DIGITAL SIGNATURE SYSTEM BASED ON SHARED KNOWLEDGE
First Claim
1. In a digital signature system, a method comprising the steps of:
- (a) first, providing a public key of a first party to a second party for the later verification of a digital signature generated using an elliptic curve digital signature algorithm, by performing the steps of, (i) identifying domain parameters of an elliptic curve for use in elliptic curve cryptography, including identifying a generating point, (ii) transforming said identified generating point into a second generating point as a deterministic function of shared knowledge, (iii) generating within a computer system of the first party the public key as a deterministic function of a private key and the domain parameters, in which the second generating point is substituted for said identified generating point, wherein said generated public key comprises, in conjunction with the private key, a public-private key pair for use in elliptic curve cryptography, and (iv) communicating said generated public key to the second party; and
(b) thereafter, providing a digital signature to the second party for verification, by performing the steps of, (i) generating within the computer system of the first party the digital signature as a function of the private key and the domain parameters identified in said step (a)(i), in which the second generating point of said step (a)(ii) is substituted for said identified generating point of said step (a)(i), and (ii) communicating said generated digital signature to the second party, wherein the shared knowledge is known to the first party and the second party.
3 Assignments
0 Petitions
Accused Products
Abstract
A method in a digital signature system includes providing a public key of a first party to a second party for later verification of a digital signature. The method includes: identifying domain parameters of an elliptic curve, including a generating point; transforming the generating point into a second generating point as a deterministic function of shared knowledge; and generating the public key as a deterministic function of a private key and the domain parameters, in which the second generating point is substituted for the identified generating point. The public key and private key constitute a public-private key pair of elliptic curve cryptography. A digital signature is generated as a function of the private key and the domain parameters, in which the second generating point again is substituted for the initial generating point identified. The shared knowledge is known to and shared between the first party and the second party.
103 Citations
30 Claims
-
1. In a digital signature system, a method comprising the steps of:
-
(a) first, providing a public key of a first party to a second party for the later verification of a digital signature generated using an elliptic curve digital signature algorithm, by performing the steps of, (i) identifying domain parameters of an elliptic curve for use in elliptic curve cryptography, including identifying a generating point, (ii) transforming said identified generating point into a second generating point as a deterministic function of shared knowledge, (iii) generating within a computer system of the first party the public key as a deterministic function of a private key and the domain parameters, in which the second generating point is substituted for said identified generating point, wherein said generated public key comprises, in conjunction with the private key, a public-private key pair for use in elliptic curve cryptography, and (iv) communicating said generated public key to the second party; and
(b) thereafter, providing a digital signature to the second party for verification, by performing the steps of, (i) generating within the computer system of the first party the digital signature as a function of the private key and the domain parameters identified in said step (a)(i), in which the second generating point of said step (a)(ii) is substituted for said identified generating point of said step (a)(i), and (ii) communicating said generated digital signature to the second party, wherein the shared knowledge is known to the first party and the second party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer-readable medium having computer-executable instructions for performing the steps comprising:
-
(a) first, providing a public key of a first party to a second party for the later verification of a digital signature generated using an elliptic curve digital signature algorithm, by performing the steps of, (i) identifying domain parameters of an elliptic curve for use in elliptic curve cryptography, including identifying a generating point, (ii) transforming said identified generating point into a second generating point as a deterministic function of shared knowledge, (iii) generating within a computer system of the first party the public key as a deterministic function of a private key and the domain parameters, in which the second generating point is substituted for said identified generating point, wherein said generated public key comprises, in conjunction with the private key, a public-private key pair for use in elliptic curve cryptography, and (iv) communicating said generated public key to the second party; and
(b) thereafter, providing a digital signature to the second party for verification, by performing the steps of, (i) generating within the computer system of the first party the digital signature as a function of the private key and the domain parameters identified in said step (a)(i), in which the second generating point of said step (a)(ii) is substituted for said identified generating point of said step (a)(i), and (ii) communicating said generated digital signature to the second party, wherein the shared knowledge is known to the first party and the second party.
-
-
23. An invention comprising a method of generating digital signatures with an Elliptic Curve Digital Signature Algorithm utilizing a private key of a public-private key pair used in elliptic curve cryptography, the method comprising the steps of:
-
(a) receiving into a computer system of the first party user input data;
(b) generating within the computer system a private key as a deterministic function of said received data of said step (a);
(c) maintaining an indicator to indicate whether a digital signature has yet been generated using said generated private key of said step (b) following said step of receiving the user input data;
(d) identifying domain parameters of an elliptic curve for use in elliptic curve cryptography, the domain parameters including an initial generating point;
(e) transforming the initial generating point into a new generating point as a deterministic function;
(f) generating within the computer system a digital signature as a deterministic function of said generated private key of said step (b), said maintained indicator of said step (f), and the domain parameters, in which the new generating point is substituted for the initial generating point; and
(g) following said step (f) of generating the digital signature, clearing from the computer system said generated private key of said step (b) and said new generating point of said step (e) so that neither the private key nor the new generating point is available within the computer system for generating a digital signature. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification