Combined digital signature

US 20020184504A1
Filed: 03/26/2001
Published: 12/05/2002
Est. Priority Date: 03/26/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for making a public key digital signature on a plurality of messages in an electronic system, comprising:

a) arranging said plurality of messages into an ordered sequence of messages, b) constructing a hash tree from said sequence of messages, particularly computing a value of a root node of said hash tree, c) preparing a private key for a digital signature operation, and d) performing a cryptographic signature operation with said private key upon the value of said root node, whereby a maker of said public key digital signature can simultaneously sign said plurality of messages.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A combined digital signature is method of making a single public key digital signature on a number of messages, such that individual combined signatures may be extracted and individually presented. The mechanism of a combined digital signature is a combination of a hash tree whose leaves correspond to messages, together with a cryptographic signature made on the root of that hash tree. The invention comprises a method of making a combined signature, a method of extracting individual combined signatures, a method of verifying individual combined signatures, and the data format of an individual combined signature. The invention can increase performance of signature-making by a factor of several hundred over previous art.

Citations

20 Claims

1. A method for making a public key digital signature on a plurality of messages in an electronic system, comprising:
- a) arranging said plurality of messages into an ordered sequence of messages, b) constructing a hash tree from said sequence of messages, particularly computing a value of a root node of said hash tree, c) preparing a private key for a digital signature operation, and d) performing a cryptographic signature operation with said private key upon the value of said root node, whereby a maker of said public key digital signature can simultaneously sign said plurality of messages.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein a) said hash tree is constructed with a position-dependent hash function.
  - 3. The method of claim 1, wherein a) said hash tree is constructed with a salted hash function that incorporates a salt value, whereby an outside party need not know said salt value in advance and thus would not be able to generate a tree extension.
  - 4. The method of claim 1, wherein a) the value of the leaves of said hash tree are taken as the results of a hash function applied to the values of said sequence of messages, whereby a verifier may be able to determine that said public key digital signature was not generated as a tree extension.
  - 5. The method of claim 1, further including a) performing said cryptographic signature operation with padding added to the value of said root node, whereby a verifier can verify a signature when using a cryptographic signature scheme without message recovery.

6. A method for making a public key digital signature on an individual message from out of a plurality of messages in an electronic system, comprising:
- a) arranging said plurality of messages into an ordered sequence of messages, b) constructing a hash tree from said sequence of messages, particularly computing a value of a root node of said hash tree, c) preparing a private key for a digital signature operation, d) performing a cryptographic signature operation with said private key upon the value of said root node, and e) extracting said public key digital signature from a combination of said hash tree and from the results of said cryptographic signature operation, whereby a verifier may be able to determine the verity of said public key digital signature against a combination comprising said individual message and a public key corresponding to said private key.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, further including a) incorporating a hash tree size into said public key digital signature, said hash tree size being the number of said plurality of messages, whereby a verifier may be able to determine that said public key digital signature was not generated as a tree extension.
  - 8. The method of claim 6, further including a) incorporating a salt value into said public key digital signature, and wherein b) said hash tree is constructed with a salted hash function that incorporates said salt value, whereby a verifier may be able to determine that said public key digital signature was not generated as a tree extension.
  - 9. The method of claim 6, further including a) performing said cryptographic signature operation with padding added to the value of said root node, and b) incorporating the value of said padding into said public key digital signature, whereby a verifier can verify a signature when using a cryptographic signature scheme without message recovery.

10. A method for verifying a public key digital signature against an individual message and a public key in an electronic system, comprising:
- a) parsing said public key digital signature and retrieving its signature data, b) ascertaining that said signature data comprises a stated signature value and a stated sibling value-and-position sequence, c) computing a hash tree branch comprising a leaf node and a root node, said hash tree branch being computed with the value of said individual message and with said stated sibling value-and-position sequence, d) performing a verification operation on said stated signature value with the value of said root node and with said public key, whereby a verifier can determine that said public key digital signature was generated from said individual message by a holder of a private key corresponding to said public key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 18, 19, 20)
- - 11. The method of claim 10, wherein a) said stated signature value comprises a stated cryptographic signature and a stated padding value, and further including b) performing said verification operation with said stated padding value added to the value of said root node, whereby a verifier can verify a signature when using a cryptographic signature scheme without message recovery.
  - 12. The method of claim 10, wherein a) said stated signature value comprises a stated cryptographic signature, and b) said verifying step uses a cryptographic signature scheme with message recovery.
  - 13. The method of claim 10, wherein a) said hash tree branch is computed with a position-dependent hash function.
  - 14. The method of claim 10, further including a) ascertaining that said signature data comprises a hash tree size, b) determining a tree representative of a tree family, said tree representative having said hash tree size, and c) determining whether or not the shape of said hash tree branch is a valid branch of said tree representative, whereby a verifier can determine that said public key digital signature was not generated as a tree extension.
  - 15. The method of claim 10, further including a) ascertaining that said signature data comprises a salt value, and wherein b) the hash function used to compute said hash tree branch is a salted hash function that incorporates said salt value. whereby a verifier can have an assurance that said public key digital signature was not generated as a tree extension.
  - 16. The method of claim 10, wherein a) the value of the leaf of said hash tree branch is taken as the result of a hash function applied to the value of said individual message, whereby a verifier can have an assurance that said public key digital signature was not generated as a tree extension.
  - 18. The signature data structure of claim 17, further including a) a padding value, whereby a verifier can verify a signature when using a cryptographic signature scheme without message recovery.
  - 19. The signature data structure of claim 17, further including a) a tree size value, whereby a verifier can determine that said public key digital signature was not generated as a tree extension.
  - 20. The signature data structure of claim 17, further including a) a salt value, whereby a verifier can verify a signature when said signature was generated with a salted hash function.

17. A signature data structure embodied in a computer-readable medium, comprising:
- a) a value-and-position sequence, said value-and-position sequence comprising a sibling sequence for a branch from a leaf to the root of a hash tree, and b) a public key signature, whereby a signature maker has the ability to store and to transmit said signature data structure comprising a public key digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Eric Hughes
Original Assignee
Eric Hughes
Inventors
Hughes, Eric

Application Number

US09/817,670
Publication Number

US 20020184504A1
Time in Patent Office

Days
Field of Search
US Class Current

713/177
CPC Class Codes

H04L 2209/125   Parallelization or pipelini...

H04L 2209/20   Manipulating the length of ...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/68   Special signature format, e...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

Combined digital signature

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Combined digital signature

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links