KR102536397B1 - Signature verification method performed in a computing device and a computing device performing the same method - Google Patents

Abstract

The present invention relates to a method for verifying signatures in a process of transmitting and receiving messages between computing devices. According to the present invention, the method for verifying signatures performed in the computing devices comprises the steps of: receiving the messages and the signatures generated by encrypting the message to be signed with a private key; point calculating a public key generated from the private key to one point on a first coordinate system defined as a finite field according to a coefficient calculated from the signatures and the messages; and verifying the signatures by comparing a result of the point calculation with the signatures, wherein the step of the point calculation is preferably performed by referring to the result of the point calculation according to the calculated coefficient or a value in a calculation table in which at least some of sub-calculations constituting the point calculation are previously stored. According to the present invention, accurate information can be provided even during high-speed driving through improved verification speed. Additionally, the present invention enables more stable information to be transmitted and received through a parameter optimized according to an autonomous driving environment.

Description

Signature verification method performed in a computing device and a computing device performing the same method}

The present invention relates to a method for verifying a signature in a process of transmitting and receiving a message between computing devices.
The present invention is related to research results conducted with the support of the Information and Communication Planning and Evaluation Institute with financial resources from the government (Ministry of Science and ICT) in 2021 (No. 2021-0-00689, n:n OBU / RSU multiple V2N (DSRC, C -Development of high-speed, low-latency cryptographic operation autonomous driving hardware security module technology for V2X).

As a public key cryptography based on the elliptic curve theory, elliptic curve cryptography (ECC) has the advantage of providing a similar level of security while using a relatively short key compared to existing public key cryptography such as RSA.

Therefore, elliptic curve cryptography has advantages suitable for situations in which transmission volume and resources are limited, such as Internet of Thing (IoT) devices, or vehicle communication environments running at high speed. For this reason, it is emerging as a next-generation public key cryptography to replace RSA.

That is, a digital signature and verification method through elliptic curve cryptography using a shorter key length than existing public key cryptosystems such as RSA is applied to a process for mutual communication within the limits of a communication protocol.

However, since the signature/verification method based on the elliptic curve defined in the finite field requires a higher amount of calculation than the calculation of a general real object, it is necessary to provide a more efficient verification method accordingly.

An object of the present invention is to propose an elliptic curve-based encryption method having a more improved verification speed.

In addition, an object of the present invention is to propose an encryption method that provides suitable parameters according to the environment.

In addition, an object of the present invention is to propose a faster coordinate system conversion method according to the environment.

In addition, an object of the present invention is to propose an encryption method for providing parameters considering a standard communication protocol in an autonomous driving environment.

A signature verification method performed in a computing device according to the present invention for solving the above technical problem includes receiving the message and a signature generated by encrypting a message to be signed with a private key; Dot-calculating a public key generated as a point on a first coordinate system defined as a finite number from the private key according to coefficients calculated from the signature and the message; and verifying the signature by comparing a result of the dot calculation with the signature, wherein the performing of the dot calculation comprises a result of the dot calculation or at least some of sub-operations constituting the dot calculation according to the calculated coefficients. It is desirable to perform the operation by referring to the value in the operation table previously stored.

The receiving step receives an operation result of at least one scalar multiplication of the public key, and the operation table generates and stores an operation result list of sequential scalar multiplication of the public key using the received operation result. it is desirable

Preferably, the calculation table generates the calculation result list by converting the calculation result of the scalar product of the public key received in the first coordinate system into the second coordinate system, and converts the calculation result list into the first coordinate system and stores the result. .

In the step of calculating the dot, it is preferable to divide sub-arithmetic operations constituting the dot calculation into subtraction of scalar products stored in the calculation table.

Preferably, the step of calculating the point converts the first sub-operation requiring an inverse among the sub-operations into the second sub-operation of a second coordinate system, and extracts a result of the second sub-operation from the calculation table. do.

Preferably, the coordinate system of the arithmetic table is determined in advance according to the available resource capacity of the computing device.

Preferably, the signature is generated by scalar multiplication of an arbitrary reference point on the first coordinate system according to a random number, and in the dot calculation step, the reference point and the public key are dot-calculated according to the calculated coefficient.

A computing device for performing a signature verification method performed in a computing device according to the present invention for solving the above technical problem includes a processor; a memory for loading a computer program executed by the processor; and a storage for storing the computer program, wherein the computer program includes an operation of receiving a signature generated by encrypting a message to be signed with a private key and the message, and converting the message to the private key according to a coefficient calculated from the signature and the message. an operation of performing a dot calculation on a public key generated as a point on a first coordinate system defined as a finite field from , and an operation of verifying the signature by comparing a result of the dot calculation with the signature; It is preferable to perform the calculation by referring to a result of the point calculation or a value in an calculation table pre-stored at least some of the sub-calculations constituting the point calculation according to the calculated coefficient.

The receiving operation receives an operation result of at least one scalar multiplication of the public key, and the operation table generates and stores an operation result list of sequential scalar multiplication of the public key using the received operation result. it is desirable

Preferably, the calculation table generates the calculation result list by converting the calculation result of the scalar product of the public key received in the first coordinate system into the second coordinate system, and converts the calculation result list into the first coordinate system and stores the result. .

In the operation of performing the dot calculation, it is preferable to divide sub-operations constituting the dot calculation into subtraction of scalar products stored in the calculation table.

The point calculation operation converts the first sub-operation requiring an inverse among the sub-operations into the second sub-operation of a second coordinate system,

Preferably, a result of the second sub-operation is extracted from the operation table.

Preferably, the coordinate system of the arithmetic table is determined in advance according to the available resource capacity of the computing device.

Preferably, the signature is generated by scalar multiplication of an arbitrary reference point on the first coordinate system according to a random number, and in the dot calculation step, the reference point and the public key are dot-calculated according to the calculated coefficient.

According to the present invention, accurate information can be quickly provided even in a restricted environment through a more improved verification speed.

In addition, according to the present invention, it is possible to transmit and receive information with higher stability through parameters optimized according to the environment.

In addition, the present invention enables advanced calculations to be performed through information provided within a standard communication protocol, and messages can be safely transmitted and received even with heterogeneous infrastructure or other users.

1 is an exemplary diagram illustrating an environment to which a signature verification method performed in a computing device according to an embodiment of the present invention is applied.
2 is an exemplary view showing a number code for generating a digital signature based on a conventional elliptic curve.
3 is a flowchart illustrating a signature verification method performed in a computing device according to an embodiment of the present invention.
4 is a flowchart illustrating detailed processes of a signature verification method performed in a computing device according to an embodiment of the present invention.
5 and 6 are exemplary diagrams illustrating an operation table generated in a signature verification method performed in a computing device according to an embodiment of the present invention.
7 is an exemplary diagram illustrating pseudocodes for signature verification performed in a computing device according to an embodiment of the present invention.
8 is a flowchart illustrating detailed processes of a signature verification method performed in a computing device according to an embodiment of the present invention.
9 is an exemplary diagram illustrating an embodiment of a signature verification method performed in a computing device according to an embodiment of the present invention.
10 is an exemplary diagram illustrating an implementation in the form of a computing device that performs a signature verification method according to an embodiment of the present invention.

The following merely illustrates the principle of the invention. Therefore, those skilled in the art can invent various devices that embody the principles of the invention and fall within the concept and scope of the invention, even though not explicitly described or shown herein. In addition, all conditional terms and embodiments listed in this specification are, in principle, clearly intended only for the purpose of understanding the concept of the invention, and it should be understood that it is not limited to the specifically listed embodiments and conditions. .

The above objects, features and advantages will become more apparent through the following detailed description in conjunction with the accompanying drawings, and accordingly, those skilled in the art to which the invention belongs will be able to easily implement the technical idea of the invention. .

In addition, in describing the invention, if it is determined that a detailed description of a known technology related to the invention may unnecessarily obscure the subject matter of the invention, the detailed description will be omitted. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is an exemplary diagram illustrating an environment in which a high-speed signature verification method according to an embodiment of the present invention is performed.

Referring to FIG. 1 , in an embodiment, the high-speed signature verification method according to the present invention is an environment in which a vehicle 200 communicates with another vehicle 200 or a roadside infrastructure 400 centered on a vehicle 200 in motion. can be applied to

Specifically, each receiving subject extracts a parameter from information received on a standardized communication protocol through the internal computing device 300 and verifies a message encrypted with a digital signature, thereby processing the corresponding message.

For example, a vehicle traveling at high speed through a standard protocol defined in Wi-Fi-based WAVE (Wireless Access in Vehicle Environments) or mobile communication-based C-V2X (Cellular-V2X) for improved speed and coverage (200 ) allows information to be exchanged in complex traffic situations, and various real-time information is collected from an external cloud server 300 through the base station 30 and used for driving.

As described above, as the commercialization of autonomous driving progresses, the importance of security and safety issues in communication with the vehicle 200 increases, and the length of the key used for encryption within the limited communication protocol is relatively short. Elliptic curve cryptography can be applied. That is, a digital signature and verification method through an elliptic curve can be used to transmit and receive messages in an autonomous driving environment.

Specifically, the signature and verification process through elliptic curve encryption will be described first. The Elliptic Curve Digital Signature Algorithm (ECDSA), a digital signature algorithm through elliptic curve, performs digital signatures using elliptic curves as a method of digital signature. It is an algorithm that

ECDSA literally performs digital signatures based on elliptic curves. An elliptic curve can be defined as a relatively simple equation in the form of y2 = x3 + ax + b, but encryption technology using an elliptic curve is unidirectional because it uses a finite field of prime numbers, unlike real numbers. can have

When a repetitive multiplication operation is performed at one base point on an elliptic curve defined in a finite field, the end point according to the multiplication result can be easily obtained. The one-way property that it is difficult to conversely infer what should be done is used for digital signatures.

That is, ECDSA also generates a private key and a public key as a pair of asymmetric keys on the finite element described above, and when a message and signature encrypted through the private key are received by the receiver, the message is The authenticity of the signature is verified by decrypting and comparing the signature with the decrypted value.

Specifically, referring to the pseudo code for ECDSA signature generation in FIG. 2, the domain parameter D of ECDSA may consist of coefficients a and b defining an elliptic curve, and a reference point P and order n as a generator.

First, a signing process is performed by selecting a randomly generated random number k among integers from 1 to n-1 using order number n (Step 1). The public key (Q) of ECDSA is generated through Q = k*P in the form of multiplying the random number k by the reference point (P) on the finite field, and the x-axis coordinate value x1 of Q can be converted to an integer. (Step2) .

At this time, Q = k*P can be calculated by repeating point addition (PA) and point doubling (PD) operations, unlike general real-valued operations, and point addition and point doubling operations on a finite coordinate system An inverse operation that requires a relatively large operation cycle may be included.

However, the load of such an operation has a greater influence on the side that receives the signature and verifies it through the provided public key compared to the side that performs the repetitive signature, so the high-speed signature verification method according to this embodiment is a method for solving this problem. suggests

Then, the coordinates on the finite field of Q can be defined in the domain parameter n through modulo operation (Step3). At this time, the result of the modulo operation is used as the value r of the digital signature.

Next, the message m to be encrypted and sent is generated with the hash value e generated through the hash function H() (Step 4), and the other value s of the digital signature is the hash value e, the private key d, the calculated r, and the random number It can be generated as a modulo value for the operation of k (Step5).

The digital signature process ends by returning the generated signatures r and s (Step 6).

Subsequently, the side receiving the signature and the message verifies authenticity of the signature by decoding the received message.

This will be described with reference to FIG. 3 .

Referring to FIG. 3 , the receiving computing device 300 performing the high-speed signature verification method according to the present embodiment receives the message and a signature generated by encrypting a message to be signed with a private key (S100).

In addition, in this embodiment, in addition to signatures and messages, a public key corresponding to a private key used for signature can be received.

Subsequently, a coefficient defining the number of point operations, preferably scalar multiplications, is calculated from the received signature and message, and according to the calculated coefficient, a point on the first coordinate system defined as a finite field is obtained from the private key in the above-described signature process. The generated public key is dotted (S200).

As described above, the point operation on the first coordinate system defined as the finite field is performed differently from general real-valued operation, and thus requires a more complicated operation process.

Accordingly, the computing device 300 according to the present embodiment performs an operation by referring to a value in an operation table pre-stored at least a part of the dot calculation result or sub-operations constituting the dot calculation according to the calculated coefficient, thereby performing some calculations. The calculation process can be omitted and faster calculation can be performed.

Specifically, the scalar multiplication of a dot operation can be composed of a combination of a dot addition and a dot doubling operation, and sub-operations can be classified based on the dot addition operation constituting the dot operation.

At this time, the computing device 300 according to the present embodiment receives an operation result of at least one scalar multiplication of the public key as a public key set, and uses the received operation result to list the operation result of sequential scalar multiplication of the public key. By generating as an operation table, scalar multiplication according to coefficients calculated in the verification process can be efficiently processed.

Referring to FIG. 4 , in the present embodiment, in the step of receiving a message (S100), a scalar multiplication result of a public key may be received (S105).

Next, a calculation result list of sequential scalar multiplication is generated using the received calculation result (S110), and the generated calculation result list is stored in the calculation table (S120).

Preferably, in this embodiment, the calculation table may generate and store a list of calculation results of scalar products having sequential odd coefficients as a table.

That is, the computing device 300 uses half the size of the table according to the total coefficients, but configures the lower operation according to the calculated coefficients as addition (subtraction) of scalar products having odd coefficients, thereby enabling high-speed calculation with reference to the table do.

Referring to FIG. 5 , in this embodiment, among the calculation result list stored in the calculation table, the public key Q and the dot doubling calculation result of the public key Q may be received in advance and stored in the memory, and therefore, the calculation process for this may be omitted. can

3Q may be composed of a dot addition operation of Q and 2Q, and 5Q may be performed by adding the previously calculated 3Q and the calculated 2Q.

Specifically, an operation result list may be generated according to a predetermined size of the operation table, and referring to FIG. 6 , operation results of sequential scalar multiplication of public keys may be generated as a table. At this time, the size of the operation result list to be generated may be determined according to the characteristics of the message to be transmitted and received.

At this time, in addition to the public key, the generator P also needs to perform a scalar multiplication operation in the verification process, but the scalar multiplication operation result for P may be determined according to the communication protocol, calculated in advance, and transmitted and stored.

Next, the computing device 300 according to the present embodiment verifies the signature using the generated calculation table.

A verification process according to this embodiment will be described in detail with reference to FIG. 6 .

Referring to FIG. 6, signature verification according to this embodiment is performed by accepting a message (m) and signatures (r, s) and decrypting the message (m) with a public key (Q).

First, the validity of the signature is verified (Step1.) Specifically, it is checked whether the ranges of r and s are 0 < r < n and 0 < s < n.

If it is a valid signature, the hash value e is generated by hashing the message through the hash function H() in the same way as hashing in the signature generation process (Step 2.)

Subsequently, w (w = s-1 mod n) is calculated as a modulo value for the inverse of the one value s in the signature as an intermediary value for calculating the coefficient for verification (Step 3.).

The coefficient u1 (u1 = e*w mod n) for the two reference points P and the coefficient u2 (u2 = r*w mod n) for the public key Q are respectively the hash value e, the parameter value w, and the signature value. It is created using r of (Step 4).

To verify the signature, scalar multiplication of each reference point according to the calculated coefficient and addition of the calculated result are performed (Step5.)

However, in this embodiment, the calculation is performed by referring to values in a calculation table in which at least some of the sub-operations constituting the dot calculation or the dot calculation result are stored in advance according to the calculated coefficients.

Preferably, the calculation table stores calculation results of sequential scalar multiplication in a specified range as a list, and therefore, the verification process can be performed more efficiently by directly referring to the calculation results for corresponding coefficients in the table.

To this end, the calculation table T can be created before calculating X (Step 1.5) and performed after verifying the validity of r and s (Step 1), thereby minimizing delay in the sequential verification process.

That is, X(X(x1, y1) = (u1*P + u2*Q)) for verification is calculated by adding the scalar multiplication result of the coefficients of P and Q extracted through reference to the pre-generated operation table. You can (Step5.).

In addition, if (x1, y1) calculated to verify the validity of X is infinite origin (O), it is an invalid signature, so it is rejected (“Reject Signature”) (Step 6.), but if it is valid, the final verified value through additional modulo operation Create v(v = x1 mod n) (Step 7.).

The final verification compares the calculated value v to be verified with r of the signature, and if v and r are the same, the verification of the signature is completed (“Accept Signature”), otherwise it is rejected (Step 8.)

Furthermore, in this embodiment, table creation may be performed using a mixed coordinate system for faster creation.

Referring to FIG. 7, since Q used for calculation in the computing device 200 is defined as a point on a general finite coordinate system, a projected coordinate system in which the finite coordinate system is projected is additionally used for faster point calculation in the process of generating the calculation table. to perform the scalar multiplication operation.

Preferably, a coordinate value (x, y) of the received point Q in the finite coordinate system is converted to (x, y, z = 1) in the projected coordinate system to generate an operation result list.

The high-speed signature verification process according to the present embodiment aims to generate and store a list of sequential calculation results as an calculation table using some calculation results provided from the transmitter in order to increase the efficiency of the scalar multiplication operation. By using a projected coordinate system (preferably a Jacobian coordinate system) for , the operation list can be generated more quickly.

Since the values of the calculation table created through the above process have the values of the projected coordinate system, they need to be converted back to the values of the finite coordinate system for verification.

In this embodiment, the transformation of the coordinate system can be calculated using the inverse of values in the calculation table. However, since the inverse calculation generally requires a lot of resources according to a complicated calculation process, the computing device 300 may additionally receive an inverse for coordinate system transformation of the generated calculation table.

Therefore, in this embodiment, when the calculation table according to the selected projected coordinate system is generated, the computing device 300 converts the table into the finite coordinate system using the received inverse circle.

At this time, in this embodiment, the computing device 300 provides an integrated inverse according to the product of all values in the table instead of providing a total inverse of the values of the calculation table, and calculates the coordinate system of each detailed value by a relational expression through the integrated inverse. It is possible to streamline the coordinate system conversion process by sequentially transforming.

As described above, the computing device 300 according to the present embodiment may calculate a scalar multiplication result by referring to an operation table for a lower operation constituting a dot operation.

Specifically, referring to FIG. 8, the verification process includes the step of generating the calculation table T (Step1.5) using the step of generating the table in the projected coordinate system (Step1.5.1) and the additionally input integral inverse (INV). It may consist of converting the generated projected coordinate system table into a finite coordinate system (Step1.5.2).

When the signature is verified through the above process, the verified message is processed in the computing device 300 of the receiving side (S400). For example, by reflecting information included in the message to autonomous driving, it is possible to perform safer driving or to provide additional information to passengers boarding the autonomous vehicle.

Referring to FIG. 9 , the high-speed signature verification method according to this embodiment can be applied to an autonomous driving environment.

For example, in the communication between the cloud server 300 and the vehicle 200, the cloud server 300 can provide a large amount of data in a streaming form in real time together with a message, so that a plurality of scalar multiplication results (Q, 2Q) is provided in advance to reduce resources required for verification in the vehicle 200. The vehicle 200 can receive information by reusing the generated calculation table efficiently even in frequent communication.

In addition, in the case of communication between vehicles 200 between road infrastructures 400, since communication is continuously performed with each Roadside Unit (RSU) adjacent to a driving road, the reusability of the generated calculation table is high, so the infrastructure ( It is also possible to efficiently generate the calculation table in the vehicle 200 by providing message #2 with the scalar product of the public key calculated in advance in 400 as a plurality (Q, 2Q).

Subsequently, communication between the vehicles 200 and the vehicles 200 may be performed in a direction for notifying, for example, the abnormal state of the preceding vehicle 200 or the situation determined by the preceding vehicle 200 to the rear following vehicles 200. And, since urgency is required, it is also possible to provide a plurality of scalar product results (Q, 2Q) and an inverse (INV) together with message # 3 for quick verification in the vehicle 200 with smaller available resources. . That is, by directly providing the inverse (INV), the coordinate system transformation can be performed more quickly.

In addition, the vehicle 200 may communicate with the user's terminal (UE, User Equipment), and it is also possible to perform communication in the form of notifying the user's terminal of the approach of the vehicle 200 for the shuttle service.

Therefore, the vehicle 200 may provide a plurality of scalar multiplication results (Q, 2Q) of the public key together with message # 4 in order to guide the location of the vehicle 200 in real time, and the user terminal may receive a scalar multiplication result from the received Verification can be performed by creating an operation table.

Alternatively, if urgency is required, such as when the vehicle 200 enters a crosswalk, it is also possible to provide an additional scalar multiplication result and an inverse to the pedestrian's user terminal, and parameters to be selectively transmitted according to the situation can be determined. there is.

Hereinafter, a specific hardware implementation of the computing device 300 performing high-speed signature verification according to an embodiment of the present invention will be described.

Referring to FIG. 10 , in some embodiments of the present invention, computing device 300 may be implemented in the form of a computing device. One or more of each module constituting the computing device 300 is implemented on a general-purpose computing processor, and thus the processor 308, input/output I/O 302, memory 340, and interface 306 and bus 314 (bus). Processor 308 , input/output device 302 , memory 340 and/or interface 306 may be coupled to each other via bus 314 . The bus 314 corresponds to a path through which data is moved.

Specifically, the processor 308 includes a central processing unit (CPU), a micro processor unit (MPU), a micro controller unit (MCU), a graphic processing unit (GPU), a microprocessor, a digital signal processor, a microcontroller, and an application processor (AP). , application processor), and logic elements capable of performing functions similar thereto.

The input/output device 302 may include at least one of a keypad, a keyboard, a touch screen, and a display device. The memory device 340 may store data and/or programs.

Interface 306 may perform a function of transmitting data to or receiving data from a communication network. Interface 306 may be wired or wireless. For example, the interface 306 may include an antenna or a wired/wireless transceiver. The memory 340 improves the operation of the processor 308 and is a volatile operation memory for protecting personal information, and may further include high-speed DRAM and/or SRAM.

Also stored within memory 340 are programming and data configurations that provide the functionality of some or all of the modules described herein. For example, it may include logic to perform selected aspects of the verification method described above.

A program or application is loaded with a set of instructions including each step of performing the above-described verification method stored in the memory 340, and the processor performs each step. For example, according to a signature generated by encrypting a message to be signed with a private key, an operation of receiving the message, and a coefficient calculated from the signature and the message, a point on the first coordinate system defined as a finite field is generated from the private key. A computer program including an operation of dot-calculating the calculated public key and an operation of verifying the signature by comparing the result of the dot-calculation with the signature may be respectively performed by the processor.

Furthermore, various embodiments described herein may be implemented in a recording medium readable by a computer or a device similar thereto using, for example, software, hardware, or a combination thereof.

According to hardware implementation, the embodiments described herein include application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), It may be implemented using at least one of processors, controllers, micro-controllers, microprocessors, and electrical units for performing other functions. The described embodiments may be implemented in the control module itself.

According to software implementation, embodiments such as procedures and functions described in this specification may be implemented as separate software modules. Each of the software modules may perform one or more functions and operations described herein. The software code may be implemented as a software application written in any suitable programming language. The software code may be stored in a memory module and executed by a control module.

The above description is merely an example of the technical idea of the present invention, and those skilled in the art can make various modifications, changes, and substitutions without departing from the essential characteristics of the present invention. will be.

Therefore, the embodiments disclosed in the present invention and the accompanying drawings are not intended to limit the technical idea of the present invention, but to explain, and the scope of the technical idea of the present invention is not limited by these embodiments and the accompanying drawings. . The protection scope of the present invention should be construed according to the following claims, and all technical ideas within the equivalent range should be construed as being included in the scope of the present invention.

Claims (15)

A signature verification method performed on a computing device,
Receiving a signature generated by encrypting a message to be signed with a private key and the message;
Dot-calculating a public key generated as a point on a first coordinate system defined as a finite number from the private key according to coefficients calculated from the signature and the message; and
verifying the signature by comparing the result of the dot operation with the signature;
In the dot calculation, the calculation is performed by referring to a result of the dot calculation or a value in a calculation table in which at least some of sub-operations constituting the dot calculation are stored in advance according to the calculated coefficient,
The receiving step receives an operation result of at least one scalar product of the public key,
The calculation table converts the calculation result of the scalar product of the public key received in the first coordinate system into the second coordinate system to generate a calculation result list of the scalar product of odd coefficients, and converts the generated calculation result list into the first coordinate system. Signature verification method characterized by converting and storing. According to claim 1,
The step of calculating the point is,
The signature verification method of claim 1 , wherein sub-operations constituting the dot operation are divided into subtraction between operation results of the scalar product of the odd coefficients and refer to the operation table. According to claim 1,
Wherein the calculation table converts the calculation result list into the first coordinate system using an integrated inverse of the calculation results of the second coordinate system. According to claim 2,
The signature is generated by scalar multiplication of an arbitrary reference point on the first coordinate system according to an arbitrary random number,
The dot-calculating step performs dot-calculation on the reference point and the public key according to the calculated coefficient. processor;
a memory for loading a computer program executed by the processor; and
Including a storage for storing the computer program,
The computer program,
Receiving a signature generated by encrypting a message to be signed with a private key and the message;
An operation of point-calculating a public key generated as a point on a first coordinate system defined as a finite field from the private key according to coefficients calculated from the signature and the message; and
And verifying the signature by comparing the result of the dot operation with the signature,
In the operation of calculating the points, the calculation is performed by referring to a result of the point calculation or a value in an calculation table in which at least some of the sub-operations constituting the point calculation are stored in advance according to the calculated coefficient,
The receiving operation receives an operation result of at least one scalar product of the public key,
The calculation table converts the calculation result of the scalar product of the public key received in the first coordinate system into the second coordinate system to generate a calculation result list of the scalar product of odd coefficients, and converts the generated calculation result list into the first coordinate system. Computing device characterized in that converted and stored. According to claim 5,
The operation of calculating the point,
The computing device according to claim 1 , wherein sub-operations constituting the dot operation are divided into subtraction between operation results of the scalar product of the odd coefficients and referred to the operation table. According to claim 5,
The calculation table converts the calculation result list into the first coordinate system using an integral inverse of the calculation results of the second coordinate system. According to claim 6,
The signature is generated by scalar multiplication of an arbitrary reference point on the first coordinate system according to an arbitrary random number,
The computing device, characterized in that in the dot calculation, the reference point and the public key are dot-calculated according to the calculated coefficient. A program stored in a computer-readable recording medium for performing the signature verification method according to any one of claims 1 to 4 in a computing device. delete delete delete delete delete delete

Images