GB2315965A - Digital signature with hash code - Google Patents
Digital signature with hash code Download PDFInfo
- Publication number
- GB2315965A GB2315965A GB9716213A GB9716213A GB2315965A GB 2315965 A GB2315965 A GB 2315965A GB 9716213 A GB9716213 A GB 9716213A GB 9716213 A GB9716213 A GB 9716213A GB 2315965 A GB2315965 A GB 2315965A
- Authority
- GB
- United Kingdom
- Prior art keywords
- signature
- message
- digital signature
- bits
- modular
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Analysis (AREA)
- Computational Mathematics (AREA)
- Signal Processing (AREA)
- Mathematical Optimization (AREA)
- Algebra (AREA)
- Pure & Applied Mathematics (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Abstract
The method for performing a digital signature with message appendix includes the steps of multiplying a hash code H(M), corresponding to a message M to be sent, by g K calculated from a random number K generated whenever a signature is performed, performing a modular multiplication of the result of the multiplication by a modular p and obtaining R which is a beginning portion of a signature by cutting the resultant value by Lq bits, obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed and the calculated R through S=(K-RX)mod q, and transferring a signature verification key Y for verifying a digital signature and the message M including the R and S. It is possible to detect when the contents of an original document have been transformed by a third party and to provide the electronic signature required by electronic currency.
Description
METHOD FOR PERFORMING DIGITAL SIGNATURE WITH
MESSAGE APPENDIX ANn METHOD FOR VERIFYING THE SAME
Background of the Invention
The present invention relates to a digital signature, and more particularly. to a method for performing a digital signature with message appendix with which it is possible to provide a signature function to electrical documents or data.
Generally, the digital signature in electronic exchange of information is a counterpart to a handwritten signature in classical mail. As society depends more on information due to the development of computers and electronic communication, all documents are changing from classical mail to electronic data. In such a state, the chances become higher of the forging and changing of contracts or documents between the respective entities, i.e., between individuals, between an individual and a party and between companies. To suit such new circumstances, a technology of providing a signature function to an electronic document like in classical mail is required.
Namely, a digital signature with message appendix is for providing information protecting services such as authentication and flawlessness of data in information processing systems and inter-network communication systems, to suit the above-mentioned circumstances. A cryptographic technology is required for the digital signature technology by which it is possible to prevent surreptitious use, forgery and alteration of an electronic document.
Systems using the cryptographic technology divide roughly into public key systems and secret key systems. The cryptographic system of the secret key method is hard to manage, since two users who desire to communicate must share the same secret key, and cannot provide a signature giving full protection, since it does not provide functions such as unauthorized access denial and blockade which a signature should provide. In the cryptographic system of a public key method, the public key and the secret key are calculated using a one-way function which is very hard to solve mathematically. Anyone who has the public key of a published counterpart can perform a secret communication with the counterpart since the public key is published so as to be used by everyone and the secret key is kept by the user.
In the digital signature using the public key method, a pair of keys, i.e., the secret key used for signing a message and the public key used for verifying the signature are used. Namely, the pair of keys used for the digital signature method are comprised of the public key for verification and the secret key for the signature.
One of the message signatures which uses the public key method is the digital signature giving message recovery. This is a method for recovering the message during the process of verifying the signature. The digital signature method provided by the International Organization for Standardization and the
International Electrotechnical Commission (ISO/IEC 9796) is a type of digital signature giving message recovery. Here, a Rivest Shamir Adleman (RSA) algorithm whose security is based on the difficulty of disintegratiori of a prime factor is used. In the RSA algorithm, it is difficult to apply the digital signature to a message having an arbitrary length since a message of a limited length must be received.
The digital signature with message appendix is unlike the digital signature giving message r covery. In the digital signature with message appendix, a hash function is used in order to obtain the message. It is possible to perform the signature and verification in a short time since the signature is performed after simplifying the message using the hash function. An
ElGamal digital signature is an example of a digital signature with message appendix and a public key digital signature. and has a security based on calculating a discrete logarithm. However, it has a shortcoming in that the size of the signature is doubled when the signature is generated.
Summarv of the Invention
It is an object of the present invention to provide a method for performing a digital signature with message appendix using a hash function in order to reduce the length of the signature.
It is another object of the present invention to provide a method for verifying the digital signature with message appendix.
To achieve the first object, there is provided a method for performing a digital signature with message appendix, when Lp and Lq denote the lengths, in bits, of prime factors p and q and when g=a(P')/4mod p while satisfying l < a < p-l and a(P~l)qmod p > l, comprising the steps of multiplying a hash code
H(M), corresponding to a message M to be sent, by gK calculated from a random number K generated whenever a signature is performed, performing a modular multiplication of the result of the multiplication by a modular p and obtaining R which is a beginning portion of a signature by cutting the resultant value by Lq bits, obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed, and the calculated R through S=(K-RX)mod q and transferring a signature verification key Y for verifying a digital signature and the message M including the R and S.
To achieve the second object, there is provided a method for verifying the digital signature with message appendix, when Lp and Lq denote the lengths, in bits, of prime factors p and q and when g-a(P-'yqmod p while satisfying I < a < p-l and a(@@)qmod p > l, comprising the steps of receiving the messages transmitted in claim 1, Y, M, S and R and confirming that 0 < R < q and 0 < S < q, calculating gs and yR by the hash function value H(M) corresponding to the message M, the received S and R and performing a modular multiplication with respect to a modular p, and confirming a user who has a public verification key Y signed the received message M when the resultant value of cutting the result of the modular multiplication to Lq bits is equal to the received value R.
Brief Description of the Drawings The above objects and advantages of the present invention will become more apparent by describing in detail a preferred embodiment thereof 'with reference to the attached drawings in which:
FIG. I is a flow chart describing a method for generating a digital signature according to the present invention;
FIG. 2 is a flow chart describing a method for verifying the generated digital signature.
Detalled Description of the Invention
Hereinafter, the present invention will be described in detail with reference to the attached drawings. Before explaining the present invention, reference characters used in the present invention will be described as follows.
M denotes a message to be sent. p and q denote prime factors. Lp and Lq respectively denote the lengths in bits of p and q. It is defined that g=a(P~I > q mod p while satisfying l < a < p-l and a(tlyq mod p > 1. X denotes a secret signature key of a signer. Y corresponds to a signature verification key published in order to verify the digital signature: y=gx mod p. K denotes a random number which is any element of (1, 2,..., q-l). The digital signature T is obtained by the concatenation of R and S. R and S are both smaller than q.
X, Y, p, and q are fixed variables, among which p, q, and g are shared by all the users. however, the random number K is newly selected whenever the signature is generated. K and X used during the signature process should not be known to others and are selected from among 0 through the prime factor q. H is a hash function having collision resistane. h=H(M) is a hash code which is a result of operating the hash function on the message to be signed. Also. I I indicates concatenation.
The digital signature with message appendix according to the present invention can be generated as follows according to the above definition and explanation. FIG. 1 is a flow chart of a method for generating the digital signature according to the present invention.
First, the hash code H(M) of a message M is generated using the hash function which is a one-way function (step 100). An optional random number
K is generated, selected from among (1, 2,..., q-1}, each time the signature is generated (step 110). gK is calculated using the generated random number (step 120). gK is a value which is independent of the message and can be calculated in advance.
After performing a modular p multiplication of the hash code by the value calculated in advance (step 130), the result is cut te the length of Lq bits. To cut means to throw away all the bits past the length of Lq bits. The result is R, the value corresponding to the beginning portion oí the signature (step 140).
S=(K-RgY)mod q is calculated using the secret signature key X of the signer in order to generate the end portion of the signature (step 1 O0). The signature S=RI Is is output by concatenating R and S (step 160). The signature is added to the message and (Y, M. R. and St are transferred with the verification key Y of the signature (step 170).
FIG. 2 is a flow chart of a method for verifying the generated digital signature. A verifier confirms that 0 < R < q and 0 < S < q with respect to S I I S, which is one of the signed messages received by the verifier. in order to verify the signature (step 200). In the case of satisfying the above two conditions. the signature is verified as shown in FIG. 2. gs, yR and the hash function value H(M) are calculated from the received message M, and the received S and R (step 210), and a modular p multiplication is performed (step 220). VR is generated by cutting the modular multiplication result to the
Lq bit(step 230) and is compared with the received value R (step 240). When
VR is equal to R, the user who has the public verifying key Y of the signer can confirm that the signature 2:=R I | S of the received message M was signed using the secret signature key X of the signer (step 250). That VR is not equal to R means that the message M was signed with an illegal signature or the message was transformed by an attacker. In this case, the message M is considered valuless data (step 260).
According to the present invention, the signature ftinc.tion in classical mail can be provided for an electronic document and the original drafter of the electronic document can be verified.
It is possible to learn that the document was transformed by a third party when the contents of the original document were transformed by the third party and to provide the electronic signature required by electronic currency. Also, the digital signature can be employed in an authentication system and can increase the speed of verifying the signature.
The present invention may be practised by suitably programmed digital processors, e.g. a personal computer or a DSP device, at each of the devices for transmitting and receiving the digital signature and the accompanying message. Each of the transmitting and receiving devices may be coupled via a modem, for example, to a telecommunications network such as a public switched telephone network or to a radio interface for communication via a cellular channel.
The present invention may be employed in the transmission of e-mail messages or files of digital data, such as text files, or in electronic payment systems. In the latter case, the message encoding/transmitting processor may be embedded in a chip on a smart card and the verifying/receiving processor may be incorporated in a smart card reader; the two processors communicating via a suitable interface. Alternatively, dedicated logic circuits may be used to carry out the functions of both the encoding/transmitting processor and the verifying'receiving processor.
Claims (12)
1. A method for performing a digital signature with message appendix, when Lp and Lq denote the lengths, in bits, of prime factors p and q and when g=a(@@@qmod p while satisfying 1 < a < p 1 and a(@@@qmod p > l.
comprising the steps of:
multiplying a hash code H(M), corresponding to a message M to be sent. by gk calculated from a random number K generated whenever a signature is performed:
performing a modular multiplication of the result of said multiplication bv a modular p and obtaining R which is a beginning portion of a signature by cutting the resultant value by Lq bits;
obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed, and the calculated R through S=(K-RX)mod q; and
transferring a signature verification key Y for verifying a digital signature and the message M including said R and S.
2. A method for verifying the digital signature with message appendix, when Lp and Lq denote the lengths, in bits, of prime factors p and q and when g-a(P )qmod p while satisfying 1 < a < p-1 and a(@@@)qmod p > 1, comprising the steps of:
receiving the messages transmitted in claim 1. Y, M, S and R and confirming that O < R < q and 0 < S < q;
calculating g5 and yR by the hash function value H(M) corresponding to the message M, said received S and R and performing a modular multiplication with respect to a modular p; and
confirming a user who has a public verification key Y signed the received message NI when the resultant value of cutting the result of said modular multiplication to Lq bits is equal to the received value R.
3. A method for transmitting a message together with a digital signature, where Lp and Lq denote the lengths, in bits. of prime factors p and q and when =a(P qmod p while satisfying l < a < p.l and a(P-)qmed p > l.
comprising the steps of:
multiplying a hash code H(M), corresponding to a message M to be sent, by gK calculated from a random number K generated whenever a signature is performed;
perfonning a modular multiplication of the result of said multiplication by a modular p and obtaining R which is a beginning portion of a signature by truncating the resultant value to Lq bits;
obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed, and the calculated R through S=(K-RX)mod q; and
transferring a signature verification key Y for verifying a digital signature and the message M including said R and S.
4. A method for verifying the transmitted digital signature with the transmitted message, when Lp and Lq denote the lengths, in bits of prime factors p and q and when g=a(P i)qmod p while satisfying I < a < p-l and a(P iqmod p > l, comprising the steps of:
receiving the messages transmitted in claim 1, Y, M S and R and confirming that O < R < q and 0 < S < q; calculating gS and R and the hash function value H(M) corresponding to the message M from the received message M and said received S and R and performing a modular multiplication with respect to a modular p: and
confirming a user who has a public verification key Y signed the received message M when the resultant value of cutting the result of said modular multiplication to Lq bits is equal to the received value R.
5. A method of making a digital signature for transmission with an accompanying message, wherein a first half of said digital signature is calculated in a separate operation from the calculation of a second half of said digital signature, the two halves being concatenated to form said digital signature prior to transmission.
6. A method of making a digital signature for transmission with an accompanying message according to claim 5, wherein the calculation of at least one of said first and second halves of said digital signature comprises the step if carrying out a hash function upon the message to be transmitted.
7. An apparatus for transmitting a digital signature with an accompanying message where Lp and Lq denote the lengths, in bits of prime factors p and q and when g=a(P~i)qmod p while satisfying l < a < p.1 and a'P mod p > l. comprising:
means for multiplying a hash code H(M), corresponding to a message
M to be sent. by g calculated from a random number K generated whenever a signature is performed;
means for performing a modular multiplication of the result of said multiplication by a modular p and obtaining R which is a beginning portion of a signature by truncating the resultant value to Lq bits;
means for obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed, and the calculated R through S=(K-RX)mod q; and
means for transferring a signature verification key Y for verifying a digital signature and the message M including said R and S.
8. An apparatus for verifying a digital signature with an accompanying message, where Lp and Lq denote the lengths, in bits, of prime factors p and q and when g=a(P~t)qmod p while satisfying l < a < p-l and a(P- mod p > l, comprising:
means for receiving the messages transmitted in claim 1. Y, M. S and
R and confirming that 0 < R < q and 0 < S < q;
means for calculating gS and yR and the hash function value H(M) corresponding to the message M from the received message M and said received S and R and performing a modular multiplication with respect to a modular p; and
means for confirming a user who has a public verification key Y signed the received message M when the resultant value of cutting the result of said modular multiplication to Lq bits is equal to the received value R.
9. A method of creating a digital signature, substantially as herein described with reference to Figure 1.
10. A method of verifying a digital signature, substantially as herein described with reference to Figure 2.
11. An apparatus for creating a digital signature, substantially as herein described with reference to Figure 1.
12. An apparatus for verifying a digital signature, substantially as herewith described with reference to Figure 2.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1019960032051A KR100397601B1 (en) | 1996-07-31 | 1996-07-31 | Method for message added digital signature and verifying method thereof |
Publications (3)
Publication Number | Publication Date |
---|---|
GB9716213D0 GB9716213D0 (en) | 1997-10-08 |
GB2315965A true GB2315965A (en) | 1998-02-11 |
GB2315965B GB2315965B (en) | 2001-05-23 |
Family
ID=19468479
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB9716213A Expired - Fee Related GB2315965B (en) | 1996-07-31 | 1997-07-31 | Method for performing digital signature with message appendix and method for verifying the same |
Country Status (4)
Country | Link |
---|---|
JP (1) | JPH1084341A (en) |
KR (1) | KR100397601B1 (en) |
FR (1) | FR2752121A1 (en) |
GB (1) | GB2315965B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2327831A (en) * | 1997-07-23 | 1999-02-03 | Chantilley Corp Ltd | Hashing message or document |
CN1316405C (en) * | 2003-03-19 | 2007-05-16 | 大唐微电子技术有限公司 | Method for obtaining digital siguature and realizing data safety |
EP1914926A1 (en) * | 2006-10-19 | 2008-04-23 | Stmicroelectronics Sa | Data transmission method using a code for acknowledgement of receipt containing hidden authentication bits |
WO2010033081A2 (en) * | 2008-09-22 | 2010-03-25 | Embeyond Pte Ltd | Secure server system for online transactions |
CN101288066B (en) * | 2005-09-09 | 2010-05-19 | 微软公司 | Directed signature workflow |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100441397B1 (en) * | 2002-10-31 | 2004-07-23 | 소프트포럼 주식회사 | message encryption and authentication method |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5005200A (en) * | 1988-02-12 | 1991-04-02 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
US4996711A (en) * | 1989-06-21 | 1991-02-26 | Chaum David L | Selected-exponent signature systems |
US5231668A (en) * | 1991-07-26 | 1993-07-27 | The United States Of America, As Represented By The Secretary Of Commerce | Digital signature algorithm |
JP3285039B2 (en) * | 1992-03-09 | 2002-05-27 | 日本電信電話株式会社 | Digital signature method |
KR950002164B1 (en) * | 1992-07-24 | 1995-03-14 | 문상재 | Electronic signature and authentication method |
JPH06112935A (en) * | 1992-09-30 | 1994-04-22 | Mitsubishi Electric Corp | Ciphering communication method |
EP0639907B1 (en) * | 1993-08-17 | 1999-12-08 | R3 Security Engineering AG | Digital signature method and key agreement method |
GB9610154D0 (en) * | 1996-05-15 | 1996-07-24 | Certicom Corp | Tool kit protocol |
-
1996
- 1996-07-31 KR KR1019960032051A patent/KR100397601B1/en not_active IP Right Cessation
-
1997
- 1997-07-30 FR FR9709731A patent/FR2752121A1/en active Pending
- 1997-07-31 GB GB9716213A patent/GB2315965B/en not_active Expired - Fee Related
- 1997-07-31 JP JP9206880A patent/JPH1084341A/en not_active Withdrawn
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2327831A (en) * | 1997-07-23 | 1999-02-03 | Chantilley Corp Ltd | Hashing message or document |
GB2327831B (en) * | 1997-07-23 | 2002-10-09 | Chantilley Corp Ltd | Document or message security arrangements |
US6772342B1 (en) | 1997-07-23 | 2004-08-03 | Hawthorne William Mcmullan | Document or message security arrangements using a numerical hash function |
CN1316405C (en) * | 2003-03-19 | 2007-05-16 | 大唐微电子技术有限公司 | Method for obtaining digital siguature and realizing data safety |
CN101288066B (en) * | 2005-09-09 | 2010-05-19 | 微软公司 | Directed signature workflow |
EP1914926A1 (en) * | 2006-10-19 | 2008-04-23 | Stmicroelectronics Sa | Data transmission method using a code for acknowledgement of receipt containing hidden authentication bits |
FR2907622A1 (en) * | 2006-10-19 | 2008-04-25 | St Microelectronics Sa | DATA TRANSMISSION METHOD USING A RECEPTION ACCOUNT CODE HAVING HID AUTHENTICATION BITS |
US8185738B2 (en) | 2006-10-19 | 2012-05-22 | Stmicroelectronics Sa | Data transmission method using an acknowledgement code comprising hidden authentication bits |
US8688983B2 (en) | 2006-10-19 | 2014-04-01 | Stmicroelectronics Sa | Data transmission method using an acknowledgement code comprising hidden authentication bits |
WO2010033081A2 (en) * | 2008-09-22 | 2010-03-25 | Embeyond Pte Ltd | Secure server system for online transactions |
WO2010033081A3 (en) * | 2008-09-22 | 2011-03-31 | Embeyond Pte Ltd | Secure server system for online transactions |
Also Published As
Publication number | Publication date |
---|---|
GB9716213D0 (en) | 1997-10-08 |
GB2315965B (en) | 2001-05-23 |
JPH1084341A (en) | 1998-03-31 |
KR980010837A (en) | 1998-04-30 |
KR100397601B1 (en) | 2003-10-23 |
FR2752121A1 (en) | 1998-02-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Moore | Protocol failures in cryptosystems | |
US9990796B2 (en) | Data card verification system | |
US6298153B1 (en) | Digital signature method and information communication system and apparatus using such method | |
EP1573719B1 (en) | A method, system and computer program product for secure ticketing in a communications device | |
CN108833103B (en) | Method and system for secure communication between a radio frequency identification tag and a reading device | |
EP0503119A1 (en) | Public key cryptographic system using elliptic curves over rings | |
CN1922816B (en) | One way authentication | |
CN109586919A (en) | A kind of online contract signs method automatically | |
WO1998034202A9 (en) | Data card verification system | |
JPH02288746A (en) | Safety key generator and safety session key generating method in code system | |
EP2686978B1 (en) | Keyed pv signatures | |
US7451314B2 (en) | Cryptographic authentication process | |
Brickell et al. | Interactive identification and digital signatures | |
GB2315965A (en) | Digital signature with hash code | |
US7382875B2 (en) | Cryptographic method for distributing load among several entities and devices therefor | |
US20020188850A1 (en) | Method for accelerated transmission of electronic signature | |
KR100349418B1 (en) | Method for preventing abuse in blind signatures | |
Kadry et al. | Design of secure mobile communication using fingerprint | |
JP3385519B2 (en) | Validity authentication method and system | |
KR19980048479A (en) | Digital signature method in terms of safety | |
CN1177872A (en) | Method for realizing digital signing with information appendix and checking method thereof | |
AU743461B2 (en) | Cryptographic communication process | |
US20060147039A1 (en) | Data encryption method cryptographic system and associated component | |
Preneel et al. | Information integrity protection and authentication in a banking environment | |
Roijakkers | Security in signalling and digital signatures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20090731 |