Key agreement and transport protocol with implicit signatures
First Claim
1. A method of establishing a session key between a pair of correspondents A,B in a public key data communication system to permit exchange of information therebetween over a communication channel, each of said correspondents having a respective private key a,b and a public key pA, pB derived from a generator α
- and respective ones of said private keys a,b, said method including the steps of;
i) a first of said correspondents A selecting a first random integer x and exponentiating a first function f(α
) including said generator to a power g(x) to provide a first exponentiated function f(α
)g(x) ;
ii) said first correspondent A generating a first signature sA from said random integer x said exponentiated function f(α
)g(x) and said private key a to bind said integer x and said private key a;
iii) said first correspondent A forwarding to a second correspondent B a message including said first exponentiated function f(α
)g(x) ;
iv) said correspondent B selecting a second random integer y and exponentiating a second function f(α
) including said generator to a power g(y) to provide a second exponentiated function f(α
)g(y) and generating a signature sB obtained from said second integer y said second exponentiated function f(α
)g(y) and said private key b to bind said integer y and said private key b;
v) said second correspondent B forwarding a message to said first correspondent A including said second exponentiated function f(α
)g(y) ; and
vi) each of said correspondents constructing a session key K by exponentiating information made public by the other correspondent with information that is private to themselves whereby subsequent decryption of information confirms establishment of a common key and thereby the identity of said correspondents.
6 Assignments
0 Petitions
Accused Products
Abstract
A key establishment protocol between a pair of correspondents includes the generation by each correspondent of respective signatures. The signatures are derived from information that is private to the correspondent and information that is public. After exchange of signatures, the integrity of exchange messages can be verified by extracting the public information contained in the signature and comparing it with information used to generate the signature. A common session key may then be generated from the public and private information of respective ones of the correspondents.
-
Citations
17 Claims
-
1. A method of establishing a session key between a pair of correspondents A,B in a public key data communication system to permit exchange of information therebetween over a communication channel, each of said correspondents having a respective private key a,b and a public key pA, pB derived from a generator α
- and respective ones of said private keys a,b, said method including the steps of;
i) a first of said correspondents A selecting a first random integer x and exponentiating a first function f(α
) including said generator to a power g(x) to provide a first exponentiated function f(α
)g(x) ;ii) said first correspondent A generating a first signature sA from said random integer x said exponentiated function f(α
)g(x) and said private key a to bind said integer x and said private key a;iii) said first correspondent A forwarding to a second correspondent B a message including said first exponentiated function f(α
)g(x) ;iv) said correspondent B selecting a second random integer y and exponentiating a second function f(α
) including said generator to a power g(y) to provide a second exponentiated function f(α
)g(y) and generating a signature sB obtained from said second integer y said second exponentiated function f(α
)g(y) and said private key b to bind said integer y and said private key b;v) said second correspondent B forwarding a message to said first correspondent A including said second exponentiated function f(α
)g(y) ; andvi) each of said correspondents constructing a session key K by exponentiating information made public by the other correspondent with information that is private to themselves whereby subsequent decryption of information confirms establishment of a common key and thereby the identity of said correspondents. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- and respective ones of said private keys a,b, said method including the steps of;
Specification