WO2006048524A1 - Procede de delegation securisee de calcul d'une application bilineaire - Google Patents
Procede de delegation securisee de calcul d'une application bilineaire Download PDFInfo
- Publication number
- WO2006048524A1 WO2006048524A1 PCT/FR2005/002633 FR2005002633W WO2006048524A1 WO 2006048524 A1 WO2006048524 A1 WO 2006048524A1 FR 2005002633 W FR2005002633 W FR 2005002633W WO 2006048524 A1 WO2006048524 A1 WO 2006048524A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- entity
- sup
- application
- numbers
- calculation
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present invention relates to a secure delegation method for calculating a value f (X, Y) of a bilinear application with a calculation server. It also relates to a method of securely verifying an equality of a value f (X, Y) of a bilinear application to a given value and a method of securely verifying an equality between two values f (X, Y) and f (Z, T) of a bilinear application.
- the invention relates to the field of cryptography and, more specifically, to the cryptographic methods for protecting against fraud a support such as an electronic chip in transactions between a chip and a banking application. , or a microchip of a SIM card from a mobile phone.
- the invention finds a particularly advantageous application in the use of new cryptographic methods considered currently too expensive in computing time, such as processes involving bilinear functions.
- a first type of fraud involves duplicating the card without authorization, the term "cloning" being often used to characterize this operation.
- a second type of fraud consists of modifying the data attached to a card, in particular the amount of the credit entered in the memory of the card.
- Cryptography is used, on the one hand, to ensure the authentication of the card by means of an authentication algorithm and / or the authentication of the data by means of a signature. and, if necessary, to ensure the confidentiality of data by means of encryption.
- Cryptography involves two entities that are, in the case of authentication, a verifier entity and an object to be authenticated. It can be either symmetrical or asymmetrical.
- one of the entities, the entity to be authenticated has a pair of keys, one of which is private and the other is public; so there is no shared secret key.
- the first authentication mechanisms developed in symmetric cryptography consist in calculating once and for all an authentication value, different for each card, storing it in the memory of the card, reading it at each transaction and verifying it by interrogating an application of the network supporting the transaction where the authentication values already allocated are either stored or recalculated.
- these mechanisms provide insufficient protection because the authentication value can be spied on, reproduced and replayed fraudulently insofar as it is always the same for a given card, thus making it possible to make a clone of the card.
- passive card authentication mechanisms are replaced by active authentication mechanisms that can further ensure the integrity of the data.
- the general principle of the symmetric active authentication mechanisms is as follows: during an authentication, the electronic chip and the application calculate an authentication value which is the result of a function applied to a list of arguments determined at each authentication. This list of arguments may comprise a hazard defined by the application at each authentication, a piece of data contained in the electronic chip, and a known secret key of the electronic chip and the application.
- the authentication value calculated by the electronic chip is identical to the authentication value calculated by the application, the electronic chip is deemed authentic and the transaction between the chip and the application is authorized.
- the secret key mechanisms require that the verification devices in charge of the authentication of the chip, such as those present in a public telephone network, an electronic payment terminal or a public transit gate, know the secret key held by said chip.
- solutions based on public key cryptography may be preferred over secret key mechanisms.
- the operating principle of the public key authentication mechanisms is then as follows: the chip seeking to authenticate calculates values depending on its private key, associated with its public key, and possible random parameters. The application then checks the consistency of the values calculated by the chip without requiring knowledge of the private key of the chip. Only the use of the public key of the chip is necessary, as well as other non-secret parameters.
- the best-known solutions for performing such mechanisms are generally based on difficult mathematical problems, such as factorization or discrete logarithm. Moreover, these problems generate in their realization calculations of modular exponentiations, that is to say calculations of the type x e mod n where mod corresponds to the mathematical function of modular reduction. This type of calculation is a priori the most complex operation that can be performed in a reasonable time, without assumption of computing power. In recent years, bilinear applications, well known to mathematicians, have appeared in the field of cryptography.
- the current problem related to bilinear applications lies in the fact that their evaluation generates very large calculations in volume and much more complex than those involved in the calculation of a modular exponentiation for example. From where it is impossible to realize today such calculations within the framework of the envisaged applications.
- the technical problem to be solved by the object of the present invention is to propose means that would allow efficient integration of cryptographic methods based on the use of bilinear functions, despite the difficulty related to their computational complexity and while ensuring a maximum degree of security compatible with the uses that are made of it.
- the solution to the technical problem posed consists, according to the present invention, in a method of secure delegation of calculation of a value f (X, Y) of a bilinear application to a computing server, remarkable in that said method includes the steps of: - choosing two secret parameters a and b,
- the invention provides that an entity participating in a cryptographic authentication method for example, involving the calculation of a bilinear function f (X, Y) > communicates with a calculation server having the unique property of being equipped with a high computing power, without it being necessary to assume any other property concerning this server, in particular its level of security.
- the method according to the invention also makes it possible to secure the data exchanged and to reinforce confidence in the results obtained, this by the implementation of secret parameters known to the only client entity of the calculation server.
- said entity using the calculation server can be indifferently the entity to authenticate or the audit entity.
- the invention therefore has the effect of delegating to the server the majority of calculations involving bilinear functions, and ensuring the security of the results returned by said server in the sense that if a malicious individual seeks to impersonate a person by using its public key, without knowledge of the associated private key, and having full control over the calculation server, the chances of success of such an individual would remain very low.
- the delegation method according to the invention advantageously applies to two particular situations.
- a first situation relates to a method of verifying an equality of a value f (X, Y) of a bilinear application to a given value u by secure delegation to a computing server, which is remarkable according to the invention. in that said method comprises the steps of: - choosing two secret parameters a and b,
- the receiving entity of the message knows the three numbers that make up the public key and ignores the private key.
- the signer then sends the recipient of the message the pair of numbers ⁇ , r ⁇ .
- the verification mechanism therefore involves the calculation by the server of the quantity f ( ⁇ , g 2 m v r ).
- the checking entity here, the recipient of the message, chooses two numbers a and b, calculates ⁇ a and g 2 bm v br and transmits them to the server which returns the value f ( ⁇ a , g 2 bm v br ) which by definition is f ( ⁇ , g 2 m v r ) ab .
- three values must be calculated by the auditing entity, such as: ⁇ a , g 2 bm v br and u ab .
- one of the parameters a or b may be chosen equal to 1, so as to reduce the number of calculations to be performed.
- a second application situation of the calculation delegation method according to the invention relates to a method of verifying an equality between two values f (X, Y) and f (Z, T) of a bilinear application by secure delegation. with a computing server, remarkable, according to the invention, in that said method comprises the steps of: - choosing four secret parameters a, b, c and d,
- the server calculates f (X a , Y b ) and f (Z c , T d ),
- the following signature mechanism provides an illustrative example of this method of securely verifying equality between two values of a bilinear application.
- it will be assumed to simplify the writing that all the arguments of the bilinear functions considered belong to the same cyclic group G.
- the signer has a hash function h which, at the message m associates an element of the group G, denoted h (m), this hash function being shared with the recipient responsible for performing the authentication of the message m.
- the auditing entity must then verify that:
- the auditing entity must calculate six values, namely ⁇ a , g b , h (m) c and v d , as well as [f ( ⁇ a , g b )] cd and [f (h (m ) c , v d )] ab .
- the invention also relates to a medium storing a computer program for implementing the method according to the invention.
- the invention applies advantageously to the protection against fraud of said medium, and more particularly to the security of transactions between an electronic chip and a banking application, and to secure the electronic chip of a card SIM of a mobile phone.
- said support is integrated in the mobile phone.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Algebra (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/667,031 US7991151B2 (en) | 2004-11-04 | 2005-10-21 | Method for secure delegation of calculation of a bilinear application |
EP05811834.0A EP1807967B1 (fr) | 2004-11-04 | 2005-10-21 | Procede de delegation securisee de calcul d'une application bilineaire |
JP2007539603A JP4740253B2 (ja) | 2004-11-04 | 2005-10-21 | 双線形アプリケーションの計算の安全化された委託方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0411777A FR2877453A1 (fr) | 2004-11-04 | 2004-11-04 | Procede de delegation securisee de calcul d'une application bilineaire |
FR0411777 | 2004-11-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006048524A1 true WO2006048524A1 (fr) | 2006-05-11 |
Family
ID=34952517
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2005/002633 WO2006048524A1 (fr) | 2004-11-04 | 2005-10-21 | Procede de delegation securisee de calcul d'une application bilineaire |
Country Status (5)
Country | Link |
---|---|
US (1) | US7991151B2 (fr) |
EP (1) | EP1807967B1 (fr) |
JP (1) | JP4740253B2 (fr) |
FR (1) | FR2877453A1 (fr) |
WO (1) | WO2006048524A1 (fr) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2407948B (en) * | 2003-11-08 | 2006-06-21 | Hewlett Packard Development Co | Smartcard with cryptographic functionality and method and system for using such cards |
JP5161177B2 (ja) * | 2009-09-04 | 2013-03-13 | 日本電信電話株式会社 | 代理計算依頼装置、代理計算依頼方法、代理計算依頼プログラム、記録媒体 |
CN102687184B (zh) * | 2010-01-12 | 2015-11-25 | 日本电信电话株式会社 | 代理计算系统、方法及代理计算委托装置 |
JP5480763B2 (ja) * | 2010-09-21 | 2014-04-23 | 日本電信電話株式会社 | 復号システム、汎用端末、高信頼端末、鍵生成装置、復号方法、プログラム |
CN103221988B (zh) * | 2010-10-26 | 2016-08-03 | 日本电信电话株式会社 | 代理计算系统、计算装置、能力提供装置、代理计算方法、能力提供方法 |
JP5506633B2 (ja) * | 2010-11-04 | 2014-05-28 | 日本電信電話株式会社 | 代理計算システム、端末装置、代理計算装置、代理計算方法、及びプログラム |
JP5427195B2 (ja) * | 2011-01-14 | 2014-02-26 | 日本電信電話株式会社 | 代理計算システム、方法、依頼装置、計算装置、プログラム |
EP2667371B8 (fr) * | 2011-03-04 | 2018-03-07 | Nippon Telegraph And Telephone Corporation | Système, méthode, dispositif de requête et programme de calcul par entremetteur |
US9049023B2 (en) | 2011-05-24 | 2015-06-02 | Zeutro Llc | Outsourcing the decryption of functional encryption ciphertexts |
JP6006809B2 (ja) * | 2013-01-16 | 2016-10-12 | 日本電信電話株式会社 | 復号サービス提供装置、処理装置、安全性評価装置、プログラム、および記録媒体 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0381523A2 (fr) * | 1989-02-02 | 1990-08-08 | Kabushiki Kaisha Toshiba | Procédé de calcul assisté par serveur et unité distribuée de traitement d'information |
US5369708A (en) * | 1992-03-31 | 1994-11-29 | Kabushiki Kaisha Toshiba | Fast server-aided computation system and method for modular exponentiation without revealing client's secret to auxiliary device |
US20030161472A1 (en) * | 2002-02-27 | 2003-08-28 | Tong Chi Hung | Server-assisted public-key cryptographic method |
US20030182554A1 (en) * | 2002-03-21 | 2003-09-25 | Gentry Craig B. | Authenticated ID-based cryptosystem with no key escrow |
US6779111B1 (en) * | 1999-05-10 | 2004-08-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Indirect public-key encryption |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0372737A (ja) * | 1989-05-31 | 1991-03-27 | Toshiba Corp | 依頼計算方式 |
JP3137190B2 (ja) * | 1989-02-02 | 2001-02-19 | 株式会社東芝 | メッセージ変換方法 |
JPH0619393A (ja) * | 1992-03-31 | 1994-01-28 | Toshiba Corp | 依頼計算装置 |
FR2792789B1 (fr) * | 1999-04-20 | 2001-08-31 | Bull Cp8 | Procede de verification de signature ou d'authentification |
JP4450969B2 (ja) * | 2000-05-02 | 2010-04-14 | 村田機械株式会社 | 鍵共有システム,秘密鍵生成装置,共通鍵生成システム,暗号通信方法,暗号通信システム及び記録媒体 |
JP2002164877A (ja) * | 2000-09-14 | 2002-06-07 | Advanced Mobile Telecommunications Security Technology Research Lab Co Ltd | キーエスクローおよびグループ通信方法 |
EP1425874B1 (fr) * | 2001-08-13 | 2010-04-21 | Board Of Trustees Of The Leland Stanford Junior University | Systèmes et procédés de cryptage sur la base des identites, et procédures cryptographiques associées |
KR100883648B1 (ko) * | 2002-03-16 | 2009-02-18 | 삼성전자주식회사 | 무선 환경에서의 네트웍 접근 통제 방법 및 이를 기록한기록매체 |
KR20030008182A (ko) * | 2002-12-24 | 2003-01-24 | 학교법인 한국정보통신학원 | 겹선형쌍을 이용한 개인식별정보 기반의 은닉서명 방법 |
US7590236B1 (en) * | 2004-06-04 | 2009-09-15 | Voltage Security, Inc. | Identity-based-encryption system |
-
2004
- 2004-11-04 FR FR0411777A patent/FR2877453A1/fr active Pending
-
2005
- 2005-10-21 EP EP05811834.0A patent/EP1807967B1/fr active Active
- 2005-10-21 JP JP2007539603A patent/JP4740253B2/ja active Active
- 2005-10-21 US US11/667,031 patent/US7991151B2/en active Active
- 2005-10-21 WO PCT/FR2005/002633 patent/WO2006048524A1/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0381523A2 (fr) * | 1989-02-02 | 1990-08-08 | Kabushiki Kaisha Toshiba | Procédé de calcul assisté par serveur et unité distribuée de traitement d'information |
US5369708A (en) * | 1992-03-31 | 1994-11-29 | Kabushiki Kaisha Toshiba | Fast server-aided computation system and method for modular exponentiation without revealing client's secret to auxiliary device |
US6779111B1 (en) * | 1999-05-10 | 2004-08-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Indirect public-key encryption |
US20030161472A1 (en) * | 2002-02-27 | 2003-08-28 | Tong Chi Hung | Server-assisted public-key cryptographic method |
US20030182554A1 (en) * | 2002-03-21 | 2003-09-25 | Gentry Craig B. | Authenticated ID-based cryptosystem with no key escrow |
Also Published As
Publication number | Publication date |
---|---|
JP2008519303A (ja) | 2008-06-05 |
EP1807967B1 (fr) | 2019-09-04 |
US7991151B2 (en) | 2011-08-02 |
EP1807967A1 (fr) | 2007-07-18 |
FR2877453A1 (fr) | 2006-05-05 |
JP4740253B2 (ja) | 2011-08-03 |
US20070260882A1 (en) | 2007-11-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1807967B1 (fr) | Procede de delegation securisee de calcul d'une application bilineaire | |
EP1368930B1 (fr) | Authentification cryptographique par modules ephemeres | |
FR2760583A1 (fr) | Systeme de verification de cartes de donnees | |
EP0311470B1 (fr) | Procédés et systèmes d'authentification d'accréditations ou de messages à apport nul de connaissance et de signature de messages | |
WO2007012584A1 (fr) | Procédé de contrôle de transactions sécurisées mettant en oeuvre un dispositif physique unique à bi-clés multiples, dispositif physique, système et programme d'ordinateur correspondants | |
WO2007012583A1 (fr) | Procede de controle de transactions securisees mettant en oeuvre un dispositif physique unique, dispositif physique, systeme, et programme d'ordinateur correspondants | |
EP0878934B1 (fr) | Procédé d'identification à clé publique utilisant deux fonctions de hachage | |
WO2000062477A1 (fr) | Procede d'authentification et de signature de message utilisant des engagements de taille reduite et systemes correspondants | |
EP1266364A1 (fr) | Procede cryptographique de protection contre la fraude | |
FR2720209A1 (fr) | Procédé de réalisation d'une transaction électronique sécurisée. | |
FR3035248A1 (fr) | Systeme-sur-puce a fonctionnement securise et ses utilisations | |
EP1721246B1 (fr) | Procede et dispositif pour accomplir une operation cryptographique | |
WO2003060841A1 (fr) | Procede cryptographique de revocation a l'aide d'une carte a puce | |
EP0769768B1 (fr) | Procédé cryptographique de protection contre la fraude | |
CA2451034C (fr) | Procede cryptographique pour la protection d'une puce electronique contre la fraude | |
FR2888691A1 (fr) | Procede et dispositif d'autorisation de transaction | |
EP1216537A1 (fr) | Procede, systeme, dispositif a prouver l'authenticite d'un entite ou l'integrite d'un message | |
WO2003055134A9 (fr) | Procede cryptographique permettant de repartir la charge entre plusieurs entites et dispositifs pour mettre en oeuvre ce procede | |
EP4012972A1 (fr) | Méthode de divulgation sélective de données via une chaine de blocs | |
FR2842052A1 (fr) | Procede et dispositifs cryptographiques permettant d'alleger les calculs au cours de transactions | |
EP3821564A1 (fr) | Gouvernance de sécurité du traitement d'une requête numérique | |
WO2008001009A1 (fr) | Systeme et procede cryptographique a cle publique pour l'authentification d'une premiere entite par une seconde entite | |
WO2008017765A1 (fr) | Systeme et procede cryptographique a cle publique | |
WO2003023606A1 (fr) | Procede pour le calcul d'une exponentiation dans un groupe et son application a l'authentification d'un utilisateur | |
WO2005088438A1 (fr) | Procede cryptographique notamment a cle publique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005811834 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007539603 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11667031 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005811834 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 11667031 Country of ref document: US |