GB2315965A - Digital signature with hash code - Google Patents

Digital signature with hash code Download PDF

Info

Publication number
GB2315965A
GB2315965A GB9716213A GB9716213A GB2315965A GB 2315965 A GB2315965 A GB 2315965A GB 9716213 A GB9716213 A GB 9716213A GB 9716213 A GB9716213 A GB 9716213A GB 2315965 A GB2315965 A GB 2315965A
Authority
GB
United Kingdom
Prior art keywords
signature
message
digital signature
bits
modular
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9716213A
Other versions
GB9716213D0 (en
GB2315965B (en
Inventor
Young-Tae Cha
Kyung-Hee Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Publication of GB9716213D0 publication Critical patent/GB9716213D0/en
Publication of GB2315965A publication Critical patent/GB2315965A/en
Application granted granted Critical
Publication of GB2315965B publication Critical patent/GB2315965B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Signal Processing (AREA)
  • Mathematical Optimization (AREA)
  • Algebra (AREA)
  • Pure & Applied Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The method for performing a digital signature with message appendix includes the steps of multiplying a hash code H(M), corresponding to a message M to be sent, by g K calculated from a random number K generated whenever a signature is performed, performing a modular multiplication of the result of the multiplication by a modular p and obtaining R which is a beginning portion of a signature by cutting the resultant value by Lq bits, obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed and the calculated R through S=(K-RX)mod q, and transferring a signature verification key Y for verifying a digital signature and the message M including the R and S. It is possible to detect when the contents of an original document have been transformed by a third party and to provide the electronic signature required by electronic currency.

Description

METHOD FOR PERFORMING DIGITAL SIGNATURE WITH MESSAGE APPENDIX ANn METHOD FOR VERIFYING THE SAME Background of the Invention The present invention relates to a digital signature, and more particularly. to a method for performing a digital signature with message appendix with which it is possible to provide a signature function to electrical documents or data.
Generally, the digital signature in electronic exchange of information is a counterpart to a handwritten signature in classical mail. As society depends more on information due to the development of computers and electronic communication, all documents are changing from classical mail to electronic data. In such a state, the chances become higher of the forging and changing of contracts or documents between the respective entities, i.e., between individuals, between an individual and a party and between companies. To suit such new circumstances, a technology of providing a signature function to an electronic document like in classical mail is required.
Namely, a digital signature with message appendix is for providing information protecting services such as authentication and flawlessness of data in information processing systems and inter-network communication systems, to suit the above-mentioned circumstances. A cryptographic technology is required for the digital signature technology by which it is possible to prevent surreptitious use, forgery and alteration of an electronic document.
Systems using the cryptographic technology divide roughly into public key systems and secret key systems. The cryptographic system of the secret key method is hard to manage, since two users who desire to communicate must share the same secret key, and cannot provide a signature giving full protection, since it does not provide functions such as unauthorized access denial and blockade which a signature should provide. In the cryptographic system of a public key method, the public key and the secret key are calculated using a one-way function which is very hard to solve mathematically. Anyone who has the public key of a published counterpart can perform a secret communication with the counterpart since the public key is published so as to be used by everyone and the secret key is kept by the user.
In the digital signature using the public key method, a pair of keys, i.e., the secret key used for signing a message and the public key used for verifying the signature are used. Namely, the pair of keys used for the digital signature method are comprised of the public key for verification and the secret key for the signature.
One of the message signatures which uses the public key method is the digital signature giving message recovery. This is a method for recovering the message during the process of verifying the signature. The digital signature method provided by the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC 9796) is a type of digital signature giving message recovery. Here, a Rivest Shamir Adleman (RSA) algorithm whose security is based on the difficulty of disintegratiori of a prime factor is used. In the RSA algorithm, it is difficult to apply the digital signature to a message having an arbitrary length since a message of a limited length must be received.
The digital signature with message appendix is unlike the digital signature giving message r covery. In the digital signature with message appendix, a hash function is used in order to obtain the message. It is possible to perform the signature and verification in a short time since the signature is performed after simplifying the message using the hash function. An ElGamal digital signature is an example of a digital signature with message appendix and a public key digital signature. and has a security based on calculating a discrete logarithm. However, it has a shortcoming in that the size of the signature is doubled when the signature is generated.
Summarv of the Invention It is an object of the present invention to provide a method for performing a digital signature with message appendix using a hash function in order to reduce the length of the signature.
It is another object of the present invention to provide a method for verifying the digital signature with message appendix.
To achieve the first object, there is provided a method for performing a digital signature with message appendix, when Lp and Lq denote the lengths, in bits, of prime factors p and q and when g=a(P')/4mod p while satisfying l < a < p-l and a(P~l)qmod p > l, comprising the steps of multiplying a hash code H(M), corresponding to a message M to be sent, by gK calculated from a random number K generated whenever a signature is performed, performing a modular multiplication of the result of the multiplication by a modular p and obtaining R which is a beginning portion of a signature by cutting the resultant value by Lq bits, obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed, and the calculated R through S=(K-RX)mod q and transferring a signature verification key Y for verifying a digital signature and the message M including the R and S.
To achieve the second object, there is provided a method for verifying the digital signature with message appendix, when Lp and Lq denote the lengths, in bits, of prime factors p and q and when g-a(P-'yqmod p while satisfying I < a < p-l and a(@@)qmod p > l, comprising the steps of receiving the messages transmitted in claim 1, Y, M, S and R and confirming that 0 < R < q and 0 < S < q, calculating gs and yR by the hash function value H(M) corresponding to the message M, the received S and R and performing a modular multiplication with respect to a modular p, and confirming a user who has a public verification key Y signed the received message M when the resultant value of cutting the result of the modular multiplication to Lq bits is equal to the received value R.
Brief Description of the Drawings The above objects and advantages of the present invention will become more apparent by describing in detail a preferred embodiment thereof 'with reference to the attached drawings in which: FIG. I is a flow chart describing a method for generating a digital signature according to the present invention; FIG. 2 is a flow chart describing a method for verifying the generated digital signature.
Detalled Description of the Invention Hereinafter, the present invention will be described in detail with reference to the attached drawings. Before explaining the present invention, reference characters used in the present invention will be described as follows.
M denotes a message to be sent. p and q denote prime factors. Lp and Lq respectively denote the lengths in bits of p and q. It is defined that g=a(P~I > q mod p while satisfying l < a < p-l and a(tlyq mod p > 1. X denotes a secret signature key of a signer. Y corresponds to a signature verification key published in order to verify the digital signature: y=gx mod p. K denotes a random number which is any element of (1, 2,..., q-l). The digital signature T is obtained by the concatenation of R and S. R and S are both smaller than q.
X, Y, p, and q are fixed variables, among which p, q, and g are shared by all the users. however, the random number K is newly selected whenever the signature is generated. K and X used during the signature process should not be known to others and are selected from among 0 through the prime factor q. H is a hash function having collision resistane. h=H(M) is a hash code which is a result of operating the hash function on the message to be signed. Also. I I indicates concatenation.
The digital signature with message appendix according to the present invention can be generated as follows according to the above definition and explanation. FIG. 1 is a flow chart of a method for generating the digital signature according to the present invention.
First, the hash code H(M) of a message M is generated using the hash function which is a one-way function (step 100). An optional random number K is generated, selected from among (1, 2,..., q-1}, each time the signature is generated (step 110). gK is calculated using the generated random number (step 120). gK is a value which is independent of the message and can be calculated in advance.
After performing a modular p multiplication of the hash code by the value calculated in advance (step 130), the result is cut te the length of Lq bits. To cut means to throw away all the bits past the length of Lq bits. The result is R, the value corresponding to the beginning portion oí the signature (step 140).
S=(K-RgY)mod q is calculated using the secret signature key X of the signer in order to generate the end portion of the signature (step 1 O0). The signature S=RI Is is output by concatenating R and S (step 160). The signature is added to the message and (Y, M. R. and St are transferred with the verification key Y of the signature (step 170).
FIG. 2 is a flow chart of a method for verifying the generated digital signature. A verifier confirms that 0 < R < q and 0 < S < q with respect to S I I S, which is one of the signed messages received by the verifier. in order to verify the signature (step 200). In the case of satisfying the above two conditions. the signature is verified as shown in FIG. 2. gs, yR and the hash function value H(M) are calculated from the received message M, and the received S and R (step 210), and a modular p multiplication is performed (step 220). VR is generated by cutting the modular multiplication result to the Lq bit(step 230) and is compared with the received value R (step 240). When VR is equal to R, the user who has the public verifying key Y of the signer can confirm that the signature 2:=R I | S of the received message M was signed using the secret signature key X of the signer (step 250). That VR is not equal to R means that the message M was signed with an illegal signature or the message was transformed by an attacker. In this case, the message M is considered valuless data (step 260).
According to the present invention, the signature ftinc.tion in classical mail can be provided for an electronic document and the original drafter of the electronic document can be verified.
It is possible to learn that the document was transformed by a third party when the contents of the original document were transformed by the third party and to provide the electronic signature required by electronic currency. Also, the digital signature can be employed in an authentication system and can increase the speed of verifying the signature.
The present invention may be practised by suitably programmed digital processors, e.g. a personal computer or a DSP device, at each of the devices for transmitting and receiving the digital signature and the accompanying message. Each of the transmitting and receiving devices may be coupled via a modem, for example, to a telecommunications network such as a public switched telephone network or to a radio interface for communication via a cellular channel.
The present invention may be employed in the transmission of e-mail messages or files of digital data, such as text files, or in electronic payment systems. In the latter case, the message encoding/transmitting processor may be embedded in a chip on a smart card and the verifying/receiving processor may be incorporated in a smart card reader; the two processors communicating via a suitable interface. Alternatively, dedicated logic circuits may be used to carry out the functions of both the encoding/transmitting processor and the verifying'receiving processor.

