WO1993016538A1  Devices for implementing public key cryptography and digital signatures  Google Patents
Devices for implementing public key cryptography and digital signatures Download PDFInfo
 Publication number
 WO1993016538A1 WO1993016538A1 PCT/GB1993/000313 GB9300313W WO9316538A1 WO 1993016538 A1 WO1993016538 A1 WO 1993016538A1 GB 9300313 W GB9300313 W GB 9300313W WO 9316538 A1 WO9316538 A1 WO 9316538A1
 Authority
 WO
 WIPO (PCT)
 Prior art keywords
 component
 ciphertext
 device
 block
 way
 Prior art date
Links
Classifications

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
 H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or publickey parameters
 H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or publickey parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, nonrepudiation, key authentication or verification of credentials
 H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, nonrepudiation, key authentication or verification of credentials involving digital signatures

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
 H04L2209/12—Details relating to cryptographic hardware or logic circuitry

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
 H04L2209/30—Compression, e.g. MerkleDamgard construction
Abstract
Description
DESCRIPTION
Technical Field
Devices for Implementing Public Key Cryptography and Digital Signatures
The present invention relates to cryptographic devices and particularly to such devices applied to public key cryptography.
Background Art
The more intensive use of electronic methods for the transmission and storage of confidential information, as exemplified by the employment of electronic systems for financial transactions, has increased a need for effective cryptographic systems to protect this information from theft and exploitation by unauthorized persons.
Amongst well known cryptographic systems used to protect information are the Data Encryption Standard (DES) which is a conventional symmetrical cryptosystem and systems of an entirely different character known as Public Key Systems of which the Rivest, Shamir and Adleman (RSA) system is the most prominent.
See references: (1), (2) and (3)
A feature of a Public Key System of cryptography is that the Key required for the process of encryption is different from that required for decryption. Moreover (if desired), it is possible to publish the Encryption Key (usually known as the Public Key) without prejudice to the security of the system. But, the Decryption Key (usually known as the Private Key) must be known only to persons authorized to receive the information.
The characteristics of Public Key Cryptography derive from the incorporation of a oneway or a oneway trapdoor mathematical function whereby the necessary calculations can be made readily in the desired direction but only with extreme difficulty in an inverse sense. The Digital Signature feature provides proof of the authenticity of the information and proof of its origin from the sole person having knowledge of the Private Key utilised.
The RSA version of a Public Key Cryptosystem employs modular exponentiation of a particular form as a trapdoor function. It is widely acclaimed for its ability to resist efforts to "crack" its code. However, the computational effort necessary for encryption and decryption requires time which limits its application for many practical purposes. The Devices which are the subject of this invention enable Public Key Cryptogra¬ phy i  i?e accomplished with reduced computational effort and consequently in less overall time. They are suitable for the rapid encryption and decryption of all types of information (commonly called data) and/or the provision of a digital signature and particularly have advantages for speech, television, facsimile and other forms of information which are generated at very rapid rates.
Words and Symbols which appear in the Glossary (see below) have the meaning defined therein.
Disclosure of the Invention
According to a first aspect of the present invention there is provided a component of a public key cryptosystem, which component comprises an encryption device, said device having means for encrypting information including a feedback loop which evaluates a oneway or a oneway trapdoor function incorporating modular exponentiation with a small positive exponent and thereby processes successively the blocks into which the information has been divided, to encrypt the information.
According to a second aspect of the present invention there is provided a component of a public key cryptosystem, which component comprises a decryption device having means for decrypting information encrypted by the encryption device of the first aspect of the present invention, the said decryption device including a feedback loop which evaluates a second oneway or a oneway trapdoor function identical with the first such function and thereby processes successively the blocks into which the encrypted information was divided, to decrypt the encrypted information.
According to a third aspect of the present invention there is provided a public key cryptographic communication system which comprises an encryption device according to the first aspect of the present invention and a transmitter operatively connected to the said encryption device to transmit the encrypted information via a telephone line or other suitable communication medium to a compatible receiver. Also provided is the receiver which is operatively linked to a decryption device according to the second aspect of the present invention to decrypt the received information. The transmitter according to this aspect of the present invention may be chosen to suit the nature of the available transmission medium which may, for example, comprise lines or radio or optical media. Suitably, adaptor means may be provided for compressing the bandwidth or otherwise adapting the information to be encrypted to make it possible to transmit that information via the available medium. A corresponding provision is suitably made at the receiver.
Preferably, there is provided means for remembering the electrical condition of the feedback loop of the device transmitting information at the conclusion of eommuni cation with a particular second device of the same character to which the first device has been connected via a telephone line or other suitable medium and also a second means for remembering the electrical condition of the feedback loop of the second device so that it is optionally unnecessary to initialize the cryptosystem on resumption of communication between the devices.
Preferably there is further provided storage means for storing the encrypted information in a suitable storage medium until required for examination at a later time in a decrypted form. Suitable storage media may include, for example, magnetic or optical discs or tape or printing on paper.
According to a fourth aspect of the present invention there is provided a public key cryptosystem which comprises an encryption device according to the first aspect of the present invention, a decryption device according to the second aspect of the present invention and storage means operatively linked therebetween.
The encryption device is preferably further characterized by being adapted to use as the the input to the oneway or oneway trapdoor function within the encryption device, a combination of the previously encrypted block with a predetermined or a precalculated number, which is known as the "Instantial Key", and preferably employing an ExclusiveOR function for the combination. The previously encrypted block is obtained from a register in which it has been stored.
Suitably, therefore, the encryption device may further comprise a register for storing the previously encrypted block and combining means for combining the previously encrypted block with a predetermined or precalculated number, namely the Instantial Key. Preferably the combining means incorporates an ExclusiveOR function for the purpose.
The encryption device is preferably also characterized by provision of combining means to combine the output of the oneway or oneway trapdoor function within the encryption device with the information to be encrypted to obtain the encrypted information employing for that purpose an ExclusiveOR function.
Correspondingly, the decryption device is preferably further characterized by being adapted to use as the input to the oneway or oneway trapdoor function within the decryption device the previous ciphertext block in combination with the Instantial Key and preferably to use an ExclusiveOR function for the combination. The previously decrypted block is obtained from a register in which it has been stored. The decryption device suitably further comprises a register for storing the previous encrypted block , and combining means for combining the previous encrypted block with a predetermined or precalculated number, namely the Instantial Key. Preferably, the combining means incorporates an ExclusiveOR function for the purpose.
The decryption device is preferably further characterized by provision of combining means to combine the output of the oneway or oneway trapdoor function in the decryption device with encrypted information obtained from a said encryption device to obtain the decrypted information in its original state before it was encrypted, employing an ExclusiveOR function for the combination.
The exponent of the oneway or oneway trapdoor function suitably is a small positive number such as three, five or seventeen.
Preferably there is provided digital signature means to encrypt the Instantial Key as the first block of encrypted information and to create a digital signature by encrypting, for example, the contents of the PEB register at the conclusion of the encryption of the information.
The encryption and decryption devices according to the present invention provide an outstandingly high rate of encryption and decryption respectively without impairing the level of security associated with Public Key Cryptosystems. In mathematical terms, the improvement may be expressed as the contrast between O(n^{Λ}2*L) time for encryption or decryption where n is the length of the modulus in bits and L is the length of the information in bits) which is characteristic of existing Public Key Cryptosystems and O(n*L) + O(n^{Λ}3) time for encryption or decryption which is characteristic of a Cryptosystem according to the present invention.
Brief Description of the Drawings:
A preferred embodiment of the present invention will now be more particularly described by way of example and with reference to the accompanying drawings.
Figure 1 is a schematic diagram of a public key cryptographic communication system embodying the third aspect of the present invention.
Figure 1 A is a schematic diagram of a public key cryptographic system embodying the fourth aspect of the present invention.
Figure 2 is a schematic diagram of the operational features of the encryption device embodying the first aspect of the present invention and which is also incorporated in Figure 1 schematic and in Figure 1 A schematic.
Figure 3 is a schematic diagram of the operational features of the decryption device embodying the second aspect of the present invention and which is also incorporated in the Figure 1 schematic and in Figure 1 A schematic.
Modes for carrying out the Invention
The term plaintext is in common use to describe the text of a message in its original and intelligible form and the term ciphertext is in common use to describe text which has been transformed by encryption into a form which is unintelligible.
These terms will be retained in the following description so that plaintext may denote the original state of information of any character (including, for example, information derived from speech or from graphical drawings) and ciphertext may denote the unintelligible form of information of any character after it has been encrypted. (See also the Glossary).
The devices of the present invention operate with information in a digital form.
Means are therefore provided to convert information into a digital form whenever necessary and also to compress it or otherwise to manipulate it into a convenient form for subsequent encryption. Corresponding arrangements are made to reconvert information after decryption into the form desired for its purpose.
Referring to Figure 1, the public key cryptographic system comprises an encryption device (1) which encrypts information which is in a digital form.
If this information is speech, television, facsimile or other information not already in a digital form an appropriate analogue to digital converter (2) is included.
In addition, the plaintext may be compressed or otherwise manipulated before encryption by a compressor (3) to reduce its length.
The compressor (3) may, for example, employ baseband codeexcited linear predictive coding (See Reference 4).
A function of the encryption device (1) is to divide the information into individual Blocks of a size convenient for the encryption process.
The Transmitter (7) is operable to transmit encrypted information via a telephone line or other suitable communication medium to a Receiver (8) which receives the encrypted information. The encryption process operates in a feedback loop, the operational features of which are illustrated schematically in Figure 2. 
The feedback loop comprises a first Exclusive OR (EOR) logic gate (9) operating bitwise on successive whole blocks of plaintext, a Previous Encrypted Block (PEB) register (10) which registers the previous block to have been encrypted, a second Exclusive OR (EOR) logic gate (11) and a oneway or oneway trapdoor function embodied in apparatus (12) which performs a modular exponentiation on the output of the second logic gate (11) and may perform other processing.
The first EOR logic gate (9) has inputs which are (a) a block of plaintext and (b) the output of the oneway or oneway trapdoor function in apparatus (12). The output of this logic gate is a block of ciphertext.
The second EOR logic gate (11) has inputs which are (a) an Instantial Key (13) (see herebelow) and (b) the contents of the PEB register (10). The output of this logic gate is the input for apparatus (12).
The apparatus (12) by which the oneway or oneway trapdoor function may be evaluated and apparatus by which other modular exponentiation and other calculations may be performed may comprise dedicated circuitry (For Example: See Reference 5) or a microprocessor within the encryption device which is programmed for that purpose.
The apparatus (12) provides modular exponentiation with a small exponent J and modulus M. The exponent J is selected as a small positive number and may, for example, be five or seventeen. The modulus M is suitably a product of two large prime numbers which are different from each other : To maintain the security of the information involved, the values of these two large prime numbers should be known only to the person who will decrypt the information.
Preferably, the modulus used in the oneway or oneway trapdoor functions of the encryption device and the decryption device (to be described herebelow) is a product of two large prime numbers p and q such that p1 and q1 each have a large prime factor s and t respectively such that s1 and t1 also each have a large prime factor. The Public Key of any person is a number B chosen by that person which is co prime to (pl)*(ql) where p*q=M and where M is the modulus of the person as described above. The Private Key is another number V calculated from p, q and B by the Euclidean Algorithm such that (B*V) MOD ((pl)*(ql)) = 1. Alternatively, V may be chosen first and B calculated by the same method.
In practice, M must be at least 512 binary bits in length adequately to withstand attack on the security of the system by factorization of M. A value of M which is larger than 512 bits is preferred as providing better security.
To initiate the operation of the feedback loop, a zero value held in the PEB register (10) is combined with a precalculated number which will hereinafter be called the Instantial Key (IK). The Instantial Key is calculated by dividing a random number Q with the same number of bits as the modulus M by the modulus M, leaving a remainder which is the Instantial Key (13).
As a preliminary to the encryption of information, the Instantial Key (IK) is encrypted to form the first block of the ciphertext — thus:
First ciphertext block = ( IK ^{Λ} B ) MOD M where B is the Public Key and M is the Modulus of the person who will decrypt the information and where IK is the Instantial Key. (See also the Glossary).
Each block of the plaintext is then processed through the feedback loop. In explanation, the method used may be represented by a computer subroutine, as follows:
PEB = 0
WHILE NOT end of file INPUT NEXT plaintextblock ciphertextblock = plaintextblock EOR ((( IK EOR PEB ) ^{Λ} J ) MOD M ) PEB = ciphertextblock
OUTPUT NEXT ciphertextblock ENDWHILE where the exponent J is a small positive number and may, for example, be five or seventeen.
To establish authentication of the information, a digital signature may be encrypted in the final ciphertextblock. The digital signature may be calculated as :
Final ciphertextblock =
((((( IK EOR PEB ) ^{Λ} J ) MOD M ) MOD M ' ) ^{Λ} V ' ) MOD M '
