Method for generating a message signature from a signature token encrypted by means of a homomorphic encryption function
First Claim
Patent Images
1. A method for generating a signature of a message (m) intended to be validated by a verifier server (3), the signature protocol implemented for generating the signature comprising public parameters (Gr, n, g) such that g is an element of the group Gr of the order n with n a prime integer, a client device (2) being configured to hold a private key (d) and a corresponding public key (y),said method being characterized in that it comprises steps of:
- offline beforehand computation (103) by a hardware security module (4) of a signature token (φ
(r), φ
(1/k)) comprising a first part of signature token φ
(r) and a second part of signature token φ
(1/k), wherein k is a random integer comprised between 1 and n−
1, and r is an intermediate integer defined by r=f(gk) where f is a function having values in Zn, and the first part of signature token φ
(r) is generated by encrypting the intermediate integer r by means of said homomorphic encryption function (φ
) and the second part of signature token φ
(1/k) is generated by encrypting the inverse of the random 1/k by means of said homomorphic encryption function (φ
),storage (104) of said signature token (φ
(r), (φ
(1/k));
generation (105) of said signature (r,s) of said message (m) encrypted by means of said homomorphic encryption function (φ
(r), φ
(s)) from the result (φ
(d)) of the encryption by said homomorphic encryption function of the private key stored by the client device (d), of the signature token (φ
(r), φ
(1/k)) and of said message (m), said signature being intended to be validated by said verifier server (3) by means of said public key (y).
10 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a method for generating a message signature intended to be validated by a verifier server, a client device being configured to hold a private key and a corresponding public key and comprising steps of:
- offline precomputation (103) by a hardware security module of a signature token, a result of encryption by means of a homomorphic encryption function,
- storage (104) of said signature token;
- generation (105) of said signature of said encrypted message by means of said homomorphic encryption function from the result of the encryption by said homomorphic encryption function of the private key stored by the client device, of the signature token and of said message, said signature being intended to be validated by said verifier server by means of said public key.
43 Citations
11 Claims
-
1. A method for generating a signature of a message (m) intended to be validated by a verifier server (3), the signature protocol implemented for generating the signature comprising public parameters (Gr, n, g) such that g is an element of the group Gr of the order n with n a prime integer, a client device (2) being configured to hold a private key (d) and a corresponding public key (y),
said method being characterized in that it comprises steps of: -
offline beforehand computation (103) by a hardware security module (4) of a signature token (φ
(r), φ
(1/k)) comprising a first part of signature token φ
(r) and a second part of signature token φ
(1/k), wherein k is a random integer comprised between 1 and n−
1, and r is an intermediate integer defined by r=f(gk) where f is a function having values in Zn, and the first part of signature token φ
(r) is generated by encrypting the intermediate integer r by means of said homomorphic encryption function (φ
) and the second part of signature token φ
(1/k) is generated by encrypting the inverse of the random 1/k by means of said homomorphic encryption function (φ
),storage (104) of said signature token (φ
(r), (φ
(1/k));generation (105) of said signature (r,s) of said message (m) encrypted by means of said homomorphic encryption function (φ
(r), φ
(s)) from the result (φ
(d)) of the encryption by said homomorphic encryption function of the private key stored by the client device (d), of the signature token (φ
(r), φ
(1/k)) and of said message (m), said signature being intended to be validated by said verifier server (3) by means of said public key (y). - View Dependent Claims (2, 3, 4, 5, 6, 7, 10)
-
-
8. The method for generating a signature of a message (m) intended to be validated by a verifier server (3), a client device (2) being configured to hold a private key (d) and a corresponding public key (y) wherein the public key y and the private key d verify y=d*g, g being a point of an elliptic curve of the order n, a prime integer,
said method being characterized in that it comprises steps implemented previously offline by a hardware security module (4) of: -
generation (101) of a random k as integer belonging to [1, n−
1],computation (102) of an intermediate integer r as abscissa of the point of the elliptic curve k*g modulo n; computation (103) of a signature token (φ
(r), φ
(1/k)) comprising a first part of signature token φ
(r) generated by encrypting the intermediate integer r by means of said homomorphic encryption function (φ
), and a second part of signature token φ
(1/k), generated by encrypting the inverse of the random 1/k by means of said homomorphic encryption function (φ
),the method further comprising implementing the steps of; storage (104) of said signature token (φ
(r), φ
(1/k));generation (105) of said signature (r,s) of said message (m) encrypted by means of said homomorphic encryption function (φ
(r), φ
(s)) from the result (φ
(d)) of the encryption by said homomorphic encryption function of the private key stored by the client device (d), of the signature token (φ
(r), φ
(1/k)) and of said message (m), said signature being intended to be validated by said verifier server (3) by means of said public key (y).
-
-
9. The method for generating a signature of a message (m) intended to be validated by a verifier server (3), a client device (2) being configured to hold a private key (d) and a corresponding public key (y), wherein the public key (y) and the private key d such that 0<
- d<
n verify y=gd mod p, n being a prime number, p being a prime number verifying (p−
1) is a multiple of n, g=013-1)/n) mod p with h a random integer verifying 1 <
h<
p−
1 and g different to 1,said method being characterized in that it comprises steps implemented previously offline by a hardware security module (4) of; generation (101) of a random k as integer belonging to [1, n−
1],computation (102) of an intermediate integer r=(gk mod p) mod n; computation (103) of a signature token (φ
(r), φ
(1/k)) comprising a first part of signature token φ
(r) generated by encrypting the intermediate integer r by means of said homomorphic encryption function (φ
), and a second part of signature token φ
(1/k), generated by encrypting the inverse of the random 1/k by means of said homomorphic encryption function (φ
),the method further comprising implementing the steps of; storage (104) of said signature token (φ
(r), φ
(1/k));generation (105) of said signature (r,s) of said message (m) encrypted by means of said homomorphic encryption function (φ
(r), φ
(s)) from the result (φ
(d)) of the encryption by said homomorphic encryption function of the private key stored by the client device (d), of the signature token (φ
(r), φ
(1/k)) and of said message (m), said signature being intended to be validated by said verifier server (3) by means of said public key (y).
- d<
-
11. A system (1) for generating a signature of a message (m) intended to be validated by a verifier server (3), the signature protocol implemented for generating the signature comprising public parameters (Gr, n, g) such that g is an element of the group Gr of the order n with n a prime integer, a client device (2) being configured to hold a private key (d) and a corresponding public key (y), said system comprising:
-
a hardware security module (4) configured to compute beforehand, offline, a signature token (φ
(r), φ
(1/k)) comprising a first part φ
(r) of signature token and a second part φ
(1/k) of signature token, wherein k is a random integer comprised between 1 and n−
1, and r is an intermediate integer defined by r=f(gk) where f is a function having values in Zn, and the first part of signature token φ
(r) is generated by encrypting the intermediate integer r by means of said homomorphic encryption function (φ
) and the second part of signature token φ
(1/k) generated by encrypting the inverse of the random 1/k by means of said homomorphic encryption function (φ
),a storage device (8 ) of said signature token (φ
(r), φ
(1/k)),an intermediate server (7) or said hardware security module (4) configured to generate said signature (r,s) of said message (m) encrypted by means of said homomorphic encryption function (φ
(r), φ
(s)) from the result (φ
(d)) of the encryption by said homomorphic encryption function (φ
) of the private key stored by the client device (d), of the signature token (φ
(r), φ
(1/k)) and of said message (m),a verifier server (3) configured to validate said signature by means of said public key (y).
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIDEMIA Identity and Security France SAS (Advent International Corporation)
-
Original AssigneeMorpho (Advent International Corporation)
-
InventorsMOREL, Constance, CLEMOT, Olivier, CHABANNE, Herve, BRINGER, Julien
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesH04L 9/008 involving homomorphic encry...H04L 9/3066 involving algebraic varieti...H04L 9/3247 involving digital signaturesH04L 9/3252 using DSA or related signat...
