Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys

US 10,652,014 B2
Filed: 02/16/2017
Issued: 05/12/2020
Est. Priority Date: 02/23/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of determining, at a first node (C), a common secret (CS) that is common with the first node (C), and a second node (S), wherein the first node (C) is associated with a first asymmetric cryptography pair of a cryptography system having a homomorphic property, the first asymmetric cryptography pair having a first node master private key (V_1C) and a first node master public key (P_1C), and the second node (S) is associated with a second asymmetric cryptography pair of the cryptography system, the second asymmetric cryptography pair having a second node master private key (V_1S) and a second node master public key (P_1S), wherein the first node master public key and second node master public key are based on encryption of respective first node master private key and second node master private key using the cryptography system common with the first and second nodes, and wherein the method comprises:

determining a first node second private key (V_2C) based on at least the first node master private key (V_1C) and a deterministic key (DK) common with the first and second nodes;

determining a second node second public key (P_2S) based on at least the second node master public key (P_1S) and encryption of the deterministic key (DK) using the common cryptography system; and

determining the common secret (CS) based on encryption of the first node second private key (V_2C), using the common cryptography system, and the second node second public key (P_2S),wherein the second node (S) has the same common secret (S) based on a first node second public key (P_2C) and encryption of a second node second private key (V_2S) using the common cryptography system, wherein;

the first node second public key (P_2C) is based on at least the first node master public key (P_1C) and encryption of the deterministic key (DK) using the common cryptography system; and

the second node second private key (V_2S) is based on at least the second node master private key (V_1S) and the deterministic key (DK).

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method (300) and system (1) of determining a common secret for two nodes (3, 7). Each node (3, 7) has a respective asymmetric cryptography pair, each pair including a master private key and a master public key. Respective second private and public keys may be determined based on the master private key, master public key and a deterministic key. A common secret may be determined at each of the nodes based on the second private and public keys. In one example, a node (3, 7) may determine the common secret based on (i) a second private key based on the node'"'"'s own master private key and the deterministic key; and (ii) a second public key based on the other node'"'"'s master public key and the deterministic key. The invention may be suited for use with, but not limited to, digital wallets, blockchain (e.g. Bitcoin) technologies and personal device security.

93 Citations

View as Search Results

47 Claims

1. A computer-implemented method of determining, at a first node (C), a common secret (CS) that is common with the first node (C), and a second node (S), wherein the first node (C) is associated with a first asymmetric cryptography pair of a cryptography system having a homomorphic property, the first asymmetric cryptography pair having a first node master private key (V_1C) and a first node master public key (P_1C), and the second node (S) is associated with a second asymmetric cryptography pair of the cryptography system, the second asymmetric cryptography pair having a second node master private key (V_1S) and a second node master public key (P_1S), wherein the first node master public key and second node master public key are based on encryption of respective first node master private key and second node master private key using the cryptography system common with the first and second nodes, and wherein the method comprises:
- determining a first node second private key (V_2C) based on at least the first node master private key (V_1C) and a deterministic key (DK) common with the first and second nodes;
  
  determining a second node second public key (P_2S) based on at least the second node master public key (P_1S) and encryption of the deterministic key (DK) using the common cryptography system; and
  
  determining the common secret (CS) based on encryption of the first node second private key (V_2C), using the common cryptography system, and the second node second public key (P_2S),wherein the second node (S) has the same common secret (S) based on a first node second public key (P_2C) and encryption of a second node second private key (V_2S) using the common cryptography system, wherein;
  
  the first node second public key (P_2C) is based on at least the first node master public key (P_1C) and encryption of the deterministic key (DK) using the common cryptography system; and
  
  the second node second private key (V_2S) is based on at least the second node master private key (V_1S) and the deterministic key (DK).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 47)
- - 2. The method according to claim 1 wherein the deterministic key (DK) is based on a message (M).
  - 3. The method according to claim 2 further comprising:
    - generating a first signed message (SM1) based on the message (M) and the first node second private key (V_2C); and
      
      sending, over a communications network, the first signed message (SM1) to the second node (S),wherein the first signed message (SM1) can be validated with a first node second public key (P_2C) to authenticate the first node (C).
  - 4. A method according to claim 2 further comprising:
    - receiving, over a communications network, a second signed message (SM2) from the second node (S);
      
      validating the second signed message (SM2) with the second node second public key (P2S); and
      
      authenticating the second node (S) based on the result of validating the second signed message (SM2),wherein the second signed message (SM2) was generated based on the message (M), or a second message (M2), and the second node second private key (V_2S).
  - 5. A method according to claim 2 further comprising:
    - generating a message (M); and
      
      sending, over a communications network, the message (M) to the second node (S).
  - 6. A method according to claim 2 further comprising:
    - receiving the message (M), over a communications network, from the second node (S).
  - 7. A method according to claim 2 further comprising:
    - receiving the message (M), over a communications network, from another node.
  - 8. A method according to claim 2 further comprising:
    - receiving the message (M) from a data store, and/or an input interface associated with the first node (C).
  - 9. A method according to claim 1 wherein the cryptography system is an elliptic curve cryptography (ECC) system and the first node master public key (P_1C) and second node master public key (P_1S) are based on elliptic curve point multiplication of respective first node master private key (V_1C) and second node master private key (V_1S) and a generator (G).
  - 10. A method according to claim 1 further comprising the steps of:
    - receiving, over a communications network, the second node master public key (P_1S); and
      
      storing, at a data store associated with the first node (C), the second node master public key (P_1S).
  - 11. A method according to claim 2 further comprising the steps of:
    - generating, at a first node (C), the first node master private key (V_1C) and the first node master public key (P_1C);
      
      sending, over a communications network, the first node master public key (P_1C) to the second node (S) and/or other node; and
      
      storing, in a first data store associated with the first node (C), the first node master private key (V_1C).
  - 12. A method according to claim 11 further comprising:
    - sending, over a communications network, to the second node, a notice indicative of using a common cryptography system for the method of determining a common secret (CS), andwherein the step of generating the first node master private key (V_1C) and the first node master public key (P_1C) comprises;
      
      generating the first node master private key (V_1C) based on a random integer in an allowable range specified in the common cryptography system; and
      
      determining the first node master public key (P_1C) based on encryption of the first node master private key (V_1C).
  - 13. A method according to claim 12, wherein the common cryptography system is an elliptic curve cryptography (ECC) system with a common generator (G) and the first node master public key (P_1C) is determined based on elliptic curve point multiplication of the first node master private key (V_1C) and the common generator (G) according to the following formula:
    - P_1C=V_1C×
      
      G.
  - 14. A method according to claim 13 further comprising:
    - determining the deterministic key (DK) based on determining a hash of the message (M), andwherein the step of determining a first node second private key (V2C) is based on a scalar addition of the first node master private key (V_1C) and the deterministic key (DK) according to the following formula;
      
      V_2C=V_1C+DK, andwherein the step of determining a second node second public key (P2S) is based on the second node master public key (P_1S) with elliptic curve point addition to the elliptic curve point multiplication of the deterministic key (DK) and the common generator (G) according to the following formula;
      
      P_2S=P_1S+DK×
      
      G.
  - 15. A method according to claim 1 wherein the deterministic key (DK) is based on determining a hash of a previous deterministic key.
  - 16. A method according to claim 1 wherein the first asymmetric cryptography pair and the second asymmetric cryptography pair are based on a function of respective previous first asymmetric cryptography pair and previous second asymmetric cryptography pair.
  - 17. A method of secure communication between a first node and a second node with symmetric-key algorithm, wherein the method comprises:
    - determining a common secret by means of a method according to claim 1;
      
      determining a symmetric-key based on the common secret;
      
      encrypting a first communication message, with the symmetric-key, to an encrypted first communication message; and
      
      sending, over a communications network, the encrypted first communication message from the first node (C) to the second node (S).
  - 18. A method according to claim 17, wherein the method further comprises:
    - receiving, over the communications network, an encrypted second communication message from the second node (S); and
      
      decrypting the encrypted second communication message, with the symmetric-key, to a second communication message.
  - 19. A method of performing an online transaction between a first node and a second node, wherein the method comprises:
    - determining a common secret by means of a method according to claim 1;
      
      determining a symmetric-key based on the common secret;
      
      encrypting a first transaction message, with the symmetric-key, to an encrypted first transaction message;
      
      sending, over a communications network, the encrypted first transaction message from the first node (C) to the second node (S);
      
      receiving, over the communications network, an encrypted second transaction message from the second node (S); and
      
      decrypting the encrypted second transaction message, with the symmetric-key, to a second transaction message.
  - 20. A device for determining, at a first node (c), a common secret (CS) that is common with a second node (S), wherein the first node (C) is associated with a first asymmetric cryptography pair having a first node master private key (V_1C) and a first node master public key (P_1C), and the second node (S) is associated with a second asymmetric cryptography pair having a second node master private key (V_1S) and a second node master public key (P_1S), wherein the device comprises a first processing device to perform the method according to claim 4 to determine the common secret.
  - 21. A device for secure communication, or performing a secure online transaction between a first node and a second node, wherein the device includes a first processing device to:
    - perform the method according to claim 17.
  - 22. A device according to claim 20 further comprising a first data store to store one or more of the first node master private key (V_1C).
  - 23. A device according to claim 22 wherein the first data store further stores one or more of the first node master public key (P_1C), the second node master public key (P_1S), and the message (M).
  - 24. A device according to claim 20, further comprising a communications module to send and/or receive, over a communications network, one or more of the message (M), the first node master public key (P_1C), the second node master public key (P_1S), the first signed message (SM1), the second signed message (SM2), a notice indicative of using a common cryptography system.
  - 25. A device according to claim 24, wherein the common cryptography system is an elliptic curve cryptography (ECC) system with a common generator (G).
  - 47. A computer program stored in one or more non-transitory computer readable media comprising machine-readable instructions to cause a processing device to implement the method according to claim 1.

26. A system for determining a common secret between a first node (C) and a second node (S), wherein:
- the first node (C) is associated with a first asymmetric cryptography pair of a cryptography system having a homomorphic property, the first asymmetric cryptography pair having a first node master private key (V_1C) and a first node master public key (P_1C), andthe second node (S) is associated with a second asymmetric cryptography pair of the cryptography system, the second asymmetric cryptography pair having a second node master private key (V_1S) and a second node master public key (P_1S), wherein the first node master public key and second node master public key are based on encryption of respective first node master private key and second node master private key using the cryptography system common with the first and second nodes, and the system comprising;
  
  a first processing device, associated with the first node (C), configured to;
  
  determine a first node second private key (V_2C) based on at least the first node master private key (V_1C) and a deterministic key (DK) common with the first and second nodes;
  
  determine a second node second public key (P_2S) based on at least the second node master public key (P_1S) and encryption of the deterministic key (DK) using the common cryptography system; and
  
  determine the common secret (CS) based on encryption of the first node second private key (V_2C), using the common cryptography system, and the second node second public key (P_2S); and
  
  a second processing device, associated with the second node (S), configured to;
  
  determine a first node second public key (P_2C) based on at least the first node master public key (P_1C) and encryption of the the deterministic key (DK) using the common cryptography system; and
  
  determine a second node second private key (V_2S) based on at least the second node master private key (V_1S) and the deterministic key (DK);
  
  determine the common secret based on the first node second public key (P_2C) and encryption of a second node second private key (V_2S) using the common cryptography system,wherein the first processing device and the second processing device determine the same common secret.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 27. A system according to claim 26 wherein the deterministic key (DK) is based on a message (M), and the first processing device is further configured to:
    - generate a first signed message (SM1) based on the message (M) and the first node second private key (V_2C); and
      
      send, over a communications network, the first signed message (SM1) to the second node (S),wherein the second processing device is further configured to;
      
      receive the first signed message (SM1);
      
      validate the first signed message (SM1) with the first node second public key (P_2C); and
      
      authenticate the first node (C) based on a result of the validated first signed message (SM1).
  - 28. A system according to claim 27 wherein the second processing device is further configured to:
    - generate a second signed message (SM2) based on the message (M), or a second message (M2), and the second node second private key (V_2S); and
      
      send the second signed message (SM2) to the first node (C),wherein the first processing device is further configured to;
      
      receive the second signed message (SM2);
      
      validate the second signed message (SM2) with the second node second public key (P_2S); and
      
      authenticate the second node (S) based on a result of the validated second signed message (SM2).
  - 29. A system according to claim 27 wherein the first processing device is configured to:
    - generate a message (M); and
      
      send the message (M),wherein the second processing device is configured to;
      
      receive the message (M).
  - 30. A system according to claim 29 wherein the message is generated by another node, wherein the first processing device is configured to:
    - receive the message (M),wherein the second processing device is configured to;
      
      receive the message (M).
  - 31. A system according to claim 29 further comprising a system data store and/or input interface, wherein the first processing device and second processing device receives the message (M), or a second message (M2) from the system data store and/or input interface.
  - 32. A system according to claim 31, wherein the first processing device receives the second node master public key (P_1S) from the system data store and/or input device, and the second processing device receives the first node master public key (P_1C) from the system data store and/or input device.
  - 33. A system according to claim 26 wherein the cryptography system is an elliptic curve cryptography (ECC) system and the first node master public key (P_1C), second node master public key (P_1S) are based on elliptic curve point multiplication of respective first node master private key (V_1C) and second node master private key (V_1S) and a generator (G).
  - 34. A system according to claim 26 further comprising:
    - a first data store associated with the first node (C) to store the first node master private key (V_1C); and
      
      a second data store associated with the second node (S) to store the second node master private key (V_1S).
  - 35. A system according to claim 34, wherein the first processing device is configured to:
    - generate the first node master private key (V_1C) and the first node master public key (P_1C);
      
      send the first node master public key (P_1C); and
      
      store the first node master private key (V_1C) in the first data store,wherein the second processing device is configured to;
      
      generate the second node master private key (V_1S) and the second node master public key (P_1S);
      
      send the second node master public key (P_1S); and
      
      store the second node master private key (V_1S) in the second data store.
  - 36. A system according to claim 34, wherein:
    - the first data store receives and stores the second node master public key (P_1S); and
      
      the second data store receives and stores the first node master public key (P_1C).
  - 37. A system according to claim 26 wherein the first processing device is further configured to:
    - generate the first node master private key (V_1C) based on a random integer in an allowable range specified in a common cryptography system; and
      
      determine the first node master public key (P_1C) based on encryption of the first node master private key (V_1C),and wherein the second processing device is further configured to;
      
      generate the second node master private key (V_1S) based on a random integer in the allowable range specified in the common cryptography system; and
      
      determine the second node master public key (P_1S) based on encryption of the second node master private key (V_1S).
  - 38. A system according to claim 37 wherein the common cryptography system is an elliptic curve cryptography (ECC) system with a common generator (G), wherein the first processing device is further configured to:
    - determine the first node master public key (P_1C) based on elliptic curve point multiplication of the first node master private key (V_1C) and the common generator according to the formula;
      
      P_1C=V_1C×
      
      G. and wherein the second processing device is further configured to;
      
      determine the second node master public key (P_1S) based on elliptic curve point multiplication of the second node master private key (V_1S) and the common generator according to the formula;
      
      P_1S=V_1S×
      
      G.
  - 39. A system according to claim 29 wherein the first processing device is configured to:
    - determine the deterministic key (DK) based on a hash of the message (M), and wherein;
      
      the first node second private key (V_2C) is based on a scalar addition of the first node master private key (V_1C) and the deterministic key (DK) according to the formula;
      
      V_2C=V_1C+DK; and
      
      the second node public key (P_2S) is based on the second node master public key (P_1S) with elliptic curve point addition to the elliptic curve point multiplication of the deterministic key (DK) and the common generator (G) according to the following formula;
      
      P_2S=P_1S+DK×
      
      G and wherein the second processing device is configured to;
      
      determine the deterministic key (DK) based on a hash of the message (M), and wherein;
      
      the second node second private key (V_2S) is based on a scalar addition of the second node master private key (V_1S) and the deterministic key (DK) according to the formula;
      
      V_2S=V_1C+DK; and
      
      the first node public key (P_2C) is based on the first node master public key (P_1C) with elliptic curve point addition to the elliptic curve point multiplication of the deterministic key (DK) and the common generator (G) according to the following formula;
      
      P_2C=P_1C+DK×
      
      G.
  - 40. A system according to claim 28 further comprising:
    - a first communications module associated with the first processing device to send and/or receive, over a communications network, one or more of the message (M), the first node master public key (P_1C), the second node master public key (P_1S), the first signed message (SM1), the second signed message (SM2), and a notice indicative of using a common cryptography system; and
      
      a second communications module associated with the second processing device to send and/or receive, over a communications network, one or more of the message (M), the first node master public key (P_1C), the second node master public key (P_1S), the first signed message (SM1), the second signed message (SM2), and the notice indicative of using a common cryptography system.
  - 41. A system according to claim 40, wherein the common cryptography system is an elliptic curve cryptography (ECC) system with a common generator (G).
  - 42. A system according to claim 26, wherein the deterministic key (DK) is based on determining a hash of a previous deterministic key.
  - 43. A method according to claim 26 wherein the first asymmetric cryptography pair and the second asymmetric cryptography pair are based on a function of respective previous first asymmetric cryptography pair and previous second asymmetric cryptography pair.
  - 44. A system for secure communication between a first node and a second node with symmetric-key algorithm, wherein the system comprises:
    - a system according to claim 26 to determine a common secret with the first processing device and the second processing device, wherein the first processing device is further configured to;
      
      determine a symmetric-key based on the common secret;
      
      encrypt a first communication message, with the symmetric-key, to an encrypted first communication message; and
      
      send the encrypted first communication message;
      
      wherein the second processing device is further configured to;
      
      determine the same symmetric-key based on the common secret;
      
      receive the encrypted first communication message; and
      
      decrypt the encrypted first communication message, with the symmetric-key, to the first communication message.
  - 45. A system according to claim 44, wherein the second processing device is further configured to:
    - encrypt a second communication message, with the symmetric-key, to the encrypted second communication message; and
      
      send the encrypted second communication message;
      
      wherein the first processing device is further configured to;
      
      receive the encrypted second communication message; and
      
      decrypt the encrypted second communication message, with the symmetric-key, to the second communication message.
  - 46. A system according to claim 45 wherein the first and second communication messages are transaction messages between the first node and second node for an online transaction between the first node and the second node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nchain Licensing AG (Nchain Holdings Limited)
Original Assignee
Nchain Holdings Limited
Inventors
Wright, Craig Steven, Savanah, Stephane
Primary Examiner(s)
Lemma, Samson B

Application Number

US16/078,630
Publication Number

US 20190052458A1
Time in Patent Office

1,181 Days
Field of Search

713168, 713171
US Class Current
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/008   involving homomorphic encry...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0844   with user authentication or...

H04L 9/0861   Generation of secret inform...

H04L 9/3066   involving algebraic varieti...

Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links