WO2002028010A1 - Procede d'encodage de messages longs pour schemas de signature electronique a base de rsa - Google Patents
Procede d'encodage de messages longs pour schemas de signature electronique a base de rsa Download PDFInfo
- Publication number
- WO2002028010A1 WO2002028010A1 PCT/FR2001/002983 FR0102983W WO0228010A1 WO 2002028010 A1 WO2002028010 A1 WO 2002028010A1 FR 0102983 W FR0102983 W FR 0102983W WO 0228010 A1 WO0228010 A1 WO 0228010A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message
- bits
- size
- taking
- variable
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Definitions
- the present invention relates to a method • encoding long messages for electronic signature schemes based on RSA.
- the term “secure channel” is understood to mean a channel for which it is impossible to know or modify the information which passes through said channel. Such a secure channel can be achieved by a cable connecting two terminals, owned by the two said people.
- Public key cryptography solves the problem of. distribution of keys through an unsecured channel.
- the principle of public key cryptography consists in using a pair of keys, a public encryption key and a private decryption key. It must be computationally infeasible to find the private decryption key from the public encryption key.
- a person A wishing to communicate information to a person B uses the public encryption key of person B. Only person B has the private key associated with his public key. Only person B is therefore capable of deciphering the message addressed to him.
- Another advantage of public key cryptography over secret key cryptography is that public key cryptography allows authentication by the use of electronic signature.
- This encryption system is based on the difficulty of the problem of the sum of subsets
- This encryption system is based on the theory of algebraic codes. It is based on the problem of decoding linear codes;
- This encryption system is based on the difficulty of the discrete logarithm in a finite body
- the elliptic curve encryption system constitutes a modification of existing cryptographic systems to apply them to the domain of elliptic curves.
- the advantage of elliptical curve encryption systems is that they require a smaller key size than other encryption systems.
- the RSA encryption system is the most widely used public key encryption system. It can be used as an encryption method or as a signature method.
- the RSA encryption system is used in smart cards, for certain applications of them. Possible applications of RSA on a smart card are access to databases, banking applications, remote payment applications such as pay TV, gas distribution or payment of tolls. highway.
- the first part is the generation of the RSA key.
- Each user creates an RSA public key and a corresponding private key, according to the following 5-step process:
- the integers e and - d are called respectively encryption exponent and decryption exponent.
- the integer n is called the module.
- the second part consists in the encryption of a clear message noted m by means of an algorithm with Km ⁇ n into an encrypted message noted c which is the following:
- the third part consists in decrypting an encrypted message using the private exponent of decryption by means of an algorithm.
- the algorithm for decrypting an encrypted message denoted c with Kc ⁇ n into a clear message denoted m is as follows:
- the RSA system can also be used to generate electronic signatures.
- the principle of an electronic signature scheme based on the RSA system can generally be defined in three parts:
- the first part is the generation of the RSA key, using the method described in the first part of the RSA system described above;
- the second part is the generation of the signature.
- the process involves taking input the message M to sign, to apply an encoding using a ⁇ function to obtain the character string ⁇ (M), and to apply the decryption method of the third part of the RSA system described above.
- ⁇ the character string
- the third part is the verification of the signature.
- the method consists in taking as input the message M to be signed and the signature s to be verified, in applying an encoding to the message M using a function ⁇ to obtain the character string ⁇ (M), in applying to the signature s the method of encryption described in the second part of the RSA system, and to verify that the result obtained is equal to ⁇ (M).
- the signature s of the message M is valid, and otherwise it is false.
- An example of an encoding process is the process described in the standard "ISO / IEC 9796-2, Information Technology - Security techniques - Digital signature scheme giving message recovery, Part 2: - Mechanisms using a hash-function, 1997".
- Another example of an encoding method is the encoding method described in the "RSA" standard. Laboboratories, PKCS # 1: RSA cryptography specifications, version 2.0, September 1998 ”. These two encoding methods allow messages of arbitrarily long size to be signed.
- a hash function is a function taking an input message of arbitrarily long size and returning as output a character string of fixed size.
- the disadvantage is that it is not possible in the current state of knowledge to rigorously prove the security of such hash functions. . It is therefore not possible to rigorously prove the security of the two encoding methods mentioned above.
- the method of the invention consists of a method making it possible to carry out an encoding function taking arbitrarily long messages as input, from an encoding function taking as input messages of limited size.
- the method of the invention exclusively uses operations of the arithmetic type, for which it is possible to rigorously prove security.
- the invention comprises 2 separate methods performing an encoding function, said encoding function taking arbitrarily long messages as input, from an encoding function taking messages of limited size as input.
- the first method of the invention uses a single RSA module N as defined in the first part of the RSA system described above.
- the first method of the invention uses an input encoding function ⁇ taking a message of size limited to k + 1 bits, k being an integer parameter, and returning as an output a string 'size character exactly k bits.
- the first method of the invention takes as an input an integer parameter comprised between 0 and k-1.
- the first method of the invention consists in defining a new encoding function ⁇ 'taking as input a message of size at most (2 ⁇ a) * (ka) bits and returning as output a message of size k bits.
- the second method of the invention consists in using two distinct modules NI and N2, said modules being as defined in the first part of the RSA system described above.
- the second method of the invention uses two encoding functions ⁇ l and ⁇ 2 taking as input a message of size kl and k2, respectively, and returning as output a message of size kl 'and k2', respectively.
- the second method of the invention takes as an input an integer parameter between 0 and k-1.
- the second method of the invention consists in defining a new encoding function ⁇ 'taking as input a message of size at most (2 A a) * (kl-a) bits and returning as output a message of size k2' bits .
- an encoding function ⁇ taking as input a message of size (2 ⁇ a) * (kl-a) and returning as output a message of size k2' bits.
- the calculations are carried out using the RSA N2 module.
- the advantage of the second method of the invention over the first method of the invention is that it offers more flexibility in the choice of the encoding function ⁇ . Indeed, in the first method, the constraint was that ⁇ is an encoding function from k + 1 bits to k bits. This constraint does not exist in the second method of the invention.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
- Compression, Expansion, Code Conversion, And Decoders (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001292003A AU2001292003A1 (en) | 2000-09-28 | 2001-09-26 | Method for encoding long messages for rsa electronic signature schemes |
EP01972217A EP1325584A1 (fr) | 2000-09-28 | 2001-09-26 | Procede d'encodage de messages longs pour schemas de signature electronique a base de rsa |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR00/12351 | 2000-09-28 | ||
FR0012351A FR2814619B1 (fr) | 2000-09-28 | 2000-09-28 | Procede d'encodage de messages longs schemas de signature electronique a base de rsa |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002028010A1 true WO2002028010A1 (fr) | 2002-04-04 |
Family
ID=8854773
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2001/002983 WO2002028010A1 (fr) | 2000-09-28 | 2001-09-26 | Procede d'encodage de messages longs pour schemas de signature electronique a base de rsa |
Country Status (6)
Country | Link |
---|---|
US (1) | US20030165238A1 (fr) |
EP (1) | EP1325584A1 (fr) |
CN (1) | CN1393081A (fr) |
AU (1) | AU2001292003A1 (fr) |
FR (1) | FR2814619B1 (fr) |
WO (1) | WO2002028010A1 (fr) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004028078A1 (fr) * | 2002-09-23 | 2004-04-01 | Avner Geller | Procede et systeme d'authentification |
JP4296971B2 (ja) * | 2004-03-17 | 2009-07-15 | 株式会社日立製作所 | 記録装置及び記録再生装置 |
CN100461091C (zh) * | 2004-08-24 | 2009-02-11 | 华盛顿大学 | 用可重新配置硬件进行内容检测的方法和系统 |
US7774607B2 (en) * | 2006-12-18 | 2010-08-10 | Microsoft Corporation | Fast RSA signature verification |
CN103124256B (zh) * | 2011-11-21 | 2017-03-29 | 国民技术股份有限公司 | 可信密码模块及可信计算方法 |
US10454681B1 (en) | 2017-11-17 | 2019-10-22 | ISARA Corporation | Multi-use key encapsulation processes |
US10061636B1 (en) * | 2017-12-22 | 2018-08-28 | ISARA Corporation | Conversion schemes for public key cryptosystems |
