Digital signature algorithm
First Claim
1. A method for generating a digital signature (r,s) of a message m in a system wherein information is transmitted and received by users of said system, comprising the steps of:
- (a) providing a secret value k unique to said message m;
(b) providing a public value g;
(c) calculating said value r proceeding from a prime modulus p and a value g selected to be a prime divisor of p-1 according to the ruler=(gk mod p) mod g;
(d) applying a hashing transform H only to said message m to generate a transformed message H(m);
(e) calculating said value s according to the rule s=f(H(m)) where said value s is a function of m only by way of said transformed message H(m); and
,(f) generating a signal representative of said digital signature (r,s) in accordance with said value r and said value s and transmitting said generated signal.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided for generating and verifying a digital signature of a message m. This method requires a pair of corresponding public and secret keys (y and x) for each signer, as well as a pair of public and secret values (r and k) generated for each message by the signer. The public value r is calculated according to the rule r=(gk mod p) mod q. A value s is then selected according to the rule s=k-1 (H(m)+xr) mod q where H is a known conventional hashing function. The message m, along with the signature (r,s) is then transmitted. When the transmitted signal is received a verification process is provided. The received values of r and s are tested to determine whether they are congruent to 0 mod g. Additionally, r is tested to determine whether it is equal to v mod q, where v is computed from r, s, m and y. For legitimately executed signatures, v=gk mod p.
304 Citations
44 Claims
-
1. A method for generating a digital signature (r,s) of a message m in a system wherein information is transmitted and received by users of said system, comprising the steps of:
-
(a) providing a secret value k unique to said message m; (b) providing a public value g; (c) calculating said value r proceeding from a prime modulus p and a value g selected to be a prime divisor of p-1 according to the rule r=(gk mod p) mod g; (d) applying a hashing transform H only to said message m to generate a transformed message H(m); (e) calculating said value s according to the rule s=f(H(m)) where said value s is a function of m only by way of said transformed message H(m); and
,(f) generating a signal representative of said digital signature (r,s) in accordance with said value r and said value s and transmitting said generated signal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 42)
-
4. The method for generating a digital signature (r,s) of claim 1, wherein step (d) comprises the step of transforming said message m by applying a one-way transform H to said message M.
- 5. The method for generating a digital signature (r,s) of claim 1, wherein step (e) further comprises the step of calculating said value s according to the rule
- space="preserve" listing-type="equation">s=k.sup.'"'"'1 (H(m)+xr) mod g
wherein said value x is a secret value.
-
-
6. The method for generating a digital signature (r,s) of claim 1, wherein steps (a)-(c) are performed prior to knowledge of said message m.
-
7. The method for generating a digital signature (r,s) of claim 1, comprising the further step of transmitting a signed message formed of said message m and said digital signature (r,s).
-
8. The method for generating a digital signature (r,s) of claim 7, comprising the further steps
(g) receiving said transmitted signed message including a received digital signature (r,s) with a received value r and a received value s; - and,
(h) verifying said received digital signature (r,s).
- and,
-
9. The method for generating a digital signature (r,s) of claim 8, wherein step (h) comprises the step of reconstructing said gk mod p of step (c) to provide a recovered gk mod p.
- 10. The method for generating a digital signature (r,s) of claim 9, comprising the step of determining a value v proceeding from a value u1 =(H(m))(s)-1 mod g and a value u2 =(r)(s)-1 mod g according to the rule
- space="preserve" listing-type="equation">v=(g).sup.u.sbsp.1 (y).sup.u.sbsp.2 mod p
wherein said value y is congruent to gx mod p and said value x is a secret value.
