MASKING THE OUTPUT OF RANDOM NUMBER GENERATORS IN KEY GENERATION PROTOCOLS
First Claim
1. A method of establishing a private key for use in a public key cryptographic system established between computing devices, each computing device having a cryptographic unit to perform cryptographic operations, said method comprising:
- establishing at one of said devices a private value from an output of a random number generator,computing a corresponding public key from said private value,encrypting said corresponding public key using a deterministic encryption scheme to establish an encrypted public key and forwarding said encrypted public key to a computing device acting as a trusted party,receiving from said trusted party encrypted private key reconstruction data,applying a decryption key to recover said private key reconstruction data; and
computing said private key from said private key reconstruction data, said private key being a discrete log private key corresponding to a discrete log public key made available to the other of said computing devices, whereby said private key may be used in a transfer of information with a recipient of said corresponding discrete log public key.
4 Assignments
0 Petitions
Accused Products
Abstract
To mitigate the effects of a weak random number generator (RNG) in a public key cryptosystem, a public key obtained from the RNG is encrypted using a deterministic cryptographic scheme before being made publicly available. A trusted party receiving the encrypted public key can recover the public key and combine it with other information so it is not subject to direct scrutiny. In one embodiment, the trusted party incorporates the public key in a certificate, such as an implicit certificate, for use by the correspondents in other communications.
66 Citations
20 Claims
-
1. A method of establishing a private key for use in a public key cryptographic system established between computing devices, each computing device having a cryptographic unit to perform cryptographic operations, said method comprising:
-
establishing at one of said devices a private value from an output of a random number generator, computing a corresponding public key from said private value, encrypting said corresponding public key using a deterministic encryption scheme to establish an encrypted public key and forwarding said encrypted public key to a computing device acting as a trusted party, receiving from said trusted party encrypted private key reconstruction data, applying a decryption key to recover said private key reconstruction data; and computing said private key from said private key reconstruction data, said private key being a discrete log private key corresponding to a discrete log public key made available to the other of said computing devices, whereby said private key may be used in a transfer of information with a recipient of said corresponding discrete log public key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computing device for use in a cryptographic system to exchange information with other devices using public key cryptographic protocols, said device comprising:
-
a cryptographic unit having a random number generator; a memory to store parameters of said cryptographic system; and an arithmetic logic unit to perform cryptographic operations, wherein said cryptographic unit is operable to; generate a public key from an output of said random number generator; encrypt said public key with a deterministic encryption scheme; forward said encrypted public key to a trusted party; receive encrypted private key reconstruction data from said trusted party; and obtain therefrom a private key for use in communications with other devices. - View Dependent Claims (9, 10, 11)
-
-
12. A method of one computing device, acting as a trusted party, generating a certificate, for use by another correspondent in a public key cryptographic system, said method comprising:
-
receiving from said another correspondent an encrypted public key; decrypting said public key using a deterministic encryption scheme to obtain said public key; utilising said public key to generate private key reconstruction data for use by said another correspondent; encrypting said private key reconstruction data; and forwarding said encrypted private key reconstruction data to said another correspondent. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computing device for use in a cryptographic system to exchange information with other devices using public key cryptographic protocols, said device comprising:
-
a cryptographic unit having a random number generator; a memory to store parameters of said cryptographic system; and an arithmetic logic unit to perform cryptographic operations, wherein said cryptographic unit is operable to; receive from another device an encrypted public key; decrypt said public key using a deterministic encryption scheme to obtain said public key; utilise said public key to generate private key reconstruction data for use by said correspondent; encrypt said private key reconstruction data; and forward said encrypted private key reconstruction data to said other device. - View Dependent Claims (18)
-
-
19. A non transitory computer readable storage medium comprising computer executable instructions for establishing a private key for use in a public key cryptographic system established between computing devices, each computing device having a cryptographic unit to perform cryptographic operations, said non transitory computer readable storage medium comprising instructions for:
-
establishing at one of said devices a private value from an output of a random number generator, computing a corresponding public key from said private value, encrypting said corresponding public key using a deterministic encryption scheme to establish an encrypted public key and forwarding said encrypted public key to a computing device acting as a trusted party, receiving from said trusted party encrypted private key reconstruction data, applying a decryption key to recover said private key reconstruction data; and computing said private key from said private key reconstruction data, said private key being a discrete log private key corresponding to a discrete log public key made available to the other of said computing devices, whereby said private key may be used in a transfer of information with a recipient of said corresponding discrete log public key.
-
-
20. A non transitory computer readable storage medium comprising computer executable instructions for establishing a private key for use in a public key cryptographic system established between computing devices, each computing device having a cryptographic unit to perform cryptographic operations, said non transitory computer readable storage medium comprising instructions for:
-
receiving from said another correspondent an encrypted public key; decrypting said public key using a deterministic encryption scheme to obtain said public key; utilising said public key to generate private key reconstruction data for use by said another correspondent; encrypting said private key reconstruction data; and forwarding said encrypted private key reconstruction data to said another correspondent.
-
Specification