Procedure for a multiple digital signature
First Claim
Patent Images
1. A procedure for a multiple digital signature comprising:
- i) generating, by a Trusted Third Party (T), a set of parameters, its own private key and a private key for each signer or member (F1, F2, . . . , Ft) of a group of signers (G);
ii) generating, by each of said signers, (F1, F2, . . . , Ft), a partial signature on a digest (m) of a document (M) using their private keys;
iii) generating a multiple signature from said partial signatures; and
iv) verifying, by a verifier, said multiple signature;
wherein the procedure is characterised in that it comprises;
determining, by said Trusted Third Party (T), a single and common public key for all of said signers (F1, F2, . . . , Ft), in (G), by computing two integer numbers (P) and (Q), in Zn,
P=α
a0·
β
b0(mod n),
Q=α
c0·
β
d0(mod n); and
determining, by said Trusted Third Party (T), individual private keys of the signers (F1, F2, . . . , Ft) of the group of signers (G), associated to said determined single and common public key, by computing (ai, bi, ci, di), for i=1, . . . , t,wherein;
(a0, b0, c0, d0) are four random integer numbers belonging to Zr that define the private key of the Trusted Third Party (T);
(bi, di), for i=1, . . . , t, are t pairs of random integer numbers in Zr, and (ai, ci), for i=1, . . . , t, are t pairs of integer numbers in Zr verifying the following conditions;
ai=(h−
s·
bi)(mod r),
ci=(k−
s·
di)(mod r);
and h and k are two secret integer numbers, in Zr, defined by
h=(a0+s·
b0)(mod r),
k=(c0+s·
d0)(mod r); and
generating, by said Trusted Third Party (T), a set of parameters (n, r, α
, β
, p, q, s) so that it publishes n, r, α
, and β
, and keeps p, q, and s secret, where
n=p·
q,p=u1·
r·
p1+1 and q=u2·
r·
q1+1 are two large prime numbers,u1 and u2 are two even integer numbers, whose greatest common divisor (gcd) verifies
gcd(u1, u2)=2,p1, q1, r, are prime numbers,α
is an invertible element in the group of integers modulo n, Zn, with multiplicative order r, verifying the condition
gcd(α
, (p−
1)(q−
1))=1;
β
=α
s(mod n), ands is a random secret number in the subgroup generated by α
.
2 Assignments
0 Petitions
Accused Products
Abstract
Procedure for a multiple digital signature
It comprises:
- i) generating, by a Trusted Third Party (T), a private key for each signer or member (F1, F2, . . . , Ft) of a group of signers (G);
- ii) generating, each of said signers (F1, F2, . . . , Ft), a partial signature of a document (M) using their private keys;
- iii) generating a multiple signature from said partial signatures; and
- iv) verifying said multiple signature.
It further comprises generating, by the Trusted Third Party (T), a common public key for all of said signers (F1, F2, . . . , Ft) and using said common public key for performing said multiple signature verification of iv).
6 Citations
9 Claims
-
1. A procedure for a multiple digital signature comprising:
-
i) generating, by a Trusted Third Party (T), a set of parameters, its own private key and a private key for each signer or member (F1, F2, . . . , Ft) of a group of signers (G); ii) generating, by each of said signers, (F1, F2, . . . , Ft), a partial signature on a digest (m) of a document (M) using their private keys; iii) generating a multiple signature from said partial signatures; and iv) verifying, by a verifier, said multiple signature; wherein the procedure is characterised in that it comprises; determining, by said Trusted Third Party (T), a single and common public key for all of said signers (F1, F2, . . . , Ft), in (G), by computing two integer numbers (P) and (Q), in Zn,
P=α
a0 ·
β
b0 (mod n),
Q=α
c0 ·
β
d0 (mod n); anddetermining, by said Trusted Third Party (T), individual private keys of the signers (F1, F2, . . . , Ft) of the group of signers (G), associated to said determined single and common public key, by computing (ai, bi, ci, di), for i=1, . . . , t, wherein; (a0, b0, c0, d0) are four random integer numbers belonging to Zr that define the private key of the Trusted Third Party (T); (bi, di), for i=1, . . . , t, are t pairs of random integer numbers in Zr, and (ai, ci), for i=1, . . . , t, are t pairs of integer numbers in Zr verifying the following conditions;
ai=(h−
s·
bi)(mod r),
ci=(k−
s·
di)(mod r);and h and k are two secret integer numbers, in Zr, defined by
h=(a0+s·
b0)(mod r),
k=(c0+s·
d0)(mod r); andgenerating, by said Trusted Third Party (T), a set of parameters (n, r, α
, β
, p, q, s) so that it publishes n, r, α
, and β
, and keeps p, q, and s secret, where
n=p·
q,p=u1·
r·
p1+1 and q=u2·
r·
q1+1 are two large prime numbers,u1 and u2 are two even integer numbers, whose greatest common divisor (gcd) verifies
gcd(u1, u2)=2,p1, q1, r, are prime numbers, α
is an invertible element in the group of integers modulo n, Zn, with multiplicative order r, verifying the condition
gcd(α
, (p−
1)(q−
1))=1;β
=α
s(mod n), ands is a random secret number in the subgroup generated by α
.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
gi=bi+di·
m(mod r),and further sending, each signer, said own computed signature, in a secure way, to the Trusted Third Party (T).
-
-
3. A procedure according to claim 2, comprising verifying, by the Trusted Third Party (T), the computed signature of each signer (F1, F2, . . . , Ft) by checking:
P·
Qm(mod n)=α
fi ·
β
gi (mod n), i=1, . . . , t.
-
4. A procedure according to claim 3, wherein the Trusted Third Party (T) further computes and publishes the short multiple digital signature, (f, g), of the group (G) for the hash of the digest (m) further comprising the following:
-
f=(f1+ . . . +ft)(mod r)=Σ
i=1, . . . , tfi(mod r),
g=(g1+ . . . +gt)(mod r)=Σ
i=1, . . . , tgi(mod r).
-
-
5. A procedure according to claim 1, wherein the first signer (F1) further determines, without the collaboration of the Trusted Third Party (T), her own partial aggregated signature (f1, g1) for the hash of the digest (m) where:
-
f1=a1+c1·
m(mod r),
g1=b1+d1·
m(mod r),and sends it, in a secure way, to the second signer (F2).
-
-
6. A procedure according to claim 5, wherein each signer but the first one (F2, . . . , Ft) further verifies, without the collaboration of the Trusted Third Party (T), the partial aggregated signature ((fi−
- 1, gi−
1), i=2, . . . , t) already calculated by the previous signer, by checking
Pi−
1·
Q(i−
1)m=α
fi− ·
1
β
gi− (mod n), i=2, . . . , t.
1
- 1, gi−
-
7. A procedure according to claim 6, wherein each signer but the first one (F2, . . . , Ft) further determines, without the collaboration of the Trusted Third Party (T), her own partial aggregated signature ((fi−
- 1, gi−
1), i=2, . . . , t) by computing
fi=fi−
1+ai+ci·
m(mod r)=a1+ . . . +ai+(c1+ . . . +ci)m(mod r), i=2, . . . , t,
gi=gi−
1+bi+di·
m(mod r)=b1+ . . . +bi+(d1+ . . . +di)m(mod r), i=2, . . . , t,and further sending said determined own partial aggregated signatures, except the last signer (Ft), in a secure way, to the next signer of the group of signers.
- 1, gi−
-
8. A procedure according to claim 7, wherein the last signer (Ft) further publishes, without the collaboration of the Trusted Third Party (T), her partial aggregated signature as the short multiple digital signature, (f, g), of the whole group of signers:
(f, g)=(ft, gt).
-
9. A procedure according to claim 4, wherein a verifier determines whether the short multiple digital signature (f, g) of the group (G) for the hash of the digest (m) or document (M), makes the following expression hold true:
Pt·
Qt·
m=α
f·
β
g(mod n).
Specification