US10031795B1 (en) * | 2017-12-22 | 2018-07-24 | ISARA Corporation | Using conversion schemes in public key cryptosystems |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5432852A (en) * | 1993-09-29 | 1995-07-11 | Leighton; Frank T. | Large provably fast and secure digital signature schemes based on secure hash functions |
US6266771B1 (en) * | 1997-02-10 | 2001-07-24 | The Regents Of The University Of California | Probabilistic signature scheme |
-
2000
- 2000-09-28 FR FR0012351A patent/FR2814619B1/fr not_active Expired - Lifetime
-
2001
- 2001-09-26 CN CN01802931.0A patent/CN1393081A/zh active Pending
- 2001-09-26 AU AU2001292003A patent/AU2001292003A1/en not_active Abandoned
- 2001-09-26 EP EP01972217A patent/EP1325584A1/fr not_active Withdrawn
- 2001-09-26 US US10/130,937 patent/US20030165238A1/en not_active Abandoned
- 2001-09-26 WO PCT/FR2001/002983 patent/WO2002028010A1/fr not_active Application Discontinuation
Non-Patent Citations (2)
Title |
---|
BELLARE M ET AL: "MINIMIZING THE USE OF RANDOM ORACLES IN AUTHENTICATED ENCRYPTION SCHEMES", NASECODE. PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON THE NUMERICAL ANALYSIS OF SEMICONDUCTOR DEVICES AND INTEGRATED CICUITS,XX,XX, 1997, pages 1 - 16, XP001015275 * |
CORON J-S ET AL: "FROM FIXED-LENGTH TO ARBITRARY-LENGTH RSA PADDING SCHEMES", ASIACRYPT. INTERNATIONAL CONFERENCE ON THE THEORY AND APPLICATIONOF CRYPTOLOGY AND INFORMATION SECURITY,X,XX, 2000, pages 90 - 96, XP001015274 * |
Also Published As
Publication number | Publication date |
---|---|
US20030165238A1 (en) | 2003-09-04 |
FR2814619A1 (fr) | 2002-03-29 |
FR2814619B1 (fr) | 2002-11-15 |
EP1325584A1 (fr) | 2003-07-09 |
CN1393081A (zh) | 2003-01-22 |
AU2001292003A1 (en) | 2002-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1166494B1 (fr) | Procedes de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle publique de type courbe elliptique | |
FR2759226A1 (fr) | Protocole de verification d'une signature numerique | |
FR2760583A1 (fr) | Systeme de verification de cartes de donnees | |
FR2809893A1 (fr) | Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle publique sur courbe elliptique | |
EP1166495A1 (fr) | Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle publique de type courbe elliptique | |
EP1350357B1 (fr) | Procede d'amelioration de la securite de schemas de chiffrement a clef publique | |
CN100388663C (zh) | 用于检测一个键对和用于产生rsa键的方法和装置 | |
EP1224765B1 (fr) | Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle publique de type rsa | |
EP1325584A1 (fr) | Procede d'encodage de messages longs pour schemas de signature electronique a base de rsa | |
KR100971038B1 (ko) | 다수의 엔티티와 그에 따른 장치에 부하를 분배하는암호화 방법 | |
WO2002028011A1 (fr) | Procede de transmission accelere de signature electronique | |
WO1998051038A1 (fr) | Generateur pseudo-aleatoire base sur une fonction de hachage pour systemes cryptographiques necessitant le tirage d'aleas | |
WO2003021864A2 (fr) | Procede de reduction de la taille d'une signature rsa ou rabin | |
FR2856538A1 (fr) | Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme cryptographique du type a cle publique | |
WO2002050658A1 (fr) | Procedes de contre-mesure dans un composant electronique mettant en ouvre un algorithme de cryptographie a cle publique de type rsa | |
WO2002001343A1 (fr) | Procedes de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle publique de type courbe elliptique de koblitz | |
Sarr | Authenticated key agreement protocols: security models, analyses, and designs | |
FR2797126A1 (fr) | Procede d'amelioration de performance de l'operation de multiplication sur corps fini de caracteristique 2 | |
FR2842968A1 (fr) | Procede d'obtention d'une signature electronique possedant une garantie sur sa securite | |
Tibouchi | Hashing to elliptic curves and cryptanalysis of RSA-based schemes | |
WO2003013053A1 (fr) | Procede de determination de la taille d'un alea pour un schema de signature electronique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001972217 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10130937 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 018029310 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWP | Wipo information: published in national office |
Ref document number: 2001972217 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2001972217 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |