FI111491B - Generating a key pair - Google Patents

Description

111491

The present invention relates to a solution for generating a pair of public key and secret key 5 for a cryptographic operation.

RSA encryption (Rivest, Shamir, Adelman public-key encryption) is an example of a cryptographic operation that requires a paired public key and a secret key. RSA encryption can be used to encrypt a message before sending it via an untrusted communication channel 10 to the recipient. The sender of the message has access to the recipient's public key, whereupon he encrypts the message before sending it. The recipient, in turn, has access to a secret key which allows the received encrypted message to be returned to its original plain-language format. For the message to be encrypted and the encrypted message to be successfully retrieved, the sender and the recipient must have a key pair that enables this.

An electronic signature is another example of a cryptographic operation that requires secret keys that are paired with each other. In this case, the sender of the message generates 20 electronic signatures depending on the message and the secret key. The message sender then sends the message and the electronic signature to the recipient, who has the public key. The public key then allows the recipient of the message to verify that the electronic signature is correct. An electronic signature is correct if it is generated by a message received by the recipient and by a secret key which is the pair of the public key used by the recipient.

A prior art solution for generating a public key and a secret key that functions in pairs is known. This known solution is explained in more detail in connection with the flow chart of Figure 1. A disadvantage of this known solver is that the generation of the key pair is relatively slow.

The slowness is primarily due to the slow search for prime numbers used to generate the key pair. Increasing the value of a randomly generated odd number so that it becomes a prime can be performed relatively quickly. However, it is problematic that once a prime number 35 is found, it is still necessary to verify that this prime p found satisfies the condition that 111491 2 has the largest common factor in [p-1] and the selected integer e being one. If this is not the case, the found prime must be discarded, that is, practically returning to randomly generate a new odd number. In addition, the above operations often need to be performed several (tens) times before finding a prime that satisfies the set conditions. Then the same steps must be repeated to find another prime q that satisfies the conditions.

Thus, finding known prime numbers is slow in known solutions. This slowness is very embarrassing especially when it comes to generating multiple key pairs. Smart card production is one example of space-10 tea, where there is a need to generate large numbers of key pairs. For example, in the case of a smart card acting as an electronic identity card, each smart card must store in the memory a unique key specific to the card, enabling the holder to produce an electronic signature. Such smart cards are mass-produced, with a very large number of key pairs required. By utilizing known solutions, generating a key pair and storing a secret key in a smart card memory can take up to a minute, which is a very long time for mass production.

The object of the present invention is to solve the problem described above and to provide a solution which enables the generation of a key pair faster than in known solutions. This object is achieved by the method of the invention for generating a pair of public key and secret key for a cryptographic operation, the method of: selecting an integer e, selecting two prime numbers p and q satisfying the condition that [e] and [p-1] and [e] and [q-1] have a maximum common factor of 1, calculate the public key n = p * q, and find the secret key d such that 1 <d <((p-1) * (q-1)) and e * d = 1 (mod (p-1) * (q-1)). The method of the invention is characterized in that the process of searching for prime numbers p and q satisfying said condition comprises the steps of: searching for a random odd number satisfying said condition and, if said number is not a prime, retrieving 30 primes from the prime number [number + k * e ], where k is a positive and an even integer.

The invention further relates to an apparatus for generating a public key and a secret key which function in pairs, comprising: means for defining an integer e, means for generating two prime numbers p and q 35 which satisfy the condition that [e] and [p-1 ] and 111491 3 respectively, the largest common factor of [e] and [q-1] is 1, the calculator means which multiply said prime numbers to compute the public key n, and the calculator means which compute the secret key d such that 1 <d <( (p-1) (q-1)) and e * d = 1 (mod (p-1) (q-1)). The apparatus according to the invention is characterized in that the means for generating a prime include: means for generating and supplying a random odd number satisfying said condition to the checking means, checking means for checking whether the number entered is prime, and means for retrieving the number entered from the checking means. number + k * e], where k is a positive and even integer, and you enter) said new number on the verification means if the verification performed by the verification means indicates that the number entered on them is not a prime.

The invention is based on the idea of first generating a number (p) that satisfies the condition related to the smallest common factor, and only then checks whether it is a prime. If it turns out that the number (p) to be considered is not a prime, the search for the prime can be limited to a limited set of numbers (p + k * e). Because the search is limited to a limited set of numbers, it is faster than in known solutions. In addition, the prime resulting from the search will certainly also satisfy the condition related to the largest common factor, since the search is limited to only those numbers that satisfy this condition.

The major advantage of the invention is thus that the generation of the key pair is significantly accelerated compared to known solutions. For example, in smart card manufacturing, generating a key pair and storing a secret key in the memory of the smart card can be done in about 15 seconds, which is a significantly shorter time than known solutions.

