Compact endorsement signature systems
First Claim
1. A method for public-key digital authentication of messages, comprising the steps of:
- creating a private key by a signing party;
making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party;
creating a set of one-time signatures;
forming a compression hierarchy of said one-time signatures;
forming a public key digital signature, verifiable with said public key, on said compression hierarchy;
storing edges of said compression hierarchy by an endorser;
endorsing by signing with at least one of said one-time signatures and providing stored edge values;
verification of said one-time signature and said edge values supplied and said digital signature on said compression values; and
accomplishing the forgoing by said endorser storing substantially less than all edges and computing before each endorsement substantially less than all edges.
20 Assignments
0 Petitions
Accused Products
Abstract
Cryptographic methods and apparatus for issuing (101), endorsing (102), and verifying (103, 104) compact endorsement signatures are disclosed. Such signatures allow an endorser to provide a public-key verifiable signature on a chosen message more efficiently than if the endorser were to make a public key signature, since the endorser needs only to perform conventional cryptographic operations and has to store less data per signature than required by previously known endorsement schemes.
A hierarchy of compression functions takes a plurality of one-time signatures into the value upon which the public key signature is formed. Each endorsement uses up one of the one-time signatures and provides a subset of inputs to the compression hierarchy sufficient to allow its evaluation. Preparation for subsequent endorsements is made by pre-evaluating one-time signatures and saving only some of the intermediate values of the compression hierarchy.
-
Citations
6 Claims
-
1. A method for public-key digital authentication of messages, comprising the steps of:
-
creating a private key by a signing party; making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party; creating a set of one-time signatures; forming a compression hierarchy of said one-time signatures; forming a public key digital signature, verifiable with said public key, on said compression hierarchy; storing edges of said compression hierarchy by an endorser; endorsing by signing with at least one of said one-time signatures and providing stored edge values; verification of said one-time signature and said edge values supplied and said digital signature on said compression values; and accomplishing the forgoing by said endorser storing substantially less than all edges and computing before each endorsement substantially less than all edges. - View Dependent Claims (2, 3)
-
-
4. Apparatus for public-key digital authentication of messages, comprising:
-
means for creating a private key by a signing party; means for making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party; means for creating a set of one-time signatures; means for forming a compression hierarchy of said one-time signatures; means for forming a public key digital signature, verifiable with said public key, on said compression hierarchy; means for storing edges of said compression hierarchy by an endorser; means for endorsing, comprising means for signing with one of said one-time signatures and means for providing stored edge values; means for verification of a one-time signature and compression hierarchy values supplied and for verification of said digital signature on said compression values; and means for accomplishing the forgoing by said endorser storing substantially less than all edges and computing before each endorsement substantially less than all edges. - View Dependent Claims (5, 6)
-
Specification