Accelerated Verification of Digital Signatures and Public Keys
First Claim
1. A method of verifying the equality of a relationship between the sum of scalar multiples of a pair of points on an elliptic curve and a third point on said curve comprising the steps ofi) obtaining a pair of integers of bit length less than one of said scalars and whose ratio corresponds to said scalar,ii) substituting said integers for said scalars in said relationship to obtain an equivalent relationship in which at least one of said terms is a scalar multiple of one of said points with reduced bit length, andiii) computing said equivalent relationship to verify said equality.
7 Assignments
0 Petitions
Accused Products
Abstract
Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and that v=w/z. The verification equality R=uG+vQ may then be computed as −zR+(uz mod n)+wQ=O with z and w of reduced bit length This is beneficial in digital signature verification where increased verification can be attained.
48 Citations
21 Claims
-
1. A method of verifying the equality of a relationship between the sum of scalar multiples of a pair of points on an elliptic curve and a third point on said curve comprising the steps of
i) obtaining a pair of integers of bit length less than one of said scalars and whose ratio corresponds to said scalar, ii) substituting said integers for said scalars in said relationship to obtain an equivalent relationship in which at least one of said terms is a scalar multiple of one of said points with reduced bit length, and iii) computing said equivalent relationship to verify said equality.
- 14. A method according to claim I wherein said integers are obtained using an iterative algorithm that is interrupted when integers of required bit length are obtained.
- 16. A method of verifying a digital signature of a message performed by a cryptographic operation in a group of a finite field having elements represented by bit strings of defined maximum bit length, said signature comprising a pair of components, one of which is derived from an ephemeral public key of a signer and the other of which combines said message, said first component and said ephemeral public key and a long term public key of said signer, said method comprising the steps of recovering said ephemeral public key from said first component, establishing a verification equality as a combination of group operations on said ephemeral public key, said long term public key and a generator of said group with at least one of said group operations involving an operand represented by bit strings having a reduced bit length less than said defined maximum bit length, computing said combination and accepting said signature if said equality holds and rejecting said signature if said equality fails.
-
21-38. -38. (canceled)
Specification