Signed document transmission system
First Claim
1. A signed document transmission method comprising the steps of:
- determining, on the transmitting side, integer values W and V satisfying
space="preserve" listing-type="equation">Z≦
Wpq+Vε
δ
<
Z+δ
for
space="preserve" listing-type="equation">Z=-g(m)-{f(x, m)(mod n)} where ε and
δ
are public keys, p and q are secret keys of prime numbers, n is a public key given by n=p2 q, x is a random number, m is a document to be transmitted, g(m) is an arbitrary function with respect to m, f(x, m) is a polynomial given by ##EQU19## and fi (m) is an arbitrary function with respect to m;
generating a signature S as given by S=x+ypq, where y is an integer given by a congruent division y=W/F'"'"'(X,n) (mod p), and f'"'"'(x, m) is a differentiation of f(x, m) with respect to x;
transmitting the document m and the signature S;
obtaining, on the receiving side, a congruent polynomial f(S, m) (mod n) using the signature S in place of x in the polynomial f(x, m), and the document m and the public key n; and
verifying the validity of the received document m and the signature S when ##EQU20## is satisfied, where [A] represents the greatest integer equal to or smaller than A.
2 Assignments
0 Petitions
Accused Products
Abstract
On the transmitting side, a signature corresponding to a document to be transmitted is generated using a random number and the document as variables and on the basis of a congruent polynomial of second or higher degree with respect to the random number, secret key information and public key information produced based on the secret key information. The signature and the document are transmitted in digital form. On the receiving side, the congruent polynomial is operated using the received signature and document in place of the random number and the document employed on the transmitting side, and the validity of the received signature and document is verified on the basis of the result of the operation and the public key information.
136 Citations
25 Claims
-
1. A signed document transmission method comprising the steps of:
-
determining, on the transmitting side, integer values W and V satisfying
space="preserve" listing-type="equation">Z≦
Wpq+Vε
δ
<
Z+δfor
space="preserve" listing-type="equation">Z=-g(m)-{f(x, m)(mod n)}where ε and
δ
are public keys, p and q are secret keys of prime numbers, n is a public key given by n=p2 q, x is a random number, m is a document to be transmitted, g(m) is an arbitrary function with respect to m, f(x, m) is a polynomial given by ##EQU19## and fi (m) is an arbitrary function with respect to m;
generating a signature S as given by S=x+ypq, where y is an integer given by a congruent division y=W/F'"'"'(X,n) (mod p), and f'"'"'(x, m) is a differentiation of f(x, m) with respect to x;transmitting the document m and the signature S; obtaining, on the receiving side, a congruent polynomial f(S, m) (mod n) using the signature S in place of x in the polynomial f(x, m), and the document m and the public key n; and verifying the validity of the received document m and the signature S when ##EQU20## is satisfied, where [A] represents the greatest integer equal to or smaller than A. - View Dependent Claims (4, 5, 6, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
2. A signed document transmission method comprising the steps of:
-
determining, on the transmitting side, an integer value W in accordance with the expression ##EQU21## where δ
is a public key, p and q are secret keys of prime numbers, n is a public key given by n=p2 q, x is a random number, m is a document to be transmitted, g(m) is an arbitrary function with respect to m, f(x, m) is a polynomial given by ##EQU22## and fi (m) is an arbitrary function with respect to m, and [A] represents the smallest integer equal to or greater than A;generating a signature S as given by S=x+ypq, where y is an integer given by a congruent division y=W/f'"'"'(x, m) (mod p), and f'"'"'(x, m) is a differentiation of f(x, m) with respect to x; transmitting the document m and the signature S; obtaining, on the receiving side, a congruent polynomial f(S, m) (mod n) using the signature S in place of x in the polynomial f(x, m), and the document m and the public key n; and verifying the validity of the received document m and the signature S when an inequality equivalent to
space="preserve" listing-type="equation">-g(m)≦
f(S, m)(mod n)<
-g(m)+δis satisfied. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
3. A signed document transmission method comprising the steps of
determining, on the transmitting side, an integer value W based on g(m) and a congruent polynomial f(x, m) (mod n), where x is an integer random number, m is a document to be transmitted, n is a public key given by n=p2 q, p and q are secret keys of prime numbers, g(m) is an arbitrary function with respect to m, f(x, m) is a polynomial given to ##EQU23## is an arbitrary function with respect to m, and I is an integer equal to or greater than 2; -
generating a signature S as given by S=x+ypq, where y is a congruent division of W and a differentiation f'"'"'(x, m) of f(x, m) with respect to x; transmitting the document m and the signature S; obtaining, on the receiving side, a congruent polynomial f(S, m) (mod n) using the signature S in place of x in the polynomial f(x, m), and the document m and the public key n; and verifying the validity of the document m and the signature S based on the calculation results of F(S, m) (mod n) and g(m).
-
-
24. A signed document transmission system comprising:
-
a p-setting register for setting a secret key p (a prime number); a q-setting register for setting a secret key q (a prime number); a first multiplier for multiplying the outputs p and q of the p- and the q-setting registers to obtain pq; an n-generator for providing a public key n=p2 q obtained by an operation based on the outputs p and q of the p- and the q-setting registers; a first hash processor for hashing a document m to be transmitted to obtain a hashed document M; a random number generator for generating a random number x; a first congruent polynomial operating unit for performing a modulo-n operation of a polynomial f(x) of second or higher degree using the random number x as a variable; a subtractor for obtaining the difference between the output of the first congruent polynomial operating unit and the hashed document M from the first hash processor; a divider for dividing the output of the subtractor by the output pq from the first multiplier; a round-up operating unit for obtaining the smallest integer equal to or larger than the output value of the divider; a second congruent polynomial operating unit supplied with the random number x from the random number generator, for performing a modulo-n operation of a differential value of the polynomial f(x); a congruent divider for dividing the output W of the round-up operating unit, to modulus p, by the output of the second congruent polynomial operating unit; a second multiplier for multiplying the output y of the congruent divider and the output pq of the first multiplier; an adder for adding together the output ypq of the second multiplier and the random number from the random number generator to obtain their sum as a signature S; means for transmitting the signature S and the document m; means for receiving the transmitted signature S and document m; an n-setting register for setting the public key n; a δ
-setting register for setting a public key δ
of the order of n2/3 ;a third congruent polynomial operating unit for performing a modulo-n operation of the polynomial f(x) using the received signature S instead of the random number; a second hash processor for hashing the received document by the same method as that used by the first hash processor to obtain hashed data M; and a comparator supplied with the result of the operation f(S)(mod n) from the third congruent polynomial operating unit, the hashed data M from the second hash processor and the output δ
from the δ
-setting register, for deciding whether they meet a condition M≦
f(x)(mod n)<
M+δ and
, when it is satisfied, producing information to that effect.
-
-
25. A signed document transmission system comprising:
-
a p-setting register for setting a secret key p (a prime number); a q-setting register for setting a secret key q (a prime number); a first multiplier for multiplying the outputs p and q from the p- and the q-setting registers to obtain pq; an n-generator for generating a public key n=p2 q obtained by an operation based on the outputs p and q from the p- and the q-setting registers; a first hash processor for obtaining a hashed document M by hashing a document m to be transmitted; a random number generator for generating a random number x; a first congruent polynomial operating unit for performing a modulo-n operation of a polynomial f(x)(mod n) of second or higher degree using the random number x as a variable; a subtractor for obtaining the difference between the output of the first congruent polynomial operating unit and the hashed document M from the first hash processor; a first ε
-setting register for setting a public key ε
of the order of n1/3 ;a first δ
-setting register for setting a public key δ
of the order between 1 and n1/3 ;a W-operating unit supplied with the output Z of the subtractor, the output pq of the first multiplier, the output ε
of the first ε
-setting register and the output δ
of the first δ
-setting register, for obtaining W which meets the following conditions
space="preserve" listing-type="equation">Z≦
Wpq+Vε
δ
<
Z+δ
space="preserve" listing-type="equation">Z=-g(m)-{f(x)(mod n)};a round-up operating unit for obtaining the smallest integer equal to or larger than the output value of the W-operating unit; a second congruent polynomial operating unit supplied with the random number x from the random number generator, for performing a modulo-p operation of a differential value of the polynomial f(x); a congruent divider for dividing the output W of the W-operating unit by the output of the second congruent polynomial operating unit to modulus p; a second multiplier for multiplying the output y of the congruent divider and the output pq of the first multiplier; an adder for adding together the output ypq of the second multiplier and the random number x from the random number generator to obtain a signature S; means for transmitting the signature S and the document m; means for receiving the transmitted signature S and document m; an n-setting register for setting the public key n; a second ε
-setting register for setting the public key ε
;a second δ
-setting register for setting the public key δ
;a third congruent polynomial operating unit for performing a modulo-n operation of the polynomial f(X) using the received signature S instead of the random number x; a second hash processor for hashing the received document by the same method as that used by the first hash processor to obtain hashed data M; a second subtractor for obtaining the difference, f(S)(mod n)-M, between the output M of the second hash processor and the output f(S)(mod n) of the third congruent polynomial operating unit; a divider for dividing the output of the second subtractor by the output δ
of the second δ
-setting register;a round-up operating unit for obtaining the smallest integer equal to or larger than the output of the divider; a residue operating unit for performing a modulo-ε
operation of the output of the round-up operating unit by the output ε
of the second ε
-setting register; anda circuit for deciding whether the output of the residue operating unit is zero or not and for outputting the decision result.
-
Specification