Method for the generation of electronic signatures, in particular for smart cards
First Claim
1. An electronic signature method, comprising:
- (A) generating a digital signature, the digital signature being capable of certifying the integrity of a signed message and the identity of a signer unit which signs the signed message, the generating step being performed by the signer unit, and the generating step including computing the signature using the signed message and a random data element sent to the signer unit by a verifier unit, and(B) checking the signature, the checking step being performed by the verifier unit, and the checking step including(1) ascertaining that a mathematical condition which uses the signature sent and the random data element is fulfilled, and(2) timing the period that elapses between an instant when the random data element is sent by the verifier unit to the signer unit and the instant when the signature using this data element returns to the verifier unit after computation by the signer unit, andwherein the signature is accepted if the time elapsed is below a defined threshold and if the mathematical condition is fulfilled.
1 Assignment
0 Petitions
Accused Products
Abstract
Processes for generating digital signatures for electronic messages. Modifying signature-generating algorithms, such as DSAs (Digital Signature Algorithms), in order to enable smart cards with reduced calculation and storage resources to produce digital signatures with a high degree of security in spite of their reduced resources. The signature-checking terminal sends a random number a and measures the time taken by the card to send back a signal s using this random number. If the time is greater than a given duration, the signature is rejected even if the check of its authenticity is positive. In addition, part of the signature (the part which does not use the secret card key but only the public algorithm parameters) is precalculated and stored in the card in the form of signature portions produced by a compression function such that they are short. Only the second part of the signature has to be calculated by the card. The calculations to be made are simple so that the card does not require extensive calculation and memory resources.
195 Citations
20 Claims
-
1. An electronic signature method, comprising:
-
(A) generating a digital signature, the digital signature being capable of certifying the integrity of a signed message and the identity of a signer unit which signs the signed message, the generating step being performed by the signer unit, and the generating step including computing the signature using the signed message and a random data element sent to the signer unit by a verifier unit, and (B) checking the signature, the checking step being performed by the verifier unit, and the checking step including (1) ascertaining that a mathematical condition which uses the signature sent and the random data element is fulfilled, and (2) timing the period that elapses between an instant when the random data element is sent by the verifier unit to the signer unit and the instant when the signature using this data element returns to the verifier unit after computation by the signer unit, and wherein the signature is accepted if the time elapsed is below a defined threshold and if the mathematical condition is fulfilled. - View Dependent Claims (2, 3, 4, 5, 6, 15, 16, 17)
-
-
7. An electronic signature method, comprising:
-
(A) generating a digital signature, the digital signature being capable of certifying the integrity of a signed message and the identify of a signer unit which signs the signed message, the generating step being performed by the signer unit, and the generating step including computing the signature using the signed message, and (B) checking the signature, the checking step being performed by the verifier unit, and the checking step including ascertaining that a mathematical condition which takes into account the signature sent is fulfilled, the signature being accepted if the mathematical condition is fulfilled; wherein the signature sent by the signer unit comprises at least one signature coupon ri and one signature complement s that is computed on the basis of the signature coupon ri and of a secret key x of the signer unit, wherein the checking step includes using a checking formula of the type v=f(ri, s)=ri ; and wherein a. the signature coupon is established in advance by a certified authority, in two steps; i) the computation of a number represented by a long binary string, using a mathematical formula which uses big binary numbers, ii) and the modification of the result of the computation by a complex compression function greatly reducing the length of this result, b. a series of different signature coupons of small length are thus prepared in advance and stored in the signer unit, c. the generation step comprises sending a signature coupon ri and a signature complement s computed on the basis of at least ri and x to the verifier unit, d. the checking step comprises performing a mathematical computation followed by the same complex compression function as the one used to prepare the signature coupon, and comparing the result with the signature coupon for the signature checking. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
18. A method for the generation of digital signatures of messages by a signer unit and for the checking of these signatures by a verifier unit, the signer unit comprising a device that computes, communicates and retains data elements, the device comprising at least one electrically programmable non-volatile memory, according to which there are prepared enciphered data elements constituting signature coupons that are loaded into the non-volatile memory and that are used by the signer unit to sign messages, chiefly characterized in that:
the coupons are compressed by the application of a compression function H, also called a hash function, by a certified authority before being loaded into the memory, and in that this method comprises the following exchanges; a message m is transmitted and this message must be certified by a signature, the signer unit sends a coupon ri to the verifier unit, the verifier unit sends a random number a to the signer unit and activates a timer, the signer unit computes the signature s of the message and sends it to the verifier unit, the verifier unit stops the timer and ascertains that the signature has been obtained through the secret key held in the signer unit and the coupon ri received, this checking is done by checking the equality v=f(ri, s, m)=ri ; the verifier unit accepts the signature if the condition of checking v=ri is fulfilled and if the measured time does not exceed an allocated predetermined period.
-
19. An electronic signature method comprising:
-
(A) computing a plurality of signature coupons, each of the plurality of signature coupons being computed on the basis of a number which is regenerated for each new signature and on the basis of known parameters of the signature algorithm; (B) providing the chip card with the plurality of signature coupons; (C) generating a digital signature, the digital signature being capable of certifying the integrity of a signed message and the identity of a chip card which operates as a signer unit and which signs the signed message, and the generating step including computing the signature using the signed message, a random data element sent to the chip card by a verifier unit, a secret key, and one of the plurality of signature coupons, and (D) checking the signature, the checking step being performed by the verifier unit, and the checking step including (1) ascertaining that a mathematical condition which uses the signature sent and the random data element is fulfilled, and (2) timing the period that elapses between an instant when the random data element is sent by the verifier unit to the chip card and the instant when the signature using this data element returns to the verifier unit after computation by the chip card, and wherein the signature is accepted if the time elapsed is below a defined threshold and if the mathematical condition is fulfilled. - View Dependent Claims (20)
-
Specification