Method for making a blind RSA-signature and apparatus therefor
First Claim
1. A method for making a blind digital RSA-signature, comprising steps of choosing secret factors and an RSA-module corresponding to them, choosing at least one admissible public RSA-exponent, choosing initial data, choosing a randomized blinding key, choosing an encryption RSA-key whose module corresponds to the chosen RSA-module and whose exponent corresponds to the chosen blinding key with which key an RSA-encryption is performed while creating blinded data, arbitrarily choosing a secret RSA-key corresponding to the chosen secret factors and an arbitrary admissible public RSA-exponent, and creating a digital RSA-signature on the blinded data corresponding to said secret RSA-key, unblinding the created digital RSA-signature on the blinded data by inputting the digital RSA-signature on the blinded data, the blinding key, the RSA module, and the public RSA-exponent corresponding to the secret RSA-key used in creating the digital RSA-signature on the blinded data, into an unblinding converter whose output data are obtained as the digital RSA-signature on the chosen initial data, characterized in that during the step of creating the blinded data an RSA-encryption of the chosen initial data is performed, during the step of unblinding the created digital RSA-signature on the blinded data the chosen initial data are input additionally into the unblinding converter, a masking factor coprime to each admissible public RSA-exponent is additionally chosen, and the blinding key is chosen coprime to each admissible public RSA-exponent and as a multiple to the chosen masking factor.
2 Assignments
0 Petitions
Accused Products
Abstract
The essence of the invention is in that when making a digital blind RSA-signature a new technique for blinding an initial data by a RSA-encryption and corresponding technique for unblinding the signed blinded data are employed, which gives the possibility to use an unlimited number of kinds of the signature in electronic systems of the mass scale service. The untraceability is ensured by a corresponding choice of the randomized exponent R, RSA-key used in RSA-encryption the initial data, and by the public module N properties verified in an arbitrary time moment. In so doing, N=P·Q, where P and Q are secret prime factors, and R is multiple to N−1. In other variants of the invention the diversity of kinds of the signature is set by limitings on multiplicities of public exponents, said limitings being chosen prior to blinding the initial data. The apparatus to realize the method for making a digital blind RSA-signature comprises a blinding unit based on a modular exponentiator, and a corresponding unblinding unit.
160 Citations
29 Claims
- 1. A method for making a blind digital RSA-signature, comprising steps of choosing secret factors and an RSA-module corresponding to them, choosing at least one admissible public RSA-exponent, choosing initial data, choosing a randomized blinding key, choosing an encryption RSA-key whose module corresponds to the chosen RSA-module and whose exponent corresponds to the chosen blinding key with which key an RSA-encryption is performed while creating blinded data, arbitrarily choosing a secret RSA-key corresponding to the chosen secret factors and an arbitrary admissible public RSA-exponent, and creating a digital RSA-signature on the blinded data corresponding to said secret RSA-key, unblinding the created digital RSA-signature on the blinded data by inputting the digital RSA-signature on the blinded data, the blinding key, the RSA module, and the public RSA-exponent corresponding to the secret RSA-key used in creating the digital RSA-signature on the blinded data, into an unblinding converter whose output data are obtained as the digital RSA-signature on the chosen initial data, characterized in that during the step of creating the blinded data an RSA-encryption of the chosen initial data is performed, during the step of unblinding the created digital RSA-signature on the blinded data the chosen initial data are input additionally into the unblinding converter, a masking factor coprime to each admissible public RSA-exponent is additionally chosen, and the blinding key is chosen coprime to each admissible public RSA-exponent and as a multiple to the chosen masking factor.
- 22. A method for making a blind digital RSA-signature, comprising steps of choosing secret factors and an RSA-module corresponding to them, choosing at least one admissible public RSA-exponent, choosing initial data, choosing a randomized blinding key, choosing an encryption RSA-key whose module corresponds to the chosen RSA-module and with which the RSA-encryption is performed while creating the blinded data, the chosen initial data being processed with a result of the RSA-encryption while creating the blinded data, arbitrarily choosing a secret RSA-key corresponding to the chosen secret factors and an arbitrary admissible public RSA-exponent, and creating a digital RSA-signature on the blinded data, corresponding to said secret RSA-key, creating an unblinding key corresponding to the blinding key and the secret RSA-key utilized while creating the digital RSA-signature on the blinded data, unblinding the created digital RSA-signature on the blinded data by inputting the digital RSA-signature on the blinded data, which step of unblinding is performed by inputting said digital RSA-signature, the unblinding key and the RSA-module into an unblinding converter whose output data are received as the digital RSA-signature on the chosen initial data, characterized in that during the step of choosing at least one admissible public RSA-exponent a step of additionally choosing at least one basic public RSA-exponent is performed, for each of which basic public RSA-exponents an arbitrary limiting multiplicity is chosen, and an arbitrary public RSA-exponent constituted from the chosen basic public RSA-exponents is accepted as the admissible public RSA-exponent, a multiplicity of each chosen basic public RSA-exponent being taken within a range of the chosen limiting multiplicity, during the step of creating the blinded data a step of RSA-encryption the chosen blinding key is performed, the encryption RSA-key by which the step of RSA-encryption being performed during the step of creating the blinded data is chosen corresponding to an RSA-exponent constituted from the chosen basic public RSA-exponents each of which being taken in the chosen limiting multiplicity, the step of arbitrarily choosing the secret RSA-key corresponding to the chosen secret factors and arbitrary admissible public RSA-exponent is performed by arbitrarily choosing utilized multiplicities of the basic public RSA-exponents within a range of the chosen limiting multiplicities of the basic public RSA-exponents, and the unblinding key is created by RSA-encryption of the blinding key with the encryption RSA-key as a module of which the RSA-module is taken, and whose RSA-exponent corresponds to the basic public RSA-exponents, each of said basic public RSA-exponents being taken in a multiplicity equal to the difference between the limiting multiplicity corresponding to said basic public RSA-exponent and the utilized multiplicity chosen in the step of arbitrarily choosing the secret key and corresponding to said limiting multiplicity.
- 28. An apparatus for making a blind digital RSA-signature, comprising a blinding key choice unit having a random-number generator and a blinding unit having a modular exponentiator whose module input being connected to a module input of the blinding unit and whose exponent input being connected to a blinding key input of the blinding unit, said blinding unit has an initial data input and one output being connected to a signature data input of a signature unit which has a secret key input and one output being connected to an unblinding data input of an unblinding unit which has a signature output, a module input, an exponent input and a blinding key input, characterized in that a base input of the modular exponentiator of the blinding unit is connected to the initial data input of the blinding unit, and the output of the modular exponentiator is connected to the output of the blinding unit, the unblinding unit has additionally an initial data input and comprises a modular multiplicative Euclidean converter (MMEC) having a module input, base inputs and exponent inputs corresponding to each of said base inputs, the module input of the unblinding unit being connected to the module input of the MMEC, the initial data input of the unblinding unit being connected to one of the base inputs of the MMEC, and an unblinding data input of the unblinding unit being connected to another base input of the MMEC, the blinding key input of the unblinding unit is connected to the exponent input of the MMEC which corresponds to the base input of the MMEC connected to the unblinding data input of the unblinding unit, and the exponent input of the unblinding unit is connected to the exponent input of the MMEC which corresponds to the base input of the MMEC connected to the initial data input of the unblinding unit, and the output of the unblinding unit is connected to the output of the MMEC, the blinding key choice unit comprises additionally an arithmetic controller with two limiting inputs which are accepted conditionally as first and second limiting inputs, the arithmetic controller being connected to the random-number generator, an output of the arithmetic controller is connected to the output of the blinding key choice unit, and the arithmetic controller is made so as to provide output data of the blinding key choice unit coprime to integers fed onto the first limiting input of the arithmetic controller, and to provide the divisibility of the output data of the blinding key choice unit with an integer fed onto the second limiting input of the arithmetic controller.
Specification