WO2001013218A1 - Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique - Google Patents
Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique Download PDFInfo
- Publication number
- WO2001013218A1 WO2001013218A1 PCT/DE2000/002776 DE0002776W WO0113218A1 WO 2001013218 A1 WO2001013218 A1 WO 2001013218A1 DE 0002776 W DE0002776 W DE 0002776W WO 0113218 A1 WO0113218 A1 WO 0113218A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- points
- random numbers
- pseudo random
- generating
- curves
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/582—Pseudo-random number generators
- G06F7/584—Pseudo-random number generators using finite field arithmetic, e.g. using a linear feedback shift register
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
- G06F7/725—Finite field arithmetic over elliptic curves
Definitions
- the invention relates to a method for generating pseudo random numbers and a method for electronic signature.
- Random numbers are required in cryptography to encrypt or sign messages.
- An addition modulo 26 is carried out so that no numbers greater than 25 arise.
- texts are converted into binary numbers and zeros and ones are added modulo 2.
- the recipient subtracts the character stream - modulo 26 or 2 - from the received ciphertext and thereby recovers the plaintext.
- the character stream is generated with the help of random number generators. These used to be based on high-frequency voltage fluctuations in certain pipes, so-called thyratrons, and later on radioactive decay events.
- a disadvantage of the RSA method is that it is too slow for message encryption, since very large numbers - approximately 1000 binary or 300 decimal places - have to be used to ensure adequate security. Such large numbers must be exponentiated with others of the same order of magnitude, which cannot be done quickly enough to encrypt data to be transmitted.
- the RSA method is therefore only used for the encrypted transmission of keys to be kept secret for a conventional method, which then carries out the actual encryption.
- Such methods based on elliptic curves require considerably less computing power with the same security as the RSA method.
- Such methods can be implemented in small computers, e.g. m chip cards. Siemens AG sells a chip card with the brand name SLE44CR80S, which implements a signature process based on elliptical curves.
- Random numbers are again required to generate the keys, the public key that the recipient publishes, and its corresponding private key.
- the invention is therefore based on the object of creating, on the basis of elliptical curves, a method for generating pseudorandom numbers which can be carried out simply and quickly and with which a large amount of high-quality random numbers can be generated.
- the invention is also based on the object of creating a method for electronic signature based on elliptical curves and a corresponding device which require less storage space than known methods and devices for electronic signature based on elliptical curves and which are implemented on small computer systems, in particular chip cards can.
- pairs of points are determined which lie on at least two different elliptical curves over a finite body, and a random number is determined as a function of such a pair of points.
- the method according to the invention for electronic signature combines a known signature method with the method according to the invention for generating pseudo random numbers.
- the same routines or devices can be used both in the signature method and in the generation of the random numbers, as a result of which program code and memory space can be saved considerably.
- pseudorandom numbers generated according to the invention cannot be distinguished from random numbers of a real random generator and can be generated with relatively little computation effort.
- FIG. 6 shows the basic principle of the method according to the invention for generating pseudo random numbers in a flow chart
- FIG. 7 shows the structure of a program for executing a signature method according to the invention.
- Fig. 2 shows an elliptic curve over a finite body.
- Korper defines a "range of numbers" in which one can add, subtract, multiply and divide according to the formal calculation rules known from the rational numbers.
- Finite bodies are, for example, the body GF (p) of the numbers mod p, where p is a prime number, or the body GF (2 n ) of the binary vectors of length n.
- GF stands for "Galois field", which is a synonym for "finite body”.
- FIG. 3 shows the addition of two points P P_ on an elliptic curve over the real numbers
- Point P 3 results.
- the connecting line of the points Pi and P ⁇ is formed and their 3rd intersection is determined with the elliptic curve. This point of intersection is mirrored on the x-axis and gives the result P ⁇ er addition of P : and P_.
- a first elliptic curve E over the body GF (p) is given by the following equation:
- p is a prime number with 160 bits.
- the group order of an elliptic curve is the number of elements of the point group, i.e. the number of solutions of the defining equation of the elliptic curve E via GF (p).
- the size of the group orders and their maximum prime divisors thus represents a quality feature of the method according to the invention, the group orders preferably being at least 2 100 or better 2 130 .
- the curve E ' isogenic to the curve E, that is, when the course
- q ' is a prime number with a length of 152 bits.
- Step S1 from FIG. 5 is completed by determining the elliptic curves E, E ', the points P, P' and the starting values s, s'.
- the procedure now goes to step S2, in which the points P, P 'are multiplied by s or s', the result being referred to as PA or PA'.
- the multiplication is carried out as an s-fold or s-fold addition according to FIG. 3.
- step S2 the points PA and PA 'are also sent to the
- Pass step S4 in which the points P, P 'remain unchanged and s or s' is increased by one.
- step S4 the process flow goes back to step S2, at which new points PA and PA 'are again formed, which are then passed back to step S3 for calculating further random bits and to step S4.
- This process sequence can be repeated many times, with new random bits being generated again and again.
- the inventors of the present invention have generated 20 x one million random bits using the above-described method for generating random numbers and have subjected these random bits to various statistical tests. With ⁇ en tests no deviations from real random bits could be determined.
- step S3 the random number Z is determined from the two points PA and PA ', which originate from different elliptic curves E and E'. Linking these two points PA and PA 'ensures that the pseudorandom numbers generated cannot be used to determine the points P and P on which the calculation of the points PA and PA' is based by means of discrete logarithms. From the result from S3 it is therefore not possible to refer to the method for generating the points PA, PA ' steps S1, S2 and S4 are closed, which is shown by the dashed line in FIG. 5.
- the invention is not restricted to the exemplary embodiment shown in FIG. 5.
- the two x coordinates are linked by an addition modulo p.
- x and y coordinates are linked by an addition modulo p.
- x and y coordinates are linked by an addition modulo p.
- x and y coordinates it is also possible that instead of fixed elliptic curves E, E 'with points P, P' after each calculation of PA and PA 'new curves E *, E *' and points P *, P * ' be determined, which are used to calculate the next points PA * and PA * '.
- the values s, s' can also be changed as desired.
- the values s, s' are integers. At the beginning of the method, they can be generated, for example, with a simple random generator that does not have to meet high standards.
- 6 shows the basic principle of the present invention, which has a loop consisting of steps S5 and S6, wherein in step S5 two elliptic curves E, E ', two points P, P' on the two curves and two starting values s, s' can be selected. In step S6, the points P, P 'are multiplied by s and s', respectively, resulting in PA and PA'. Each time the loop S5, S6 is repeated, at least one of the pairs E, E 'or P, P' or s, s' is changed. It is also possible to change two or all 3 pairs according to a rule to be defined.
- the program consists of a part P1 for carrying out the signature method, which uses a program part P2 with which multiplications on elliptic curves over finite bodies are carried out.
- the program part P1 is supplied with a random number by a further program part P3, the program part P3 again using the program part P2 for multiplying on elliptic curves.
- a data input stream I and a data output stream 0 are shown on the program part P1, the data input stream being a message to be signed and the data output stream being the signature.
- the program part P1 can output its private and public key at the data output stream 0.
- program part P1 corresponds to the signature methods and devices known per se based on elliptical curves.
- the method according to the invention can be used in particular in computing devices with a lower computing capacity, such as Chip cards are used because the corresponding program code is extremely compact and the length of the numbers to be processed is significantly shorter than with an RSA procedure of the same security level.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Computational Mathematics (AREA)
- Algebra (AREA)
- Mathematical Physics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Compression, Expansion, Code Conversion, And Decoders (AREA)
Abstract
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002381937A CA2381937A1 (fr) | 1999-08-18 | 2000-08-16 | Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique |
JP2001517250A JP2003507761A (ja) | 1999-08-18 | 2000-08-16 | 擬似乱数の形成方法および電子署名方法 |
EP00958257A EP1222527A1 (fr) | 1999-08-18 | 2000-08-16 | Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19939059.2 | 1999-08-18 | ||
DE19939059 | 1999-08-18 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001013218A1 true WO2001013218A1 (fr) | 2001-02-22 |
Family
ID=7918727
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE2000/002776 WO2001013218A1 (fr) | 1999-08-18 | 2000-08-16 | Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1222527A1 (fr) |
JP (1) | JP2003507761A (fr) |
CA (1) | CA2381937A1 (fr) |
WO (1) | WO2001013218A1 (fr) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2897451A1 (fr) * | 2006-02-13 | 2007-08-17 | France Telecom | Dispositif et procede de cryptographie pour generer des nombres pseudo-aletoires |
EP1844392A1 (fr) * | 2005-01-21 | 2007-10-17 | Certicom Corp. | Generation de nombre aleatoire par courbe elliptique |
US8218773B2 (en) | 2004-04-02 | 2012-07-10 | Research In Motion Limited | Systems and methods to securely generate shared keys |
US8923513B2 (en) | 2008-08-11 | 2014-12-30 | Assa Abloy Ab | Secure wiegand communications |
US10452877B2 (en) | 2016-12-16 | 2019-10-22 | Assa Abloy Ab | Methods to combine and auto-configure wiegand and RS485 |
DE102006017911B4 (de) | 2006-04-18 | 2023-01-26 | creditPass GmbH | Elektronisches Bezahlsystem und Verfahren zum Ausführen eines Bezahlvorgangs |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2256702A1 (fr) | 2009-05-28 | 2010-12-01 | Dmitri Pakhomov | Écriture de carte portable, système de carte et procédé d'utilisation d'une écriture de carte portable |
-
2000
- 2000-08-16 CA CA002381937A patent/CA2381937A1/fr not_active Abandoned
- 2000-08-16 EP EP00958257A patent/EP1222527A1/fr not_active Withdrawn
- 2000-08-16 WO PCT/DE2000/002776 patent/WO2001013218A1/fr not_active Application Discontinuation
- 2000-08-16 JP JP2001517250A patent/JP2003507761A/ja not_active Withdrawn
Non-Patent Citations (2)
Title |
---|
KALISKI B S JR: "One-way permutations on elliptic curves", JOURNAL OF CRYPTOLOGY, 1991, USA, vol. 3, no. 3, pages 187 - 199, XP000972491, ISSN: 0933-2790 * |
KALISKI B S: "A PSEUDO-RANDOM BIT GENERATOR BASED ON ELLIPTIC LOGARITHMS", PROCEEDINGS OF THE CONFERENCE ON THEORY AND APPLICATIONS OF CRYPTOGRAPHIC TECHNIQUES (CRYPTO),DE,BERLIN, SPRINGER, vol. CONF. 6, 1986, pages 84 - 103, XP000090665 * |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8218773B2 (en) | 2004-04-02 | 2012-07-10 | Research In Motion Limited | Systems and methods to securely generate shared keys |
US8693695B2 (en) | 2004-04-02 | 2014-04-08 | Blackberry Limited | Systems and methods to securely generate shared keys |
US11876901B2 (en) | 2005-01-21 | 2024-01-16 | Malikie Innovations Limited | Elliptic curve random number generation |
EP1844392A4 (fr) * | 2005-01-21 | 2009-12-16 | Certicom Corp | Generation de nombre aleatoire par courbe elliptique |
EP1844392A1 (fr) * | 2005-01-21 | 2007-10-17 | Certicom Corp. | Generation de nombre aleatoire par courbe elliptique |
US8396213B2 (en) | 2005-01-21 | 2013-03-12 | Certicom Corp. | Elliptic curve random number generation |
US11477019B2 (en) | 2005-01-21 | 2022-10-18 | Blackberry Limited | Elliptic curve random number generation |
US8948388B2 (en) | 2005-01-21 | 2015-02-03 | Certicom Corp. | Elliptic curve random number generation |
US10243734B2 (en) | 2005-01-21 | 2019-03-26 | Certicom Corp. | Elliptic curve random number generation |
US10756893B2 (en) | 2005-01-21 | 2020-08-25 | Blackberry Limited | Elliptic curve random number generation |
WO2007093723A3 (fr) * | 2006-02-13 | 2007-10-25 | France Telecom | Dispositif et procede de cryptographie pour generer des nombres pseudo-aleatoires |
WO2007093723A2 (fr) * | 2006-02-13 | 2007-08-23 | France Telecom | Dispositif et procede de cryptographie pour generer des nombres pseudo-aleatoires |
FR2897451A1 (fr) * | 2006-02-13 | 2007-08-17 | France Telecom | Dispositif et procede de cryptographie pour generer des nombres pseudo-aletoires |
DE102006017911B4 (de) | 2006-04-18 | 2023-01-26 | creditPass GmbH | Elektronisches Bezahlsystem und Verfahren zum Ausführen eines Bezahlvorgangs |
US8923513B2 (en) | 2008-08-11 | 2014-12-30 | Assa Abloy Ab | Secure wiegand communications |
US8943562B2 (en) | 2008-08-11 | 2015-01-27 | Assa Abloy Ab | Secure Wiegand communications |
US10452877B2 (en) | 2016-12-16 | 2019-10-22 | Assa Abloy Ab | Methods to combine and auto-configure wiegand and RS485 |
Also Published As
Publication number | Publication date |
---|---|
CA2381937A1 (fr) | 2001-02-22 |
JP2003507761A (ja) | 2003-02-25 |
EP1222527A1 (fr) | 2002-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69434422T2 (de) | Verfahren und Anordnung zur Verschlüsselung/Entschlüsselung auf der Basis des Montgomery-Verfahrens unter Verwendung von effizienter modularer Multiplikation | |
DE69929251T2 (de) | Verschlüsselungssystem mit einem schlüssel veränderlicher länge | |
DE69534603T2 (de) | Verschlüsselungssystem für elliptische kurve | |
DE60217260T2 (de) | Datenverarbeitungs- und Verschlüsselungseinheit | |
CH660822A5 (de) | Zufallsprimzahlen-erzeugungsmittel in einer mit oeffentlichem schluessel arbeitenden daten-verschluesselungsanlage. | |
DE102005028662B4 (de) | Verfahren und Vorrichtung zum Berechnen einer Polynom-Multiplikation, insbesondere für die elliptische Kurven-Kryptographie | |
DE69433257T2 (de) | Verfahren und Kommunikationssystem unter Verwendung einer Verschlüsselungseinrichtung | |
DE69920875T2 (de) | Vorrichtung und Verfahren zum Berechnen einer digitalen Unterschrift | |
DE60031304T3 (de) | Verfahren zur authentifizierung von softwarebenutzern | |
DE69838258T2 (de) | Public-Key-Datenübertragungssysteme | |
DE69935455T2 (de) | Kryptographisches verfahren unter verwendung eines öffentlichen und eines privaten schlüssels | |
DE102008061483A1 (de) | Verfahren und Vorrichtung zum Verarbeiten von Daten | |
DE3203412A1 (de) | Schnelles oeffentliches realzeit-verschluesselungssystem | |
DE2843583A1 (de) | Verfahren und vorrichtung zum entschluesseln verschluesselter nachrichten | |
EP1298834B1 (fr) | Procédé et dispositif de chiffrement et de déchiffrement des données | |
DE102017117907A1 (de) | Durchführen einer kryptografischen Operation | |
DE69333257T2 (de) | Anlage für Signalschaltung und -verarbeitung | |
DE69735290T2 (de) | Verfahren zur unsymmetrischen kryptographischen kommunikation und zugehöriger tragbarer gegenstand | |
DE10304451B3 (de) | Modulare Exponentiation mit randomisiertem Exponenten | |
DE10141460A1 (de) | Potenzrestberechnungseinheit unter Verwendung eines Montgomery-Algorithmus | |
EP1222527A1 (fr) | Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique | |
DE69633253T2 (de) | Kryptographisches verfahren mit öffentlichem schlüssel | |
EP1342153B1 (fr) | Procede et dispositif pour produire une sequence pseudo-aleatoire au moyen d'un logarithme discret | |
EP1999571B1 (fr) | Procédé et dispositif de réduction d'un polynôme dans un champ fini binaire, en particulier dans le cadre d'une application cryptographique | |
DE10248006B4 (de) | Verfahren und Vorrichtung zum Verschlüsseln von Daten |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): CA JP US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2000958257 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2381937 Country of ref document: CA |
|
WWP | Wipo information: published in national office |
Ref document number: 2000958257 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2000958257 Country of ref document: EP |