Methods and systems for authenticating messages
First Claim
1. A method for generating a cryptographic address, the method comprising:
- setting an initial value for a modifier;
determining the value of the modifier for use by a first hash function by executing a second hash function on a public key and the modifier, repeating the execution of the second hash function while changing the value of the modifier until the second hash function yields a target result, wherein the target result of the second hash function is determined in part by a security parameter value;
concatenating a public key and the modifier;
executing the first hash function on the concatenated public key and the modifier to yield a first hash function value; and
concatenating a portion of an address that is not node-selectable and at least a portion of the first hash function value to create a network address.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is an authentication mechanism that provides much of the security of heavyweight authentication mechanisms, but with lower administrative and communicative overhead while at the same time not being limited to a 64-bit limit on the length of a cryptographic hash value. Removal of this limitation is achieved by increasing the cost of both address generation and brute-force attacks by the same parameterized factor while keeping the cost of address use and verification constant. The address owner computes two hash values using its public key and other parameters. The first hash value is used by the owner to derive its network address. The purpose of the second hash is to artificially increase that computational complexity of generating new addresses and, consequently, the cost of brute-force attacks. As another measure against brute-force attacks, the routing prefix (i.e., the non-node selectable portion) of the address is included in the first hash input.
-
Citations
18 Claims
-
1. A method for generating a cryptographic address, the method comprising:
-
setting an initial value for a modifier; determining the value of the modifier for use by a first hash function by executing a second hash function on a public key and the modifier, repeating the execution of the second hash function while changing the value of the modifier until the second hash function yields a target result, wherein the target result of the second hash function is determined in part by a security parameter value; concatenating a public key and the modifier; executing the first hash function on the concatenated public key and the modifier to yield a first hash function value; and concatenating a portion of an address that is not node-selectable and at least a portion of the first hash function value to create a network address. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer storage medium containing instructions for performing a method for generating a cryptographic address, the method comprising:
-
setting an initial value for a modifier; determining the value of the modifier for use by a first hash function by executing a second hash function on a public key and the modifier, repeating the execution of the second hash function while changing the value of the modifier until the second hash function yields a target result, wherein the target result of the second hash function is determined in part by a security parameter value; concatenating a public key and the modifier; executing the first hash function on the concatenated public key and the modifier to yield a first hash function value; and concatenating a portion of an address that is not node-selectable and at least a portion of the first hash function value to create a network address.
-
-
7. A method for a second computing device to authenticate content data made available by a first computing device, the method comprising:
-
accessing authentication information made available by the first computing device, the authentication information including content data, a network address of the first computing device, a public key of the first computing device, and a modifier; computing a first hash value using a first hash function, the input to the first hash function including a concatenation of the public key and the modifier; computing a second hash value using a second hash function, the input to the second hash function including a concatenation of the public key and the modifier; and accepting the content data if the second hash value matches a target result, and the first hash value matches a second corresponding portion of the network address, wherein the target result of the second hash function is determined in part by a security parameter value. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer storage medium containing instructions for performing a method for a second computing device to authenticate content data made available by a first computing device, the method comprising:
-
accessing authentication information made available by the first computing device, the authentication information including content data, a network address of the first computing device, a public key of the first computing device and a modifier; computing a first hash value using a first hash function, the input to the first hash function including a concatenation of the public key and the modifier; computing a second hash value using a second hash function, the input to the second hash function including a concatenation of the public key and the modifier; and accepting the content data if the second hash value matches a target result, and the first hash value matches a second corresponding portion of the network address, wherein the target result of the second hash function is determined in part by a security parameter value.
-
-
13. A method for a computing device to derive a node-selectable portion of a network address from a public key of the computing device, the method comprising:
-
computing a first hash value using a first hash function, the input to the first hash function including a concatenation of the public key and a modifier, the modifier value set by a second hash function; computing a second hash value using the second hash function, the input to the second hash function including a concatenation of the public key and the modifier; comparing a portion of the second hash value with a target result, wherein the target result of the second hash value is determined in part by a security parameter value; if the portion does not match the target result, modifying the value of the modifier, concatenating the modifier with the public key, and repeating the computing of a second hash function and the comparing; setting the node-selectable portion of the network address to a portion of the first hash value; and checking to see if the network address as set is already in use and if the network address as set is already in use, repeating the computing of the first hash value, the setting of the node-selectable portion of the network address, and the checking to see if the network address is already in use. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A computer storage medium containing instructions for performing a method for a computing device to derive a node-selectable portion of a network address from la public key of the computing device, the method comprising:
-
computing a first hash value using a first hash function, the input to the first hash function including a concatenation of the public key and a modifier, the modifier value set by a second hash function; computing a second hash value using the second hash function, the input to the second hash function including a concatenation of the public key and the modifier; comparing a portion of the second hash value with a target result, wherein the target result of the second hash value is determined in part by a security parameter value; if the portion does not match the target result, modifying the value of the modifier, concatenating the modifier with the public key, and repeating the computing of a second hash function and the comparing; setting the node-selectable portion of the network address to a portion of the first hash value; and checking to see if the network address as set is already in use and if the network address as set is already in use, repeating the computing of the first hash value, the setting of the node-selectable portion of the network address, and the checking to see if the network address is already in use.
-
Specification