Non malleable encryption method and apparatus using key-encryption keys and digital signature
First Claim
Patent Images
1. A method comprising the steps of:
- encrypting a data message m at a transmitter processor using a primary transmitter secret key z, wherein z is known to the transmitter processor but not to a receiver processor, to form a quantity E;
preparing a quadruplet (anew, bnew,snew, E) at the transmitter processor where;
anew=z*ycmodulo p;
bnew=gcmodulo p;
snew=signaturec(anew,bnew,E);
where y=gxmodulo p, c is a random number, x is a receiver secret key of the receiver processor, and the parameters g, x, and p are picked using a known encryption method;
wherein snew is a signature which is determined by using the same random number c that was used to determine anew and bnew;
transmitting the quadruplet (anew, bnew,snew, E) from the transmitter processor to the receiver processor;
verifying the signature snew at the receiver processor;
decrypting anew and bnew at the receiver processor by using the receiver secret key x to get the primary transmitter secret key z;
using the primary transmitter secret key z to decrypt the quantity E and thereby obtaining the message m at the receiver processor.
5 Assignments
0 Petitions
Accused Products
Abstract
A fast encryption method particularly useful for long message lengths is provided. A message m is encrypted using a transmitter secret key z to form a quantity E. A transmitter processor prepares a quadruplet (anew, bnew,snew, E) where:
anew=z*ycmodulo p;
bnew=gcmodulo p;
snew=signaturec(anew,bnew,E).
As in previous embodiments y=gxmodulo p is the public key and x is the receiver secret key. The parameters g, x, and p according to methods known to a person skilled in the art and the parameter g is a generator of the group Gp. The parameter c is a random number. The transmitter processor sends the quadruplet (anew, bnew,snew, E) to a receiver processor. The receiver processor verifies the signature on snew using methods known in the art. The receiver processor then decrypts anew and bnew using the receiver secret key x to get the transmitter secret key z, i.e. in the following manner z=anew/bnewx. The receiver processor uses the transmitter secret key z to decrypt E to get the message M.
-
Citations
15 Claims
-
1. A method comprising the steps of:
-
encrypting a data message m at a transmitter processor using a primary transmitter secret key z, wherein z is known to the transmitter processor but not to a receiver processor, to form a quantity E;
preparing a quadruplet (anew, bnew,snew, E) at the transmitter processor where;
anew=z*ycmodulo p;
bnew=gcmodulo p;
snew=signaturec(anew,bnew,E);
where y=gxmodulo p, c is a random number, x is a receiver secret key of the receiver processor, and the parameters g, x, and p are picked using a known encryption method;
wherein snew is a signature which is determined by using the same random number c that was used to determine anew and bnew;
transmitting the quadruplet (anew, bnew,snew, E) from the transmitter processor to the receiver processor;
verifying the signature snew at the receiver processor;
decrypting anew and bnew at the receiver processor by using the receiver secret key x to get the primary transmitter secret key z;
using the primary transmitter secret key z to decrypt the quantity E and thereby obtaining the message m at the receiver processor. - View Dependent Claims (2, 3, 7, 8, 12)
-
-
4. A method comprising the steps of:
-
creating a primary transmitter key z at a transmitter processor wherein the primary transmitter key is known to the transmitter processor but not to a receiver processor;
creating a secondary transmitter key z′
at the transmitter processor wherein the secondary transmitter key is known to the transmitter processor but not to the receiver processor, wherein the secondary transmitter key z′
is a function of z;
encrypting a data message m, at the transmitter processor, using the secondary transmitter secret key z′
to form a quantity;
preparing a quadruplet (anew, bnew,snew, E) at the transmitter processor, where;
anew=z*ycmodulo p;
bnew=gcmodulo p;
snew=signaturec(anew,bnew,E);
where y=gxmodulo p, c is a random number, x is a receiver secret key of the receiver processor, and the parameters g, x, and p are picked using a known encryption method;
wherein snew is a signature which is determined by using the same random number c that was used to determine anew and bnew;
transmitting the quadruplet (anew, bnew,snew, E) from the transmitter processor to the receiver processor;
verifying the signature snew at the receiver processor;
decrypting anew and bnew at the receiver processor, using the receiver secret key x to get the primary transmitter secret key z;
modifying the primary transmitter secret key z, at the receiver processor, to obtain the secondary transmitter secret key z′ and
using the secondary transmitter secret key z′
to decrypt the quantity E and thereby obtaining the message m, at the receiver processor. - View Dependent Claims (5, 13)
-
-
6. A method comprising the steps of:
-
creating a primary transmitter key z at a transmitter processor;
creating a secondary transmitter key z′
which is a function of z, at the transmitter processor;
providing a plurality of portion keys which are derived from the secondary transmitter key z′
, at the transmitter processor;
encrypting a data message m, at a transmitter processor, using the plurality of portion keys to form a quantity E;
preparing a quadruplet (anew, bnew,snew, E), at the transmitter processor, where;
anew=z*ycmodulo p;
bnew=gcmodulo p;
snew=signaturec(anew,bnew,E);
where y=gxmodulo p, c is a random number, x is a receiver secret key of a receiver processor, and the parameters g, x, and p are picked using a known encryption method;
wherein snew is a signature which is determined by using the same random number c that was used to determine anew and bnew;
transmitting the quadruplet (anew, bnew,snew, E) from the transmitter processor to the receiver processor;
verifying the signature snew at a the receiver processor;
decrypting anew and bnew, at the receiver processor, using the receiver secret key x to get the primary transmitter secret key z;
modifying the primary transmitter secret key z, at the receiver processor, to obtain the secondary transmitter secret key z′ and
using the secondary transmitter secret key z′
to determine the plurality of portion keys and using the plurality of portion keys to decrypt the quantity E and thereby obtaining the message m, at the receiver processor. - View Dependent Claims (14)
-
-
9. An apparatus comprising
a transmitter processor; -
wherein the transmitter processor encrypts a data message m using a primary transmitter secret key z, known to the transmitter processor but not known to a receiver processor, to form a quantity E; and
prepares a quadruplet (anew, bnew,snew, E) where;
anew=z*ycmodulo p;
bnew=gcmodulo p;
snew=signaturec(anew,bnew,E);
where y=gxmodulo p, c is a random number, x is a receiver secret key of the receiver processor, and the parameters g, x, and p are picked using a known encryption method; and
wherein snew is a signature, and wherein the transmitter processor determines snew by using the same random number c that was used to determine anew and bnew. - View Dependent Claims (10, 11, 15)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeWSOU Investments, LLC (WSOU Holdings, LLC)
-
Original AssigneeLucent Technologies, Inc. (Nokia Corporation)
-
InventorsSchnorr, Claus Peter, Jakobsson, Bjorn Markus
-
Primary Examiner(s)Barron, Gilberto
-
Assistant Examiner(s)KIM, JUNG W
-
Application NumberUS09/487,946Time in Patent Office2,036 DaysField of Search713/169, 713/176, 380/28, 380/30US Class Current380/30CPC Class CodesH04L 9/3013 involving the discrete loga...H04L 9/3252 using DSA or related signat...
