TW434516B - Method for batch authentication of multiple digital certificates and method for identification of illegal digital certificates - Google Patents
Method for batch authentication of multiple digital certificates and method for identification of illegal digital certificates Download PDFInfo
- Publication number
- TW434516B TW434516B TW88103500A TW88103500A TW434516B TW 434516 B TW434516 B TW 434516B TW 88103500 A TW88103500 A TW 88103500A TW 88103500 A TW88103500 A TW 88103500A TW 434516 B TW434516 B TW 434516B
- Authority
- TW
- Taiwan
- Prior art keywords
- public key
- certificates
- public
- product
- signature
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Description
4 3¾¾ tel4 3¾¾ tel
五、發明說明(1) 本發明是有關於一種密碼通訊,且特別是有關於 批次驗證多個數位憑證及識別不合法數位憑證的方法其 可以大幅提高同時驗證多個數位憑證的效率,並將其中的 不合法數位憑證識別出來。 、 ’ 隨著電腦與通訊技術的結合,資訊的收集和傳遞在速 度與數量等方面都急遽增加。多樣化的應用使得電子傳輸 已經取代傳統以紙為傳遞媒介的通訊方式。這個結果使得 資訊的運用度更加提高’但是相對的也使得該資訊容易受 到非法或未授權者的惡意攻擊。因此,如何將資訊安全的 技術與電子通訊系統相結合以保護資訊的私密性及真確性 ’且不會遭受被動式的竊聽或主動式的竄改,乃成為當務 之急。 DESCData Encryption Standard)是第一個可公開利 用並由美國政府背書的密碼演算法,它是一個單一金鑰的 密碼系統。所謂單一金鑰密碼系統就是加解密所使用的金 錄可以很容易地互相推導,也就是說有了加密金錄便可以 很容易的獲得解密金鑰,反之亦然。 在1 976年,Di ff ie與Hellamn兩位學者提出了所謂"公 錄”(Publ ic key)密碼系統的觀念,用以解決單一金鑰密 碼系統中需要秘密交換金鑰的問題。在公鑰密碼系統中, 每一個加密所用的金鑰就有一個相對應的解密金鑰’這一 對長得完全不一樣的金鑰有著密不可分的關係,但是想要V. Description of the invention (1) The present invention relates to a cryptographic communication, and in particular to a method for batch verification of multiple digital vouchers and identification of illegal digital vouchers, which can greatly improve the efficiency of simultaneously verifying multiple digital vouchers, and Identify the illegal digital credentials. With the combination of computer and communication technology, the collection and transmission of information has increased dramatically in terms of speed and quantity. Diversified applications have made electronic transmission replace traditional paper-based communication methods. This result makes the use of information even higher ’, but it also makes the information vulnerable to malicious attacks by illegal or unauthorized persons. Therefore, how to combine information security technology with electronic communication systems to protect the privacy and authenticity of information 'and not be subject to passive eavesdropping or active tampering becomes a top priority. DESCData Encryption Standard) is the first publicly available cryptographic algorithm endorsed by the US government. It is a single-key cryptosystem. The so-called single-key cryptosystem is that the records used for encryption and decryption can be easily deduced from each other, that is, with the encrypted records, the decryption keys can be easily obtained, and vice versa. In 1 976, two scholars, Diffie and Hellamn, proposed the concept of the so-called "public key" cryptosystem to solve the problem of secret key exchange in a single-key cryptosystem. In the key cryptosystem, each key used for encryption has a corresponding decryption key. This pair of completely different keys has an inseparable relationship, but you want
第4頁 五、發明說明(2) 八在這種公錄密碼系統中,每個成員的加密金繪都必須 二開,大家知道。如此一來,任何人只要利用接收者公開 不二1金輪將機密文件加密,便可將加密的機密文件透過 者安全的管道安全地送到接收者處。由於只有合法的接收 才會擁有該加密金鑰所對應的解密金鑰,因此也只有合 '的接收者才能解出被加密的機密文件。 &输密瑪系統具有一個非常獨特的特性,也就是所謂 的數位簽早(Digital Signature)。數位簽章與傳統的親 筆簽名一樣’可用來鑑別該簽章的作者。數位簽章就是對 電子文件的簽署動作,其簽署結果可提供鑑別 (authentication)與不可否認性(non-repudiation)。要 簽署電子文件時’發送者必須先將該電子文件輸入所謂的 單向雜湊函數(〇ne-way hash function)以獲得一段訊息 摘要(Message Digest)或雜湊值(Hash Value)。為 了安全 起見’單向雜凑函數必須具有兩個特性:由輸入訊息得到 訊息摘要非常容易’由訊息摘要反推回輸入訊息非常困難 。待獲得訊息摘要後’發送者便可利用未公開的解密金餘 將該訊息摘要加密,而這個加密的結果便是所謂的數位簽 章。隨後,發送者便可將數位簽章附在原始電子文件後同 時送給接收者以便日後驗證之用。 接收者則可以利用發送者所公開的加密金瑜對數位簽 章進行解密的動作,藉以還原出簽章時的訊息摘要。另一 方面’接收者亦可以將收到的電子文件輸入單向雜凑函數 以獲得一段訊息摘要,並將這段訊息摘要與由數位簽章還Page 4 V. Description of the invention (2) Eight In this public record password system, the encrypted golden picture of each member must be opened, everyone knows. In this way, anyone who uses the recipient ’s public golden wheel to encrypt the confidential file can securely send the encrypted confidential file to the receiver through the user ’s secure channel. Since only the legitimate receiver will have the decryption key corresponding to the encryption key, only the recipients who are able to decrypt the encrypted secret file will be able to solve it. & Lost Mimar system has a very unique feature, which is the so-called digital signature (Digital Signature). Digital signatures, like traditional autographs, can be used to identify the author of the signature. A digital signature is an act of signing an electronic document, and the result of the signature can provide authentication and non-repudiation. To sign an electronic document, the sender must first enter the electronic document into a so-called one-way hash function to obtain a message digest or hash value. To be safe, the one-way hash function must have two characteristics: it is very easy to get the message digest from the input message, and it is very difficult to push back the input message from the message digest. Once the message digest is obtained, the sender can use the undisclosed decryption balance to encrypt the message digest, and the result of this encryption is the so-called digital signature. The sender can then attach the digital signature to the original electronic file and send it to the receiver for later verification. The receiver can decrypt the digital signature by using the encrypted Jinyu disclosed by the sender to restore the message digest when the signature is signed. On the other hand, the receiver can also enter the received electronic file into a one-way hash function to obtain a message digest, and return the message digest with a digital signature.
