Signature apparatus, verifying apparatus, proving apparatus, encrypting apparatus, and decrypting apparatus
First Claim
1. A signature apparatus for generating a signature text by using a commitment, wherein the commitment is a hash value of a set including a value to be committed, data including a pair of elements of a cyclic group associated with a discrete logarithm problem which is used as a public key, and a discrete logarithm of an order of the pair which is used as a secret key, the signature apparatus comprising:
- a committed vector selecting unit configured to select a committed vector associated with a first commitment;
a first commitment calculating unit configured to calculate the first commitment;
a basis vector calculating unit configured to calculate a basis vector;
a second commitment calculating unit configured to calculate a power residue and calculates a second commitment;
a vector challenge calculating unit configured to calculate a vector challenge;
a vector response calculating unit configured to calculate a vector response by using the first commitment, a set used for calculating the power residue, the vector challenge, and the basis vector; and
a memory configured to store the committed vector, the first commitment, the basis vector, the second commitment, the vector challenge, and the vector response,wherein a signature text is generated based in part on the first commitment, the second commitment, and the vector response, and wherein a signature text output means is configured to read the signature text from the memory and output the signature text to a verifying apparatus,wherein the basis vector and the vector challenge are hash values,wherein the committed vector selecting unit is further configured to select a plurality of committed vectors, each having the same configuration as the committed vector, andwherein each component of the plurality of committed vectors and the secret key satisfy a relation equation, andwherein the first commitment is a hash value of data including components of the vector response, the public key which is data including a pair of elements of the cyclic group associated with the discrete logarithm problem, and the secret key which is a discrete logarithm of an order of the pair.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a signature apparatus, a verifying apparatus, a proving apparatus, an encrypting apparatus, and a decrypting apparatus capable of efficiently reducing a signature text counterfeit problem to a discrete logarithm problem. The commitment is a hash value of a set of a value to be committed. Data including a pair of elements of a cyclic group associated with a discrete logarithm problem is used as a public key, and a discrete logarithm of an order of the pair is used as a secret key. Accordingly, it is possible to summarize secret information of an attacker from the commitment without rewinding the attacker and to ensure a higher safety than that of a Schnorr signature scheme. In addition, one-time power residue calculation is performed in each of the signature and verification calculations, so that it is possible to lower an amount of calculation in the signature and verification calculations.
15 Citations
34 Claims
-
1. A signature apparatus for generating a signature text by using a commitment, wherein the commitment is a hash value of a set including a value to be committed, data including a pair of elements of a cyclic group associated with a discrete logarithm problem which is used as a public key, and a discrete logarithm of an order of the pair which is used as a secret key, the signature apparatus comprising:
-
a committed vector selecting unit configured to select a committed vector associated with a first commitment; a first commitment calculating unit configured to calculate the first commitment; a basis vector calculating unit configured to calculate a basis vector; a second commitment calculating unit configured to calculate a power residue and calculates a second commitment; a vector challenge calculating unit configured to calculate a vector challenge; a vector response calculating unit configured to calculate a vector response by using the first commitment, a set used for calculating the power residue, the vector challenge, and the basis vector; and a memory configured to store the committed vector, the first commitment, the basis vector, the second commitment, the vector challenge, and the vector response, wherein a signature text is generated based in part on the first commitment, the second commitment, and the vector response, and wherein a signature text output means is configured to read the signature text from the memory and output the signature text to a verifying apparatus, wherein the basis vector and the vector challenge are hash values, wherein the committed vector selecting unit is further configured to select a plurality of committed vectors, each having the same configuration as the committed vector, and wherein each component of the plurality of committed vectors and the secret key satisfy a relation equation, and wherein the first commitment is a hash value of data including components of the vector response, the public key which is data including a pair of elements of the cyclic group associated with the discrete logarithm problem, and the secret key which is a discrete logarithm of an order of the pair. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A verifying method for determining validity of input data, comprising:
-
receiving, via a receiving device, input data including a message and signature text associated with the message, wherein the signature text is based in part on a first commitment, a second commitment, and a vector response; verifying a validity of the signature text via processes conducted by a basis vector calculating unit, a vector challenge calculating unit, a first validity verifying unit, a second validity verifying unit, and an output unit, including; calculating, by the basis calculating unit, a basis vector and storing the basis vector in a storage unit; calculating, by the vector challenge calculating unit, a vector challenge and storing the vector challenge in the storage unit; determining, by the first validity verifying unit, a validity of the first commitment by inputting a portion of the input data including the vector response to a hash function; and calculating power residue and determining a validity of the vector response, wherein the basis vector and the vector challenge are hash values, and wherein, the first commitment is a hash value of data including components of the vector response, a public key which is data including a pair of elements of a cyclic group associated with a discrete logarithm problem, and a secret key which is a discrete logarithm of an order of the pair. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification