EFFICIENT POST-QUANTUM ANONYMOUS ATTESTATION WITH SIGNATURE-BASED JOIN PROTOCOL AND UNLIMITED SIGNATURES

US 20190319801A1
Filed: 06/28/2019
Published: 10/17/2019
Est. Priority Date: 06/28/2019
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a computer readable memory;

a signature module to;

generate a set of cryptographic keys for attestation of group member devices and a set of leaf nodes in a sub-tree of a Merkle tree corresponding to the set of cryptographic keys;

forward the set of leaf nodes to a group manager device;

receive, from the group manager device, a subset of intermediate nodes in the Merkle tree, the intermediate nodes being common to all available authentications paths through the Merkel tree for signatures originating in the sub-tree; and

determine a cryptographic key that defines an authentication path through the Merkle tree, the authentication path comprising one or more nodes from the set of leaf nodes and one or more nodes from the intermediate nodes received from the group manager device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one example an apparatus comprises a computer readable memory; and a signature module to generate a set of cryptographic keys for attestation of group member devices and a set of leaf nodes in a sub-tree of a Merkle tree corresponding to the set of cryptographic keys, forward the set of leaf nodes to a group manager device, receive, from the group manager device, a subset of intermediate nodes in the Merkle tree, the intermediate nodes being common to all available authentications paths through the Merkel tree for signatures originating in the sub-tree, and determine a cryptographic key that defines an authentication path through the Merkle tree, the authentication path comprising one or more nodes from the set of leaf nodes and one or more nodes from the intermediate nodes received from the group manager device. Other examples may be described.

Citations

21 Claims

1. An apparatus, comprising:
- a computer readable memory;
  
  a signature module to;
  
  generate a set of cryptographic keys for attestation of group member devices and a set of leaf nodes in a sub-tree of a Merkle tree corresponding to the set of cryptographic keys;
  
  forward the set of leaf nodes to a group manager device;
  
  receive, from the group manager device, a subset of intermediate nodes in the Merkle tree, the intermediate nodes being common to all available authentications paths through the Merkel tree for signatures originating in the sub-tree; and
  
  determine a cryptographic key that defines an authentication path through the Merkle tree, the authentication path comprising one or more nodes from the set of leaf nodes and one or more nodes from the intermediate nodes received from the group manager device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, the signature module to:
    - generate a signature of a message using a one-time private key and the at least one authentication path through the Merkle tree.
  - 3. The apparatus of claim 2, the signature module to:
    - determine the signature using a set of cryptographic keys that defines the authentication path through the Merkle tree.
  - 4. The apparatus of claim 3, wherein to generate the set of cryptographic keys comprises to determine a number of cryptographic keys to generate based at least in part on a number of leaf nodes assigned to each member compute device of the group in a Merkle-based signature scheme.
  - 5. The apparatus of claim 1, further comprising a cryptographic module to generate a cryptographic hash of each of one or more of the cryptographic keys of the set of cryptographic keys.
  - 6. The apparatus of claim 5, wherein to generate the set of cryptographic keys comprises to generate one or more asymmetric key pairs, wherein each asymmetric key pair includes a public cryptographic key and a corresponding private cryptographic key.
  - 7. The apparatus of claim 5, wherein to generate the cryptographic hash of each of the one or more cryptographic keys comprises to generate a cryptographic hash of the public cryptographic key of each symmetric key pair.

8. A computer-implemented method, comprising:
- generating a set of cryptographic keys for attestation of group member devices and a set of leaf nodes in a sub-tree of a Merkle tree corresponding to the set of cryptographic keys;
  
  forwarding the set of leaf nodes to a group manager device;
  
  receiving, from the group manager device, a subset of intermediate nodes in the Merkle tree, the intermediate nodes being common to all available authentications paths through the Merkel tree for signatures originating in the sub-tree; and
  
  determining a cryptographic key that defines an authentication path through the Merkle tree, the authentication path comprising one or more nodes from the set of leaf nodes and one or more nodes from the intermediate nodes received from the group manager device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - generating a signature of a message using a one-time private key and the at least one authentication path through the Merkle tree.
  - 10. The method of claim 9, further comprising:
    - determining the signature using a set of cryptographic keys that defines the authentication path through the Merkle tree.
  - 11. The method of claim 10, wherein generating the set of cryptographic keys comprises to determine a number of cryptographic keys to generate based at least in part on a number of leaf nodes assigned to each member compute device of the group in a Merkle-based signature scheme.
  - 12. The method of claim 11, further comprising generating a cryptographic hash of each of one or more of the cryptographic keys of the set of cryptographic keys components to determine a root node value of the Merkle tree.
  - 13. The method of claim 12, wherein generating the set of cryptographic keys comprises generating one or more asymmetric key pairs, wherein each asymmetric key pair includes a public cryptographic key and a corresponding private cryptographic key.
  - 14. The method of claim 12, wherein generating the cryptographic hash of each of the one or more cryptographic keys comprises generating a cryptographic hash of the public cryptographic key of each symmetric key pair.

15. A non-transitory computer-readable medium comprising instructions which, when executed by a processor, configure the processor to perform operations, comprising:
- storing a public key associated with a signing device in a computer-readable medium;
  
  generating a set of cryptographic keys for attestation of group member devices and a set of leaf nodes in a sub-tree of a Merkle tree corresponding to the set of cryptographic keys;
  
  forwarding the set of leaf nodes to a group manager device;
  
  receiving, from the group manager device, a subset of intermediate nodes in the Merkle tree, the intermediate nodes being common to all available authentications paths through the Merkel tree for signatures originating in the sub-tree; and
  
  determining a cryptographic key that defines an authentication path through the Merkle tree, the authentication path comprising one or more nodes from the set of leaf nodes and one or more nodes from the intermediate nodes received from the group manager device.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer-readable medium of claim 15, further comprising instructions which, when executed by the processor, configure the processor to perform operations, comprising:
    - generating a signature of a message using a one-time private key and the at least one authentication path through the Merkle tree.
  - 17. The non-transitory computer-readable medium of claim 16, further comprising instructions which, when executed by the processor, configure the processor to perform operations, comprising:
    - determining the signature using a set of cryptographic keys that defines the authentication path through the Merkle tree.
  - 18. The non-transitory computer-readable medium of claim 17, wherein generating the set of cryptographic keys comprises determining a number of cryptographic keys to generate based at least in part on a number of leaf nodes assigned to each member compute device of the group in a Merkle-based signature scheme.
  - 19. The non-transitory computer-readable medium of claim 18, further comprising instructions which, when executed by the processor, configure the processor to perform operations, comprising:
    - generating a cryptographic hash of each of one or more of the cryptographic keys of the set of cryptographic keys.
  - 20. The non-transitory computer-readable medium of claim 19, further comprising instructions which, when executed by the processor, configure the processor to perform operations, comprising:
    - generating one or more asymmetric key pairs, wherein each asymmetric key pair includes a public cryptographic key and a corresponding private cryptographic key.
  - 21. The non-transitory computer-readable medium of claim 19, further comprising instructions which, when executed by the processor, configure the processor to perform operations, comprising:
    - generating a cryptographic hash of the public cryptographic key of each symmetric key pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
SASTRY, MANOJ, MISOCZKI, RAFAEL

Granted Patent

US 11,362,835 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0822   using key encryption key

H04L 9/0861   Generation of secret inform...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

EFFICIENT POST-QUANTUM ANONYMOUS ATTESTATION WITH SIGNATURE-BASED JOIN PROTOCOL AND UNLIMITED SIGNATURES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

EFFICIENT POST-QUANTUM ANONYMOUS ATTESTATION WITH SIGNATURE-BASED JOIN PROTOCOL AND UNLIMITED SIGNATURES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links