WO2001013218A1 - Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique - Google Patents

Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique Download PDF

Info

Publication number
WO2001013218A1
WO2001013218A1 PCT/DE2000/002776 DE0002776W WO0113218A1 WO 2001013218 A1 WO2001013218 A1 WO 2001013218A1 DE 0002776 W DE0002776 W DE 0002776W WO 0113218 A1 WO0113218 A1 WO 0113218A1
Authority
WO
WIPO (PCT)
Prior art keywords
points
random numbers
pseudo random
generating
curves
Prior art date
Application number
PCT/DE2000/002776
Other languages
German (de)
English (en)
Inventor
Erwin Hess
Pascale Serf
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Priority to CA002381937A priority Critical patent/CA2381937A1/fr
Priority to JP2001517250A priority patent/JP2003507761A/ja
Priority to EP00958257A priority patent/EP1222527A1/fr
Publication of WO2001013218A1 publication Critical patent/WO2001013218A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/582Pseudo-random number generators
    • G06F7/584Pseudo-random number generators using finite field arithmetic, e.g. using a linear feedback shift register
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/724Finite field arithmetic
    • G06F7/725Finite field arithmetic over elliptic curves

Definitions

  • the invention relates to a method for generating pseudo random numbers and a method for electronic signature.
  • Random numbers are required in cryptography to encrypt or sign messages.
  • An addition modulo 26 is carried out so that no numbers greater than 25 arise.
  • texts are converted into binary numbers and zeros and ones are added modulo 2.
  • the recipient subtracts the character stream - modulo 26 or 2 - from the received ciphertext and thereby recovers the plaintext.
  • the character stream is generated with the help of random number generators. These used to be based on high-frequency voltage fluctuations in certain pipes, so-called thyratrons, and later on radioactive decay events.
  • a disadvantage of the RSA method is that it is too slow for message encryption, since very large numbers - approximately 1000 binary or 300 decimal places - have to be used to ensure adequate security. Such large numbers must be exponentiated with others of the same order of magnitude, which cannot be done quickly enough to encrypt data to be transmitted.
  • the RSA method is therefore only used for the encrypted transmission of keys to be kept secret for a conventional method, which then carries out the actual encryption.
  • Such methods based on elliptic curves require considerably less computing power with the same security as the RSA method.
  • Such methods can be implemented in small computers, e.g. m chip cards. Siemens AG sells a chip card with the brand name SLE44CR80S, which implements a signature process based on elliptical curves.
  • Random numbers are again required to generate the keys, the public key that the recipient publishes, and its corresponding private key.
  • the invention is therefore based on the object of creating, on the basis of elliptical curves, a method for generating pseudorandom numbers which can be carried out simply and quickly and with which a large amount of high-quality random numbers can be generated.
  • the invention is also based on the object of creating a method for electronic signature based on elliptical curves and a corresponding device which require less storage space than known methods and devices for electronic signature based on elliptical curves and which are implemented on small computer systems, in particular chip cards can.
  • pairs of points are determined which lie on at least two different elliptical curves over a finite body, and a random number is determined as a function of such a pair of points.
  • the method according to the invention for electronic signature combines a known signature method with the method according to the invention for generating pseudo random numbers.
  • the same routines or devices can be used both in the signature method and in the generation of the random numbers, as a result of which program code and memory space can be saved considerably.
  • pseudorandom numbers generated according to the invention cannot be distinguished from random numbers of a real random generator and can be generated with relatively little computation effort.
  • FIG. 6 shows the basic principle of the method according to the invention for generating pseudo random numbers in a flow chart
  • FIG. 7 shows the structure of a program for executing a signature method according to the invention.
  • Fig. 2 shows an elliptic curve over a finite body.
  • Korper defines a "range of numbers" in which one can add, subtract, multiply and divide according to the formal calculation rules known from the rational numbers.
  • Finite bodies are, for example, the body GF (p) of the numbers mod p, where p is a prime number, or the body GF (2 n ) of the binary vectors of length n.
  • GF stands for "Galois field", which is a synonym for "finite body”.
  • FIG. 3 shows the addition of two points P P_ on an elliptic curve over the real numbers
  • Point P 3 results.
  • the connecting line of the points Pi and P ⁇ is formed and their 3rd intersection is determined with the elliptic curve. This point of intersection is mirrored on the x-axis and gives the result P ⁇ er addition of P : and P_.
  • a first elliptic curve E over the body GF (p) is given by the following equation:
  • p is a prime number with 160 bits.
  • the group order of an elliptic curve is the number of elements of the point group, i.e. the number of solutions of the defining equation of the elliptic curve E via GF (p).
  • the size of the group orders and their maximum prime divisors thus represents a quality feature of the method according to the invention, the group orders preferably being at least 2 100 or better 2 130 .
  • the curve E ' isogenic to the curve E, that is, when the course
  • q ' is a prime number with a length of 152 bits.
  • Step S1 from FIG. 5 is completed by determining the elliptic curves E, E ', the points P, P' and the starting values s, s'.
  • the procedure now goes to step S2, in which the points P, P 'are multiplied by s or s', the result being referred to as PA or PA'.
  • the multiplication is carried out as an s-fold or s-fold addition according to FIG. 3.
  • step S2 the points PA and PA 'are also sent to the
  • Pass step S4 in which the points P, P 'remain unchanged and s or s' is increased by one.
  • step S4 the process flow goes back to step S2, at which new points PA and PA 'are again formed, which are then passed back to step S3 for calculating further random bits and to step S4.
  • This process sequence can be repeated many times, with new random bits being generated again and again.
  • the inventors of the present invention have generated 20 x one million random bits using the above-described method for generating random numbers and have subjected these random bits to various statistical tests. With ⁇ en tests no deviations from real random bits could be determined.
  • step S3 the random number Z is determined from the two points PA and PA ', which originate from different elliptic curves E and E'. Linking these two points PA and PA 'ensures that the pseudorandom numbers generated cannot be used to determine the points P and P on which the calculation of the points PA and PA' is based by means of discrete logarithms. From the result from S3 it is therefore not possible to refer to the method for generating the points PA, PA ' steps S1, S2 and S4 are closed, which is shown by the dashed line in FIG. 5.
  • the invention is not restricted to the exemplary embodiment shown in FIG. 5.
  • the two x coordinates are linked by an addition modulo p.
  • x and y coordinates are linked by an addition modulo p.
  • x and y coordinates are linked by an addition modulo p.
  • x and y coordinates it is also possible that instead of fixed elliptic curves E, E 'with points P, P' after each calculation of PA and PA 'new curves E *, E *' and points P *, P * ' be determined, which are used to calculate the next points PA * and PA * '.
  • the values s, s' can also be changed as desired.
  • the values s, s' are integers. At the beginning of the method, they can be generated, for example, with a simple random generator that does not have to meet high standards.
  • 6 shows the basic principle of the present invention, which has a loop consisting of steps S5 and S6, wherein in step S5 two elliptic curves E, E ', two points P, P' on the two curves and two starting values s, s' can be selected. In step S6, the points P, P 'are multiplied by s and s', respectively, resulting in PA and PA'. Each time the loop S5, S6 is repeated, at least one of the pairs E, E 'or P, P' or s, s' is changed. It is also possible to change two or all 3 pairs according to a rule to be defined.
  • the program consists of a part P1 for carrying out the signature method, which uses a program part P2 with which multiplications on elliptic curves over finite bodies are carried out.
  • the program part P1 is supplied with a random number by a further program part P3, the program part P3 again using the program part P2 for multiplying on elliptic curves.
  • a data input stream I and a data output stream 0 are shown on the program part P1, the data input stream being a message to be signed and the data output stream being the signature.
  • the program part P1 can output its private and public key at the data output stream 0.
  • program part P1 corresponds to the signature methods and devices known per se based on elliptical curves.
  • the method according to the invention can be used in particular in computing devices with a lower computing capacity, such as Chip cards are used because the corresponding program code is extremely compact and the length of the numbers to be processed is significantly shorter than with an RSA procedure of the same security level.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Computational Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Physics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)

Abstract

L'invention concerne un procédé destiné à générer des nombres pseudo-aléatoires et un procédé de signature électronique. Le procédé selon l'invention destiné à générer des nombres pseudo-aléatoires consiste à déterminer des points sur au moins deux courbes elliptiques différentes, et à créer à chaque fois un nombre pseudo-aléatoire par association des points. L'association des points de différentes courbes elliptiques en un nombre pseudo-aléatoire ne permet pas de déduire les courbes elliptiques individuelles à partir des nombres pseudo-aléatoires ainsi créés, par conséquent, la sécurité cryptographique du procédé selon l'invention est augmentée de manière considérable, étant donné que le calcul de logarithmes discrets est rendu impossible.
PCT/DE2000/002776 1999-08-18 2000-08-16 Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique WO2001013218A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CA002381937A CA2381937A1 (fr) 1999-08-18 2000-08-16 Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique
JP2001517250A JP2003507761A (ja) 1999-08-18 2000-08-16 擬似乱数の形成方法および電子署名方法
EP00958257A EP1222527A1 (fr) 1999-08-18 2000-08-16 Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE19939059.2 1999-08-18
DE19939059 1999-08-18

Publications (1)

Publication Number Publication Date
WO2001013218A1 true WO2001013218A1 (fr) 2001-02-22

Family

ID=7918727

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2000/002776 WO2001013218A1 (fr) 1999-08-18 2000-08-16 Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique

Country Status (4)

Country Link
EP (1) EP1222527A1 (fr)
JP (1) JP2003507761A (fr)
CA (1) CA2381937A1 (fr)
WO (1) WO2001013218A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2897451A1 (fr) * 2006-02-13 2007-08-17 France Telecom Dispositif et procede de cryptographie pour generer des nombres pseudo-aletoires
EP1844392A1 (fr) * 2005-01-21 2007-10-17 Certicom Corp. Generation de nombre aleatoire par courbe elliptique
US8218773B2 (en) 2004-04-02 2012-07-10 Research In Motion Limited Systems and methods to securely generate shared keys
US8923513B2 (en) 2008-08-11 2014-12-30 Assa Abloy Ab Secure wiegand communications
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485
DE102006017911B4 (de) 2006-04-18 2023-01-26 creditPass GmbH Elektronisches Bezahlsystem und Verfahren zum Ausführen eines Bezahlvorgangs

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2256702A1 (fr) 2009-05-28 2010-12-01 Dmitri Pakhomov Écriture de carte portable, système de carte et procédé d'utilisation d'une écriture de carte portable

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
KALISKI B S JR: "One-way permutations on elliptic curves", JOURNAL OF CRYPTOLOGY, 1991, USA, vol. 3, no. 3, pages 187 - 199, XP000972491, ISSN: 0933-2790 *
KALISKI B S: "A PSEUDO-RANDOM BIT GENERATOR BASED ON ELLIPTIC LOGARITHMS", PROCEEDINGS OF THE CONFERENCE ON THEORY AND APPLICATIONS OF CRYPTOGRAPHIC TECHNIQUES (CRYPTO),DE,BERLIN, SPRINGER, vol. CONF. 6, 1986, pages 84 - 103, XP000090665 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8218773B2 (en) 2004-04-02 2012-07-10 Research In Motion Limited Systems and methods to securely generate shared keys
US8693695B2 (en) 2004-04-02 2014-04-08 Blackberry Limited Systems and methods to securely generate shared keys
US11876901B2 (en) 2005-01-21 2024-01-16 Malikie Innovations Limited Elliptic curve random number generation
EP1844392A4 (fr) * 2005-01-21 2009-12-16 Certicom Corp Generation de nombre aleatoire par courbe elliptique
EP1844392A1 (fr) * 2005-01-21 2007-10-17 Certicom Corp. Generation de nombre aleatoire par courbe elliptique
US8396213B2 (en) 2005-01-21 2013-03-12 Certicom Corp. Elliptic curve random number generation
US11477019B2 (en) 2005-01-21 2022-10-18 Blackberry Limited Elliptic curve random number generation
US8948388B2 (en) 2005-01-21 2015-02-03 Certicom Corp. Elliptic curve random number generation
US10243734B2 (en) 2005-01-21 2019-03-26 Certicom Corp. Elliptic curve random number generation
US10756893B2 (en) 2005-01-21 2020-08-25 Blackberry Limited Elliptic curve random number generation
WO2007093723A3 (fr) * 2006-02-13 2007-10-25 France Telecom Dispositif et procede de cryptographie pour generer des nombres pseudo-aleatoires
WO2007093723A2 (fr) * 2006-02-13 2007-08-23 France Telecom Dispositif et procede de cryptographie pour generer des nombres pseudo-aleatoires
FR2897451A1 (fr) * 2006-02-13 2007-08-17 France Telecom Dispositif et procede de cryptographie pour generer des nombres pseudo-aletoires
DE102006017911B4 (de) 2006-04-18 2023-01-26 creditPass GmbH Elektronisches Bezahlsystem und Verfahren zum Ausführen eines Bezahlvorgangs
US8923513B2 (en) 2008-08-11 2014-12-30 Assa Abloy Ab Secure wiegand communications
US8943562B2 (en) 2008-08-11 2015-01-27 Assa Abloy Ab Secure Wiegand communications
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485

