Secure user identification based on constrained polynomials
First Claim
1. An authentication method, carried out between a prover and a verifier, the method comprising the steps of:
- generating a response signal as a function of (i) information used to generate a commitment signal representative of a first polynomial, (ii) a challenge signal representative of a second polynomial, and (iii) a private key of the prover, such that the response signal is representative of a third polynomial having two or more terms and satisfying a set of constraints; and
sending the response signal from the prover to the verifier, such that the verifier can authenticate a communication from the prover by evaluating a function of information contained in at least a subset of (i) the commitment signal, (ii) the challenge signal, (iii) the response signal and (iv) a public key of the prover.
17 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for providing secure user identification or digital signatures based on evaluation of constrained polynomials. In an exemplary user identification technique, a prover sends a verifier a commitment signal representative of a first polynomial satisfying a first set of constraints. The verifier sends the prover a challenge signal representative of a second polynomial satisfying a second set of constraints. The prover generates a response signal as a function of (i) information used to generate the commitment signal, (ii) a challenge signal, and (iii) a private key polynomial of the prover, such that the response signal is representative of a third polynomial satisfying a third set of constraints. The verifier receives the response signal from the prover, and authenticates the identity of the prover by evaluating a function of information contained in at least a subset of (i) the commitment signal, (ii) the challenge signal, (iii) the response signal and (iv) a public key of the prover. In a digital signature technique, the challenge signal may be generated by the prover applying a hash function to (i) a message and (ii) information used to generate the commitment signal, and the prover sends the message to the verifier. The verifier uses a result of applying the hash function to the message and the commitment signal to authenticate a digital signature of the prover. The constraints on the polynomials are selected such that an attacker will find it very difficult to recover the private key polynomial from the partial information sent between the prover and verifier.
328 Citations
36 Claims
-
1. An authentication method, carried out between a prover and a verifier, the method comprising the steps of:
-
generating a response signal as a function of (i) information used to generate a commitment signal representative of a first polynomial, (ii) a challenge signal representative of a second polynomial, and (iii) a private key of the prover, such that the response signal is representative of a third polynomial having two or more terms and satisfying a set of constraints; and sending the response signal from the prover to the verifier, such that the verifier can authenticate a communication from the prover by evaluating a function of information contained in at least a subset of (i) the commitment signal, (ii) the challenge signal, (iii) the response signal and (iv) a public key of the prover. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus for implementing an authentication process between a prover and a verifier, the apparatus comprising:
-
a memory for storing a private key of the prover; and a processor coupled to the memory and operative to generate a response signal as a function of (i) information used to generate a commitment signal representative of a first polynomial, (ii) a challenge signal representative of a second polynomial, and (iii) the private key of the prover, such that the response signal is representative of a third polynomial having two or more terms and satisfying a set of constraints, wherein the processor is further operative to send the response signal from the prover to the verifier, such that the verifier can authenticate a communication from the prover by evaluating a function of information contained in at least a subset of (i) the commitment signal, (ii) the challenge signal, (iii) the response signal and (iv) a public key of the prover. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. An authentication method, carried out between a prover and a verifier, the method comprising the steps of:
-
receiving in the verifier a response signal from the prover generated as a function of (i) information used to generate a commitment signal representative of a first polynomial, (ii) a challenge signal representative of a second polynomial, and (iii) a private key of the prover, such that the response signal is representative of a third polynomial having two or more terms and satisfying a set of constraints; and authenticating in the verifier a communication from the prover by evaluating a function of information contained in at least a subset of (i) the commitment signal, (ii) the challenge signal, (iii) the response signal and (iv) a public key of the prover.
-
-
36. An apparatus for implementing an authentication process between a prover and a verifier, the apparatus comprising:
-
a memory associated with the verifier for storing a public key of the prover; and a processor coupled to the memory and operative to receive a response signal from the prover generated as a function of (i) information used to generate a commitment signal representative of a first polynomial, (ii) a challenge signal representative of a second polynomial, and (iii) a private key of the prover, such that the response signal is representative of a third polynomial having two or more terms and satisfying a set of constraints; and
to authenticate a communication from the prover by evaluating a function of information contained in at least a subset of (i) the commitment signal, (ii) the challenge signal, (iii) the response signal and (iv) a public key of the prover.
-
Specification