公开(公告)号：EP1049289A1

公开(公告)日：2000-11-02

申请号：EP99401048.6

申请日：1999-04-29

申请人： BULL CP8 ,  NDS LIMITED

发明人： Patarin, Jacques ,  Kipnis, Aviad

IPC分类号： H04L9/32

CPC分类号： H04L9/3247 ,  H04L9/3093

摘要： The invention provides for a cryptographic method for digital signature.
A set S 1 of k polynominal functions P k (x 1 ,...x n+v ,y 1 ...,y k ) are supplied as a public key, where k, v and n are integers, x 1 ,..., x n+v , n+v are variables of a first type and y 1 ,...,y k , are k variables of a second type, the set S 1 being obtained by applying (100) a secret key operation on a given set S 2 of k polynominal functions P' k (a 1 ,..., a n+v y 1 , ..., y k ), a 1 ,...,a n+v designating n+v variables including a set of n "oil" and v "vinegar" variables.
A message to be signed is provided (105) and submitted (110) to a hash function to produce a series of k values (b 1 ,...,b k ). These k values are substituted (115) for the k variables (y 1 , ...,y k ) of second set S 2 to produce a set S 3 of k polynominal functions P" k (a 1 , ..., a n+v ), and v values are selected (120) a' n+1 ,...,a' n+v for the v "vinegar" variables. A set of equations P" k (a 1 ,...,a n+v )= 0 is solved (125) to obtain a solution for (a' 1 , ...,a' n ) and the secret key operation is applied (130) to transform the solution to the digital signature.

摘要翻译： 本发明提供了一种用于数字签名的加密方法。 提供k个多项式函数Pk（x1，... xn + v，y1 ...，yk）的集合S1作为公钥，其中k，v和n是整数，x1，...，xn + v ，n + v是第一类型的变量，y1，...，yk是第二类型的k个变量，集合S1通过对k个多项式函数的给定集合S2应用（100）秘密密钥操作而获得 p'k（a1，...，an + v y1，...，yk），a1，...，an + v指定n + v变量，包括一组n“油”和v“醋”变量 。 提供要签名的消息（105）并提交（110）到散列函数以产生一系列k个值（b1，...，bk）。 这些k个值被替换为第二组S2的k个变量（y1，...，yk），以产生k个多项式函数P“k（a1，...，an + v）的集合S3，以及 对于v“醋”变量，选择v值（120）a'n + 1，...，a'n + v。一组方程P“k（a1，...，an + v）= 0 （125）以获得（a'1，...，a'n）的解，并且应用秘密密钥操作（130）以将解转换为数字签名。

公开(公告)号：EP0958676A1

公开(公告)日：1999-11-24

申请号：EP98904107.0

申请日：1998-01-21

申请人： Deutsche Telekom AG

发明人： SCHWENK, Jörg ,  HUBER, Klaus

IPC分类号： G09C1 ,  H04L9

CPC分类号： H04L9/302 ,  H04L9/3093

摘要： A process is disclosed for generating a digital signature s on a message m by means of a secret key comprising at least two large prime numbers p and q. It is provided that s is the zero of the polynomial P(x)-m modulo n, in which P(x) is any permutation polynomial modulo n.

公开(公告)号：EP0867084A1

公开(公告)日：1998-09-30

申请号：EP96945933.0

申请日：1996-12-11

申请人： Moh, Tzuong-Tsieng

发明人： Moh, Tzuong-Tsieng

IPC分类号： G09C1 ,  H04L9

CPC分类号： H04L9/3093

摘要： The present invention relates to a tame automorphism based encryption system or scheme. Let K be a finite field of 2m elements. Let ζ¿4?,ζ3,ζ2,ζ1 be tame automorphisms (see above) of the rink K[x1,...,xn+r]. Let the composition be π = ζ4ζ3ζ2ζ1. The automorphism π and the factorization π = ζ4ζ3ζ2ζ1 are hidden. Let π = (π1(x1,...,xn+r),...,xn+r(x1,...,xn+r)). The field K and the polynomials (f1,...,fn+r) = (π1(x1,...,xn,0,...,0),...,πn+r(x1,...,xn,0,...,0)) will be announced publicly. Let (x'1,...,x'n) be the plaintext. Then the cyphertext will be (y'1,...,y'n+r) = (f1(x'1,...,x'n), ...,fn+r(x'1,...,x'n)). It is easy to find ζi?-1((y'¿1,...,y'n+r)) (see Corollary 2). Therefore, it is easy to recover the plaintext (x'1,...,x'n) = ζ1-1ζ2-1ζ3-1ζ4-1π((π¿1?,...,x'n)). However without knowing the automorphism π precisely and the decomposition π = ζ4ζ3ζ2ζ1, it is very hard to find plaintext (x'1,...,x'n). The encryption system or scheme may be applied to electronic message transmission, data storage, smart card security, and product verification applications.