第5頁 r A 3 13¾ 五、發明說明(3) 原出來的訊息摘要做比較,若兩者相同則表示該電子文件 未被竄改過。 目前有兩個眾所周知的公餘密碼系統能同時提供加密 與簽章’它們分別是安全性基於分解因數問題的RS A系統 (U.S. Patent No. 4 ’4 05 ’829 )與安全性基於解離散對 數問題的ElGamal系統。最近,安全性基於橢圊曲線的密 碑系統(Elliptic Curve Cryptosystem ;ECC)也受到注意 並被IEEE PI 363考慮作為密碼系統的標準之一。事實上, 安全性基於橢圓曲線的密碼系統有許多特性與安全性基於 解離散對數問題的ElGamal系統是一樣的。 RSA系統已經被VISA與MasterCard等組織採用作為電 子交易安全(Secure Electronic Transaction)的標準 (SETTM),用來保障在網際網路上進行電子信用交易及付款 資訊的安全。 在公餘密碼系統中,公錄憑證必須由一些可信賴的憑 證機構(Certificate Authority,CA)產生,並由憑證機 構或使用者將公輸憑證放在目錄中。每一個公錄憑證都是 由憑證機構以自有私鑰對使用者的公鑰簽署而成。公鑰憑 證存在的目的是為了幫助其他使用者鑑別公鑰擁有者的合 法性。ITU-T建議使用X. 509做為X.500目錄檢索服務的一 部份。X. 5 0 9對X. 5 0 0的目錄檢索服務提供鑑別的服務。然 而’該標準並未規定採取那些特定的演算法。事實上,X. 509已經使用在各式各樣的場合中。譬如χ. 5〇9的憑證格式 已經被 S/MIME,IP Security,SSL/TLS 與 SETTM 採用。Page 5 r A 3 13¾ 5. Description of the invention (3) The original message summary is compared. If they are the same, it means that the electronic file has not been tampered with. At present, there are two well-known public cryptosystems that can provide encryption and signatures at the same time. They are respectively a security-based RS A system (US Patent No. 4 '4 05' 829) and a security-based discrete logarithm. ElGamal system in question. Recently, the Elliptic Curve Cryptosystem (ECC) based security has also been noticed and considered by IEEE PI 363 as one of the standards for cryptographic systems. In fact, the security of elliptic curve-based cryptosystems has many of the same characteristics as the ElGamal system of security based on solving discrete logarithms. The RSA system has been adopted by organizations such as VISA and MasterCard as the Standard for Secure Electronic Transaction (SETTM) to ensure the security of electronic credit transactions and payment information on the Internet. In public cryptosystems, public records must be generated by some trusted certificate authority (CA), and the public input certificate is placed in the directory by the certificate authority or user. Each publicly recorded certificate is signed by the certificate authority with the user's public key using its own private key. The purpose of the public key certificate is to help other users verify the legitimacy of the public key owner. ITU-T recommends using X.509 as part of the X.500 directory retrieval service. X.509 provides authentication services for X.500 directory search services. However, 'the standard does not prescribe those specific algorithms. In fact, X.509 has been used in a variety of situations. For example, the certificate format of χ.509 has been adopted by S / MIME, IP Security, SSL / TLS and SETTM.
4345 ΐ Sf 五、發明說明(4) 不幸的是’驗證數位憑證是一件非常耗時的工作,尤 其在驗證ElGamal類型的數位憑證時更是如此。舉例來說 ,一般建議ElGamal類型憑證至少要由兩個512位元(bi 士) 組成的簽章才夠安全。不過,這麼大的憑證需要兩個 位元的模指數(Modular Exponentiation)運算,因此要批 次驗證多個數位憑證的確是十分費時的工作。 有鑑於此,本發明的主要目的就是提出一種批次驗證 多個數位憑證及鑑別非法數位憑證的方法,可以有效率地 驗證多個來自同一憑證機構(簽章者)的公鑰憑證,並將其 中非法的數位憑證指出來。 〃 為達上述及其他目的,本發明乃提出一種批次驗證多 個數位憑證的方法,用以在不安全的通訊通道中驗證來自 同一簽章者的多個公鑰憑證,以便確認所有公鑰憑證的合 法性。這種驗證方法的步驟包括··提供一處理單元;以及 =用該處理單元計算該些公_鑰的雜湊值乘積及該些公錄憑 ,的f積,並利用該簽章者的公鑰解密該些公鑰憑證的乘 積,藉以比對該解密結果及該些公鑰的雜湊值的乘積,進 7確遇所有公鑰憑證的合法性。在這種驗證方法中,該些 公鑰憑證可以由RSA數位簽章法或E1Gafflal數位簽章法得到 。而該處理單元則可以由資料處理單位或通訊閘道處理 組成》 另外’本發明亦提供一種識別不合法數位憑證的方法 ,,以在同一簽章者的多個公鑰憑證中指出不合法的公鑰 憑證。這種識別方法的步驟包括:(a)提供一處理單元;4345 ΐ Sf V. Description of the invention (4) Unfortunately, 'verifying digital credentials is a very time-consuming task, especially when verifying digital credentials of the ElGamal type. For example, it is generally recommended that ElGamal-type certificates need at least two 512-bit signatures to be secure. However, such a large voucher requires a two-bit Modular Exponentiation operation, so it is indeed a time-consuming task to verify multiple digital vouchers in batches. In view of this, the main purpose of the present invention is to propose a method for batch verification of multiple digital certificates and identification of illegal digital certificates, which can efficiently verify multiple public key certificates from the same certificate authority (signator), and Illegal digital credentials were pointed out. 〃 To achieve the above and other objectives, the present invention proposes a method for batch verification of multiple digital certificates, which is used to verify multiple public key certificates from the same signer in an insecure communication channel in order to confirm all public keys The legitimacy of the credentials. The steps of this verification method include: providing a processing unit; and using the processing unit to calculate the hash value product of the public key and the f product of the public record vouchers, and using the public key of the signatory The product of the public key certificates is decrypted, and the product of the decryption result and the hash value of the public keys is compared, and the legitimacy of all public key certificates is met. In this verification method, the public key certificates can be obtained by RSA digital signature method or E1Gafflal digital signature method. The processing unit may be composed of a data processing unit or a communication gateway. In addition, the present invention also provides a method for identifying illegal digital certificates to point out illegal ones in multiple public key certificates of the same signer. Public key certificate. The steps of this identification method include: (a) providing a processing unit;
434516J 五、發明說明C5) (b)利用該處理單元將所有公鑰憑證分成複數個子群組, 並分別驗證每個子群組的鏗識性;以及(c )利用該處理單 元對具有不合法公输憑證的子群組重覆步驟(b),直到每 個子群組中只剩下一個公輪憑證。在這種鑑別方法中,該 些子群組的驗證方法是利用該處理單元計算該子群經中所 有公錄的雜凑值乘積及公餘憑證的乘積,並利用該簽章者 的公錄解密該些公输憑證的乘積’藉以驗證該子群组中所 有公錄憑證的合法性。另外’該些公餘憑證可以由A數 位簽章法或E 1 G a m a 1數位簽章法得到。該處理單元則可以 由資料處理單位或通訊閘道處理器組成。 為讓本發明之上述和其他目的、特徵、和優點能更明 顯易懂,下文特舉一較佳實施例,並配合所附圖式,作詳 細說明如下: 圖式說明 第1圖為本發明利用資料處理單位或通訊閘道處理器 以驗證由相同私輪所簽署的多個RSA數位憑證的流程圖; 第2圖為本發明利用資料處理單位或通訊閘道處理器 以驗§^由相同私Μ# 靖所簽署的多個E 1Gama 1數位憑證的流程 圖, 第3圖為叮應用在本發明驗證方法的兩種ElG am al類型 數位簽章及其相訝應的驗證公式;以及 第4圖為利用本發明方法以自八個數位簽章中識別出 不合法數位簽章的流程圖。 較佳實施例434516J V. Description of the invention C5) (b) Use this processing unit to divide all public key certificates into a plurality of subgroups, and verify the visibility of each subgroup separately; and (c) Use this processing unit to have illegal public input Sub-groups of vouchers repeat step (b) until there is only one round of vouchers left in each sub-group. In this authentication method, the verification method of the subgroups is to use the processing unit to calculate the product of the hash value of all public records in the subgroup and the product of the public certificate, and use the public records of the signatory Decrypt the product of the public input vouchers to verify the legitimacy of all public input vouchers in the subgroup. In addition, these public certificate can be obtained by A digital signature method or E 1 G a m a 1 digital signature method. The processing unit may be composed of a data processing unit or a communication gateway processor. In order to make the above and other objects, features, and advantages of the present invention more comprehensible, a preferred embodiment is given below in conjunction with the accompanying drawings to make a detailed description as follows: Description of the drawings FIG. 1 is the present invention Flow chart of using a data processing unit or a communication gateway processor to verify multiple RSA digital certificates signed by the same private ship; Figure 2 is a flowchart of the present invention using a data processing unit or a communication gateway processor to verify the same § ^ by the same The flowchart of multiple E 1Gama 1 digital vouchers signed by the private M # Jing, Figure 3 is two ElGam al type digital signatures applied to the verification method of the present invention and their corresponding verification formulas; and FIG. 4 is a flowchart of identifying illegal digital signatures from eight digital signatures by using the method of the present invention. Preferred embodiment
4345t6J 五、發明說明(6) --------------- 驗迅數位憑證需要很大量的計算,因此當同時驗證多 個數位證時’消耗在計算上的時間亦非常可觀。有鑑於 此^本發明便提出一種驗證多個數位憑證及識別非法數位 憑證的方法,其可以大量地降低驗證時所需要的計算量, 因此非常適用於電子商務。舉例來說,根據本發明的方法 ’由同一個憑證機構所簽署的多個憑證或來由同一個付款 處所簽署的多個訊息,只需要一個驗證動作就可完成所有 憑證的驗證。 不像一般驗證法是一次一個數位憑證地慢慢驗證,本 發明是以有系統的方式驗證同一把私鑰所產生的數位憑證 。不管數位憑證是由RSA數位簽章法或ElGamal數位簽章法 得到的數位憑證,本發明都可以同時驗證所有數位憑證, 且it*費時間亦與一個數位憑證的驗證時間相同。這個特性 使得本發明非常適用在需要驗證大量數位憑證的場合。 在本發明驗證多個數位憑證的方法中,資料處理單位 (DPU)或通訊閘道處理器(Communication Gateway Processor)是用來處理藉由網際網路這類不安全的通訊管 道而在一個或多個實體間傳輸的訊息,其扮演的角色就是 負責接收及同時驗證大量的數位憑證。 因此,資料處理單位(DPU )或通訊閘道處理器 (Communication Gateway Processor)是用來檢查公鑰憑 證的内容、並將所有公输憑證區分成數個子群組,其中, 屬於同一個子群組的公鑰憑證都是利用同一把私鑰生成的 。針對每一個子群組,資料處理單位(DPU)或通訊閘道處4345t6J V. Description of the invention (6) --------------- Verification of digital certificates requires a lot of calculations, so when verifying multiple digital certificates at the same time, the time consumed in calculation is also Very impressive. In view of this, the present invention proposes a method for verifying multiple digital vouchers and identifying illegal digital vouchers, which can greatly reduce the amount of calculation required during verification, and is therefore very suitable for e-commerce. For example, according to the method ′ of the present invention, multiple certificates signed by the same certificate authority or multiple messages signed by the same payment agency require only one verification action to complete the verification of all certificates. Unlike ordinary verification methods, which slowly verify digital certificates one at a time, the present invention verifies digital certificates generated by the same private key in a systematic manner. Regardless of whether the digital certificate is a digital certificate obtained by the RSA digital signature method or the ElGamal digital signature method, the present invention can verify all digital certificates at the same time, and it * time is the same as the verification time of a digital certificate. This feature makes the present invention very suitable for situations where a large number of digital credentials need to be verified. In the method for verifying multiple digital certificates of the present invention, a data processing unit (DPU) or a communication gateway processor (Communication Gateway Processor) is used to process one or more communication channels through an insecure communication channel such as the Internet. The message transmitted between two entities plays the role of receiving and verifying a large number of digital certificates at the same time. Therefore, the data processing unit (DPU) or communication gateway processor (Communication Gateway Processor) is used to check the content of the public key certificate and divide all public input certificates into several subgroups. Among them, the public belonging to the same subgroup Key certificates are generated using the same private key. For each subgroup, data processing unit (DPU) or communication gateway
4 345 t6.i 五、發明說明(7) "— 理器(Communication Gateway Processor)會對所有數位 憑證的公輪机息計算出一個雜湊值(Hash Value)。在這個 例子裡’若數位憑證是利用rSA數位簽章法產生,則資料 處理單位或通訊開道處理器可利用模η求出所有雜湊值的 乘積,其中η是兩個大質數的乘積。同時,資料處理單位 (DPU)或通訊間道處理器(c〇mmunicati〇n Gateway Processor)亦會計算同一個子群組中所有數位簽章在模n 下的乘積。然後,再利用簽章者的公鑰將這些數位簽章在 模η下的乘積予以解密,藉以驗證所有公鑰憑證的合法性 到包 收證 有憑 所鑰 則公 ,的 等法 相合 積不 乘有 的 ώί 值, 湊之 雜反 有。 所的 與法 果合 結是 的都 密證 解憑。 若鑰中 公其 的含 另外 生,則存 資料處理 Gateway 章的乘積 息摘要相 個總和值 若解 都是合法 證大量公 上述驗證 ’右延些數位憑證是利用EiGamal數位簽章法產 ,一個所有群體成員均認可的大質數p。然後, 單位(DPU)或通訊閘道處理器(c〇mmunicah〇n Processor)在模(m〇(hilo) p中計算出所有部分簽 、並在模p-1中計算出兩個分別與部分簽章及訊 關的總和值。最後,再利用簽章者的公鑰將這兩 與先別sf算所得的乘積予以解密。 密結果通過簽章的驗證,則所有收到的數位憑證 的。因為本發明只需要—個解密的動作,所以驗 鑰訊息所需的時間可以很明顯地減少。反之,若 比對失敗,則表示有非法的數位憑證混在收到的4 345 t6.i 5. Description of the invention (7) " — The Communication Gateway Processor calculates a hash value for the public machine information of all digital certificates. In this example, 'if the digital voucher is generated using the rSA digital signature method, the data processing unit or communication channel processor can use the modulus η to find the product of all hash values, where η is the product of two large prime numbers. At the same time, the data processing unit (DPU) or the communication channel processor (common gateway processor) will also calculate the product of all digital signatures in the same subgroup under the module n. Then, the signer's public key is used to decrypt the product of these digital signatures under the mode η to verify the legitimacy of all public key certificates until the receipt of the certificate is public with the key. Multiplying by the value, some miscellaneous. All that is combined with law and fruit is a secret testimony. If the public information contained in the key is different, then the stored data is processed and the product summary of the Gateway Chapter is summed together. If the solution is legal, a large number of public certificates are verified. Large prime number p recognized by members of the group. Then, the unit (DPU) or communication gateway processor (common processor) calculates all partial signatures in the module (m0 (hilo) p), and calculates two separate and partial modules in the module p-1. The total value of the signature and customs clearance. Finally, the public key of the signer is used to decrypt the product of these two and the sf calculated beforehand. The secret result passes the signature verification, then all the digital certificates received. Because the present invention only needs a decryption action, the time required to verify the key message can be significantly reduced. Conversely, if the comparison fails, it means that there are illegal digital credentials mixed in the received
第10頁 4345161, 五、發明說明⑻ - 數位憑S登中。此時,為識別不合法的數位憑證,我們可以 將收到的數位憑證分成兩個子群組’並以前述驗證方式個 別對兩個子群組的憑證進行驗證。若驗證比對失敗,也就 表示不合法的數位憑證存在此一子群組中。藉此,只要一 直重複遗個分群及驗證的工作,非法的數位憑證便可以被 ——識別出來。 在第1圖中’若通訊閘道處理器要驗證t個公鑰資訊叫 ’ m2 ’ mt的只艺人數位簽章(分別表示成Si,s2,…,st) ’則依照R S A的加密法,每一個要產生r s A數位憑證的簽署 人必須先選一個模數n = pq,其中ρ和q是兩個秘密的大質數 。在此’假設e是簽署人的公鑰,d是相對應的私鑰,其中 ed mod (p-l)(q-l) = 1 ,立h(m)表示訊息m帶入一個單向 雜湊函數得到的雜湊值,則訊息%與其RSA數位簽章5;滿足 mod η的關係。至於數位簽章的驗證方式則是檢 查= S/ mod η是否成立。換句話說,就是接收者將 收到的公输訊息帶入一個單向雜湊函數’並將求得的雜湊 值與利用公鑰e自數位簽章中解密所得的值做個比較。 因為RSA數位簽章法具有乘法同態(Mul tipi icative Homomorphism)的特性,因此當所有數位簽章乘積的解密 結果與所有公鑰訊息摘要的乘積相等時’也就是 (m)e i.1 RSA數位簽章3 在此 mod η時,所有公鑰資訊〜’ m2,…,mt的 s2 ’St都是合法的。 nh(mi) mt的個別簽章的乘 個公鑰資訊 in.Page 10 4345161, V. Description of the invention ⑻-Digital S login. At this time, in order to identify illegal digital credentials, we can divide the received digital credentials into two subgroups' and verify the credentials of the two subgroups individually using the aforementioned verification method. If the verification fails, it means that illegal digital credentials exist in this subgroup. As a result, as long as the grouping and verification work is repeated, illegal digital credentials can be identified. In the first figure, 'If the communication gateway processor needs to verify t public key information called' m2 'mt, only the digital signature (represented respectively as Si, s2, ..., st)' is based on the RSA encryption method. Each signatory who wants to generate a digital certificate of rs A must first choose a modulus n = pq, where ρ and q are two secret large prime numbers. Here 'assume that e is the public key of the signatory and d is the corresponding private key, where ed mod (pl) (ql) = 1, and h (m) represents the hash obtained by bringing the message m into a one-way hash function. Value, the message% and its RSA digital signature 5; satisfy the relationship of mod η. The digital signature verification method is to check whether = S / mod η is established. In other words, the receiver brings the received public input message into a one-way hash function 'and compares the obtained hash value with the value decrypted from the digital signature using the public key e. Because the RSA digital signature method has the characteristics of multiplication homomorphism (Mul tipi icative Homomorphism), when the decryption result of all digital signature products is equal to the product of all public key message digests, that is (m) e i.1 RSA Digital signature 3 In this mod η, all public key information ~ 'm2, ..., s2'St of mt are legal. nh (mi) mt of the individual signatures of the public key information in.
434lSt 61 五、發明說明(9) 積 i-i rood η稱為簽章積(Multiplicative Digital434lSt 61 V. Description of the invention (9) The product i-i rood η is called the signature product (Multiplicative Digital
Signature),以方便接下來的討論。 因為簽早積的驗§登只需利用公錄e作一次解密的運算 即可。所以本發明便利用RSA數位簽章法具有乘法同態的 特性,將簽章積視為t個公鑰資訊%,%,…,&的合法簽 章。 請參考第1圖,此為本發明利用資料處理單位或通訊 閘道處理器以驗證由相同私鑰所簽署的多個rSA數位憑證 的流程圖。 & a 如圖中所示’在步驟1〇中,首先以通訊閘道處理器計 算出每一個公鑰資訊的訊息摘要h(mi),h(m2),…,h(m ) 。接下來,在步驟1 2中,將所有的收到的訊息摘要在模^ 中相乘,藉以得到h (ni】)h (m2)…h (mt) m 〇 d η。同樣地, 在步驟1 4中’以通訊閘道處理器計算出所有公鑰資訊相對 應的RSA簽章乘積S!S2 ...St mod η。最後,在步驟1 6中,利 用簽署者的公鑰將數位簽章的乘積予以解密,並將解密結 果與所有公鑰訊息摘要的乘積進行比對。也就是,接收者 t ΐ- 的通訊閘道處理器會檢查(〇Si)e = Dh(mi) mod η是否成 立。若所有數位簽章都是合法的,則上述公式就會成立。 藉此,t個RSA數位簽章$1 , \,…,st便可在一個簽章的 驗證時間内有效率地完成。 另外’以通訊閘道處理器驗證t個公鑰資訊叫,mSignature) to facilitate the following discussion. Because the signing of the early product check is only required to use the public record e to perform a decryption operation. Therefore, the present invention facilitates the use of the RSA digital signature method with the characteristic of multiplicative homomorphism, and treats the signature product as a legal signature of t public key information%,%, ..., &. Please refer to FIG. 1. This is a flowchart of verifying multiple rSA digital certificates signed by the same private key using a data processing unit or a communication gateway processor according to the present invention. & a As shown in the figure ’In step 10, the communication gateway processor first calculates the message digests h (mi), h (m2), ..., h (m) of each public key information. Next, in step 12, all the received message digests are multiplied by modulo ^ to obtain h (ni)) h (m2) ... h (mt) m 〇 d η. Similarly, in step 14 ', the communication gateway processor calculates the RSA signature product S! S2 ... St mod η corresponding to all public key information. Finally, in step 16 the signer's public key is used to decrypt the product of the digital signature, and the decryption result is compared with the product of all public key message digests. That is, the communication gateway processor of the receiver t ΐ- checks whether (〇Si) e = Dh (mi) mod η is established. If all digital signatures are legal, the above formula will hold. With this, t RSA digital signatures $ 1, \, ..., st can be efficiently completed within the signature verification time. In addition, the communication gateway processor verifies t public key information calls, m
IMi IIH 第12頁IMi IIH Page 12
4 3451 6 I 玉、發明說明(ίο) …’ mt的ElGamal類型簽章\,S2.....st則是另一個適用 於本發明的例子。 在ElGamal類型的數位簽章系統中,簽署者(signer) 必須選取一個公開的大質數p。為了方便解釋起見,假設χ 是簽署者的私鑰,而y =αχ mod ρ是其相對應的公鑰,其 中α是存在於有限場GF(p)中的原數。接者,我們可以將 對訊息叫所簽署出的ElGamal類型數位簽章(Γι,Si)中的r 寫成卩=akl mod p,其中ki是簽署者任選的一個秘密整數 ’而Si則是以(h (m i),r;,X,ki)為參數的函數。4 3451 6 I Jade, description of the invention (ίο)… ’mt ’s ElGamal type signature \, S2 ..... st is another example applicable to the present invention. In a digital signature system of the ElGamal type, the signer must choose a publicly large prime p. For the convenience of explanation, suppose χ is the private key of the signer, and y = αχ mod ρ is its corresponding public key, where α is the original number existing in the finite field GF (p). Then, we can write r in the ElGamal digital signature (Γι, Si) signed for the message call as 卩 = akl mod p, where ki is a secret integer chosen by the signer 'and Si is (H (mi), r ;, X, ki) is a function of parameters.
Harn與Xu兩位學者便列舉18個ElGamal類型的數位簽 章法。由數學理論的證明可知,只要使用第3圖所列的簽 章公式來產生數位憑證,就可以將t個簽章的驗證工作畢 其功於一役。為了方便討論,假設SiZki-rihCmJx mc)d p-i ,簽章的驗證工作就是將公鑰訊息及其相對應的簽章帶人 s: him )ι 驗證公式*ν=α y mod ρ中檢查是否成立。若所有數位 t 簽章的乘積mod p與所有mod ρ的乘積相等, Πγ t 也就是ί』1 =α > mod ρ時,則所有公鑰資訊mi, m2 ’ …,mt 的瓦1〇311131 類型簽章(r] ’ ’(r2 ’ s2), …’(rt,st)都是合法的。因為此驗證同樣只需利用公輪y 作一次解密的運算即可。所以本發明便可利用這個特性來 同時驗證t個公鑰資訊%,m2,…’ 的合法性。 請參考第2圖’此為利用資料處理單位或通訊閘道處Harn and Xu scholars listed 18 digital signatures of ElGamal type. From the proof of mathematical theory, as long as the digital signature is generated using the signature formula listed in Figure 3, the verification of t signatures can be done in one battle. In order to facilitate the discussion, suppose that SiZki-rihCmJx mc) d pi, the verification of the signature is to bring the public key message and its corresponding signature to s: him) Verification formula * ν = α y mod ρ . If the product mod p of all digital t signatures is equal to the product of all mod ρ, Πγ t is ί′1 = α > mod ρ, then all public key information mi, m2 '…, watts of mt 1〇311131 The type signature (r) '' (r2 's2), ...' (rt, st) are all legal. Because this verification also only needs to use the public round y for a decryption operation. Therefore, the present invention can use This feature is used to verify the legitimacy of t public key information%, m2, ... 'at the same time. Please refer to Figure 2' This is the data processing unit or communication gateway.
第13頁 五、發明說明(11) 理器以驗證由相同私餘所簽署的多個El Gama 1數位憑證的 流程圖°如圖中所示,在步驟20中,首先計算所有公餘訊 息的訊息摘要)1(%),h(m2),…’ h(mt)。接下來,在步驟 22中,計算所有部分簽章的乘積qr2…rt mod p。然後, 在步驟24中,我們計算S二tiSi mod p-1與R石的11)1' mC)d P~1。在步騾26中,計算出asyR mod p。在步驟28中,接 t ny 收者的通訊閘道處理器會檢查=asyR mod p是否成立。 若所有的數位簽章都是合法的,則上述公式就會成立。由 此可知,t個E 1 Gama 1類型的簽章(q,s〗),(r2,s2),…, (rt ’st)亦可用本發明將驗證的工作有效地畢其功於一 役。 第3圖係適用於本發明的兩種EiGamal類型數位簽章法 及其相對應的驗證公式。因為只需要—個解密的動作,所 以不論使用者選擇的是第1圖或第2圖所述的簽章方式來產 生公錄憑證’其驗證公鑰訊息所需的時間都大大地減少了 〇 若有非法的數位憑證存在於所收到的眾多公鑰憑證中 時,第1圖步驟16與第2圖步驟28中驗證公式的等號將不會 成立。在這種情況下,可以將所有的公鑰憑證分成兩個子 群組(subgroup) ’並用先前所述的批次驗證法來驗證每一 個子群組。若通過驗證公式的測試,則該子群組的憑證都 是合法的’反之’則有非法的憑證存在該子群組裡。因此Page 13 V. Description of the invention (11) Flow chart of the processor to verify multiple El Gama 1 digital certificates signed by the same private person. As shown in the figure, in step 20, first calculate all public information Message summary) 1 (%), h (m2), ... 'h (mt). Next, in step 22, the product qr2 ... rt mod p of all partial signatures is calculated. Then, in step 24, we calculate 11) 1 'mC) d P ~ 1 of S2 tiSi mod p-1 and R stone. In step 骡 26, asyR mod p is calculated. In step 28, the communication gateway processor of the tny receiver checks whether = asy mod p holds. If all digital signatures are legal, the above formula will hold. From this, it can be seen that t E 1 Gama 1 type signatures (q, s), (r2, s2), ..., (rt 'st) can also be used to effectively verify the work in one battle. Figure 3 shows the two EiGamal digital signature methods applicable to the present invention and their corresponding verification formulas. Because only one decryption action is required, no matter the user chooses the signature method described in Figure 1 or Figure 2 to generate the public record certificate, the time required to verify the public key message is greatly reduced. If an illegal digital certificate exists in the received many public key certificates, the equal sign of the verification formula in step 16 of FIG. 1 and step 28 of FIG. 2 will not hold. In this case, all the public key certificates can be divided into two subgroups' and each subgroup is verified using the batch verification method described previously. If the test of the verification formula is passed, the credentials of the subgroup are all legitimate, otherwise, there are illegal credentials in the subgroup. therefore
第14頁 43^5 t 6 § 五、發明說明(12) ’只要針對含有非法憑證的子群組一直重複上述步驟至每 一個子群組只含有一個憑證,則所有非法憑證便可以識別 出來。 請參考第4圖,為利用本發明方法以自八個數位簽章 中識別出非法數伋簽章的流程圖。 如圖中所示’假設通訊閘道處理器要同時驗證八個公 錄憑證Si,sa ’…,s8 ’其中除了 S5外其它都是合法的憑證 。在步驟40中,利用第i圖或第2圖所述方式同時驗證八個 么錄憑5登’但疋因為其中含有不合法的憑證,所以無法通 過第1圖步驟16 (RSA簽章)或第2圖步驟28 (ElGamal類型 的簽章)的測試。在此情形下,可以將這些憑證分成(&, S2,S3,S4)與(S5,SB,S7,S8)兩個子群組。在步驟4 2中, 子群組(Si,SZ ’Ss ’SO通過驗證,而未通過驗證的子群组 (S5 ’ S6 ’ S7,S8)必須再進一步的等分成(§5,se)與(s7,S8) 兩個子群組。在步驟46及46,中,因為S5是非法的憑證,8 所以(Ss,Se)又被切成(Ss)與(se)兩個子群組。最後,在步 驟4 8及4 8 ’中,不合法的憑證Sjj被成功地識別出來。 , 綜上所述’本發明批次驗證多個數位憑證及鑑別非法 數位憑證的方法可以有效率地驗證多個來自同一憑證椹 (簽章者)的公錄憑證’ϋ將其中非法的數位憑證指出來稱 另外,本發明並非只適用於某種公鑰密碼系統而是適用於 任何簽章系統。如由IEEE Pl 363所草擬的橢圓曲線簽章方 法因為與ElGamal類型的數位簽章有相仿的特性,所以本 發明亦可應用在橢圓曲線簽章方法中。Page 14 43 ^ 5 t 6 § V. Description of the Invention (12) ’As long as the above steps are repeated for subgroups containing illegal credentials until each subgroup contains only one credential, all illegal credentials can be identified. Please refer to FIG. 4 for a flowchart of identifying illegal digital signatures from eight digital signatures using the method of the present invention. As shown in the figure, 'assuming that the communication gateway processor is to verify eight register credentials Si, sa' ..., s8 ', all of which are valid credentials except S5. In step 40, use the method described in Figure i or Figure 2 to verify eight logins at the same time. However, because it contains illegal credentials, it cannot pass step 16 (RSA signature) in Figure 1 or Figure 2 Test of step 28 (ElGamal type signature). In this case, these credentials can be divided into (&, S2, S3, S4) and (S5, SB, S7, S8) two subgroups. In step 42, the subgroup (Si, SZ 'Ss' SO passes the verification, but the subgroup (S5 'S6' S7, S8) that fails the verification must be further divided into equal parts (§5, se) and (S7, S8) Two subgroups. In steps 46 and 46, because S5 is an illegal credential, 8 (Ss, Se) is cut into (Ss) and (se) two subgroups. Finally, in steps 48 and 48, the illegal credentials Sjj are successfully identified. In summary, the method of batch verification of multiple digital credentials and identifying illegal digital credentials of the present invention can be efficiently verified Multiple publicly-documented certificates from the same certificate ((signator)) will point out the illegal digital certificate among them. In addition, the present invention is not only applicable to a certain type of public key cryptosystem but is applicable to any signature system. The elliptic curve signature method drafted by IEEE Pl 363 has similar characteristics to the ElGamal type digital signature, so the present invention can also be applied to the elliptic curve signature method.
A A雋表6 A 8 ^_ 五、發明說明(13) 雖然本發明已以較佳實施例揭露如上,然其並非用以 限定本發明,任何熟習此技藝者,在不脫離本發明之精神 和範圍内,當可做更動與潤飾,因此本發明之保護範圍當 視後附之申請專利範圍所界定者為準。AA 隽 表 6 A 8 ^ _ V. Description of the Invention (13) Although the present invention has been disclosed as above with preferred embodiments, it is not intended to limit the present invention. Any person skilled in the art will not depart from the spirit and scope of the present invention. Within the scope, it can be modified and retouched. Therefore, the protection scope of the present invention shall be determined by the scope of the attached patent application.
第16頁Page 16
Claims (1)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW88103500A TW434516B (en) | 1999-03-08 | 1999-03-08 | Method for batch authentication of multiple digital certificates and method for identification of illegal digital certificates |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW88103500A TW434516B (en) | 1999-03-08 | 1999-03-08 | Method for batch authentication of multiple digital certificates and method for identification of illegal digital certificates |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TW434516B true TW434516B (en) | 2001-05-16 |
Family
ID=21639896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW88103500A TW434516B (en) | 1999-03-08 | 1999-03-08 | Method for batch authentication of multiple digital certificates and method for identification of illegal digital certificates |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TW434516B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI474211B (en) * | 2008-12-11 | 2015-02-21 | Oberthur Technologies | Secure usb key,method of protecting secure usb key,computer program for protecting secure usb key and recording medium readable by secure usb key |
-
1999
- 1999-03-08 TW TW88103500A patent/TW434516B/en not_active IP Right Cessation
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI474211B (en) * | 2008-12-11 | 2015-02-21 | Oberthur Technologies | Secure usb key,method of protecting secure usb key,computer program for protecting secure usb key and recording medium readable by secure usb key |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Merkle | Protocols for public key cryptosystems | |
| Gamage et al. | An efficient scheme for secure message transmission using proxy-signcryption | |
| Perlman | The ephemerizer: Making data disappear | |
| US6446207B1 (en) | Verification protocol | |
| US8831214B2 (en) | Password self encryption method and system and encryption by keys generated from personal secret information | |
| US6058188A (en) | Method and apparatus for interoperable validation of key recovery information in a cryptographic system | |
| US5907618A (en) | Method and apparatus for verifiably providing key recovery information in a cryptographic system | |
| US7607009B2 (en) | Method for distributing and authenticating public keys using time ordered exchanges | |
| US6249585B1 (en) | Publicly verifiable key recovery | |
| US9800418B2 (en) | Signature protocol | |
| EP2686978B1 (en) | Keyed pv signatures | |
| US6243466B1 (en) | Auto-escrowable and auto-certifiable cryptosystems with fast key generation | |
| Tanwar et al. | Efficient and secure multiple digital signature to prevent forgery based on ECC | |
| US20150006900A1 (en) | Signature protocol | |
| JP4307589B2 (en) | Authentication protocol | |
| WO2016187689A1 (en) | Signature protocol | |
| TW434516B (en) | Method for batch authentication of multiple digital certificates and method for identification of illegal digital certificates | |
| Lee et al. | Untraceable blind signature schemes based on discrete logarithm problem | |
| TW427087B (en) | Full domain key recovering system | |
| CA2892318C (en) | Signature protocol | |
| Ezekiel et al. | Optimized Rivest, Shamir and Adleman (RSA) for Network Inter-Layer Communication | |
| Han et al. | A new proxy signature scheme as secure as EIGamal signature | |
| Merkle | 4. Protocols for | |
| Doraikannan | Efficient Implementation of Digital Signature Algorithms | |
| Khudhair | A New Multiple Blind Signatures Using El-Gamal Scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GD4A | Issue of patent certificate for granted invention patent | ||
| MM4A | Annulment or lapse of patent due to non-payment of fees |