Digital signature system and method based on a conventional encryption function
First Claim
1. A method of generating digital signatures for signing a series of messages Mi, the steps of the method comprising:
- defining a tree of signature nodes having a root node and a multiplicity of additional nodes {nodei }, wherein at least a multiplicity of said nodes includemessage signing means for signing a message using a predefined one time signature, andsubnode signing means for signing a plurality of subnodes using a predefined one time signature, wherein said subnodes are nodes on said tree which branch from said node;
storing a root node authentication value for authenticating said root node in a nonsecret location;
signing a message Mi by(a) generating a message signature for message Mi using said message signing means of node i;
(b) relating said message signature to said root node authentication value by using said subnode signing means for signing each node in said tree which forms a chain of subnodes between said root node and node i;
whereby the receiver of message Mi can authenticate message Mi by using said predefined one time signatures to relate said message signature to said root node authentication value.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of generating digital signatures for signing an infinitely expandable series of messages Mi. An infinitely expandable tree of signature nodes is used, where each node can be used to sign a message. Each node is also used to sign up to k subnodes, where k is an integer greater than one. Each signature used, both for signing messages and for signing subnodes, is a one time signature, which in the preferred embodiment is based on a one-way function F. The function F is made public. To sign a message Mi the signer selects a previously unused node (i.e., node i) from the signature tree. The message signing key at this node is then used to sign this message. The sequence of nodes from the root of the tree (i.e. node l) to node i is then used to verify that the message signature is correct and has not been tampered with. Furthermore, this process proves that the message has not been tampered with. Advantages of the invention include the infinite expandability of the signature tree, dependable verification of messages based on the use of secure one time signatures (e.g., which may be based on one way functions), the small amount of computation required to set up a signature tree, the small amount of storage required to maintain a tree, and the ability to implement the invention using high speed conventional encryption equipment and methods.
188 Citations
9 Claims
-
1. A method of generating digital signatures for signing a series of messages Mi, the steps of the method comprising:
-
defining a tree of signature nodes having a root node and a multiplicity of additional nodes {nodei }, wherein at least a multiplicity of said nodes include message signing means for signing a message using a predefined one time signature, and subnode signing means for signing a plurality of subnodes using a predefined one time signature, wherein said subnodes are nodes on said tree which branch from said node; storing a root node authentication value for authenticating said root node in a nonsecret location; signing a message Mi by (a) generating a message signature for message Mi using said message signing means of node i; (b) relating said message signature to said root node authentication value by using said subnode signing means for signing each node in said tree which forms a chain of subnodes between said root node and node i; whereby the receiver of message Mi can authenticate message Mi by using said predefined one time signatures to relate said message signature to said root node authentication value. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of generating digital signatures for signing a series of messages Mi, the steps of the method comprising:
-
defining a one way hash function F; defining a tree of signature nodes having a root node and a multiplicity of additional nodes {nodei }, wherein said tree is infinitely expandable so that each node can be the parent node for a plurality of subnodes, and each subnode has one parent node; wherein said root node and at least a multiplicity of said additional nodes include; message signing means for signing a message using a predefined one time signature, and subnode signing means for signing a plurality of subnodes using a predefined one time signature; generating a root node authentication value for authenticating said root node by applying said function F to said message signing means and said subnode signing means for said root node, and storing said root node authentication value in a nonsecret location; generating a signature for message Mi by (a) generating a message signature for message Mi using said message signing means of node i; (b) relating said message signature to said root node authentication value by using said subnode signing means for signing each node in said tree which forms a chain of subnodes between said root node and node i;
wherein said step of signing each node in said chain is performed by the steps of;generating a HASH value for said node by applying said function F to said message signing means and said subnode signing means for said node; and using said subnode signing means of the parent node of said node to generate a signature for said HASH value; whereby the receiver of message Mi can authenticate message Mi by using said predefined one time signatures to relate said message signature to said root node authentication value. - View Dependent Claims (9)
-
Specification