-
15. A system for generating a digital signature (r,s) of a message m wherein information is transmitted and received by users of said system, comprising:
-
a secret value k unique to said message m; a public value g; transform means for applying a hashing transform H only to said message m to generate a transformed message H(m); means for calculating said value r proceeding from a prime modulus p and a value q selected to be a prime divisor of p-1 according to the rule
space="preserve" listing-type="equation">r=(g.sup.k mod p) mod q;means for calculating said value s according to the rule s=f(H(m)) where said value s is a function of said message m only by way of H(m); generating means for receiving said calculated values of r and s and generating a signal representative of a signed message formed of said message m and said digital signature (r,s); and
,transmitting means for transmitting said generated signal. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 43)
-
18. The system for generating a digital signature (r,s) of claim 15, wherein said transform means comprises one-way transform means for transforming said message m by applying a one-way hashing transform H to said message m.
- 19. The system for generating a digital signature (r,s) of claim 15, wherein a value x is a secret value and said value s is calculated according to the rule
- space="preserve" listing-type="equation">s=k.sup.-1 (H(m)+xr) mod q.
-
-
20. The system for generating a digital signature (r,s) of claim 15, wherein said values k, g, and r are determined independently of said message m.
-
21. The system for generating a digital signature (r,s) of claim 15, further comprising:
-
means for receiving said transmitted signed message; and
,verifying means for verifying said digital signature (r,s).
-
-
22. The system for generating a digital signature (r,s) of claim 21, wherein said verifying means further comprises means for reconstructing said gk mod p to provide a recovered gk mod p within said verifying means.
- 23. The system for generating a digital signature (r,s) of claim 22, further comprising means for determining a value v proceeding from a value u1 =(H(m))(s)-1 mod q and a value u2 =(r)(s)-1 mod q according to the rule
- space="preserve" listing-type="equation">it v=(g).sup.1.sbsp.1 (y).sup.u.sbsp.2 mod p
wherein said value y is congruent to gx mod p and said value x is a secret value.
-
28. A method for generating and verifying a digital signature (r,s) of a message m in a system, comprising the steps of:
-
(a) providing a secret value k unique to said message m; (b) providing a public value g; (c) determining said value r proceeding from a prime modulus p according to the rule r=F(gk mod p) wherein F is a reduction function independent of said message m; (d) receiving a signed message formed of said message m and said digital signature (r,s); (e) recovering and isolating gk mod p in accordance with said message m; (f) determining whether said isolated gk mod p after reduction according to said reduction function F is the same as said received value r; (g) determining that said signature (r,s) is verified in accordance with the determination of step (f); and
,(h) generating a verification signal in accordance with step (g) and transmitting said verification signal. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
30. The method for generating and verifying a digital signature (r,s) of claim 28, wherein step (a) comprises randomly selecting said secret value k.
-
31. The method for generating and verifying a digital signature (r,s) of claim 29, wherein said reduction function F comprises reduction mod q.
- 32. The method for generating and verifying a digital signature (r,s) of claim 29, further comprising the step of determining a value v proceeding from a value u1 =(H(m)) (s)-1 mod q and a value u2 =(r)(s)'"'"'1 mod q, according to the rule
- space="preserve" listing-type="equation">v=(g).sup.u.sbsp.1 (y).sup.u.sbsp.2 mod p
where said value y is congruent to gx mod p and said value x is a secret value.
-
- 33. The method for generating and verifying a digital signature (r,s) of claim 29, further comprising the step of calculating said value r proceeding from a prime modulus p, according to the rule
- space="preserve" listing-type="equation">r=(g.sup.k mod p) mod q
prior to knowledge of said message m.
- space="preserve" listing-type="equation">s=k.sup.-1 (H(m)=xr) mod q
-
44. A system for generating and verifying a digital signature (r,s) of a message m wherein information is transmitted and received by user of said system, comprising:
-
a secret value k unique to said message m; a public value g; means for determining said value r proceeding from a prime modulus p according to the rule r=F(gk mod p) wherein F is a reduction function independent of said message m; means for receiving a signed message formed of said message m and said digital signature (r,s); means for recovering and isolating gk mod p in accordance with said message m; comparison means for determining whether said isolated gk mod p after reduction according to said reduction function F is the same as said received value r; verification means for determining that said signature (r,s) is verified in accordance with the determination of said comparison means; means for generating a verification signal in accordance with the verification of said verification means; and
,means for transmitting said verification signal.
-
Specification