WO2003010921A1 - Procede de generation de cles electroniques pour la mise en oeuvre d'un algorithme cryptographique, carte a puce mettant en oeuvre le procede - Google Patents
Procede de generation de cles electroniques pour la mise en oeuvre d'un algorithme cryptographique, carte a puce mettant en oeuvre le procede Download PDFInfo
- Publication number
- WO2003010921A1 WO2003010921A1 PCT/FR2002/002450 FR0202450W WO03010921A1 WO 2003010921 A1 WO2003010921 A1 WO 2003010921A1 FR 0202450 W FR0202450 W FR 0202450W WO 03010921 A1 WO03010921 A1 WO 03010921A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- value
- key cryptography
- public key
- algorithm
- parameter
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Definitions
- the invention relates to a method for generating electronic keys at low cost in computation time and in memory space. It also relates to cryptographic algorithms using the proposed key generation method.
- these products can be devices such as in particular smart cards.
- these products can be devices such as in particular smart cards.
- smart cards In order to simplify the subject, we will speak in the following of a smart card, it being understood that the invention applies to any product capable of carrying out encryption decryption operations.
- the invention is particularly applicable to the production of smart cards delivered or used for the purpose of demonstrations in a public place (for example at an exhibition) or at a customer's (for a commercial demonstration) and likely to carry out cryptographic operations.
- the “demonstration” smart card should ideally provide all the standard functions offered by a public key or secret key cryptography protocol.
- a public key cryptography protocol allows information encryption and / or authentication between two entities and / or the electronic signature of messages.
- public key cryptography protocols such as the RSA protocol (Rivest Shamir and Adelman), El Gamal, Schnorr, Fiat Shamir.
- the invention aims to remedy this problem.
- the invention proposes the production of encryption products, in particular smart cards, capable of implementing all the functions of a public key or private key algorithm using the required key lengths, but in which the keys used can be found by an authority to which we put the process that allowed to generate them. In this case of course the keys do not have the security level which is usually sought after under standard operating conditions.
- the sample presenting such means will be functional and will provide a faithful reflection of the product.
- the invention proposes a method for generating electronic keys for the implementation of a cryptographic algorithm, mainly characterized in that it consists in providing at least one key of size 1 sufficient to ensure the required security (1 > kbits), said key comprising a part corresponding to a value v taken from a defined number of values and a part f corresponding to a fixed value.
- the part corresponding to a value v has a size r short compared to the size 1 of the key, this value being generated randomly.
- the generated key constitutes at least one parameter p or q of the algorithm.
- two keys are generated and constitute respectively the parameters p and q of the algorithm, each parameter comprising a distinct random value respectively vl, v2.
- one of the parameters p. of the algorithm corresponds to the generated key and includes a part corresponding to a random value v
- the other parameter includes a part with a value c.v, multiple of the random value v, a being a positive integer.
- e ⁇ d_1 mod d
- the value -1 / ⁇ mod d * 3 * v is calculated and stored.
- the parameter e comprises a prefix a function of v, a word y fixed, a word z fixed, this prefix can then be 'pre-calculated for each value of v and stored, the words y and z also being stored.
- the invention also relates to a private key cryptography method using the generation of keys according to the invention, the generated key being the private key of the algorithm, the value v being generated randomly.
- the fixed part only includes zeros.
- FIG. 1b represents a preferred mode for the shape of the key
- FIGS. 2 to 5 represent the different parameters in the case of the application of the generation of key according to the invention to the DSA algorithm
- FIG. 6 represents a key in the case of the application of the key generation according to the invention to the secret key algorithm DES.
- FIG. 7 illustrates the schematic diagram of a micromodule implemented in a smart card capable of implementing a cryptography method using the generation of keys according to the invention.
- n p * q.
- the invention therefore relates to a method of generating electronic keys for the implementation of a cryptographic algorithm making it possible to provide a functional key of size k bits, said key can be easily found by a third party to which this method of generating keys has been provided.
- the key generated constitutes at least one of the two prime numbers p and q of the module N of the RSA.
- the generated key is generated from a random value r of size k.
- the key or keys generated remain functional for encryption or signature operations.
- the keys generated are generated so as to be cryptographically weak, that is to say easily found by a third party.
- the process applies to any encryption product, software or not, containing long keys (greater than 128 bits) potentially subject to restrictions of use, by the law of the country where this product would be developed or sold.
- the method is applicable to microprocessor cards or smart cards.
- the method has the advantage of considerably reducing the generation time of the keys. It optimizes resources - memories, processor mathematical - necessary for generating keys.
- Figure la shows a key generated according to the invention.
- This key comprises a part comprising a value taken from a determined set of possible values.
