Small memory footprint fast elliptic encryption

US 7,607,019 B2
Filed: 02/03/2005
Issued: 10/20/2009
Est. Priority Date: 02/03/2005
Status: Active Grant

First Claim

Patent Images

1. A digital signature generation system, comprising:

a processor;

a computer readable medium coupled to the processor and having stored thereon instructions, which, when executed by the processor, cause the processor to perform the operations of;

generating a first random number from a finite field of numbers;

generating a plurality of field elements defining a first point on an elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the first random number and an initial public point on the elliptic curve;

generating a product from a field element of the plurality of field elements, a private key, and a second random number from the finite field of numbers, wherein the second random number is received from a challenger device;

generating a signature component by summing the product and the first random number;

reducing the generated signature component using one or more modular reduction operations, wherein the one or more modular reduction operations are based on a modulus equal to an order of the elliptic curve; and

sending the reduced signature component and the plurality of field elements to the challenger device as a digital signature for verification by the challenger device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of generating a digital signature includes generating a first random number from a finite field of numbers, and generating field elements defining a first point on an elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the first random number and an initial public point on the elliptic curve. The method continues by generating a product from a field element, a private key, and a second random number received from a challenger seeking verification of a digital signature, and generating a signature component by summing the product and the first random number. The signature component is reduced using one or more modular reduction operations, using a modulus equal to an order of the elliptic curve, and then the reduced signature component and the field elements are sent to the challenger as a digital signature for verification by the challenger.

Citations

22 Claims

1. A digital signature generation system, comprising:
- a processor;
  
  a computer readable medium coupled to the processor and having stored thereon instructions, which, when executed by the processor, cause the processor to perform the operations of;
  
  generating a first random number from a finite field of numbers;
  
  generating a plurality of field elements defining a first point on an elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the first random number and an initial public point on the elliptic curve;
  
  generating a product from a field element of the plurality of field elements, a private key, and a second random number from the finite field of numbers, wherein the second random number is received from a challenger device;
  
  generating a signature component by summing the product and the first random number;
  
  reducing the generated signature component using one or more modular reduction operations, wherein the one or more modular reduction operations are based on a modulus equal to an order of the elliptic curve; and
  
  sending the reduced signature component and the plurality of field elements to the challenger device as a digital signature for verification by the challenger device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, wherein one or more of the generating steps uses unsigned field arithmetic.
  - 3. The system of claim 1, wherein the elliptic curve has a curve order o=w^s−
    - j, wherein w is n-bit segment of computer memory, and s and j are positive integers.
  - 4. The system of claim 3, wherein the first random number is an integer constrained to reside in the interval [2, o−
    - 1].
  - 5. The system of claim 3, wherein j is greater than 0 and less than w^1+s/2.
  - 6. The system of claim 1, wherein the plurality of field elements is a Montgomery coordinate pair.
  - 7. The system of claim 1, wherein the elliptic curve is defined in an x-y coordinate plane by the equation y²=x³+cx²+x.
  - 8. The system of claim 7, wherein c is equal to 4.
  - 9. The system of claim 3, wherein the initial public point on the elliptic curve has a point order that divides the curve order o and contains the largest prime factor in the curve order o.
  - 10. The system of claim 1, wherein the field elements of the plurality of field elements reside in an interval [0, p−
    - 1], wherein p is a field prime.
  - 11. The system of claim 2, wherein the field arithmetic includes modular operations that are performed without explicit divisions.
  - 12. The system of claim 2, wherein subtract operations on a field element of the plurality of field elements are performed by negating the field element using the identity (−
    - y)mod p≡
      
      w^s−
      
      (y+k)mod p, where y is the field element to be negated, p is a field prime, w is an n-bit segment of memory, and j and k are positive integers.
  - 13. The system of claim 2, wherein the field arithmetic does not use field inversion operations.
  - 14. The system of claim 1, wherein the first random number has a Hamming weight less than or equal to 48.
  - 15. The system of claim 2, wherein the field arithmetic does not use dynamically allocated memory.
  - 16. The system of claim 2, wherein a maximum number of bytes of memory allocated for temporary storage of variables used by field arithmetic operations used to generate the digital signature does not exceed 200 bytes.
  - 17. The system of claim 2, wherein at least one temporary variable used by the field arithmetic is shared by at least two field arithmetic operations.
  - 18. The system of claim 2, wherein the digital signature sent to the challenger device is a packet not exceeding 3s+3 memory segments w, wherein s represents the number of n-bit memory segments w used to store unsigned integer values for the reduced signature component and the plurality of field elements sent to the challenger device as a representation of the digital signature.
  - 19. The system of claim 2, wherein the computer-readable medium includes a data structure for storing five parameters used to generate the digital signature, wherein four parameters are stored in no more than s+1 n-bit memory segments w and one parameter is stored in no more than 2s n-bit segments w, where s is a positive integer.
  - 20. The system of claim 19, wherein s is equal to 10 and n is equal to 16.

21. A computer-implemented method of generating a digital signature, comprising:
- at an electronic device comprising one or more processors and a communications interface coupled to a challenger device;
  
  generating a first random number from a finite field of numbers;
  
  generating a plurality of field elements defining a first point on an elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the first random number and an initial public point on the elliptic curve;
  
  generating a product from a field element of the plurality of field elements, a private key, and a second random number from the finite field of numbers, wherein the second random number is received from the challenger device;
  
  generating a signature component by summing the product and the first random number;
  
  reducing the generated signature component using one or more modular reduction operations, wherein the one or more modular reduction operations are based on a modulus equal to an order of the elliptic curve; and
  
  sending the reduced signature component and the plurality of field elements to the challenger device as a digital signature for verification by the challenger device.

22. A computer-readable medium having stored thereon instructions, which, when executed by a processor in a system for generating a digital signature, causes the processor to perform the operations of:
- generating a first random number from a finite field of numbers;
  
  generating a plurality of field elements defining a first point on an elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the first random number and an initial public point on the elliptic curve;
  
  generating a product from a field element of the plurality of field elements, a private key, and a second random number from the finite field of numbers, wherein the second random number is received from a challenger device;
  
  generating a signature component by summing the product and the first random number;
  
  reducing the generated signature component using one or more modular reduction operations, wherein the one or more modular reduction operations are based on a modulus equal to an order of the elliptic curve; and
  
  sending the reduced signature component and the plurality of field elements to the challenger device as a digital signature for verification by the challenger device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Crandall, Richard E., Mitchell, Douglas P.
Primary Examiner(s)
Pich; Ponnoreay
Assistant Examiner(s)
Vu; Kimyen

Application Number

US11/051,441
Publication Number

US 20060174126A1
Time in Patent Office

1,720 Days
Field of Search

713/176, 713/180, 380/28, 380/30
US Class Current

713/176
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Small memory footprint fast elliptic encryption

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Small memory footprint fast elliptic encryption

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links