公开(公告)号：US09252957B2

公开(公告)日：2016-02-02

申请号：US12736262

申请日：2009-04-07

申请人： Alain Durand ,  Marc Joye ,  Mohamed Karroumi ,  Yan-Mei Tang Talpin

发明人： Alain Durand ,  Marc Joye ,  Mohamed Karroumi ,  Yan-Mei Tang Talpin

IPC分类号： G06F11/30 ,  H04L9/32 ,  H04L9/08

CPC分类号： H04L9/3247 ,  H04L9/0836 ,  H04L2209/60

摘要： A method for distributing content in a content distribution system is disclosed which comprises the steps of: encrypting at a Content Packager a content using a content encryption key to generate an encrypted content; sending the content encryption key to a Licensing Authority; receiving from the Licensing Authority a distribution key containing an encryption of the content decryption key (Kc) for a given set of authorized devices; creating a secure link between the content encryption key (Kc) and the content protected by this content encryption key using a signature of the content; and distributing the encrypted content together with the signature of the content. A method for receiving content distributed according to the above-mentioned method in a device able to play back the content is also disclosed where the content signature is checked before any play back of the content.

摘要翻译： 公开了一种在内容分发系统中分发内容的方法，包括以下步骤：使用内容加密密钥在内容打包机处加密内容以生成加密的内容; 将内容加密密钥发送给授权机构; 从授权机构接收包含对于给定的授权设备集合的内容解密密钥（Kc）的加密的分发密钥; 使用内容的签名在内容加密密钥（Kc）和由该内容加密密钥保护的内容之间建立安全链接; 并且将加密的内容与内容的签名一起分发。 还公开了一种在能够回放内容的设备中接收根据上述方法分发的内容的方法，其中在内容的任何回放之前检查内容签名。

公开(公告)号：US20110016311A1

公开(公告)日：2011-01-20

申请号：US12736262

申请日：2009-04-07

申请人： Alain Durand ,  Marc Joye ,  Mohamed Karroumi ,  Yan-Mei Tang Talpin

发明人： Alain Durand ,  Marc Joye ,  Mohamed Karroumi ,  Yan-Mei Tang Talpin

IPC分类号： H04L9/08

CPC分类号： H04L9/3247 ,  H04L9/0836 ,  H04L2209/60

摘要： A method for distributing content in a content distribution system is disclosed which comprises the steps of: encrypting at a Content Packager a content using a content encryption key to generate an encrypted content; sending the content encryption key to a Licensing Authority; receiving from the Licensing Authority a distribution key containing an encryption of the content decryption key (Kc) for a given set of authorized devices; creating a secure link between the content encryption key (Kc) and the content protected by this content encryption key using a signature of the content; and distributing the encrypted content together with the signature of the content. A method for receiving content distributed according to the above-mentioned method in a device able to play back the content is also disclosed where the content signature is checked before any play back of the content.

摘要翻译： 公开了一种在内容分发系统中分发内容的方法，包括以下步骤：使用内容加密密钥在内容打包机处加密内容以生成加密的内容; 将内容加密密钥发送给授权机构; 从授权机构接收包含对于给定的授权设备集合的内容解密密钥（Kc）的加密的分发密钥; 使用内容的签名在内容加密密钥（Kc）和由该内容加密密钥保护的内容之间建立安全链接; 并且将加密的内容与内容的签名一起分发。 还公开了一种在能够回放内容的设备中接收根据上述方法分发的内容的方法，其中在内容的任何回放之前检查内容签名。

公开(公告)号：US20120321075A1

公开(公告)日：2012-12-20

申请号：US13487457

申请日：2012-06-04

申请人： Marc Joye ,  Mohamed Karroumi

发明人： Marc Joye ,  Mohamed Karroumi

IPC分类号： H04L9/28

CPC分类号： G06F7/723 ,  G06F2207/7261 ,  G06F2207/7271 ,  H04L9/003 ,  H04L9/004 ,  H04L9/302 ,  H04L2209/122

摘要： A method for performing a m-ary right-to-left exponentiation using a base x, a secret exponent d and a modulus N, wherein m is a power of 2. A device having a processor and m+1 registers R[0]-R[m] in at least one memory: initializes register R[0] to h for a chosen value h, wherein the order of the value h is a divisor of m*(m−1)/2, register R[m] to x(m−1) and the registers other than R[0] and R[m] to the value h; updates register R[r] to R[r] times x, wherein r is the remainder of a division of d by (m−1) mod N; obtains a working exponent q that is the quotient of the division of d by (m−1); performs l iterations, starting at i=0, of: setting R[qi] to R[qi] times R[m] and raising R[m] to the power of m, where l is the length of q in base m and qi is the i-th digit of the representation of q in base m and ql−1 is non-zero; verifies the correctness of the result by checking that R[m] equals the product of registers R[0]-R[m−1] to the power of m−1; and outputs the product of R[l]j, where 1≦j≦m−1, only if the correctness is successfully verified.

摘要翻译： 一种用于使用基数x，秘密指数d和模数N执行从右到左取幂的方法，其中m是2的幂。具有处理器并且m + 1寄存器R [0] 在至少一个存储器中的-R [m]：将寄存器R [0]初始化为h以选择值h，其中值h的顺序是m *（m-1）/ 2的除数，寄存器R [m ]到x（m-1）以及除R [0]和R [m]之外的寄存器到值h; 将寄存器R [r]更新为R [r]乘以x，其中r是d除以（m-1）mod N的余数的剩余部分; 得到一个工作指数q，即d（m-1）的除法的商; 从i = 0开始执行l次迭代，将R [qi]设置为R [qi]次R [m]，并将R [m]提高到m的幂，其中l是基本m中q的长度， qi是基数m中q的表示的第i位数，ql-1是非零; 通过检查R [m]等于寄存器R [0] -R [m-1]的乘积与m-1的幂来验证结果的正确性; 并且仅当正确性被成功验证时才输出R [1] j的乘积，其中1＆nlE; j＆nlE; m-1。

公开(公告)号：US08700921B2

公开(公告)日：2014-04-15

申请号：US13487457

申请日：2012-06-04

申请人： Marc Joye ,  Mohamed Karroumi

发明人： Marc Joye ,  Mohamed Karroumi

IPC分类号： H04L9/28 ,  H04K1/00

CPC分类号： G06F7/723 ,  G06F2207/7261 ,  G06F2207/7271 ,  H04L9/003 ,  H04L9/004 ,  H04L9/302 ,  H04L2209/122

摘要： A method for performing a m-ary right-to-left exponentiation using a base x, a secret exponent d and a modulus N, wherein m is a power of 2. A device having a processor and m+1 registers R[0]−R[m] in at least one memory: initializes register R[0] to h for a chosen value h, wherein the order of the value h is a divisor of m*(m−1)/2, register R[m] to x(m−1) and the registers other than R[0] and R[m] to the value h; updates register R[r] to R[r] times x, wherein r is the remainder of a division of d by (m−1) mod N; obtains a working exponent q that is the quotient of the division of d by (m−1); performs l iterations, starting at i=0, of: setting R[qi] to R[qi] times R[m] and raising R[m] to the power of m, where l is the length of q in base m and qi is the i-th digit of the representation of q in base m and ql−1 is non-zero; verifies the correctness of the result by checking that R[m] equals the product of registers R[0]-R[m−1] to the power of m−1; and outputs the product of R[j]j, where 1≦j≦m−1, only if the correctness is successfully verified.

摘要翻译： 一种用于使用基数x，秘密指数d和模数N执行从右到左取幂的方法，其中m是2的幂。具有处理器并且m + 1寄存器R [0] 在至少一个存储器中的-R [m]：将寄存器R [0]初始化为h以选择值h，其中值h的顺序是m *（m-1）/ 2的除数，寄存器R [m ]到x（m-1）以及除R [0]和R [m]之外的寄存器到值h; 将寄存器R [r]更新为R [r]乘以x，其中r是d除以（m-1）mod N的余数的剩余部分; 得到一个工作指数q，即d（m-1）的除法的商; 从i = 0开始执行l次迭代，将R [qi]设置为R [qi]次R [m]，并将R [m]提高到m的幂，其中l是基本m中q的长度， qi是基数m中q的表示的第i位数，ql-1是非零; 通过检查R [m]等于寄存器R [0] -R [m-1]的乘积与m-1的幂来验证结果的正确性; 并输出R [j] j的乘积，其中1＆nlE; j＆nlE; m-1，只有正确性被成功验证。

公开(公告)号：US08744072B2

公开(公告)日：2014-06-03

申请号：US13138584

申请日：2010-03-01

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/28 ,  H04L9/30 ,  G06F7/72 ,  G06F7/38

CPC分类号： H04L9/002 ,  G06F7/38 ,  G06F7/72 ,  G06F7/723 ,  G06F7/724 ,  G06F7/728 ,  G06F2207/7261 ,  H04L9/003 ,  H04L9/004 ,  H04L9/30 ,  H04L9/3066

摘要： An exponentiation method resistant against side-channel attacks and safe-error attacks. Input to the method is g in a multiplicatively written group G and a /-digit exponent d with a radix m>1 and output is z=gd-1·(d−1) is expressed as a series of (/−1) non-zero digits, d*0 . . . d*I-2, in the set {m−1, . . . , 2m−2} and an extra digit d*I-1 that is equal to dI-1−1, where dI-1 represents the most significant radix-m digit of d, and gd-1 is evaluated through a m-ary exponentiation algorithm on input g and (d−1) represented by d*0 . . . d*I-1. Also provided are an apparatus and a computer program product.

摘要翻译： 一种抗侧向攻击和安全错误攻击的取幂方法。 该方法的输入为g，乘法编写的组G和a / -digit指数d，基数m> 1，输出为z = gd-1·（d-1）表示为一系列（/ -1） 非零数字，d * 0。 。 。 d * I-2，在集合{m-1，。 。 。 ，2m-2}和等于dI-1-1的额外数字d * I-1，其中dI-1表示d的最显着的rad-m数字，并且gd-1通过m-ar 由d * 0表示的输入g和（d-1）的求幂算法。 。 。 d * I-1。 还提供了一种装置和计算机程序产品。

公开(公告)号：US08548162B2

公开(公告)日：2013-10-01

申请号：US13377663

申请日：2010-06-10

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： H04L9/00

CPC分类号： H04L9/3013 ,  H04L9/302 ,  H04L9/3255 ,  H04L2209/12 ,  H04L2209/30

摘要： At CRYPTO 2003, Rubin and Silverberg introduced the concept of torus-based cryptography over a finite field. The present invention extends their setting to the ring of integers modulo N, thus obtaining compact representations for cryptographic systems that base their security on the discrete logarithm problem and the factoring problem. This can result in small key sizes and substantial savings in memory and bandwidth. However, unlike the case of finite field, analogous trace-based compression methods cannot be adapted to accommodate the extended setting of the invention when the underlying systems require more than a mere exponentiation. The invention finds particular application in a torus-based implementation of the ACJT group signature scheme. Also provided is a processor.

摘要翻译： 在CRYPTO 2003年，Rubin和Silverberg在有限的领域上介绍了基于环面的加密技术的概念。 本发明将它们的设置扩展到模N的整数环，从而获得基于离散对数问题和保理问题的安全性的密码系统的紧凑表示。 这可能导致小的密钥大小，并显着节省内存和带宽。 然而，与有限域的情况不同，当底层系统需要的不仅仅是求幂时，类似的基于跟踪的压缩方法不能适应于适应本发明的扩展设置。 本发明在ACJT组签名方案的基于环面的实现中发现具体应用。 还提供了处理器。

公开(公告)号：US08223963B2

公开(公告)日：2012-07-17

申请号：US12737073

申请日：2009-06-02

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： G06F21/00

CPC分类号： H04L9/3249 ,  H04L9/302 ,  H04L2209/56 ,  H04L2209/80

摘要： A method of generating a signature σ for a message m, the method enabling online/offline signatures. Two random primes p and q are generated, with N=pq; two random quadratic residues g and x are chosen in Z*N, and, for an integer z, h=g−z mod N is calculated. This gives the public key {g, h, x, N} and the private key {p, q, z}. Then, an integer t and a prime e are chosen. The offline signature part y may then be calculated as y=(xg−t)1/eb mod N where b is an integer bigger than 0, predetermined in the signature scheme. The online part k of the signature on message m is then calculated as k=t+mz and the signature σ on message m is generated as σ=(k, y, e) and returned. To verify the signature, it is checked that 1) e is an odd IE-bit integer, 2) k is an IK-bit integer, and 3) yebgkhm≡x(mod N). An advantage of the method is that it may be performed without hashing. Also provided are a signing device, a verification device, and computer program supports.

摘要翻译： 生成签名和方法的方法 对于消息m，该方法启用在线/离线签名。 产生两个随机素数p和q，其中N = pq; 在Z * N中选择两个随机二次残差g和x，对于整数z，计算h = g-z mod N。 这给出公钥{g，h，x，N}和私钥{p，q，z}。 然后，选择整数t和素数e。 然后可以将离线签名部分y计算为y =（xg-t）1 / eb mod N，其中b是大于0的整数，在签名方案中是预定的。 然后，消息m上的签名的在线部分k被计算为k = t + mz和签名＆sgr; on消息m生成为＆sgr; =（k，y，e）并返回。 为了验证签名，检查1）e是奇数IE位整数，2）k是IK位整数，以及3）yebgkhm≡x（mod N）。 该方法的优点在于可以不进行散列来执行。 还提供了签名装置，验证装置和计算机程序支持。

公开(公告)号：US20120159189A1

公开(公告)日：2012-06-21

申请号：US13392259

申请日：2010-09-06

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： G06F21/00 ,  G06F7/60

CPC分类号： G06F21/72 ,  G06F7/722 ,  G06F7/723 ,  G06F7/725 ,  G06F7/728 ,  G06F2207/7271 ,  H04L9/002 ,  H04L9/3066

摘要： An exponentiation method resistant against skipping attacks. A main idea of the present invention is to evaluate, in parallel with the exponentiation such as y=gd, a value based on the exponent, e.g. f=d·1. These evaluations are performed using the same exponentiation algorithm by “gluing” together the group operations underlying the computation of y and f so that a perturbation to one operation also perturbs the other. This makes it possible to verify that f indeed equals d before returning the result. Also provided are an apparatus and a computer program product.

摘要翻译： 一种抵抗跳跃攻击的取幂方法。 本发明的主要思想是与诸如y = gd的求幂平行地评估基于指数的值，例如， f = d·1。 使用相同的求幂算法，通过将y和f的计算的基础操作“粘合”在一起来进行这些评估，使得对一个操作的扰动也扰乱了另一个操作。 这样可以在返回结果之前验证f确实等于d。 还提供了一种装置和计算机程序产品。

公开(公告)号：US20100310066A1

公开(公告)日：2010-12-09

申请号：US12735757

申请日：2009-02-12

申请人： Marc Joye

发明人： Marc Joye

IPC分类号： H04L9/28

CPC分类号： H04L9/0861 ,  G06F7/725 ,  H04L9/06 ,  H04L9/28 ,  H04L9/3066

摘要： A device and a method for calculating a multiple of a point on an elliptic curve from the right to the left by repeated point doubling and point addition. Each point doubling is evaluated with an extended set of coordinates and each point addition is evaluated by taking as input a restricted set of the extended set of coordinates. The at least one coordinate of the extended set that is not part of the restricted set is stored in a memory between each iteration of the point doubling. This can enable speeding up the calculations as compared to prior art solutions. Also provided is a computer program product.

摘要翻译： 一种通过重复点加倍和点加法从右向左计算椭圆曲线上的点的倍数的装置和方法。 每个点加倍用一组扩展坐标进行评估，并且通过将扩展坐标系的一组限制作为输入来评估每个点加法。 不是限制集的一部分的扩展集合的至少一个坐标存储在点加倍的每次迭代之间的存储器中。 与现有技术的解决方案相比，这可以加快计算速度。 还提供了一个计算机程序产品。

公开(公告)号：US07742595B2

公开(公告)日：2010-06-22

申请号：US10509876

申请日：2003-04-03

申请人： Marc Joye ,  Benoit Chevallier-Mames

发明人： Marc Joye ,  Benoit Chevallier-Mames

IPC分类号： H04L9/28 ,  H04K1/00

CPC分类号： G06F7/725 ,  G06F7/723 ,  G06F21/755 ,  G06F2207/7261

摘要： The invention relates to a cryptographic method secured against a covert channel attack. According to the invention, in order to carry out a selected block of instructions as a function of an input variable amongst N predefined instruction blocks, a common block is carried out on the predefined N instruction blocks, a predefined number of times, the predefined number being associated with the selected instruction block.

摘要翻译： 本发明涉及一种抵御隐蔽通道攻击的密码方法。 根据本发明，为了根据N个预定义指令块中的输入变量执行所选择的指令块，在预定义的N个指令块上执行公共块，预定义次数，预定义数量 与所选择的指令块相关联。