Fine-grained forward-secure signature scheme
First Claim
1. A method comprising providing a secret cryptographic key and a public cryptographic key applicable in a network of connected computer nodes using a signature scheme, the method being executable by a first computer node and the step of providing comprising the steps of:
- generating the secret cryptographic key by selecting two random factor values, multiplying the two selected random factor values to obtain a modulus value, and selecting a secret base value in dependence on the modulus value, wherein the secret base value forms part of the secret cryptographic key;
generating the public cryptographic key by selecting a number of exponent values, and deriving a public base value from the exponent values and the secret base value, wherein the public base value and the modulus value form part of the public cryptographic key;
deleting the two random factor values; and
providing the public cryptographic key within the network;
such that the public cryptographic key and at least one of the selected exponent values is usable for verifying a signature value on a message to be sent within the network to a second computer node for verification.
1 Assignment
0 Petitions
Accused Products
Abstract
The presented methods form the basis of a forward-secure signature scheme that is provably secure. Moreover, the presented methods form also the basis of a fine-grained forward-secure signature scheme that is secure and efficient. The scheme allows to react immediately on hacker break-ins such that signatures from the past still remain valid without re-issuing them and future signature values based on an exposed key can be identified accordingly. In general, each prepared signature carries an ascending index such that once an index is used, no lower index can be used to sign. Then, whenever an adversary breaks in, an honest signer can just announce the current index, e.g., by signing some special message with respect to the current index, as part of the revocation message for the current time period. It is then understood that all signatures made in prior time periods as well as all signatures make in the revoked period up to the announced index are valid, i.e., non-reputable.
-
Citations
22 Claims
-
1. A method comprising providing a secret cryptographic key and a public cryptographic key applicable in a network of connected computer nodes using a signature scheme, the method being executable by a first computer node and the step of providing comprising the steps of:
-
generating the secret cryptographic key by selecting two random factor values, multiplying the two selected random factor values to obtain a modulus value, and selecting a secret base value in dependence on the modulus value, wherein the secret base value forms part of the secret cryptographic key;
generating the public cryptographic key by selecting a number of exponent values, and deriving a public base value from the exponent values and the secret base value, wherein the public base value and the modulus value form part of the public cryptographic key;
deleting the two random factor values; and
providing the public cryptographic key within the network;
such that the public cryptographic key and at least one of the selected exponent values is usable for verifying a signature value on a message to be sent within the network to a second computer node for verification. - View Dependent Claims (2, 3, 9, 10, 11, 12, 22)
-
-
4. A method comprising providing a signature value on a message in a network of connected computer nodes, the method being executable by a first computer node and the step of providing comprising the steps of:
-
selecting a first signature element;
selecting a signature exponent value from a number of exponent values; and
deriving a second signature element from a provided secret cryptographic key, the message, and the number of exponent values such that the first signature element, the second signature element, and the signature exponent value satisfy a known relationship with the message and a provided public cryptographic key, wherein the signature value comprises the first signature element, the second signature element, and a signature reference to the signature exponent value, the signature value being sendable within the network to a second computer node for verification. - View Dependent Claims (5, 6, 13, 16, 17)
-
-
7. A method comprising verifying signature value on a message in a network of connected computer nodes, the method being executable by a second computer node and the step of verifying comprising the steps of:
-
receiving the signature value from a first computer node;
deriving a signature exponent value from the signature value; and
verifying whether the signature exponent value and part of the signature value satisfy a known relationship with the message and a provided public cryptographic key, otherwise refusing the signature value, wherein the signature value was generated from a first signature element, a number of exponent values, a provided secret cryptographic key, and the message. - View Dependent Claims (14, 18, 19)
-
-
8. A method comprising communicating within a network of connected computer nodes the validity of a signature value in the event of an exposure of a secret cryptographic key relating to the signature value, the step of communicating comprising the steps of:
-
defining an order of exponent values;
publishing a description of the exponent values and the order of the exponent values within the network;
publishing a revocation reference to one of the exponent values within the network such that the validity of the signature value is determinable by using the revocation reference, the order of exponent values, and a provided public cryptographic key. - View Dependent Claims (15, 20, 21)
-
Specification