention consists in using the particular form of the parameter ⁇ to accelerate the technique of the Pallier / Joye process.
- the invention relates to a cryptographic method in which a random and undividable final number (q L ) is generated by a predetermined set of prime numbers (pi, p2, • • -, Pk) from a random number initial (qo).
- E2i modulo reduce the parameter of rank i (7Ii) a random number of rank i-1 (qi-i) obtained during a previous iteration
- E3i execute the Pallier / Joye method to modify the random number of rank i-1 reduced (qi-i mod 7Ii) and produce a relatively modified number (qim) with said parameter of rank i ( ⁇ ⁇ ),
- E4i subtract to the modified number (qim) obtained in step E3i the random number of rank i - 1 reduced obtained in step E2i (result qi m - qi - i mod 7Ii),
- E5i multiply the result of the subtraction of step E4i by the product (7Ii * ... * 7Ii-i) of the parameters of rank 1 to i-1
- E6i add the result of the multiplication of step E5i to the random number of rank i-1 (qi-i) to obtain a random number of rank i (qi), the final random number being the random number of rank L .
- the succession of steps Eli to E6i is such that the random number of rank i produced at the end of step E6i is prime with the number ⁇ ⁇ . Since the random number of rank i-1 is prime with the parameters of rank 1 to i-1 (it was built for that by repeating the steps E1 to E6), then the random number of rank i is prime with all the parameters from rank 1 to i (and therefore also with the product of these parameters.
- the parameters 7Ii are chosen multiple of (or divisible by) some of the prime numbers of the predetermined set, the number random of rank i is necessarily prime with prime numbers of the predetermined set.
- step E3i the Pallier / Joye method as described above and comprising the following substeps consisting of:
- the method also comprises an initialization step E0 consisting of: - choosing a random number L,
- the above method is particularly useful as a step of a method of generating a cryptographic key.
- the invention also relates to a portable electronic device comprising a central processing unit and an associated program memory, mainly characterized in that it comprises a program for implementing a method for generating random numbers which are not divisible by a set predetermined number of prime numbers as described above.
- the portable electronic device is constituted by a microprocessor chip card that can include an arithmetic co-processor.
- FIG. 1 represents the block diagram of a portable electronic device such as a smart card implementing the method according to the invention
- FIG. 2 represents the diagram of an exemplary embodiment of the implementation of the method according to
- FIG. 3 shows the diagram of a second embodiment of implementation of the method according to the invention using arithmetic operations known as Montgomery.
- prime numbers In the implementation of a public key cryptography scheme such as RSA, it is necessary to generate two prime numbers of large numbers. size known in advance, for example 512 or 1024 bits. These then allow the creation of a private key and a corresponding public key.
- the known techniques of generating prime numbers having the best characteristics in terms of simplicity and speed of computation require, during an initialization phase, the generation of a random number having the property of being non - divisible by a set (pi, p2, ..., Pk) of prime numbers.
- the choice of the first (pi, p2, ..., Pk) is predetermined and may depend, for example, on the desired size of the generated first number.
- the randomness of this generation is fundamental, and the microprocessor card has for this purpose a random number generator capable of providing an integer of the desired bit size.
- FIG. 1 therefore shows the block diagram of a microprocessor card capable of implementing the method according to the invention.
- the card 7 comprises a main processing unit 1, program memories 3 and 6 and a working memory 4, associated with the main unit 1.
- the card also comprises an arithmetic coprocessor 2 capable of carrying out modular exponentiations. , that is, calculations of the type x A y mod z where x, y and z are large integers. It may be for example circuits such as the ST16CF54 circuit marketed by the company STMicroelectronics or 83C852 / 5 from Philips.
- the card also has a random integer generator 5.
- ⁇ (p ⁇ ) p ⁇ ⁇ 1 (p-1) for any odd prime number p and for any non-zero positive integer ⁇ .
- the method according to the invention generates a random number not divisible by a predetermined set of prime numbers (pi, p 2 ,..., Pk).
- the integer q is then randomly generated by the microprocessor card by a series of operations shown in the diagram of FIG. 2.
- step 10 an integer q is drawn at random using the random number generator 5.
- step 20 the variable ⁇ is initialized to the value 1.
- step 30 repeats the steps L times. 40 to 100.
- a particular advantage of the method according to the invention is that it is easily implemented with the aid of an arithmetic co-processor allowing the addition, subtraction and modular multiplication of large numbers.
- the modular calculation steps can be replaced by Montgomery arithmetic operations (modular multiplication or reduction).
- the Montgomery multiplication of two integers a and b modulo c returns a * b * R mod c rather than a * b mod c, where R is a known power of 2 modulo c.
- a Montgomery reduction of an integer modulo an integer c returns to * R 'mod c instead of a mod c, where R' is a known power of 2 modulo c.
- the advantage of such operations lies in their speed of execution in general greater than that of equivalent ordinary operations. Montgomery operations can be used to carry out the generation process according to the invention without the need for modification.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Complex Calculations (AREA)
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0453101 | 2004-12-20 | ||
PCT/EP2005/056990 WO2006067157A2 (fr) | 2004-12-20 | 2005-12-20 | Procede de generation rapide d'un nombre aleatoire non divisible par un ensemble predetermine de nombres premiers |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1832034A2 true EP1832034A2 (fr) | 2007-09-12 |
Family
ID=34954154
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP05825311A Withdrawn EP1832034A2 (fr) | 2004-12-20 | 2005-12-20 | Procede de generation rapide d'un nombre aleatoire non divisible par un ensemble predetermine de nombres premiers |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP1832034A2 (fr) |
WO (1) | WO2006067157A2 (fr) |
-
2005
- 2005-12-20 WO PCT/EP2005/056990 patent/WO2006067157A2/fr active Application Filing
- 2005-12-20 EP EP05825311A patent/EP1832034A2/fr not_active Withdrawn
Non-Patent Citations (1)
Title |
---|
W. RANKL ET AL.: "Smart Card Handbook, third edition", 2003, JOHN WILEY & SONS, LTD, Chichester, UK, ISBN: 0470856688, pages: 20 - 21, 348760 * |
Also Published As
Publication number | Publication date |
---|---|
WO2006067157A2 (fr) | 2006-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2791783B1 (fr) | Procédé de génération de nombres premiers prouvés adapté aux cartes a puce | |
FR2923305A1 (fr) | Procede et dispositifs de protection d'un microcircuit contre des attaques visant a decouvrir une donnee secrete | |
EP2296086B1 (fr) | Protection d'une génération de nombres premiers contre des attaques par canaux cachés | |
WO2007074149A1 (fr) | Procédé cryptographique comprenant une exponentiation modulaire sécurisée contre les attaques à canaux cachés, cryptoprocesseur pour la mise en oeuvre du procédé et carte à puce associée | |
EP2248008A2 (fr) | Procede et dispositifs de contre-mesure pour cryptographie asymetrique a schema de signature | |
WO2009112686A2 (fr) | Procede et dispositifs de contre-mesure pour cryptographie asymetrique | |
EP1368747A1 (fr) | Procede et dispositif pour reduire le temps de calcul d'un produit, d'une multiplication et d'une exponentiation modulaire selon la methode de montgomery | |
WO2007116171A2 (fr) | Procede et dispositif pour engendrer une suite pseudo-aleatoire | |
EP1419610B1 (fr) | Procede de realisation d'une unite cryptographique pour un systeme de cryptographie asymetrique utilisant une fonction logarithme discret | |
FR2888690A1 (fr) | Procede cryptographique pour la mise en oeuvre securisee d'une exponentiation et composant associe | |
EP1895404A1 (fr) | Brouillage d'un calcul effectué selon un algorithme RSA-CRT | |
WO2006067157A2 (fr) | Procede de generation rapide d'un nombre aleatoire non divisible par un ensemble predetermine de nombres premiers | |
EP1302021A1 (fr) | Procede de generation d'une cle electronique a partir d'un nombre premier compris dans un intervalle determine et dispositif de mise en oeuvre du procede | |
WO2004006497A1 (fr) | Procede et dispositifs cryptographiques permettant d'alleger les calculs au cours de transactions | |
FR2984549A1 (fr) | Procede de generation de nombres premiers prouves adapte aux cartes a puce | |
FR2984550A1 (fr) | Procede de generation de nombres premiers prouves adapte aux cartes a puce | |
FR2984548A1 (fr) | Procede de generation de nombres premiers prouves adapte aux cartes a puce | |
WO2005069122A2 (fr) | Procede cryptographique d'exponentiation modulaire protege contre les attaques de type dpa | |
FR2984547A1 (fr) | Procede de generation de nombres premiers prouves adapte aux cartes a puce | |
FR2986884A1 (fr) | Procede de generation securise d'un nombre premier, produit programme d'ordinateur et composant electronique correspondants | |
FR2821945A1 (fr) | Procede de protection contre les attaques par mesure de courant ou de rayonnement electromagnetique | |
FR3045253A1 (fr) | Procede et dispositif de traitement cryptographique | |
FR2837335A1 (fr) | Procede et systeme cryptographiques | |
WO2003010921A1 (fr) | Procede de generation de cles electroniques pour la mise en oeuvre d'un algorithme cryptographique, carte a puce mettant en oeuvre le procede | |
WO2003041337A1 (fr) | Procede d'elaboration d'un parametre de cryptographie |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA HR MK YU |
|
DAX | Request for extension of the european patent (deleted) | ||
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: PAILLIER, PASCAL Inventor name: JOYE, MARC |
|
R17D | Deferred search report published (corrected) |
Effective date: 20060629 |
|
17P | Request for examination filed |
Effective date: 20070720 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GEMALTO SA |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
17Q | First examination report despatched |
Effective date: 20100218 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20100831 |