Claims (12)

CLAIMS:
1. A method for performing a digital signature with message appendix, when Lp and Lq denote the lengths, in bits, of prime factors p and q and when g=a(@@@qmod p while satisfying 1 < a < p 1 and a(@@@qmod p > l.
comprising the steps of: multiplying a hash code H(M), corresponding to a message M to be sent. by gk calculated from a random number K generated whenever a signature is performed: performing a modular multiplication of the result of said multiplication bv a modular p and obtaining R which is a beginning portion of a signature by cutting the resultant value by Lq bits; obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed, and the calculated R through S=(K-RX)mod q; and transferring a signature verification key Y for verifying a digital signature and the message M including said R and S.
2. A method for verifying the digital signature with message appendix, when Lp and Lq denote the lengths, in bits, of prime factors p and q and when g-a(P )qmod p while satisfying 1 < a < p-1 and a(@@@)qmod p > 1, comprising the steps of: receiving the messages transmitted in claim 1. Y, M, S and R and confirming that O < R < q and 0 < S < q; calculating g5 and yR by the hash function value H(M) corresponding to the message M, said received S and R and performing a modular multiplication with respect to a modular p; and confirming a user who has a public verification key Y signed the received message NI when the resultant value of cutting the result of said modular multiplication to Lq bits is equal to the received value R.
3. A method for transmitting a message together with a digital signature, where Lp and Lq denote the lengths, in bits. of prime factors p and q and when =a(P qmod p while satisfying l < a < p.l and a(P-)qmed p > l.
comprising the steps of: multiplying a hash code H(M), corresponding to a message M to be sent, by gK calculated from a random number K generated whenever a signature is performed; perfonning a modular multiplication of the result of said multiplication by a modular p and obtaining R which is a beginning portion of a signature by truncating the resultant value to Lq bits; obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed, and the calculated R through S=(K-RX)mod q; and transferring a signature verification key Y for verifying a digital signature and the message M including said R and S.
4. A method for verifying the transmitted digital signature with the transmitted message, when Lp and Lq denote the lengths, in bits of prime factors p and q and when g=a(P i)qmod p while satisfying I < a < p-l and a(P iqmod p > l, comprising the steps of: receiving the messages transmitted in claim 1, Y, M S and R and confirming that O < R < q and 0 < S < q; calculating gS and R and the hash function value H(M) corresponding to the message M from the received message M and said received S and R and performing a modular multiplication with respect to a modular p: and confirming a user who has a public verification key Y signed the received message M when the resultant value of cutting the result of said modular multiplication to Lq bits is equal to the received value R.
5. A method of making a digital signature for transmission with an accompanying message, wherein a first half of said digital signature is calculated in a separate operation from the calculation of a second half of said digital signature, the two halves being concatenated to form said digital signature prior to transmission.
6. A method of making a digital signature for transmission with an accompanying message according to claim 5, wherein the calculation of at least one of said first and second halves of said digital signature comprises the step if carrying out a hash function upon the message to be transmitted.
7. An apparatus for transmitting a digital signature with an accompanying message where Lp and Lq denote the lengths, in bits of prime factors p and q and when g=a(P~i)qmod p while satisfying l < a < p.1 and a'P mod p > l. comprising: means for multiplying a hash code H(M), corresponding to a message M to be sent. by g calculated from a random number K generated whenever a signature is performed; means for performing a modular multiplication of the result of said multiplication by a modular p and obtaining R which is a beginning portion of a signature by truncating the resultant value to Lq bits; means for obtaining S which is an end portion of a signature using a secret key X of a signer, the random number K generated whenever the signature is performed, and the calculated R through S=(K-RX)mod q; and means for transferring a signature verification key Y for verifying a digital signature and the message M including said R and S.
8. An apparatus for verifying a digital signature with an accompanying message, where Lp and Lq denote the lengths, in bits, of prime factors p and q and when g=a(P~t)qmod p while satisfying l < a < p-l and a(P- mod p > l, comprising: means for receiving the messages transmitted in claim 1. Y, M. S and R and confirming that 0 < R < q and 0 < S < q; means for calculating gS and yR and the hash function value H(M) corresponding to the message M from the received message M and said received S and R and performing a modular multiplication with respect to a modular p; and means for confirming a user who has a public verification key Y signed the received message M when the resultant value of cutting the result of said modular multiplication to Lq bits is equal to the received value R.
9. A method of creating a digital signature, substantially as herein described with reference to Figure 1.
10. A method of verifying a digital signature, substantially as herein described with reference to Figure 2.
11. An apparatus for creating a digital signature, substantially as herein described with reference to Figure 1.
12. An apparatus for verifying a digital signature, substantially as herewith described with reference to Figure 2.
GB9716213A 1996-07-31 1997-07-31 Method for performing digital signature with message appendix and method for verifying the same Expired - Fee Related GB2315965B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1019960032051A KR100397601B1 (en) 1996-07-31 1996-07-31 Method for message added digital signature and verifying method thereof

Publications (3)

Publication Number Publication Date
GB9716213D0 GB9716213D0 (en) 1997-10-08
GB2315965A true GB2315965A (en) 1998-02-11
GB2315965B GB2315965B (en) 2001-05-23

Family

ID=19468479

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9716213A Expired - Fee Related GB2315965B (en) 1996-07-31 1997-07-31 Method for performing digital signature with message appendix and method for verifying the same

Country Status (4)

Country Link
JP (1) JPH1084341A (en)
KR (1) KR100397601B1 (en)
FR (1) FR2752121A1 (en)
GB (1) GB2315965B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2327831A (en) * 1997-07-23 1999-02-03 Chantilley Corp Ltd Hashing message or document
CN1316405C (en) * 2003-03-19 2007-05-16 大唐微电子技术有限公司 Method for obtaining digital siguature and realizing data safety
EP1914926A1 (en) * 2006-10-19 2008-04-23 Stmicroelectronics Sa Data transmission method using a code for acknowledgement of receipt containing hidden authentication bits
WO2010033081A2 (en) * 2008-09-22 2010-03-25 Embeyond Pte Ltd Secure server system for online transactions
CN101288066B (en) * 2005-09-09 2010-05-19 微软公司 Directed signature workflow

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100441397B1 (en) * 2002-10-31 2004-07-23 소프트포럼 주식회사 message encryption and authentication method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5005200A (en) * 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US4996711A (en) * 1989-06-21 1991-02-26 Chaum David L Selected-exponent signature systems
US5231668A (en) * 1991-07-26 1993-07-27 The United States Of America, As Represented By The Secretary Of Commerce Digital signature algorithm
JP3285039B2 (en) * 1992-03-09 2002-05-27 日本電信電話株式会社 Digital signature method
KR950002164B1 (en) * 1992-07-24 1995-03-14 문상재 Electronic signature and authentication method
JPH06112935A (en) * 1992-09-30 1994-04-22 Mitsubishi Electric Corp Ciphering communication method
EP0639907B1 (en) * 1993-08-17 1999-12-08 R3 Security Engineering AG Digital signature method and key agreement method
GB9610154D0 (en) * 1996-05-15 1996-07-24 Certicom Corp Tool kit protocol

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2327831A (en) * 1997-07-23 1999-02-03 Chantilley Corp Ltd Hashing message or document
GB2327831B (en) * 1997-07-23 2002-10-09 Chantilley Corp Ltd Document or message security arrangements
US6772342B1 (en) 1997-07-23 2004-08-03 Hawthorne William Mcmullan Document or message security arrangements using a numerical hash function
CN1316405C (en) * 2003-03-19 2007-05-16 大唐微电子技术有限公司 Method for obtaining digital siguature and realizing data safety
CN101288066B (en) * 2005-09-09 2010-05-19 微软公司 Directed signature workflow
EP1914926A1 (en) * 2006-10-19 2008-04-23 Stmicroelectronics Sa Data transmission method using a code for acknowledgement of receipt containing hidden authentication bits
FR2907622A1 (en) * 2006-10-19 2008-04-25 St Microelectronics Sa DATA TRANSMISSION METHOD USING A RECEPTION ACCOUNT CODE HAVING HID AUTHENTICATION BITS
US8185738B2 (en) 2006-10-19 2012-05-22 Stmicroelectronics Sa Data transmission method using an acknowledgement code comprising hidden authentication bits
US8688983B2 (en) 2006-10-19 2014-04-01 Stmicroelectronics Sa Data transmission method using an acknowledgement code comprising hidden authentication bits
WO2010033081A2 (en) * 2008-09-22 2010-03-25 Embeyond Pte Ltd Secure server system for online transactions
WO2010033081A3 (en) * 2008-09-22 2011-03-31 Embeyond Pte Ltd Secure server system for online transactions

Also Published As

Publication number Publication date
GB9716213D0 (en) 1997-10-08
GB2315965B (en) 2001-05-23
JPH1084341A (en) 1998-03-31
KR980010837A (en) 1998-04-30
KR100397601B1 (en) 2003-10-23
FR2752121A1 (en) 1998-02-06

Similar Documents

Publication Publication Date Title
Moore Protocol failures in cryptosystems
US9990796B2 (en) Data card verification system
US6298153B1 (en) Digital signature method and information communication system and apparatus using such method
EP1573719B1 (en) A method, system and computer program product for secure ticketing in a communications device
CN108833103B (en) Method and system for secure communication between a radio frequency identification tag and a reading device
EP0503119A1 (en) Public key cryptographic system using elliptic curves over rings
CN1922816B (en) One way authentication
CN109586919A (en) A kind of online contract signs method automatically
WO1998034202A9 (en) Data card verification system
JPH02288746A (en) Safety key generator and safety session key generating method in code system
EP2686978B1 (en) Keyed pv signatures
US7451314B2 (en) Cryptographic authentication process
Brickell et al. Interactive identification and digital signatures
GB2315965A (en) Digital signature with hash code
US7382875B2 (en) Cryptographic method for distributing load among several entities and devices therefor
US20020188850A1 (en) Method for accelerated transmission of electronic signature
KR100349418B1 (en) Method for preventing abuse in blind signatures
Kadry et al. Design of secure mobile communication using fingerprint
JP3385519B2 (en) Validity authentication method and system
KR19980048479A (en) Digital signature method in terms of safety
CN1177872A (en) Method for realizing digital signing with information appendix and checking method thereof
AU743461B2 (en) Cryptographic communication process
US20060147039A1 (en) Data encryption method cryptographic system and associated component
Preneel et al. Information integrity protection and authentication in a banking environment
Roijakkers Security in signalling and digital signatures

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20090731