WO2001074009A1 - Procede de signatures numeriques probabilistes - Google Patents
Procede de signatures numeriques probabilistes Download PDFInfo
- Publication number
- WO2001074009A1 WO2001074009A1 PCT/FR2001/000795 FR0100795W WO0174009A1 WO 2001074009 A1 WO2001074009 A1 WO 2001074009A1 FR 0100795 W FR0100795 W FR 0100795W WO 0174009 A1 WO0174009 A1 WO 0174009A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- signatures
- algorithm
- message
- signature
- probabilistic
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3013—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Definitions
- the present invention relates to a method for generating probabilistic digital signatures in order to allow verification of the integrity of a transmitted message.
- the present invention applies in particular to the field of smart cards with or without contact.
- Such cards in fact constitute secure information carriers and generally include a microcontroller incorporated on an integrated circuit chip.
- a microcontroller has an architecture similar to that of a computer. It includes a processing unit made up of a microprocessor or CPU (from the English Central Processing Unit) associated with different types of memories.
- a non-volatile memory, of ROM type for example, generally comprises at least one program for implementing a signature algorithm.
- the invention applies in particular to algorithms for generating and verifying digital signatures.
- the objective of these algorithms is to calculate one or more integers, in general a pair, called the signature and associated with a given message in order to certify the identity of the signatory and the integrity of the signed message.
- Such algorithms allow on the one hand to generate signatures and on the other hand to verify these signatures.
- the signature is said to be probabilistic when the algorithm calls for a hazard in the generation of the signature, this hazard being secret and regenerated with each new signature. So the same message transmitted by the same user can have several distinct signatures.
- DSA Digital Signature Algonthm
- the generation of the signature was carried out with the secret key x and a secret and different random number k for each signature, and its verification with the public key y.
- the use of the hash function in the generation of the signature is found in almost all the algorithms for generating probabilistic signatures based on a discrete logarithm calculation. It makes it possible to guarantee the non reproducibility of the signature by breaking its linearity.
- this hash function nevertheless has drawbacks because it supposes on the one hand that this function h behaves like a random function, which is not always true, and on the other hand that this function h is implemented in the memory of the integrated circuit chip of the secure device (the chip card for example).
- the code size required for implementing the hash function is very large, around 1 to 2 kilobytes.
- the invention aims to resolve these constraints and proposes a solution which is suitable for microcontrollers having few computing resources.
- the subject of the present invention is a method for generating probabilistic digital signatures which allows to get rid of the hash function, without altering the security of the messages exchanged.
- the invention provides a method for transforming a probabilistic signature algorithm using a hash function into another algorithm which does not use this function.
- the initial probabilistic algorithm is used twice instead of once to sign the message directly, ie the initial message, not hashed. This generates twin signatures associated with the same message.
- the invention relates more particularly to a method of probabilistic digital signatures of a message, between a signatory and a creditor, from an algorithm based on the calculation of a discrete logarithm, characterized in that it consists, for the signatory, to generate at least two signatures of the same message, not hashed, said signatures being calculated by the algorithm by means of the same parameters with public and private key by calling respectively on different hazards, and in that it consists, for the buyer, to verify all the signatures of the said message.
- the probabilistic algorithm is the DSA (Digital Signature Algonthm).
- the probabilistic algorithm is the Schnorr algorithm.
- the invention advantageously applies to any secure device of the smart card type, and in particular to devices comprising an 8-bit microcontroller.
- the method according to the invention has the advantage of eliminating the hash function and thus minimizing the memory occupancy rate.
- the calculation speed is increased, even if a double calculation is required.
- the call to a hash function is delicate on simple 8-bit microcontrollers, inexpensive and increasingly used to contain the manufacturing costs of the devices.
- the method according to the invention makes it possible to guarantee security in the execution of any algorithm for generating probabilistic digital signatures.
- the description refers to the DSA signature algorithm, but also applies to all other probabilistic signature algorithms and their variants such as ElGamal, Schnorr, EC-DSA, Abe-Okamoto, for example which also use the function hash in the generation of signature pairs.
- the method of generating signatures according to the invention is based on the calculation of at least two signatures, which are then said to be twin, of the same initial message m not hashed.
- the signature thus comprises at least two signatures calculated using the same parameters with public key y and private key x by making use respectively of distinct hazards k 1; k 2 , ... k n .