where V ' is the Private Key and M ' the Modulus of the person originating and signing the information and also where IK is the Instantial Key, PEB is the Previous Encrypted Block and J is the Exponent. (For definitions see the Glossary).
The output of the encryption device may then be stored by any of the means commonly employed for the storage of computer data and the data may be decrypted at any later time.
Or, the data may be transported to any destination desired by methods commonly available such as the mailing of computer discs or it may be reproduced on paper and transmitted as a document.
Or, the output of the encryption device may be transmitted electronically to any destination for which it is intended using any of the conventional methods such as telephone or other communication circuits or by radio transmission.
Referring to Figure 1, the public key cryptographic system also includes a decryption device (4) which decrypts the ciphertext received from another encryption device via a telephone line or other suitable communication medium and the Receiver (8).
If required, an appropriate digi._ , to analog converter (5) and a decompressor (6) are included.
The decryption process operates in a feedback loop the operational features of which are shown schematically in Figure 3.
The feedback loop comprises a first Exclusive OR (EOR) logic gate (14) which operates bitwise on successive whole blocks of ciphertext, a Previous Encrypted Block (PEB) register (17) which registers the previous block of ciphertext, a second Exclusive OR (EOR) logic gate (16) and a oneway or oneway trapdoor function embodied in apparatus (15) which performs a modular exponentiation on the output of the second logic gate (16) and may perform other processing.
The first EOR logic gate (14) has inputs which are (a) a block of ciphertext and (b) the output of the oneway or oneway trapdoor function in apparatus (15). The output of this logic gate is a block of plaintext.
The second EOR logic gate (16) has inputs which are (a) the Instantial Key (18) and (b) the contents of the PEB register (17) which comprise the previous block of ciphertext. The output of this logic gate is the input for apparatus (15).
The oneway or oneway trapdoor function may be evaluated and other modular exponentiation calculations may be performed by dedicated circuitry or by means of a microprocessor within the encryption device which is programmed for that purpose.
The apparatus (15) provides modular exponentiation with a small exponent J and modulus M. The exponent J is selected as a small positive number and may, for example, be five or seventeen. The modulus M is suitably a product of two large prime numbers which are different from each other : To maintain the security of the information involved, the values of these two large prime numbers should be known only to the person who will decrypt the information. For successful decryption, the values of J and M must be the same as the corresponding values used in encrypting the information.
In practice, M must be at least 512 binary bits in length adequately to withstand attack on the security of the system by factorization of M. A value of M which is larger than 512 bits is preferred as providing better security.
Encrypted information received from another encryption device passes to the decryption device. The first ciphertext block to be decrypted provides the Instantial Key (18) — thus:
IK = ( first ciphertext block ^{Λ} V ) MOD M
where V is the Private Key and M is the Modulus of the person who will decrypt the information and IK is the Instantial Key (See also the Glossary). The PEB register is initialized to zero and each of the following blocks of the ciphertext are then processed by the feedback loop in turn except for the final block.
In explanation, the process of decryption may be represented by a computer sub¬ routine:
WHILE NOT got to final block
INPUT NEXT ciphertextblock plaintext block = ciphertext block EOR ((( IK EOR PEB ) ^{Λ} J ) MOD M )
PEB = ciphertextblock
OUTPUT NEXT plaintextblock END WHILE
where PEB is the previous ciphertext block which is stored in the register. (For definitions see the Glossary).
The digital signature which is encrypted in the final block of the ciphertext is then processed:
"signature obtained" = ( final ciphertext block ^{Λ} B ' ) MOD M '
"signature expected" = ((( PEB EOR IK ) ^{Λ} J ) MOD M ) MOD M '
where the exponent B ' and the Modulus M ' comprise the Public Key of the originator of the information: See the Glossary for definitions.
The signature and the information is considered authenticated if the "signature expected" = "signature obtained" and the plaintext obtained after decryption is intelligible and meaningful and not nonsense.
Referring to Fig. 1A, the numbers (1) to (6) have the same significance as the numbers in Fig.l. However, a storage facility for the ciphertext is shown at (19) and may be of any character in which digital information may be stored. This storage facility enables information to be stored in an encrypted form until it is desired to decrypt that information. In the first of a number of variations described below of the encryption and decryption procedures described above, the information to be encrypted may be padded at its conclusion with valid plaintext using wording which does not require authenti cation (for example, phrases such as "Yours sincerely"). Having divided the information into blocks the Instantial Key is encrypted as in the process already described above using the Public Key (B) and the Modulus (M) of the person who will decrypt the information to generate the first ciphertext block.
A second ciphertext block is then generated from the Instantial Key using both the Public Key ( B ) and the modulus ( M ) of the person who will decrypt the information and the Private Key ( V ' ) and Modulus ( M ' ) of the person who is originating and authorising the information, as follows:
first ciphertext block = ( IK ^{Λ} B ) MOD M
second ciphertext block = (((( IK ^{Λ} B ) MOD M ) MOD M ' ) ^{A} V ' ) MOD M '
The remaining plaintext blocks are then encrypted as in the method described above.
The decryption device then calculates:
"signature obtained" = (( second ciphertext block ) ^{Λ} B ' ) MOD M '
"signature expected" = (( IK ^{Λ} B ) MOD M ) MOD M '
The signature is considered to be authenticated if "signature obtained" = "signature expected" and the information is considered to be authenticated if following the information that requires authentication there is sufficient additional information that does not require authentication to fill at least one whole ciphertext block and that is likewise intelligible, meaningful and not nonsense. For authentication to be valid it is necessary that intelligible and meaningful plaintext information can be distinguished by the person decrypting the information from plaintext information which is nonsense. In a second variation of the encryption and decryption procedures outlined above, the digital signature may be provided by adding a zero block of plaintext to the end of the plaintext which is to be signed prior to encryption, ncrypting as above with the exception of the digital signature, calculating the Exclusive OR of all the ciphertext blocks and all the plaintext blocks yielding a value X, and then replacing the ciphertext block resulting from encrypting the zero block by a final ciphertext block defined by:
Final ciphertextblock = (( X MOD M')^{Λ}V)MOD M"
On decryption the signature obtained is defined by:
signature obtained = ((final ciphertext block)^{Λ}B')MOD M'
while the signature expected is defined by:
signature expected = Y MOD M'
where Y is the Exclusive OR of Z and all the plaintext blocks and all the ciphertext blocks except the final ciphertext block, where Z is given by:
Z = (((penultimate ciphertext block) EOR IK) ^{Λ}J )MOD M and the signature is considered valid if "signature obtained" is equal to "signature expected".
In a third variation of the encryption and decryption procedures defined above both the digital signature defined in the first variation and that defined in the originally described embodiment above may be sent, to be considered valid by the decrypting device if both are valid according to their respective specifications.
In a fourth variation of the encryption and decryption procedures defined above the modulus M used to encrypt all but the first ciphertext block may be different from the modulus (also referred to above as M) used to encrypt the first ciphertext block, provided that the prime factors of both moduli are unknown to all persons not authorised to decrypt the message. Moreover the modulus used to encrypt all but the first ciphertext block may be equal to the modulus of the signer, M', provided that the prime factors of M' are not known to persons not authorised to decrypt the message. The moduli used in decryption are in either circumstance altered correspondingly for the first, or for all but the first, ciphertext blocks.
In a fifth variation of the encryption and decryption procedures defined above the instantial key may be modified after encryption of each block and also modified in exactly the same manner in the decryption process. For example after encryption of each block the instantial key may be increased by one, squared, cubed, or have its bits permuted; or some more complicated method may be used to define the value of the instantial key for the next block of encryption, so long as the same method is used to alter the instantial key in the decryption device after decryption of each block.
In a sixth variation of the encryption and decryption procedures defined above the instantial key may be replaced by a new instantial key part way through encrypting or decrypting; the new instantial key may be either encrypted and decrypted in the same manner as the first block of ciphertext or it may be contained in the plaintext of the preceding block or blocks with appropriate means of identifying it as a new instantial key.
For example the plaintext may contain the sentence "At the beginning of the next new block after the next full stop change the instantial key to XXXXX" where XXXXX represents the new value of the instantial key. For another example it may be agreed by the communicating parties beforehand that the 100th, 200th, 300th, etc block of plaintext will contain the value of the instantial key to be used from then on.
Although the present invention has been described above with respect to seven preferred embodiments, a number of other embodiments are conceivable: Such alternative embodiments are intended to be equally within the scope of the present invention.
GLOSSARY OF TERMS AND SYMBOLS USED HEREIN ABOVE :
CRYPTOSYSTEM: A method and associated hardware for converting plaintext to ciphertext so that the plaintext is no longer intelligible and for reconverting ciphertext into intelligible plaintext for the purpose of preventing knowledge of the plaintext by unauthorized persons. See also KEY.
CONVENTIONAL CRYPTOSYSTEM: A Cryptosystem which requires that the Key employed to convert plaintext to ciphertext and the Key employed to convert ciphertext to plaintext must be known only to the persons operating the cryptosystem if the security of the cryptosystem and the privacy of the plaintext is to be preserved.
PUBLIC KEY CRYPTOSYSTEM: A Cryptosystem in which a complete knowledge of the method of operation of the encryption device and of the Key employed for encryption is insufficient to enable the plaintext to be recovered from the ciphertext in a feasible time.
KEY: A number (or information in other forms) required for the transformation of plaintext to ciphertext in a cryptosystem or a number (or information in other forms) required for the transformation of ciphertext to plaintext .
PUBLIC KEY: A Key which is known to its owner and, optionally, to any number of other persons.
PRIVATE KEY: A Key which is known only to its owner.
ENCRYPTION KEY: The Key employed to encrypt plaintext in a Cryptosystem. This Key may not be the same as the Decryption Key for the same cryptosystem.
DECRYPTION KEY: The Key employed to decrypt ciphertext in a Crypto system. This Key may not be the same as the Encryption Key for the same cryptosystem. PLAINTEXT AND CIPHERTEXT. The term plaintext is in common use to describe the text of a message in its original and intelligible form and the term ciphertext is in common use to describe text which has been transformed by encryption into a form which is unintelligible. These terms are retained in the description of the present invention so that plaintext denotes the original state of information of any character (including, for example, information derived from speech and from graphical information) and ciphertext may denote the unintelligible form of information of any character after it has been encrypted.
BLOCKS: The plaintext information is divided into portions named Blocks which are processed individually and successively until the whole of the information is encrypted. The same process occurs in decryption and the individual decrypted Blocks are united to form the complete decrypted text.
DIGITAL SIGNATURE: Digital information (often a number) the possession of which indicates that associated plaintext and the ciphertext originated with a person having knowledge of a unique Private Key: This indication is provided by the Digital Signature having a relationship with the corresponding Public Key and the plaintext and ciphertext itself which it would be infeasible to arrange without knowledge of the Private Key.
MODULUS: (See Modular Exponentiation).
MOD: The operation of Division discarding the Quotient and retaining the Remainder, e.g. 376 MOD 52 = 12
EXPONENTIATION: Of two numbers A and B. the result of multiplying A by itself B times. The symbol ^{Λ} is used to denote exponentiation.
MODULAR EXPONENTIATION: A calculation of the form ( A ^{Λ} B ) MOD C where the number A is the Base, the number B is the Exponent and the number C is the Modulus.
ONEWAY FUNCTION: A mathematical function which can be evaluated in feasible time but for which there does not exist an inverse function that can be evaluated in feasible time. ONEWAY TRAPDOOR FUNCTION: A mathematical function which can be evaluated in feasible time with the possibility of computing its inverse function also in feasible time if further information required for this purpose is known but for which the inverse function is impossible to compute in feasible time without this further information.
BINARY NUMBERS: Numbers expressed to the base 2 and represented by two digits, for example 0 and 1.
EOR LOGIC GATE: An electronic circuit with two inputs and one output with the property that that if the input voltages both represent the same binary digit, the output is a voltage used to represent 0 but otherwise the output is a voltage used to represent 1.
EOR BITWISE OPERATION: An EOR logic gate or a collection of such gates is said to operate bitwise on two blocks of data with the same number of bits each represented as a number of voltages each representing 0 or 1, if the output is a block of data of the same size such that the first bit of the output block is the output of an EOR logic gate whose two inputs are the first bit of the first block and the first bit of the second block and the second bit of the output block is the output of an EOR logic gate whose two inputs are the second bit of the first block and the second bit of the second block and the Nth bit of the output block is the output of an EOR logic gate whose inputs are the Nth bit of the first block and the Nth bit of the second block.
Notwithstanding the above description the same effect could be obtained by using a microprocessor to calculate the value of the output block rather than by using dedicated logic gates and this is also to be considered within the scope of the present invention.
The symbols employed have the following meanings:
* Multiplication / Division
Λ Exponentiation + Addition
Subtraction = Equals IK Instantial Key B Public Key V Private Key J Exponent
REFERENCES:
(1) Hoornaert F., Goubert J. and Desmedt Y (1985) "Efficient hardware implementation of the DES."
(2) Advances in Cryptology: Proceedings of Crypto84. Ed. Blakiey G.R. and Chaum D. pp. 147173 Springer Verlag, Heidelberg.
(3) RSA: US Patent 4405829
(4) Kondoz A.M. and Evans G.B. "CELP baseband coder for highquality speech coding at 9.6 to 2.4 kilobits per second" published in The Proceedings of the International Conference on Acoustics, Speech and Signal Processing 1988 New York Volume 1, pp 159162
(5) ThornEmi European Patent Application No EP 0 353 041 A2
Industrial Applicability
The more intensive use of electronic methods for the transmission and storage of confidential information, as exemplified by the employment of electronic systems for financial transactions, has increased a need for effective cryptographic systems to protect this information from theft and exploitation by unauthorized persons.
This Invention provides for improvements in existing methods of cryptography and is applicable in all situations in which it is required to ensure the privacy, security and authenticity of information of any character.
Claims
Priority Applications (2)
Application Number  Priority Date  Filing Date  Title 

GB9203425.5  19920218  
GB9203425A GB9203425D0 (en)  19920218  19920218  Devices for implementing public key cryptography and digital signatures 
Publications (1)
Publication Number  Publication Date 

WO1993016538A1 true WO1993016538A1 (en)  19930819 
Family
ID=10710603
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

PCT/GB1993/000313 WO1993016538A1 (en)  19920218  19930215  Devices for implementing public key cryptography and digital signatures 
Country Status (3)
Country  Link 

AU (1)  AU3507393A (en) 
GB (2)  GB9203425D0 (en) 
WO (1)  WO1993016538A1 (en) 
Cited By (2)
Publication number  Priority date  Publication date  Assignee  Title 

EP0693836A1 (en) *  19940610  19960124  Sun Microsystems, Inc.  Method and apparatus for a keymanagement scheme for internet protocols. 
US5588060A (en) *  19940610  19961224  Sun Microsystems, Inc.  Method and apparatus for a keymanagement scheme for internet protocols 
Families Citing this family (3)
Publication number  Priority date  Publication date  Assignee  Title 

DE19703929A1 (en)  19970204  19980806  Deutsche Telekom Ag  A method of generating a digital signature and method for verifying the signature 
US8051043B2 (en)  20060505  20111101  Hybir Inc.  Group based complete and incremental computer file backup system, process and apparatus 
WO2010064966A1 (en) *  20081204  20100610  Saab Ab  Key issuer, key carrier, access unit and methods performed in said units 
Citations (5)
Publication number  Priority date  Publication date  Assignee  Title 

US4405829A (en) *  19771214  19830920  Massachusetts Institute Of Technology  Cryptographic communications system and method 
EP0353041A2 (en) *  19880726  19900131  THORN EMI plc  Signal processing apparatus and method using modified signed digit arithmetic 
WO1990002456A1 (en) *  19880819  19900308  Ncr Corporation  Public key diversification method 
US4908861A (en) *  19870828  19900313  International Business Machines Corporation  Data authentication using modification detection codes based on a public one way encryption function 
US4956863A (en) *  19890417  19900911  Trw Inc.  Cryptographic method and apparatus for public key exchange with authentication 
Family Cites Families (2)
Publication number  Priority date  Publication date  Assignee  Title 

US4658094A (en) *  19850328  19870414  Itt Corporation  Encryption apparatus and methods for raising a large unsigned integer to a large unsigned integer power modulo a large unsigned integer 
US4736423A (en) *  19850430  19880405  International Business Machines Corporation  Technique for reducing RSA Crypto variable storage 

1992
 19920218 GB GB9203425A patent/GB9203425D0/en active Pending

1993
 19930215 AU AU35073/93A patent/AU3507393A/en not_active Abandoned
 19930215 WO PCT/GB1993/000313 patent/WO1993016538A1/en active Application Filing
 19930218 GB GB9303246A patent/GB2264423B/en not_active Expired  Fee Related
Patent Citations (5)
Publication number  Priority date  Publication date  Assignee  Title 

US4405829A (en) *  19771214  19830920  Massachusetts Institute Of Technology  Cryptographic communications system and method 
US4908861A (en) *  19870828  19900313  International Business Machines Corporation  Data authentication using modification detection codes based on a public one way encryption function 
EP0353041A2 (en) *  19880726  19900131  THORN EMI plc  Signal processing apparatus and method using modified signed digit arithmetic 
WO1990002456A1 (en) *  19880819  19900308  Ncr Corporation  Public key diversification method 
US4956863A (en) *  19890417  19900911  Trw Inc.  Cryptographic method and apparatus for public key exchange with authentication 
Cited By (2)
Publication number  Priority date  Publication date  Assignee  Title 

EP0693836A1 (en) *  19940610  19960124  Sun Microsystems, Inc.  Method and apparatus for a keymanagement scheme for internet protocols. 
US5588060A (en) *  19940610  19961224  Sun Microsystems, Inc.  Method and apparatus for a keymanagement scheme for internet protocols 
Also Published As
Publication number  Publication date 

AU3507393A (en)  19930903 
GB9203425D0 (en)  19920923 
GB9303246D0 (en)  19930407 
GB2264423A (en)  19930825 
GB2264423B (en)  19950426 
Similar Documents
Publication  Publication Date  Title 

Hong et al.  HIGHT: A new block cipher suitable for lowresource device  
Blum et al.  An efficient probabilistic publickey encryption scheme which hides all partial information  
Jutla  Encryption modes with almost free message integrity  
Hoffstein et al.  Optimizations for NTRU  
US7079651B2 (en)  Cryptographic method and apparatus for nonlinearly merging a data block and a key  
Gligor et al.  Fast encryption and authentication: XCBC encryption and XECB authentication modes  
JP3339688B2 (en)  Nondeterministic Mixture generator stream cipher system  
US5231668A (en)  Digital signature algorithm  
Benaloh  Dense probabilistic encryption  
AU2003296888B2 (en)  Efficient encryption and authentication for data processing systems  
EP1076952B1 (en)  Private key validity and validation  
US5631961A (en)  Device for and method of cryptography that allows third party access  
US5805703A (en)  Method and apparatus for digital signature authentication  
US5600720A (en)  Encryption apparatus, communication system using the same and method therefor  
US7280657B2 (en)  Data encryption and decryption system and method using merged ciphers  
US5142579A (en)  Public key cryptographic system and method  
US6243470B1 (en)  Method and apparatus for advanced symmetric key block cipher with variable length key and block  
JP3782351B2 (en)  Variablelength key encryption system  
CN1054245C (en)  Apparatus and method for data encrypting  
JP4068664B2 (en)  Publickey encryption system to a method and apparatus  
US6058189A (en)  Method and system for performing secure electronic monetary transactions  
Simmons  Subliminal communication is easy using the DSA  
Joux  Algorithmic cryptanalysis  
EP0202768B1 (en)  Technique for reducing rsa crypto variable storage  
US4424414A (en)  Exponentiation cryptographic apparatus and method 
Legal Events
Date  Code  Title  Description 

AK  Designated states 
Kind code of ref document: A1 Designated state(s): AT AU BB BG BR CA CH DE DK ES FI GB HU JP KP KR LK LU MG MN MW NL NO PL RO RU SD SE US 

AL  Designated countries for regional patents 
Kind code of ref document: A1 Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR SN TD TG 

REG  Reference to national code 
Ref country code: DE Ref legal event code: 8642 

122  Ep: pct application nonentry in european phase  
NENP  Nonentry into the national phase in: 
Ref country code: CA 