Identification and/or signature process
First Claim
1. A computer implemented method by which a claimant is identified by a verifier with a desired security level, comprising:
- selecting a number n, k numbers s1, s2, . . . sk less than n, and an exponent e, wherein n is a product of two prime numbers, k is an integer, and e≦
3;
generating a secret key comprising said k numbers, s1, s2, . . . sk, said secret key being known only to the claimant;
calculating k numbers v1, v2, . . . vk, wherein vi =si-e mod n, and i is an integer index from 1 to k included;
generating a public key comprising said number n, said numbers v1, v2, . . . vk, and said exponent e, said public key being accessible by the verifier;
drawing by the claimant a number r, wherein 0≦
r≦
n-1;
calculating by a processor in the claimant a control number x, wherein x=re mod n;
transmitting said control number x from the claimant to the verifier;
choosing an integer p based on the desired security level, wherein 1<
p<
k;
drawing p integers between 1 and k included;
drawing p numbers ap '"'"'s such that 1≦
ap ≦
e-1;
setting ai =0 for i≠
p and for 1≦
i≦
k;
transmitting a question from said verifier to said claimant, said question comprising said a1, a2, . . . , ak ;
calculating by said processor in the claimant an answer y, wherein ##EQU18## transmitting said answer from the claimant to the verifier;
calculating by a processor in the verifier a verifying expression given by;
##EQU19## verifying the claimant identity by the verifier, wherein the claimant identity is verified if said verifying expression equals the control number x.
1 Assignment
0 Petitions
Accused Products
Abstract
According to the invention, the secret key of the claimant is constituted by k numbers s1, s2, . . . , sk with a low public exponent. The verifier draws k numbers a1, a2, . . . , ak in which the number of non-zero ai is below a given number p. The claimant or signatory calculates an answer involving an exponential product of form sia.sbsp.1 with i between 1 and k. The verifier calculates another exponential product of form via.sbsp.1, where the vi are numbers corresponding to the public key of the claimant or signatory. The verifier then verifies that the result obtained is correct. The choice of the public exponent and the limitation on p make it possible to reduce the number of secrets for equal security and an approximately equal number of multiplications.
35 Citations
15 Claims
-
1. A computer implemented method by which a claimant is identified by a verifier with a desired security level, comprising:
-
selecting a number n, k numbers s1, s2, . . . sk less than n, and an exponent e, wherein n is a product of two prime numbers, k is an integer, and e≦
3;generating a secret key comprising said k numbers, s1, s2, . . . sk, said secret key being known only to the claimant; calculating k numbers v1, v2, . . . vk, wherein vi =si-e mod n, and i is an integer index from 1 to k included; generating a public key comprising said number n, said numbers v1, v2, . . . vk, and said exponent e, said public key being accessible by the verifier; drawing by the claimant a number r, wherein 0≦
r≦
n-1;calculating by a processor in the claimant a control number x, wherein x=re mod n; transmitting said control number x from the claimant to the verifier; choosing an integer p based on the desired security level, wherein 1<
p<
k;drawing p integers between 1 and k included; drawing p numbers ap '"'"'s such that 1≦
ap ≦
e-1;setting ai =0 for i≠
p and for 1≦
i≦
k;transmitting a question from said verifier to said claimant, said question comprising said a1, a2, . . . , ak ; calculating by said processor in the claimant an answer y, wherein ##EQU18## transmitting said answer from the claimant to the verifier;
calculating by a processor in the verifier a verifying expression given by;
##EQU19## verifying the claimant identity by the verifier, wherein the claimant identity is verified if said verifying expression equals the control number x. - View Dependent Claims (3, 4, 5, 6, 7, 8, 15)
-
-
2. A computer implemented method by which a claimant is identified by a verifier with a desired security level, comprising:
-
selecting a number n, k numbers s1, s2, . . . sk less than n, and an exponent e, wherein n is a product of two prime numbers, k is an integer, and e ≦
3;generating a secret key comprising said k numbers, s1, s2, . . . sk, said secret key being known only to the claimant; calculating k numbers v1, v2, . . . vk, wherein vi =si-e mod n, and i is an integer index from 1 to k included; generating a public key comprising said number n, said numbers v1, v2, . . . vk, and said exponent e, said public key being accessible by the verifier; drawing by the claimant a number r, wherein 0≦
r≦
n-1;calculating by a processor in the claimant a control number h, wherein h=H(x) and x=re mod n, H being a one-way function; transmitting said control number h from the claimant to the verifier; choosing an integer p based on the desired security level, wherein 1<
p<
k;drawing p integers between 1 and k included; drawing p numbers ap '"'"'s such that 1≦
ap ≦
e-1;setting ai =0 for i≠
p and for 1≦
i≦
k;transmitting a question from said verifier to said claimant, said question comprising said a1, a2, . . . , ak; calculating by said processor in the claimant an answer y, wherein ##EQU20## transmitting said answer from the claimant to the verifier;
calculating by a processor in the verifier a verifying expression given by;
##EQU21## verifying the claimant identity by the verifier, wherein the claimant identity is verified if said verifying expression equals the control number h.
-
-
9. A computer implemented method to create a signature for a message m sent by a claimant and received by a verifier who verifies the signature, comprising:
-
selecting a number n, k numbers s1, s2, . . . sk less than n, and an exponent e, wherein n is a product of two prime numbers, k is an integer, and e≦
3;generating a secret key comprising said k numbers s1, s2, . . . sk, said secret key being known only to the claimant; calculating k numbers v1, v2, . . . vk, wherein vi =si-e mod n, and i is an integer index from 1 to k included; generating a public key comprising said number n, said numbers v1, v2, . . . vk, and said exponent e, said public key being accessible by the verifier; drawing by the claimant a number r, wherein 0<
r<
n-1;calculating by a processor in the claimant a control number x=re mod n; choosing an integer p based on the desired security level, wherein 1<
p<
k;drawing p integers between 1 and k included; drawing p numbers ap '"'"'s such that 1≦
ap ≦
e-1 and (a1, a2, . . . , ai, ak)=H(m,x), H being a one-way function;setting ai =0 for i≠
p and for 1≦
i≦
k;calculating y by said processor in the claimant, wherein ##EQU24## transmitting said y and said ak '"'"'s from the claimant to the verifier, said y and said ak '"'"'s forming said signature; calculating by a processor in the verifier a verifying expression given by;
##EQU25## verifying the claimant signature by the verifier, wherein the claimant signature is verified if the verifying expression equals (a1, a2, . . . ak). - View Dependent Claims (10, 11, 12, 13, 14)
-
Specification