公开(公告)号：EP0157258B1

公开(公告)日：1992-01-02

申请号：EP85103008.0

申请日：1985-03-15

申请人： NIPPON TELEGRAPH AND TELEPHONE CORPORATION

发明人： Okamoto, Tatsuaki ,  Miyaguchi, Shoji ,  Shiraishi, Akira ,  Kawaoka, Tsukasa

IPC分类号： H04L9/30

CPC分类号： H04L9/302 ,  H04L9/0643 ,  H04L9/3093 ,  H04L9/3249 ,  H04L2209/12

公开(公告)号：EP0157258A2

公开(公告)日：1985-10-09

申请号：EP85103008.0

申请日：1985-03-15

申请人： NIPPON TELEGRAPH AND TELEPHONE CORPORATION

发明人： Okamoto, Tatsuaki ,  Miyaguchi, Shoji ,  Shiraishi, Akira ,  Kawaoka, Tsukasa

IPC分类号： H04L9/30

CPC分类号： H04L9/302 ,  H04L9/0643 ,  H04L9/3093 ,  H04L9/3249 ,  H04L2209/12

摘要： On the transmitting side, a signature corresponding to a document to be transmitted is generated using a random number and the document as variables and on the basis of a congruence polynomial of second or higher degree with respect to the random number, secret key information and public key information produced based on the secret key information. The signature and the document are transmitted in digital form. On the receiving side, the congruence polynomial is operated using the received signature and document in place of the random number and the document employed on the transmitting side, and the validity of the received signature and document is verified on the basis of the result of operation and the public key information.

公开(公告)号：EP4418606A1

公开(公告)日：2024-08-21

申请号：EP24157024.1

申请日：2024-02-12

申请人： NXP B.V.

发明人： Schoenauer, Markus ,  Azouaoui, Melissa ,  Bronchain, Olivier ,  Schneider, Tobias ,  van Vredendaal, Christine

IPC分类号： H04L9/30 ,  H04L9/32

CPC分类号： H04L9/3247 ,  H04L9/3093

摘要： A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a fault detection in a digital signature algorithm in a processor, the instructions, including: computing vector z based on a secret nonce vector y, a first secret key vector s1, and a challenge polynomial c, wherein vectors z, y, and s1 include l polynomials having n coefficients, wherein polynomial c has n coefficients, and wherein l and n are integers; computing a difference value between all of the coefficients of the polynomials in the vector z; computing a number of how many of the computed difference values are outside a specified value range; computing a digital signature for an input message; and rejecting the digital signature when the computed number is greater than a threshold value.

公开(公告)号：EP4395227A1

公开(公告)日：2024-07-03

申请号：EP23218505.8

申请日：2023-12-20

申请人： NXP B.V.

发明人： Azouaoui, Melissa ,  Schneider, Tobias ,  Schoenauer, Markus

IPC分类号： H04L9/00 ,  H04L9/30 ,  H04L9/08

CPC分类号： H04L9/003 ,  H04L9/3093 ,  H04L2209/0820130101 ,  H04L2209/04620130101 ,  H04L9/085

摘要： A device may include a computer-readable memory and an integrated circuit including a processor configured to implement a cryptographic operation, wherein the cryptographic operation enables computation of a cryptographic result using a bit masking value y. The processor may be configured to access the computer-readable memory to determine a set of bit indexes, wherein each bit index in the set of bit indexes is associated with a bit value in the bit masking value y, for each bit index in the set of bit indexes, calculate an adaptive share value in which the bit value associated with the bit index is masked, and execute a cryptographic operation using the adaptive share value.

公开(公告)号：EP4366232A1

公开(公告)日：2024-05-08

申请号：EP22306658.0

申请日：2022-11-03

申请人： CryptoNext SAS

发明人： Faugère, Jean-Charles ,  Adomnicai, Alexandre

IPC分类号： H04L9/30 ,  H04L9/32 ,  H04L9/00

CPC分类号： H04L9/3247 ,  H04L9/3093 ,  H04L9/003

摘要： The disclosure relates to a cryptographic device and to a method to improve the security of the cryptographic device while minimizing the deceleration of the cryptographic device due to improving the security of the cryptographic device. The cryptographic device comprises at least one electronic chip to carry out a Dilithium operation involving a vector y of polynomials yi with coefficients yi,j. The method comprises the cryptographic device generating the vector y from a random seed and unpacking the vector y from a bit string. The method further comprises the cryptographic device reusing the random seed to randomly shuffle the unpacking of the vector y, thereby further securing the Dilithium operation while sparing a random number generation.

公开(公告)号：EP4364345A1

公开(公告)日：2024-05-08

申请号：EP22834036.0

申请日：2022-06-28

申请人： Astrapi Corporation

发明人： PROTHERO, Jerrold

IPC分类号： H04L9/00 ,  H04L9/30

CPC分类号： H04L9/008 ,  H04L9/3093

公开(公告)号：EP2962420B1

公开(公告)日：2018-08-08

申请号：EP14707459.5

申请日：2014-02-11

申请人： Koninklijke Philips N.V.

发明人： GARCIA MORCHON, Oscar ,  KUMAR, Sandeep Shankaran ,  TOLHUIZEN, Ludovicus Marinus Gerardus Maria

IPC分类号： H04L9/08 ,  H04L9/30

CPC分类号： H04L9/3093 ,  H04L9/0816 ,  H04L9/0838 ,  H04L9/0847 ,  H04L2209/24

摘要： A network device (110) is provided which is configured to determine a shared cryptographic key of key length (b) bits shared with a second network device (120) from a polynomial and an identity number of the second network device. A reduction algorithm is used to evaluate the polynomial in the identity number of the second network device and reduce module a public modulus and modulo a key modulus. The reduction algorithm comprises an iteration over the terms of the polynomial. In at least the iteration which iteration is associated with a particular term of the polynomial are comprised a first and second multiplication. The first multiplication is between the identity number and a least significant part of the coefficient of the particular term obtained from the representation of the polynomial, the least significant part of the coefficient being formed by the key length least significant bits of the coefficient of the particular term. The second multiplication is between a second multiplication between the identity number and a further part of the coefficient of the particular term obtained from the representation of the polynomial, the further part of the coefficient being formed by bits of the coefficient of the particular term different from the key length least significant bits, the further part and the least significant part together forming strictly fewer bits than in the coefficient of the particular term of the polynomial.