- the key also includes a fixed value f so that the length of the value v and of the fixed value f correspond to a length 1 of kbits commonly used in a cryptography algorithm. For example in the case of a public key algorithm, this key length will preferably be greater than or equal to 512 bits.
- the key will have a length 1 of 64 bits, for example. This is the case with the DES algorithm.
- the part v of the key has a short length r with respect to the total length 1 of the key. This makes it possible to define all the possible values that this part v can take.
- FIG. 1b illustrates a preferred embodiment for the key generated according to the method.
- the part v is generated by a generator of random values, while the fixed part f will preferably consist mainly of zero.
- this part f will consist of zero, i then being at 0.
- a public key algorithm such as for example the RSA algorithm.
- the parameters p and q are considered, these parameters being those which will be generated according to the invention.
- the parameter p is a key of the form of that which is illustrated by figure lb
- the parameter q is a key which also has this form.
- v2 is not a random value in this case, however v remains a random value.
- the size v2 of the parameter q is no longer equal to r, but to r + ⁇ . ⁇ is equal to 1 or 2 depending on the value of v.
- the parameter n which is the public module is determined.
- the parameter n is equal to the product of the prime numbers p and q. Consequently, depending on whether ⁇ is equal to 1 or 2, the parameter n can be represented as illustrated in FIGS. 3 and.
- n includes a part corresponding to 3v 2 , a part comprising only zeros, a part corresponding to the product 5v and a part comprising only zeros with the least significant bit equal to 1 if, well of course the preferred embodiment illustrated in FIG. 2 is kept for the choice of parameters p and q.
- the part 3v 2 has a size equal to 2r + l.
- the method then consists in fixing the value of the private exponent d, contrary to what is usually done in the implementation of a conventional RSA cryptographic algorithm.
- the cryptography method in this case only comprises a step of verifying the usual conditions for this private exponent, that is to say that d must be prime with the parameters p and q and less than these parameters, d must be prime with 2,3 and v in the present case.
- the parameter dp is equal to d
- d of course is smaller than p
- the parameter dq is also equal to d if d is less than q.
- d l / e modulo (p-l) (q-1) and we seek to calculate e which is therefore equal to 1 / d modulo (p-l) (q-1).
- a first method consists in saying that, as d is a prime number -1 / ⁇ modulo d is equal to
- An exponentiation calculation can be easily performed within the smart card, as soon as it has a cryptoprocessor.
- a second solution can be implemented if a very small value of d is chosen, for example a value of d coded on 8 bits, d will then be less than or equal to 257. We will then be able to calculate the value of -1 / ⁇ modulo d.
- ⁇ is equal to 3v * 2k_r .
- numerator is calculated by multiplications and an offset, the division by d being easily done with a cryptoprocessor because of the choice of the value of d.
- Solution number 3 consists in precalculating an element of the numerator, namely the element: -1 / ⁇ modulo d * 3 * v
- the element -1 / ⁇ modulo d * 3 * v
- the size of this element will be 8 bits + r + ⁇ bits.
- the result will be less than or equal to 40 bits divided by the value of d. This result can therefore be easily stored on the chip card after precalculation.
- Numerator / denominator (an 8-bit quantity multiplied by a 32-bit quantity multiplied by a quantity 2 k_r +1) / 2 a + l.
- the result has the form as shown in FIG. 5, that is to say a prefix x depending on the value v, a part y which is of the form t multiplied by a sequence comprising a word comprising only 1 followed by a word comprising 0s, of size each, the whole being followed by a quantity z comprising a word of size a comprising only 1s and a word of size a comprising only 0s, except the least significant bit which is equal to 1.
- the prefix x (v) has a size equal to r-a.
- the solution then consists in calculating all the prefixes corresponding to the different values of v selected to generate and store these prefixes, the values y and z being fixed values which can be stored only once.
- Ip 4.
- the values of Ip can be stored, hard coded in the cryptography algorithm for the different values of v selected or generated.
- the key generated will be the secret key of the algorithm and will have the form illustrated in FIG. 6, that is to say that it will include a short generated part v of size r and a fixed part f of size kr for a key length equal to kbits.
- k is equal to 64 bits and r can be equal to 8 bits.
- the value of v can be generated randomly using an 8-bit generator. The range of variations of this value r will therefore be 256 possible values.
- the secret key algorithm can therefore be executed in a conventional manner by means of the key generated according to the method.
- FIG. 7 shows the simplified diagram of a smart card comprising a micromodule capable of implementing the invention.
- the micromodule comprises a main processing unit 1 comprising a microcontroller, at least one bus for connecting the unit 1 to associated memories composed of at least one program memory M1 (non-volatile ROM type) and at least one memory M2 work (RAM type), at least one program memory, electrically programmable M3 (EEPROM type).
- the microcircuit can also comprise a calculation unit 2 (cryptoprocessor) for implementing modular exponential calculations as is the case for example in the case of the execution of the cryptographic algorithm with public key RSA (Rivest Shamir Adelman).
- the micromodule shown diagrammatically in this FIG. 7 further comprises a generator of random values 3.
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0109817A FR2827722B1 (fr) | 2001-07-23 | 2001-07-23 | Procede de generation de cles electroniques pour la mise en oeuvre d'un algorithme crytographique,carte a puce mettant en oeuvre le procede |
FR01/09817 | 2001-07-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003010921A1 true WO2003010921A1 (fr) | 2003-02-06 |
Family
ID=8865812
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2002/002450 WO2003010921A1 (fr) | 2001-07-23 | 2002-07-11 | Procede de generation de cles electroniques pour la mise en oeuvre d'un algorithme cryptographique, carte a puce mettant en oeuvre le procede |
Country Status (2)
Country | Link |
---|---|
FR (1) | FR2827722B1 (fr) |
WO (1) | WO2003010921A1 (fr) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0592808A2 (fr) * | 1992-10-16 | 1994-04-20 | International Business Machines Corporation | Masquage de données commerciales |
WO1999052241A2 (fr) * | 1998-04-08 | 1999-10-14 | Citibank, N.A. | Generation de modules rsa comprenant une partie predeterminee |
-
2001
- 2001-07-23 FR FR0109817A patent/FR2827722B1/fr not_active Expired - Fee Related
-
2002
- 2002-07-11 WO PCT/FR2002/002450 patent/WO2003010921A1/fr not_active Application Discontinuation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0592808A2 (fr) * | 1992-10-16 | 1994-04-20 | International Business Machines Corporation | Masquage de données commerciales |
WO1999052241A2 (fr) * | 1998-04-08 | 1999-10-14 | Citibank, N.A. | Generation de modules rsa comprenant une partie predeterminee |
Also Published As
Publication number | Publication date |
---|---|
FR2827722A1 (fr) | 2003-01-24 |
FR2827722B1 (fr) | 2004-08-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2256987B1 (fr) | Protection d'une génération de nombres premiers pour algorithme RSA | |
EP1441313B1 (fr) | Procédé cryptographique à clé publique pour la protection d' une puce électronique contre la fraude | |
EP2215768B1 (fr) | Procede et dispositifs de protection d'un microcircuit contre des attaques visant a decouvrir une donnee secrete | |
EP1151576B1 (fr) | Procede cryptographique a cles publique et privee | |
EP2296086B1 (fr) | Protection d'une génération de nombres premiers contre des attaques par canaux cachés | |
EP2415199B1 (fr) | Procede pour effectuer une tache cryptographique dans un composant electronique | |
EP0795241B1 (fr) | Procede de cryptographie a cle publique base sur le logarithme discret | |
EP1895404B1 (fr) | Brouillage d'un calcul effectué selon un algorithme RSA-CRT | |
WO2005022820A1 (fr) | Procede pour la mise en oeuvre securisee d'un algorithme de cryptographie de type rsa et composant correspondant | |
EP1159797B1 (fr) | Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle secrete | |
WO2007006810A1 (fr) | Procede cryptographique pour la mise en oeuvre securisee d'une exponentiation et composant associe | |
FR2926652A1 (fr) | Procede et dispositifs de contre-mesure pour cryptographie asymetrique a schema de signature | |
WO2006070092A1 (fr) | Procede de traitement de donnees et dispositif associe | |
FR2782431A1 (fr) | Procede et dispositif d'authentification a algorithme symetrique | |
EP1804161A1 (fr) | Détection de perturbation dans un calcul cryptographique | |
CA2257907A1 (fr) | Procede de cryptographie a cle publique | |
EP1721246B1 (fr) | Procede et dispositif pour accomplir une operation cryptographique | |
EP1273127A1 (fr) | Dispositif et procede de generation de cles electroniques a partir de nombres premiers entre eux | |
EP1523823A2 (fr) | Procede de generation de cles electroniques pour procede de cryptographie a cle publique et objet portatif securise mettant en oeuvre le procede | |
WO2003010921A1 (fr) | Procede de generation de cles electroniques pour la mise en oeuvre d'un algorithme cryptographique, carte a puce mettant en oeuvre le procede | |
EP3882895A1 (fr) | Détection de fautes par un circuit électronique | |
FR2818846A1 (fr) | Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie | |
FR3004042A1 (fr) | Procedes de generation et d'utilisation de cles cryptographiques privees pour le rsa-crt ou les variantes du rsa-crt | |
EP1520370A1 (fr) | Procede et dispositifs cryptographiques permettant d alleger les calculs au cours de transactions | |
EP1891769B1 (fr) | Protection d'un calcul d'exponentiation modulaire effectue par un circuit integre |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VN YU ZA ZM Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |