HIERARCHICAL IDENTITY-BASED ENCRYPTION AND SIGNATURE SCHEMES

US 20080052521A1
Filed: 10/24/2007
Published: 02/28/2008
Est. Priority Date: 03/21/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of generating a digital signature on a message M for a signer E_twhich is an entity t levels below an entity E₀in a hierarchical system including at least the entities E₀, E₁, . . . , E_t, t≧

2, wherein each entity E_i(i=1, . . . ,t) is a child of entity E_i−

1in the hierarchical system, the method comprising;

(1) obtaining the signer'"'"'s secret key S_twhich is a member of a group G₁;

(2) obtaining the signer'"'"'s integer secret s_t;

(3) generating a signature component Sig on the message M as a value
Sig=S_t+s_tP_Mwherein;

“

+”

is a group operation in the group G₁; and

P_Mis a value depending on the message M and is a member of the group G₁.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A signature {Sig, {Q_i}} is generated on a message M by a signer E_tin a hierarchical system including the entities E₀, E₁, . . . , E_t, each entity E_i(i>0) being a child of E_i−1. Here $Sig = S_{t} + s_{t} P_{M} = \sum_{i = 1}^{t} s_{i - 1} P_{i},$
where: each S_iis a secret key of E_i; each s_iis a secret of S_i; P_Mis a public function of M; each P_iis a public function of the ID'"'"'s of all entities E_jsuch that 1≦j≦i; each Q_i=s_iP₀where P₀is public. The verifier confirms that $\frac{\hat{e} (P_{0}, Sig)}{\hat{e} (Q_{t}, P_{M}) \prod_{i} \hat{e} (Q_{i - 1}, P_{i})} = V,$
where: the product Π_iê(Q_i−1,P_i) is taken over all integers i in a proper subset of the integers from 1 to t inclusive; ê is a bilinear non-degenerate mapping; V can be ê(Q₀,P_i₀) where i₀is predefined (e.g. 1), or V can be another expression is a verifier is part of the hierarchical system.

43 Citations

View as Search Results

25 Claims

1. A computer-implemented method of generating a digital signature on a message M for a signer E_twhich is an entity t levels below an entity E₀in a hierarchical system including at least the entities E₀, E₁, . . . , E_t, t≧
- 2, wherein each entity E_i(i=1, . . . ,t) is a child of entity E_i−
  
  1in the hierarchical system, the method comprising;
  
  (1) obtaining the signer'"'"'s secret key S_twhich is a member of a group G₁;
  
  (2) obtaining the signer'"'"'s integer secret s_t;
  
  (3) generating a signature component Sig on the message M as a value
  Sig=S_t+s_tP_Mwherein;
  
  “
  
  +”
  
  is a group operation in the group G₁; and
  
  P_Mis a value depending on the message M and is a member of the group G₁.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein $S_{t} = \sum$
    - i = 1 t ⁢
      
      s i - 1 ⁢
      
      P i , wherein each P_iis a public function of an identity of the entity E_i, and each s_i−
      
      1is an integer secret of the entity E_i−
      
      1.
  - 3. The method of claim 2 wherein in operation (1), the signer obtains S_tfrom the entity E_t−
    - 1, and in operation (2) the signer generates s_t.
  - 4. The method of claim 2, wherein each P_idepends on the identity of each entity E_jsuch that 1≦
    - j≦
      
      i.
  - 5. The method of claim 1 wherein:
    - each entity E_i(i>
      
      0) receives its secret key S_ifrom the entity E_i−
      
      1;
      
      each entity E_i(i<
      
      t) generates its secret s_iand also generates a secret key S_i+1as;
      
      S_i+1=S_i+s_iP_i+1and provides the secret key S_i+1to the entity E_i+1;
      
      each entity E_i(0≦
      
      i≦
      
      t) generates a value Q_i=s_iP₀, where P₀is a predefined element of the group G₁, and each entity E_i(1≦
      
      i≦
      
      t) obtains the values Q_jfor all j<
      
      i.
  - 6. The method of claim 5 further comprising providing the signature component Sig to a verifier, wherein the verifier has access to values {Q_i} for values i in a subset of integers from 0 to t inclusive.
  - 7. The method of claim 6 wherein said subset of integers from 0 to t inclusive comprises each integer from 0 to t inclusive except the integer 1.
  - 8. The method of claim 6 wherein said subset of integers from 0 to t inclusive is the set of all integers from L to t inclusive, where L is an integer greater than 1;
    - and the verifier is a child of the entity E_Lin the hierarchical system.
  - 9. The method of claim 5, wherein each P_idepends on the identity of each entity E_jsuch that 1≦
    - j≦
      
      i and also on each Q_jsuch that 1≦
      
      j≦
      
      i.

10. A computer-implemented method of verifying a digital signature on a message M to verify that the digital signature is a valid signature by a signer E_twhich is an entity t levels below an entity E₀in a hierarchical system including at least the entities E₀, E₁, . . . , E_t, t≧
- 2, wherein each entity E_i(i=1, . . . ,t) is a child of entity E_i−
  
  1in the hierarchical system, the method comprising;
  
  (1) obtaining a signature component Sig which is an element of a predefined group G₁;
  
  (2) obtaining one or more values Q_iassociated with respective one or more entities E_i, the one or more values Q_iincluding a value Q_t;
  
  (3) confirming that $\frac{\hat{e} (P_{0}, Sig)}{\hat{e} (Q_{t}, P_{M}) \prod_{i} \hat{e} (Q_{i - 1}, P_{i})} = V$ wherein;
  
  P₀is a predefined element of a group G₁;
  
  the product Π
  
  _iê
  
  (Q_i−
  
  1,P_i) is taken over all integers i in a proper subset of the integers from 1 to t inclusive;
  
  each Q_i−
  
  1=s_i−
  
  1P₀, where s_i−
  
  1is an integer secret of the entity E_i−
  
  1;
  
  Q_t=s_tP₀, where s_iis an integer secret of the entity E_t;
  
  ê
  
  is a bilinear non-degenerate mapping of G₁×
  
  G₁into a predefined group G₂;
  
  P_Mis a value depending on the message M and is a member of the group G₁;
  
  each P_idepends on an identity of the entity E_i;
  
  V is an element of the group G₂.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10 wherein the product Π
    - _iê
      
      (Q_i−
      
      1,P_i) is taken over all integers i from 1 to t inclusive except a predefined integer i₀, and V=ê
      
      (Q₀,P_i₀).
  - 12. The method of claim 10 wherein the product Π
    - _iê
      
      (Q_i−
      
      1,P_i) is taken over all integers i from 2 to t inclusive, and V=ê
      
      (Q₀,P₁).
  - 13. The method of claim 10 wherein:
    - operations (1), (2), (3) are performed by an entity E_zmwhich is m levels below the entity E₀in the hierarchical system, and the hierarchical system includes the entities E_z(L+1), . . . , E_zm, wherein each entity E_zi(i=L+1, . . . ,m) is i levels below E₀, where L is a predefined integer greater than 1 and less than t and less than m;
      
      the product Π
      
      _iê
      
      (Q_i−
      
      1,P_i) is taken over all integer i from L+1 to t inclusive; and
      
      $V = \frac{\hat{e} (P_{0}, S_{zm})}{\prod_{i = L + 1}^{m} \hat{e} (Q_{z (i - 1)}, P_{zi})}$ wherein;
      
      $S_{zm} = \sum_{i = 1}^{L} s_{i - 1} P_{i} + \sum_{i = L + 1}^{m} s_{z (i - 1)} P_{zi};$ each P_zi(i>
      
      L) is a public function of an identity of the entity E_zi;
      
      each s_i−
      
      1is an integer secret of the entity E_i−
      
      1, and each s_z(i−
      
      1)is an integer secret of the entity E_z(i−
      
      1).
  - 14. The method of claim 10 wherein:
    - each entity E_i(i>
      
      0) receives its secret key S_ifrom the entity E_i−
      
      1;
      
      each entity E_i(i<
      
      t) generates its secret s_iand also generates a secret key S_i+1as;
      
      S_i+1=S_i+s_iP_i+1and provides the secret key S_i+1to the entity E_i+1;
      
      each entity E_i(0≦
      
      i≦
      
      t) generates a value Q_i=s_iP₀, where P₀is a predefined element of the group G₁.

15. An apparatus operable to generate a digital signature on a message M for a signer E_twhich is an entity t levels below an entity E₀in a hierarchical system including at least the entities E₀, E₁, . . . , E_t, t≧
- 2, wherein each entity E_i(i=1, . . . ,t) is a child of entity E_i−
  
  1in the hierarchical system, the apparatus comprising circuitry for;
  
  (1) obtaining the signer'"'"'s secret key S_twhich is a member of a group G₁;
  
  (2) obtaining the signer'"'"'s integer secret s_t;
  
  (3) generating a signature component Sig on the message M as a value
  Sig=S_t+s_tP_Mwherein;
  
  “
  
  +”
  
  is a group operation in the group G₁; and
  
  P_Mis a value depending on the message M and is a member of the group G₁.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15 wherein $S_{t} = \sum$
    - i = 1 t ⁢
      
      s i - 1 ⁢
      
      P i , wherein each P_iis a public function of an identity of the entity E_i, and each s_i−
      
      1is an integer secret of the entity E_i−
      
      1.
  - 17. The apparatus of claim 16 wherein in operation (1), the signer obtains S_tfrom the entity E_t−
    - 1, and in operation (2) the signer generates s_t.
  - 18. The apparatus of claim 16 wherein:
    - each entity E_i(i>
      
      0) receives its secret key S_ifrom the entity E_i−
      
      1;
      
      each entity E_i(i<
      
      t) generates its secret s_iand also generates a secret key S_i+1as;
      
      S_i+1=S_i+s_iP_i+1and provides the secret key S_i+1to the entity E_i+1;
      
      each entity E_i(0≦
      
      i≦
      
      t) generates a value Q_i=s_iP₀, where P₀is a predefined element of the group G₁, and each entity E_i(1≦
      
      i≦
      
      t) obtains the values Q_jfor all j<
      
      i.
  - 19. The apparatus of claim 18 wherein the apparatus is further for providing the signature component Sig to a verifier, wherein the verifier has access to values {Q_i} for values i in a subset of integers from 0 to t inclusive, wherein said subset of integers from 0 to t inclusive comprises each integer from 0 to t inclusive except one integer.
  - 20. The apparatus of claim 18 wherein said subset of integers from 0 to t inclusive is the set of all integers from L to t inclusive, where L is an integer greater than 1 and less than t;
    - and the verifier is a child of the entity E_Lin the hierarchical system.

21. An apparatus operable to verify a digital signature on a message M to confirm that the digital signature is a valid signature by a signer E_twhich is an entity t levels below an entity E₀in a hierarchical system including at least the entities E₀, E₁, . . . , E_t, t≧
- 2, wherein each entity E_i(i=1, . . . ,t) is a child of entity E_i−
  
  1in the hierarchical system, the apparatus comprising circuitry for;
  
  (1) obtaining a signature component Sig which is an element of a predefined group G₁;
  
  (2) obtaining one or more values Q_iassociated with respective one or more entities E_i, the one or more values Q_iincluding a value Q_t;
  
  (3) confirming that $\frac{\hat{e} (P_{0}, Sig)}{\hat{e} (Q_{t}, P_{M}) \prod_{i} \hat{e} (Q_{i - 1}, P_{i})} = V$ wherein;
  
  P₀is a predefined public element of a group G₁;
  
  ê
  
  is a bilinear non-degenerate mapping of G₁×
  
  G₁into a predefined group G₂;
  
  P_Mis a value depending on the message M and is a member of the group G₁;
  
  each P_idepends on an identity of the entity E_i;
  
  V is an element of the group G₂.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The apparatus of claim 21 wherein the product Π
    - _iê
      
      (Q_i−
      
      1,P_i) is taken over all integers i from 1 to t inclusive except one integer i₀, and V=ê
      
      (Q₀,P_i₀).
  - 23. The apparatus of claim 22 wherein the product Π
    - _iê
      
      (Q_i−
      
      1,P_i) is taken over all integer i from 2 to t inclusive, and V=ê
      
      (Q₀,P₁).
  - 24. The apparatus of claim 21 wherein:
    - operations (1), (2), (3) are performed for an entity which is m levels below the entity E₀in the hierarchical system, and the hierarchical system includes the entities E_z(L+1), . . . , E_zm, wherein each entity E_zi(i=L+1, . . . ,m) is i levels below E₀, where L is a predefined integer greater than 1 and less than t and less than m;
      
      the product Π
      
      _iê
      
      (Q_i−
      
      1,P_i) is taken over all integer i from L+1 to t inclusive; and
      
      $V = \frac{\hat{e} (P_{0}, S_{zm})}{\prod_{i = L + 1}^{m} \hat{e} (Q_{z (i - 1)}, P_{zi})}$ wherein;
      
      $S_{zm} = \sum_{i = 1}^{L} s_{i - 1} P_{i} + \sum_{i = L + 1}^{m} s_{z (i - 1)} P_{zi};$ each P_zi(i>
      
      L) is a public function of an identity of the entity E_zi;
      
      each s_i−
      
      1is an integer secret of the entity E_i−
      
      1, and each s_z(i−
      
      1)is an integer secret of the entity E_z(i−
      
      1).
  - 25. The apparatus of claim 21 wherein:
    - each entity E_i(i>
      
      0) receives its secret key S_ifrom the entity E_i−
      
      1;
      
      each entity E_i(i<
      
      t) generates its secret s_iand also generates a secret key S_i+1as;
      
      S_i+1=S_i+s_iP_i+1and provides the secret key S_i+1to the entity E_i+1;
      
      each entity E_i(0≦
      
      i≦
      
      t) generates a value Q_i=s_iP₀, where P₀is a predefined element of the group G₁.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Original Assignee
NTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
Inventors
Gentry, Craig, Silverberg, Alice

Granted Patent

US 7,590,854 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/180
CPC Class Codes

H04L 9/007   involving hierarchical stru...

H04L 9/0836   using tree structure or hie...

H04L 9/0847   involving identity based en...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3247   involving digital signatures

H04L 9/3252   using DSA or related signat...

HIERARCHICAL IDENTITY-BASED ENCRYPTION AND SIGNATURE SCHEMES

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

HIERARCHICAL IDENTITY-BASED ENCRYPTION AND SIGNATURE SCHEMES

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links