- the signature of the message thus becomes (r 1 , s 1 , r 2 , s 2 , ... r n , s n ), with the n pairs (r ⁇ s (for î going from 1 to n) calculated and checked according to conventional methods for generating and verifying signatures, whether it be the DSA, Schnorr or any other algorithm using a hash function.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Credit Cards Or The Like (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU4425901A AU4425901A (en) | 2000-03-28 | 2001-03-16 | Method for probabilistic digital signatures |
EP01917165A EP1269683A1 (fr) | 2000-03-28 | 2001-03-16 | Procede de signatures numeriques probabilistes |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0003918A FR2807248B1 (fr) | 2000-03-28 | 2000-03-28 | Procede de signatures numeriques probabilistes |
FR00/03918 | 2000-03-28 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001074009A1 true WO2001074009A1 (fr) | 2001-10-04 |
Family
ID=8848578
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2001/000795 WO2001074009A1 (fr) | 2000-03-28 | 2001-03-16 | Procede de signatures numeriques probabilistes |
Country Status (5)
Country | Link |
---|---|
US (1) | US20010056537A1 (fr) |
EP (1) | EP1269683A1 (fr) |
AU (1) | AU4425901A (fr) |
FR (1) | FR2807248B1 (fr) |
WO (1) | WO2001074009A1 (fr) |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5347581A (en) * | 1993-09-15 | 1994-09-13 | Gemplus Developpement | Verification process for a communication system |
US5511121A (en) * | 1994-02-23 | 1996-04-23 | Bell Communications Research, Inc. | Efficient electronic money |
US6292897B1 (en) * | 1997-11-03 | 2001-09-18 | International Business Machines Corporation | Undeniable certificates for digital signature verification |
US6108783A (en) * | 1998-02-11 | 2000-08-22 | International Business Machines Corporation | Chameleon hashing and signatures |
-
2000
- 2000-03-28 FR FR0003918A patent/FR2807248B1/fr not_active Expired - Fee Related
-
2001
- 2001-03-12 US US09/802,968 patent/US20010056537A1/en not_active Abandoned
- 2001-03-16 EP EP01917165A patent/EP1269683A1/fr not_active Withdrawn
- 2001-03-16 WO PCT/FR2001/000795 patent/WO2001074009A1/fr not_active Application Discontinuation
- 2001-03-16 AU AU4425901A patent/AU4425901A/xx active Pending
Non-Patent Citations (3)
Title |
---|
SCHNEIER B.: "Applied Cryptography", 1996, JOHN WILEY & SONS, USA, ISBN: 0-471-12845-7, XP002153952 * |
SCHNORR C P: "EFFICIENT SIGNATURE GENERATION BY SMART CARDS", JOURNAL OF CRYPTOLOGY,US,NEW YORK, NY, vol. 4, 1991, pages 161 - 174, XP002001283 * |
SHAO Z: "SIGNATURE SCHEME BASED ON DISCRETE LOGARITHM WITHOUT USING ONE-WAY HASH FUNCTION", ELECTRONICS LETTERS,IEE STEVENAGE,GB, vol. 34, no. 11, 28 May 1998 (1998-05-28), pages 1079 - 1080, XP000846198, ISSN: 0013-5194 * |
Also Published As
Publication number | Publication date |
---|---|
FR2807248A1 (fr) | 2001-10-05 |
FR2807248B1 (fr) | 2002-06-28 |
US20010056537A1 (en) | 2001-12-27 |
EP1269683A1 (fr) | 2003-01-02 |
AU4425901A (en) | 2001-10-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0656710A1 (fr) | Procédé de génération de signatures DSA avec des appareils portables à bas coûts | |
FR2759226A1 (fr) | Protocole de verification d'une signature numerique | |
EP0661846A1 (fr) | Procédé d'authentification d'au moins un dispositif d'identification par un dispositif de vérification utilisant un protocole à apport nul de connaissance | |
EP1151576B1 (fr) | Procede cryptographique a cles publique et privee | |
FR2807898A1 (fr) | Procede de cryptographie sur courbes elliptiques | |
FR2826811A1 (fr) | Procede d'authentification cryptographique | |
EP0909495B1 (fr) | Procede de cryptographie a cle publique | |
WO1997013342A1 (fr) | Procede de cryptographie a cle publique base sur le logarithme discret | |
EP0666664B1 (fr) | Procédé de signature numérique et d'authentification de messages utilisant un logarithme discret avec un nombre réduit de multiplications modulaires | |
FR2747257A1 (fr) | Procede d'identification et/ou de signature | |
WO2001074009A1 (fr) | Procede de signatures numeriques probabilistes | |
WO2003055134A9 (fr) | Procede cryptographique permettant de repartir la charge entre plusieurs entites et dispositifs pour mettre en oeuvre ce procede | |
EP0980607A1 (fr) | Generateur pseudo-aleatoire base sur une fonction de hachage pour systemes cryptographiques necessitant le tirage d'aleas | |
WO2002005483A1 (fr) | Procede de generation d'une cle electronique a partir d'un nombre premier compris dans un intervalle determine et dispositif de mise en oeuvre du procede | |
EP1520370A1 (fr) | Procede et dispositifs cryptographiques permettant d alleger les calculs au cours de transactions | |
EP1325585A1 (fr) | Procede de transmission accelere de signature electronique | |
WO2001097009A1 (fr) | Procede de calcul cryptographique comportant une routine d'exponentiation modulaire | |
EP1407575A1 (fr) | Procede pour effectuer une tache cryptographique au moyen d'une cle publique | |
FR2797127A1 (fr) | Schemas de signature a base de logarithme discret avec reconstitution partielle ou totale du message | |
FR2713420A1 (fr) | Procédé de génération de signatures DSA avec des appareils portables à bas coûts. | |
WO2003021864A2 (fr) | Procede de reduction de la taille d'une signature rsa ou rabin | |
FR2837335A1 (fr) | Procede et systeme cryptographiques | |
FR2733378A1 (fr) | Procede de generation de signatures numeriques de messages | |
FR2834155A1 (fr) | Procede de generation de cles electroniques cryptographiques et composant correspondant | |
WO2002019613A1 (fr) | Procede de generation de signatures non-repudiables, notamment par un systeme embarque, et systeme embarque pour la mise en oeuvre du procede |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2001917165 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001917165 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2001917165 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |