-
公开(公告)号:US07249259B1
公开(公告)日:2007-07-24
申请号:US09390362
申请日:1999-09-07
申请人: Scott Alexander Vanstone , Robert Gallant , Robert J. Lambert , Leon A. Pintsov , Frederick W. Ryan, Jr. , Ari Singer
发明人: Scott Alexander Vanstone , Robert Gallant , Robert J. Lambert , Leon A. Pintsov , Frederick W. Ryan, Jr. , Ari Singer
CPC分类号: H04L9/3247 , H04L9/3252
摘要: A signature scheme is provided in which a message is divided in to a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination. The computed hash is used together with publicly available information to generate a bit string corresponding to the hidden portion. If the required redundancy is present the signature is accepted and the message reconstructed from the recovered bit string and the visible portion.
摘要翻译: 提供一种签名方案,其中消息被分成隐藏的第一部分,并且在验证期间被恢复,并且第二部分是可见的并且被要求作为验证算法的输入。 通过单独加密第一部分来产生第一签名组件。 通过组合第一组件和可见部分并对其进行密码散列来形成中间组件。 然后使用中间部件形成第二签名部件,并且签名包括具有可见部分的第一和第二部件。 签名的验证将仅从消息的隐藏部分导出的第一组件与可见部分组合,并产生组合的散列。 所计算的散列与公开可用的信息一起使用以产生对应于隐藏部分的位串。 如果存在所需的冗余,则签名被接受,并且从恢复的位串和可见部分重建消息。
-
公开(公告)号:US08793500B2
公开(公告)日:2014-07-29
申请号:US13421589
申请日:2012-03-15
申请人: Scott Alexander Vanstone , Robert Gallant , Robert J. Lambert , Leon A. Pintsov , Frederick W. Ryan, Jr. , Ari Singer
发明人: Scott Alexander Vanstone , Robert Gallant , Robert J. Lambert , Leon A. Pintsov , Frederick W. Ryan, Jr. , Ari Singer
IPC分类号: H04L9/28
CPC分类号: H04L9/3247 , H04L9/3252
摘要: A signature scheme is provided in which a message is divided in to a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination.
摘要翻译: 提供一种签名方案,其中消息被分成隐藏的第一部分,并且在验证期间被恢复,并且第二部分是可见的并且被要求作为验证算法的输入。 通过单独加密第一部分来产生第一签名组件。 通过组合第一组件和可见部分并对其进行密码散列来形成中间组件。 然后使用中间部件形成第二签名部件,并且签名包括具有可见部分的第一和第二部件。 签名的验证将仅从消息的隐藏部分导出的第一组件与可见部分组合,并产生组合的散列。
-
公开(公告)号:US07877610B2
公开(公告)日:2011-01-25
申请号:US11812811
申请日:2007-06-21
申请人: Scott Alexander Vanstone , Robert Gallant , Robert J. Lambert , Leon A. Pintsov , Frederick W. Ryan, Jr. , Ari Singer
发明人: Scott Alexander Vanstone , Robert Gallant , Robert J. Lambert , Leon A. Pintsov , Frederick W. Ryan, Jr. , Ari Singer
IPC分类号: H04L9/00
CPC分类号: H04L9/3247 , H04L9/3252
摘要: A signature scheme is provided in which a message is divided into a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination. The computed hash is used together with publicly available information to generate a bit string corresponding to the hidden portion. If the required redundancy is present the signature is accepted and the message reconstructed from the recovered bit string and the visible portion.
摘要翻译: 提供了一种签名方案,其中消息被分成在验证期间被隐藏并被恢复的第一部分,以及作为验证算法的输入可见并被要求的第二部分。 通过单独加密第一部分来产生第一签名组件。 通过组合第一组件和可见部分并对其进行加密散列来形成中间组件。 然后使用中间部件形成第二签名部件,并且签名包括具有可见部分的第一和第二部件。 签名的验证将仅从消息的隐藏部分导出的第一组件与可见部分组合,并产生组合的散列。 所计算的散列与公开可用的信息一起使用以产生对应于隐藏部分的位串。 如果存在所需的冗余,则签名被接受,并且从恢复的位串和可见部分重建消息。
-
公开(公告)号:US20080141036A1
公开(公告)日:2008-06-12
申请号:US11812811
申请日:2007-06-21
申请人: Scott Alexander Vanstone , Robert Gallant , Robert J. Lambert , Leon A. Pinstov , Frederick W. Ryan , Ari Singer
发明人: Scott Alexander Vanstone , Robert Gallant , Robert J. Lambert , Leon A. Pinstov , Frederick W. Ryan , Ari Singer
CPC分类号: H04L9/3247 , H04L9/3252
摘要: A signature scheme is provided in which a message is divided into a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination. The computed hash is used together with publicly available information to generate a bit string corresponding to the hidden portion. If the required redundancy is present the signature is accepted and the message reconstructed from the recovered bit string and the visible portion.
摘要翻译: 提供了一种签名方案,其中消息被分成在验证期间被隐藏并被恢复的第一部分,以及作为验证算法的输入可见并被要求的第二部分。 通过单独加密第一部分来产生第一签名组件。 通过组合第一组件和可见部分并对其进行密码散列来形成中间组件。 然后使用中间部件形成第二签名部件,并且签名包括具有可见部分的第一和第二部件。 签名的验证将仅从消息的隐藏部分导出的第一组件与可见部分组合,并产生组合的散列。 所计算的散列与公开可用的信息一起使用以产生对应于隐藏部分的位串。 如果存在所需的冗余,则签名被接受,并且从恢复的位串和可见部分重建消息。
-
5.发明授权Arithmetic processor for finite field and module integer arithmetic operations 有权用于有限域和模块整数运算的算术处理器公开(公告)号:US06349318B1
公开(公告)日:2002-02-19
申请号:US09418217
申请日:1999-10-14
IPC分类号: G06F700
CPC分类号: G06F9/30014 , G06F7/72 , G06F7/722 , G06F7/724 , G06F7/725 , G06F9/30036 , G06F2207/382
摘要: The present disclosure provides an arithmetic processor having an arithmetic logic unit having a plurality of arithmetic circuits each for performing a group of associated arithmetic operations, such as finite field operations, or modular integer operations. The arithmetic logic unit has an operand input data bus, for receiving operand data thereon and a result data output bus for returning the results of the arithmetic operations thereon. A register file is coupled to the operand data bus and the result data bus. The register file is shared by the plurality of arithmetic circuits. Further a controller is coupled to the ALU and the register file, the controller selecting one of the plurality of arithmetic circuits in response to a mode control signal requesting an arithmetic operation and for controlling data access between the register file and the ALU and whereby the register file is shared by the arithmetic circuits.
摘要翻译: 本公开提供了具有算术逻辑单元的算术处理器,该算术逻辑单元具有多个运算电路,每个运算电路用于执行一组相关联的算术运算,例如有限场运算或模数整数运算。 算术逻辑单元具有用于在其上接收操作数数据的操作数输入数据总线和用于返回其上的算术运算结果的结果数据输出总线。 寄存器文件耦合到操作数数据总线和结果数据总线。 寄存器文件由多个运算电路共享。 此外,控制器耦合到ALU和寄存器文件,控制器响应于请求算术运算的模式控制信号和用于控制寄存器文件和ALU之间的数据访问来选择多个算术电路中的一个,由此寄存器 文件由算术电路共享。
-
公开(公告)号:US20060029222A1
公开(公告)日:2006-02-09
申请号:US11095542
申请日:2005-04-01
申请人: Robert Lambert , Robert Gallant , Scott Vanstone
发明人: Robert Lambert , Robert Gallant , Scott Vanstone
CPC分类号: G06F7/725 , H04L9/3073
摘要: This invention provides a method for accelerating multiplication of an elliptic curve point Q(x,y) by a scalar k, the method comprising the steps of selecting an elliptic curve over a finite field Fq where q is a prime power such that there exists an endomorphism ψ, where ψ(Q)=λ·Q for all points Q(x,y) on the elliptic curve; and using smaller representations ki of the scalar k in combination with the mapping y to compute the scalar multiple of the elliptic curve point Q.
摘要翻译: 本发明提供了一种用于加速椭圆曲线点Q(x,y)乘以标量k的方法,所述方法包括以下步骤:在有限域Fq上选择椭圆曲线,其中q是素数,使得存在 其中,对于椭圆曲线上的所有点Q(x,y),其中psi(Q)= lambda.Q; 并且与映射y结合使用标量k的较小表示k i i i来计算椭圆曲线点Q的标量倍数。
-
公开(公告)号:US20070076866A1
公开(公告)日:2007-04-05
申请号:US11272151
申请日:2005-11-14
申请人: Scott Vanstone , Robert Gallant , Daniel Brown
发明人: Scott Vanstone , Robert Gallant , Daniel Brown
IPC分类号: H04L9/30
CPC分类号: G06F21/00 , H04L9/0841
摘要: Improper re-use of a static Diffie-Hellman (DH) private key may leak information about the key. The leakage is prevented by a key derivation function (KDF), but standards do not agree on key derivation functions. The module for performing a DH private key operation must somehow support multiple different KDF standards. The present invention provides an intermediate approach that neither attempts to implement all possible KDP operations, nor provide unprotected access to the raw DH private key operation. Instead, the module performs parts of the KDF operation, as indicated by the application using the module. This saves the module from implementing the entire KDF for each KDF needed. Instead, the module implements only re-usable parts that are common to most KDFs. Furthermore, when new KDFs are required, the module may be able to support them if they built on the parts that the module has implemented.
摘要翻译: 静态Diffie-Hellman(DH)私钥的不正确使用可能会泄漏关键字的信息。 通过密钥导出功能(KDF)来防止泄漏,但是标准对密钥导出函数并不一致。 用于执行DH私钥操作的模块必须以某种方式支持多种不同的KDF标准。 本发明提供了一种中间方法,既不试图实现所有可能的KDP操作,也不提供对原始DH私钥操作的不受保护的访问。 相反,模块将执行KDF操作的部分,如使用该模块的应用程序所示。 这样可以节省模块实现所需的每个KDF的整个KDF。 相反,该模块只能实现大多数KDF常用的可重复使用的部件。 此外,当需要新的KDF时,如果模块构建在模块实现的部件上,则模块可能能够支持它们。
-
公开(公告)号:US07110538B2
公开(公告)日:2006-09-19
申请号:US09885959
申请日:2001-06-22
CPC分类号: G06F7/725
摘要: This invention provides a method for accelerating multiplication of an elliptic curve point Q(x,y) by a scalar k, the method comprising the steps of selecting an elliptic curve over a finite field Fq where q is a prime power such that there exists an endomorphism Ψ, where Ψ(Q)=λ.Q for all points Q(x,y) on the elliptic curve: and using smaller representations ki of the scalar k in combination with the mapping Ψ to compute the scalar multiple of the elliptic curve point Q.
摘要翻译: 本发明提供了一种用于加速椭圆曲线点Q(x,y)乘以标量k的方法,所述方法包括以下步骤:在有限域Fq上选择椭圆曲线,其中q是素数,使得存在 同构Psi,其中对于椭圆曲线上的所有点Q(x,y),Psi(Q)= lambda.Q;以及使用标量k的较小表示k i i与映射Psi至 计算椭圆曲线点Q的标量倍数。
-
9.发明申请Trapdoor one-way functions on elliptic curves and their application to shorter signatures and asymmetric encryption 有权椭圆曲线上的Trapdoor单向函数及其对较短签名和非对称加密的应用公开(公告)号:US20060140400A1
公开(公告)日:2006-06-29
申请号:US11272152
申请日:2005-11-14
申请人: Daniel Brown , Robert Gallant , Scott Vanstone , Marinus Struik
发明人: Daniel Brown , Robert Gallant , Scott Vanstone , Marinus Struik
IPC分类号: H04L9/30
CPC分类号: H04L63/0823 , G06F21/64 , H04L9/3066 , H04L9/3252
摘要: The present invention provides a new trapdoor one-way function. In a general sense, some quadratic algebraic integer z is used. One then finds a curve E and a rational map defining [z] on E. The rational map [z] is the trapdoor one-way function. A judicious selection of z will ensure that [z] can be efficiently computed, that it is difficult to invert, that determination of [z] from the rational functions defined by [z] is difficult, and knowledge of z allows one to invert [z] on a certain set of elliptic curve points. Every rational map is a composition of a translation and an endomorphism. The most secure part of the rational map is the endomorphism as the translation is easy to invert. If the problem of inverting the endomorphism and thus [z] is as hard as the discrete logarithm problem in E, then the size of the cryptographic group can be smaller than the group used for RSA trapdoor one-way functions.
摘要翻译: 本发明提供了一种新的陷门单向功能。 在一般意义上,使用一些二次代数整数z。 然后找到曲线E和在E上定义[z]的有理图。有理图[z]是陷门单向函数。 z的明智选择将确保可以有效地计算[z],难以反转,[z]定义的[z]的确定是困难的,而z的知识允许反转[ z]在一组椭圆曲线点上。 每一个合理的地图都是一个翻译和一个同化的组合。 理性地图中最安全的部分是翻译易翻译的同化。 如果反转内生的问题,因此[z]与E中的离散对数问题一样困难,则密码组的大小可以小于用于RSA陷门单向函数的组的大小。
-
公开(公告)号:US20070071237A1
公开(公告)日:2007-03-29
申请号:US11272150
申请日:2005-11-14
申请人: Daniel Brown , Robert Gallant , Scott Vanstone
发明人: Daniel Brown , Robert Gallant , Scott Vanstone
CPC分类号: G06F7/72 , G06F7/724 , G06F7/725 , G06F2207/7204 , H04L9/002 , H04L9/0841 , H04L9/3066 , H04L2209/26
摘要: Methods for choosing groups for a static Diffie-Hellman key agreement protocol to inhibit active attacks by an adversary are provided. In mod p groups, an even h is chosen of value approximately (9/16)(log2n)2, values r and n are determined using sieving and primality testing on r and n, and a value t is found to compute p=tn+1 wherein p is prime. In elliptic curve groups defined over a binary filed, a random curve is chosen, the number of points on the curve is counted and this number is checked for value of 2n wherein n is prime and n−1 meets preferred criteria. In elliptic curve groups defined over a prime field of order q, a value n=hr+1 is computed, wherein n is prime and n−1 meets preferred criteria, and a complex multiplication method is applied on n to produce a value q and an elliptic curve E defined over q and having an order n.
摘要翻译: 提供了用于选择静态Diffie-Hellman密钥协商协议以抑制对手的主动攻击的组的方法。 在mod p组中,偶数h被选择为大约(9/16)(log 2)n 2),值r和n是使用筛选和原始测试来确定的 在r和n上,找到值t来计算p = tn + 1,其中p是素数。 在二进制字段中定义的椭圆曲线组中,选择随机曲线,对曲线上的点数进行计数,并检查2n的值,其中n是素数,n-1符合优选标准。 在序列q的质场上定义的椭圆曲线组中,计算值n = hr + 1,其中n是素数,n-1满足优选标准,并且在n上施加复乘法以产生值q和 在q上定义并具有n阶的椭圆曲线E.
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.031 秒)
