WO1999023781A1 - Signature verification for elgamal schemes - Google Patents
Signature verification for elgamal schemes Download PDFInfo
- Publication number
- WO1999023781A1 WO1999023781A1 PCT/CA1998/001018 CA9801018W WO9923781A1 WO 1999023781 A1 WO1999023781 A1 WO 1999023781A1 CA 9801018 W CA9801018 W CA 9801018W WO 9923781 A1 WO9923781 A1 WO 9923781A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- signature
- mod
- value
- calculating
- verify
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3013—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
- G06F7/725—Finite field arithmetic over elliptic curves
Definitions
- This invention relates to a method of accelerating digital signature verification operations performed in a finite field and in particular to a method for use with processors having limited computing power.
- One of the functions performed by a cryptosystem is the computation of digital signatures that are used to confirm that a particular party has originated a message and that the contents have not been altered during transmission.
- a widely used set of signature protocols utilizes the ElGamal public key signature scheme that signs a message with the sender's private key. The recipient may then recover the message with the sender's public key.
- the ElGamal scheme gets its security from calculating discrete logarithms in a finite field.
- these cryptosystems can be computationally intensive.
- a digital signature algorithm DSA is a variant of the ElGamal scheme.
- a pair of correspondent entities A and B each create a public key and a corresponding private key.
- the entity A signs a message m of arbitrary length.
- the entity B can verify this signature by using A's public key.
- both the sender, entity A, and the recipient, entity B are required to perform a computationally intensive operations to generate and verify the signature respectively.
- either party has adequate computing power this does not present a particular problem but where one or both the parties have limited computing power, such as in a "Smart card " application, the computations may introduce delays in the signature and verification process.
- the signor is required to verify its own signature.
- a public key cryptographic system the distribution of keys is easier than that of a symmetric key system.
- the integrity of public keys is critical.
- the entities in such a system may use a trusted third party to certify the public key of each entity.
- This third party may be a certifying authority (C A), that has a private signing algorithm S ⁇ and a verification algorithm V ⁇ assumed to be-known by all entities.
- the CA provides a certificate binding the identity of an entity to its public key. This may consist of signing a message consisting of an identifier and the entity's authenticated public key. From time to time however the CA may wish to authenticate or verify its own certificates. Thus in these instances it would be convenient to implement an improved signature verification algorithm to speed up this verification process.
- This invention seeks to provide a digital signature verification method, which may be implemented relatively efficiently by a signor on a processor with limited processing capability, such as a smart card or where frequent verifications are performed such as a certification authority.
- a method of verifying a digital signature generated by a signor in a computer system comprising the steps of: a) in the computer system signing a message m by; b) generating a first signature component by combining at least the element g and the signature parameter k according to a first mathematical function; c) generating a second signature component by mathematically combining the first signature component with the private key d, the message m and the signature parameter k; and the signor verifying the signature by: d) recovering a value k' from the signature without using the public key y, and ; e) utilizing the recovered value k' in the first mathematical function to derive a value r' to verify the signature parameter k and k are equivalent.
- Figure 1 is a schematic representation of a communication system
- Figure 2 is a flow chart showing a signature algorithm according to the present invention.
- a data communication system 10 includes a pair of correspondents, designated as a sender A(12), and a recipient B(14), who are connected by a communication channel 16.
- Each of the correspondents A and B (12,14) includes an encryption unit 18,20 respectively that may process digital information and prepare it for transmission through the channel 16 as will be described below.
- the sender A assembles a data string, which includes amongst others the public key v of the sender, a message m, the sender's short-term public key k and signature S of the sender A.
- the data string is sent over the channel 16 to the intended recipient B, who then verifies the signature using A's public key.
- This public key information may be obtained from a certification authority (CA) 24 or sometimes is set with the message.
- CA generally has a public file of the entity's public key and identification.
- each correspondent A and B creates a public key and corresponding private key.
- the entities A and B select primes p and q such that q divides p-1.
- a g is selected such that it is an element of order q in F p and the group used is ⁇ g°, g 1 , g 2 ,...g q ⁇ ' ⁇ .
- the public key information is (p, q, g, y) and the private key is d
- the public key information is (p, g, y) and the private key is d.
- the recipient B Normally to verify A's signature (r, s) on the message m, the recipient B should obtain A's authentic public key (p, q, g, y), and verify that 0 ⁇ r ⁇ q and 0 ⁇ s ⁇ q.
- the verifier in this case the original signor, has knowledge of p, q, g, y, (m), r and s.
- the verifier need only recover the (secret) per signature value k used and verify this value of k thus obtained in order to verify the signature.
- the value z ⁇ ' is calculated by inverting z mod q.
- k' ⁇ ] s(z ⁇ )modq and calculate /c' by inverting k' '1 modq .
- the signature components are s and e where p is a large public prime, g is a public generator, m is a message, h is a hash function, d is a private key, y - g d mod p is a public key and k is a secret random integer.
- an advantage of the present invention is where a signor signs data which for example may reside on the signors computer. This can be later verified without use of the correponding public key, instead the signor can use its private key to verify the data. This is also very useful for some applications with limited computational power such as smartcards.
- the certifying authority or key distribution centre would sign data frequently before it is installed into the various communications systems and then could verify the signatures later.
- the CA does not require the public key information to verify the signatures but simply uses the private key to verify, as all the other parameters are stored within the secure boundary of the signor.
- a further application is in the verification of software such in pay-per-use software applications.
- the present invention is thus generally concerned with an encryption method and system and particularly an elliptic curve encryption method and system in which finite field elements is multiplied in a processor efficient manner.
- the encryption system can comprise any suitable processor unit such as a suitably programmed general-purpose computer.
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002306468A CA2306468A1 (en) | 1997-10-31 | 1998-11-02 | Signature verification for elgamal schemes |
EP98952457A EP1025674A1 (en) | 1997-10-31 | 1998-11-02 | Signature verification for elgamal schemes |
JP2000519520A JP2001522071A (en) | 1997-10-31 | 1998-11-02 | Signature verification for ElGamal scheme |
AU10154/99A AU1015499A (en) | 1997-10-31 | 1998-11-02 | Signature verification for elgamal schemes |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US96244197A | 1997-10-31 | 1997-10-31 | |
US08/962,441 | 1997-10-31 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1999023781A1 true WO1999023781A1 (en) | 1999-05-14 |
Family
ID=25505878
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA1998/001018 WO1999023781A1 (en) | 1997-10-31 | 1998-11-02 | Signature verification for elgamal schemes |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1025674A1 (en) |
JP (2) | JP4307589B2 (en) |
AU (1) | AU1015499A (en) |
CA (1) | CA2306468A1 (en) |
WO (1) | WO1999023781A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8713321B2 (en) | 2003-10-28 | 2014-04-29 | Certicom Corp. | Method and apparatus for verifiable generation of public keys |
CN110430044A (en) * | 2019-07-10 | 2019-11-08 | 南京工业大学 | A kind of double layer encryption method based on ElGamal encryption |
CN111262707A (en) * | 2020-01-16 | 2020-06-09 | 余志刚 | Digital signature method, verification method, device and storage medium |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4611680B2 (en) * | 2003-07-25 | 2011-01-12 | 株式会社リコー | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM |
JP4712326B2 (en) * | 2003-07-25 | 2011-06-29 | 株式会社リコー | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM |
JP5348148B2 (en) * | 2003-07-25 | 2013-11-20 | 株式会社リコー | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM |
ATE490619T1 (en) | 2004-02-13 | 2010-12-15 | Certicom Corp | ONE-SIDED AUTHENTICATION |
CN103108325B (en) * | 2011-11-10 | 2018-05-18 | 中兴通讯股份有限公司 | A kind of information secure transmission method and system and access service node |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5231668A (en) * | 1991-07-26 | 1993-07-27 | The United States Of America, As Represented By The Secretary Of Commerce | Digital signature algorithm |
EP0639907A1 (en) * | 1993-08-17 | 1995-02-22 | R3 Security Engineering AG | Digital signature method and key agreement method |
US5442707A (en) * | 1992-09-28 | 1995-08-15 | Matsushita Electric Industrial Co., Ltd. | Method for generating and verifying electronic signatures and privacy communication using elliptic curves |
US5475763A (en) * | 1993-07-01 | 1995-12-12 | Digital Equipment Corp., Patent Law Group | Method of deriving a per-message signature for a DSS or El Gamal encryption system |
GB2321834A (en) * | 1997-01-31 | 1998-08-05 | Certicom Corp | Cryptographic signature verification using two private keys. |
-
1998
- 1998-05-14 JP JP13174398A patent/JP4307589B2/en not_active Expired - Lifetime
- 1998-11-02 WO PCT/CA1998/001018 patent/WO1999023781A1/en not_active Application Discontinuation
- 1998-11-02 AU AU10154/99A patent/AU1015499A/en not_active Abandoned
- 1998-11-02 JP JP2000519520A patent/JP2001522071A/en active Pending
- 1998-11-02 EP EP98952457A patent/EP1025674A1/en not_active Withdrawn
- 1998-11-02 CA CA002306468A patent/CA2306468A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5231668A (en) * | 1991-07-26 | 1993-07-27 | The United States Of America, As Represented By The Secretary Of Commerce | Digital signature algorithm |
US5442707A (en) * | 1992-09-28 | 1995-08-15 | Matsushita Electric Industrial Co., Ltd. | Method for generating and verifying electronic signatures and privacy communication using elliptic curves |
US5475763A (en) * | 1993-07-01 | 1995-12-12 | Digital Equipment Corp., Patent Law Group | Method of deriving a per-message signature for a DSS or El Gamal encryption system |
EP0639907A1 (en) * | 1993-08-17 | 1995-02-22 | R3 Security Engineering AG | Digital signature method and key agreement method |
GB2321834A (en) * | 1997-01-31 | 1998-08-05 | Certicom Corp | Cryptographic signature verification using two private keys. |
Non-Patent Citations (3)
Title |
---|
MENEZES A J ET AL: "Elliptic Curve Cryptosystems and Their Implementation", JOURNAL OF CRYPTOLOGY, vol. 6, no. 4, 1992, pages 209 - 224, XP002069135 * |
MIYAJI A: "Elliptic Curves Suitable for Cryptosystems", IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS, COMMUNICATIONS AND COMPUTER SCIENCES, vol. E77-A, no. 1, 1 January 1994 (1994-01-01), pages 98 - 104, XP000439669 * |
SCHNORR C P: "EFFICIENT IDENTIFICATION AND SIGNATURES FOR SMART CARDS", LECTURE NOTES IN COMPUTER SCIENCE, 20 August 1989 (1989-08-20), pages 239 - 252, XP002052048 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8713321B2 (en) | 2003-10-28 | 2014-04-29 | Certicom Corp. | Method and apparatus for verifiable generation of public keys |
US9160530B2 (en) | 2003-10-28 | 2015-10-13 | Certicom Corp. | Method and apparatus for verifiable generation of public keys |
US9240884B2 (en) | 2003-10-28 | 2016-01-19 | Certicom Corp. | Method and apparatus for verifiable generation of public keys |
US9967239B2 (en) | 2003-10-28 | 2018-05-08 | Certicom Corp. | Method and apparatus for verifiable generation of public keys |
CN110430044A (en) * | 2019-07-10 | 2019-11-08 | 南京工业大学 | A kind of double layer encryption method based on ElGamal encryption |
CN111262707A (en) * | 2020-01-16 | 2020-06-09 | 余志刚 | Digital signature method, verification method, device and storage medium |
CN111262707B (en) * | 2020-01-16 | 2023-04-14 | 余志刚 | Digital signature method, verification method, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CA2306468A1 (en) | 1999-05-14 |
JPH11174957A (en) | 1999-07-02 |
AU1015499A (en) | 1999-05-24 |
JP4307589B2 (en) | 2009-08-05 |
JP2001522071A (en) | 2001-11-13 |
EP1025674A1 (en) | 2000-08-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2228185C (en) | Verification protocol | |
US7996676B2 (en) | Masked digital signatures | |
US10326598B2 (en) | Method for generating a message signature from a signature token encrypted by means of a homomorphic encryption function | |
US5600725A (en) | Digital signature method and key agreement method | |
EP2306670B1 (en) | Hybrid digital signature scheme | |
US20140229730A1 (en) | Implicit certificate scheme | |
US9800418B2 (en) | Signature protocol | |
CN100440776C (en) | Elliptic curve signature and signature verification method and apparatus | |
Jeng et al. | An ECC-based blind signature scheme | |
CN112118111A (en) | SM2 digital signature method suitable for threshold calculation | |
Hwang et al. | An untraceable blind signature scheme | |
US6097813A (en) | Digital signature protocol with reduced bandwidth | |
US20150006900A1 (en) | Signature protocol | |
US6499104B1 (en) | Digital signature method | |
WO1999023781A1 (en) | Signature verification for elgamal schemes | |
WO2016187689A1 (en) | Signature protocol | |
US20090138718A1 (en) | Method of generating a signature with "tight" security proof, associated verification method and signature scheme based on the diffie-hellman model | |
CN115174102A (en) | Efficient batch verification method and system based on SM2 signature | |
KR100194638B1 (en) | Additional Digital Signature Method Using Personally Identifiable Information | |
Kwon et al. | Randomization enhanced blind signature schemes based on RSA | |
EP0854603A2 (en) | Generation of session parameters for el gamal-like protocols | |
CA2892318C (en) | Signature protocol | |
Lin et al. | Self-certified proxy convertible authenticated encryption scheme |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
ENP | Entry into the national phase |
Ref document number: 2306468 Country of ref document: CA Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1998952457 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 1998952457 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1998952457 Country of ref document: EP |