Also Published As

Publication number Publication date
CA2381937A1 (fr) 2001-02-22
JP2003507761A (ja) 2003-02-25
EP1222527A1 (fr) 2002-07-17

Similar Documents

Publication Publication Date Title
DE69434422T2 (de) Verfahren und Anordnung zur Verschlüsselung/Entschlüsselung auf der Basis des Montgomery-Verfahrens unter Verwendung von effizienter modularer Multiplikation
DE69929251T2 (de) Verschlüsselungssystem mit einem schlüssel veränderlicher länge
DE69534603T2 (de) Verschlüsselungssystem für elliptische kurve
DE60217260T2 (de) Datenverarbeitungs- und Verschlüsselungseinheit
CH660822A5 (de) Zufallsprimzahlen-erzeugungsmittel in einer mit oeffentlichem schluessel arbeitenden daten-verschluesselungsanlage.
DE102005028662B4 (de) Verfahren und Vorrichtung zum Berechnen einer Polynom-Multiplikation, insbesondere für die elliptische Kurven-Kryptographie
DE69433257T2 (de) Verfahren und Kommunikationssystem unter Verwendung einer Verschlüsselungseinrichtung
DE69920875T2 (de) Vorrichtung und Verfahren zum Berechnen einer digitalen Unterschrift
DE60031304T3 (de) Verfahren zur authentifizierung von softwarebenutzern
DE69838258T2 (de) Public-Key-Datenübertragungssysteme
DE69935455T2 (de) Kryptographisches verfahren unter verwendung eines öffentlichen und eines privaten schlüssels
DE102008061483A1 (de) Verfahren und Vorrichtung zum Verarbeiten von Daten
DE3203412A1 (de) Schnelles oeffentliches realzeit-verschluesselungssystem
DE2843583A1 (de) Verfahren und vorrichtung zum entschluesseln verschluesselter nachrichten
EP1298834B1 (fr) Procédé et dispositif de chiffrement et de déchiffrement des données
DE102017117907A1 (de) Durchführen einer kryptografischen Operation
DE69333257T2 (de) Anlage für Signalschaltung und -verarbeitung
DE69735290T2 (de) Verfahren zur unsymmetrischen kryptographischen kommunikation und zugehöriger tragbarer gegenstand
DE10304451B3 (de) Modulare Exponentiation mit randomisiertem Exponenten
DE10141460A1 (de) Potenzrestberechnungseinheit unter Verwendung eines Montgomery-Algorithmus
EP1222527A1 (fr) Procede destine a generer des nombres pseudo-aleatoires et procede de signature electronique
DE69633253T2 (de) Kryptographisches verfahren mit öffentlichem schlüssel
EP1342153B1 (fr) Procede et dispositif pour produire une sequence pseudo-aleatoire au moyen d'un logarithme discret
EP1999571B1 (fr) Procédé et dispositif de réduction d'un polynôme dans un champ fini binaire, en particulier dans le cadre d'une application cryptographique
DE10248006B4 (de) Verfahren und Vorrichtung zum Verschlüsseln von Daten

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2000958257

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2381937

Country of ref document: CA

WWP Wipo information: published in national office

Ref document number: 2000958257

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2000958257

Country of ref document: EP