In a preferred embodiment of the invention, retrieving a prime from a finite set of p + k * e involves the steps of randomly generating a positive and even integer k, and incrementing the value of k by two until a prime is obtained. Thus, in this embodiment of the invention, the initially selected number p is incremented by a multiple of the selected integer e, thereby ensuring that the result of the equation p + k * e satisfies the condition associated with the greatest common factor. That is, as soon as a prime is found, that prime is used for generating a secret and public key.

111491 4

The invention will now be described in more detail by way of example with reference to the accompanying drawings, in which: Figure 1 is a flowchart of a prior art key pair generation, Figure 2 is a flowchart of a key pair generation according to the method of the invention, and Figure 3 is a block diagram of

The flowchart of Figure 1 is suitable, for example, for generating secret and public keys for RSA encryption. In RSA encryption, the sender of the message has the public key n and the integer e. These are used by the sender to encrypt their message. The recipient of the message, in turn, has access to the secret key d, which is a pair of public key n, and to the same integer e that is used by the sender of the message. These allow the recipient to decode 15 encrypted messages in their original (plain language) format.

In block A, an integer e is selected. In practice, an integer may be selected system-specific, for example, so that all devices in a particular system use the same integer e. Thus, a new integer e does not need to be generated separately for each key pair.

In block B a random odd number p is generated. In block C it is checked whether the generated number p is a prime number. If not, the value in block D is incremented by two until a check in block C indicates that it is a prime number.

25 In block E, the greatest common factor in GCD (Greatest Common Divisor) of p and p-1 is calculated. If it turns out that the numbers e and p-1 have a common factor greater than 1, this means that the number p does not meet the set condition. This returns to block B and begins the search for a new prime p.

If, on the other hand, it is found in block E that the condition having the greatest common factor is satisfied, then move to block F. Blocks F -1 correspond to blocks B to E in that they generate a second prime q correspondingly satisfying the condition related to the largest common factor.

5, 111491. When two prime numbers p and q are found that satisfy the condition related to the greatest common factor, then in block J the public key n is obtained, which is obtained from the equation n = p * q.

Finally, in block K, a secret key d is found that satisfies the conditions: 5 1 <d <(p-1) * (q-1) and e * d = 1 (mod (p-1) * (q-1)). For example, the Euclidean algorithm described in, e. See "Handbook of applied Cryptography" in Menezes, Oorschot and Vanstone, CRC Press, October 1996, Chapter 2.4.2 (Algorithm 2.104). Alternatively, an algorithm such as that described in Chapter 14.4.3, paragraph 14.64 of the same publication, may be used.

A major weakness of the known solution shown in the flowchart of Fig. 1 is that if it is found in blocks E and I that the condition of the greatest common factor is not met, the search for p and q, respectively, must be resumed by generating a new odd number. Thus, in practice, finding an adult number must be repeated several times before finding a prime number that satisfies the condition related to the greatest common factor.

Figure 2 shows a flow chart of key pair generation according to the method of the invention. The flowchart of Figure 2 is very similar to the flowchart of Figure 1 but differs from the case of Figure 1 specifically in the search for primes p and q.

In block A 'an integer e is selected. In practice, an integer may be selected system-specific, for example, so that all devices in a particular system use the same integer e. Thus, the new 25 integers e need not be generated separately for each key pair.

In block B 'a random odd number p is generated. In block C it is checked whether the generated number p satisfies the condition related to the largest common factor. The condition is satisfied if the greatest common factor is for the numbers e and (p-1) = 1. If the condition 30 is not fulfilled, return to block B 'as many times as there is a number p satisfying the condition.

When a number p satisfying the above condition is found, it is checked in block D 'whether that number is a prime number. If p is not a prime, the search for prime in p + k * e is started. In the case 35 of the example of Figure 2, this is done by generating in block E 'an even random number k, 111491 6, and then increasing the value of p in block F' according to the equation p = p + k * e. If, after this, it is found in block D 'that p is still not a prime, then the operations of blocks E' and F 'are repeated until it is found in block D' that p is a prime.

When a prime p satisfying the conditions is found, the steps G 'to K' perform similar operations to the blocks B 'to E', i.e. they generate a second prime q correspondingly satisfying the condition related to the largest common factor.

The blocks L '- M' of Figure 2 correspond to blocks J - K of Figure 1, i.e., they calculate the public key n by the equation n ~ p * q, and finally find the secret key d such that d satisfies the conditions 1 <d <(p- 1) * (q-1) and e * d = 1 (mod (p-1) * (q-1)).

Unlike the example in Figure 2, the prime search can be performed in a slightly different way than described above. Here, instead of blocks E '-F' and J '-K', the operation is such that an even and positive random number k 15 is generated only once, that is, when it is first discovered that p (or q, respectively) is not a prime. If, after this first time, it is found that the new value of p = p + k * e is still not a prime, incrementing the value of k by two (k = k + 2) is repeated and repeated until the result of p = p + k * e a prime number. Such a procedure 20 speeds up the discovery of the prime.

Figure 3 is a block diagram of an apparatus according to the invention for generating a key pair. The hardware of Fig. 3 can be generated. key pairs, for example, in connection with the production of a smart card, whereby the hardware may consist of, for example, a computer that produces the keys. The functions of the blocks of Figure 3 25 may be implemented by circuit solutions, computer programs, or combinations thereof. The apparatus of Figure 3 can be applied to the method shown in the flow chart of Figure 2.

With block 1, an integer e is determined. In the case of a system where the same integer e is utilized for multiple key pairs, such as all smart cards belonging to a particular system, the integer e may be predetermined. In this case, block 1 can receive an integer from outside the apparatus via a user interface, whereby the user of the apparatus can enter it, for example, by means of a keyboard into the apparatus. Alternatively, if the integer e ranges from 7111491 key pairs to another, block 1 may include a random number generator which produces key pair specific integers e.

Block 2 includes a random number generator arranged to produce odd numbers p and q. These numbers are input to block 3, where 5 checks whether the numbers satisfy the condition that the largest common factor for e and p-1 and e and q-1, respectively, is one. If block 3 detects that larger common factors exist, it repeatedly directs block 2 to produce a new number p and / or q until block 3 determines that it has received the conditions p and q.

Block 3 supplies numbers meeting said condition to check block 4, which performs a check to determine if the numbers p and q are prime. If p and / or q is not a prime, block 4 will enter the number (s) in the computation block 6, which will retrieve them from a limited set of numbers. This is done by block 5 generating, from the control of block 4, a positive, even random number k, which it supplies to block 6. Block 6 then changes the value of p and / or q by the formula p = p + k * e and / or q = q + k * e and enter a new number (s) for block 4 for new prime check. Also, if the new number (s) are not prime, block 4 repeatedly feeds it back to counting block 6 until block 4 discovers that both p and q are prime.

When block 4 has determined the numbers p and q as prime numbers, the calculator 7 calculates the public key n by multiplying the numbers p and q with each other, that is, n = p * q. Similarly, calculator 8 calculates the secret key d which satisfies the conditions 1 <d <(p-1) * (q-1) and .. e * d = 1 (mod (p-1) * (q-1)), e.g. 1 in connection with block k of Figure 1

Utilizing the Euclidean algorithm.

The apparatus of Figure 3 thus produces a result consisting of a public key n and a secret key d. If the integer e is generated by the hardware, that integer e is also included in the result further input by the hardware.

It is to be understood that the foregoing description and the accompanying figures 30 are only intended to illustrate the present invention. Various variations and modifications of the invention will be apparent to those skilled in the art without departing from the scope and spirit of the invention set forth in the appended claims.

Claims (3)

A method for generating one of each other's pairs of public key public key and secret key for a cryptographic operation, in which method: an integer e is selected, two primes p and q are selected, which primers fulfill the condition that the numbers [e] and [p-1] and the corresponding [e] and [q-1] have the largest common denominator 1, the public key n = p * q is counted, and the secret key d is searched, so that: 1 <d <[[p -1] * [q-1]] and 10 e * d = 1 [mod [p-1] * [q-1]], characterized in that the process comprises the search for prime numbers p and q that fulfill the aforementioned conditions step there: a random odd tai is sought, which tai meets said condition, and if said tai is not a prime number, instead of said tai a prime number is sought from the group [luku + k * e], where k is a positive and even integer . Method according to claim 1, characterized in that said search of prime numbers from the group [luku + k * e] comprises steps where: a positive and even integer k is randomly generated, and the value of the number k is increased by two until the equation [luku + k * e] gives a prime number as a result. A device for generating a pair of public key operating keys and a secret key, comprising: means (1) defining an integer e, means for generating two prime numbers p and q, which prime numbers satisfy the condition that [e] and [p-1] and corresponding [e] and [q-1] have as their largest common denominator 1, calculating means (7) which multiplies said prime number by each other to calculate the public key n, and calculating means (8) calculate the secret key d is such that: 1 <d <[[p-1] * [q-1]] and e * d = 1 [mod [p-1] * [q-1]], characterized the means for generating prime numbers comprising: means (2 - 3) for generating and feeding to control means (4) a random odd tai that satisfies said condition, control means (4) which checks if the number of these numbers is 35 a prime number, and means (5, 6) which, instead of the number fed to the control means, seek a new tai from the group [luku + k * e], where kä is a positive and even integer, and which feeds said new number to the control means (4), if the control performed by the control means indicates that the number fed to them is not a prime number.