WO2000046947A2 - Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message aux moyens de facteurs premiers particuliers - Google Patents
Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message aux moyens de facteurs premiers particuliers Download PDFInfo
- Publication number
- WO2000046947A2 WO2000046947A2 PCT/FR2000/000189 FR0000189W WO0046947A2 WO 2000046947 A2 WO2000046947 A2 WO 2000046947A2 FR 0000189 W FR0000189 W FR 0000189W WO 0046947 A2 WO0046947 A2 WO 0046947A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mod
- profile
- prime
- congruent
- modulo
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
Definitions
- the present invention relates to the technical field of methods, systems and devices intended to prove the authenticity of an entity and / or the integrity and / or the authenticity of a message.
- Patent EP 0 311 470 B1 the inventors of which are Louis Guillou and Jean-Jacques Quisquater describes such a process. We will refer to it below by designating it by the terms: "GQ patent” or "GQ process”. Subsequently, we will sometimes designate by "GQ2", “invention GQ2” or “GQ2 technology” new developments in GQ technology which are the subject of pending requests filed on the same day as this request by France Telecom, TDF and the Company Mathrizk and having as inventor Louis Guillou and Jean-Jacques Quisquater. The characteristic features of these pending applications are recalled whenever necessary in the description which follows.
- an entity called “trusted authority” assigns an identity to each entity called “witness” and calculates the RSA signature; during a personalization process, the trusted authority gives identity and signature to the witness.
- the witness then proclaimed:
- the witness proved without revealing that he knows the RSA signature of his identity. Thanks to the public RSA verification key distributed by the trusted authority, an entity called “controller” verifies without knowing that the RSA signature corresponds to the proclaimed identity. The mechanisms using the GQ process take place "without knowledge transfer”. According to the GQ method, the witness does not know the RSA private key with which the trusted authority signs a large number of identities.
- the GQ technology previously described uses RSA technology. But if the RSA technology does depend on the factorization of the module n, this dependence is not an equivalence, far from it, as demonstrated by the so-called "multiplicative" attacks against the various digital signature standards implementing RSA technology.
- GQ2 technology The objective of GQ2 technology is twofold: on the one hand, to improve performance compared to RSA technology; on the other hand, avoid the problems inherent in RSA technology.
- Knowledge of the private key GQ2 is equivalent to knowledge of the factorization of module n. Any attack at the level of GQ2 triplets comes down to the factorization of the module n: this time there is equivalence.
- the workload is reduced, as much for the entity that signs or authenticates as for that which controls. Thanks to better use of the factorization problem, both in terms of security and performance, the GQ2 technology avoids the drawbacks presented by the RSA technology.
- the GQ method implements modulo calculations of numbers of 512 bits or more. These calculations relate to numbers having substantially the same size raised to powers of the order of 2 16 + 1.
- the existing microelectronic infrastructures in particular in the field of bank cards, make use of monolithic self-programmable microprocessors devoid of arithmetic coprocessors .
- the workload linked to the multiple arithmetic operations involved in processes such as the GQ process leads to calculation times which in some cases prove to be penalizing for consumers using bank cards to pay for their purchases. It is recalled here that, in seeking to increase the security of payment cards, the banking authorities pose a particularly delicate problem to solve.
- GQ2 technology implements prime factors with specific properties. Different techniques exist to produce these prime factors.
- the subject of the present invention is a method making it possible to systematically produce such prime factors.
- the invention applies to a method (GQ2 method) intended to prove to a controlling entity
- n consisting of the product of f prime factors p 1? p 2 , ... p f (f being greater than or equal to 2),
- the basic numbers g j are such that the two equations (1) and (2): x 2 ⁇ g j mod n and x 2 ⁇ - g ; mod n have no solution in x in the ring of integers modulo n, and such that equation (3): x v ⁇ ; 2 mod na solutions in x in the ring of integers modulo n.
- the method according to the invention makes it possible to produce the f prime factors p ⁇ , p 2 , ... p f . so that equations (1), (2) and (3) are satisfied.
- the method according to the invention comprises the step of choosing first:
- the safety parameter k is also chosen first.
- This particular value of the exponent v is one of the essential features of the GQ2 technology.
- the m basic numbers g x , g 2) , ... g m are chosen at least in part from the first whole numbers.
- the security parameter k is a small integer, in particular less than 100.
- the size of the module n is greater than several hundred bits.
- the prime factors p x , p 2 ⁇ , ... p f have a size close to the size of the module n divided by the number f of factors.
- the f prime factors p l 5 p 2> , ... p f are not chosen in any way.
- f prime factors p 1> 5 p 2> , ... p f a certain number of them: e will be chosen congruent to 1 modulo 4. This number e of prime factors can be zero. In the case where e is zero the module n will be hereinafter called the basic module, in the case where e> 0 the module n will be hereinafter called the mixed module.
- the fe other prime factors are chosen congruent to 3 modulo 4. This number fe of prime factors is at least equal to 2. Choice of the prime factors congruent to 3 modulo 4
- Profile f . e . 1 (g f . E. 1 ) compared to the first fe-1 prime factors, from p j to p f . e-1> Two cases are then to be considered. In either of these two cases, the first condition will be different. If Profile fe . 1 (g f . E. 1 ) is flat, we choose p f . e such that it satisfies the first condition of being complementary to p x with respect to f .
- a factor u is calculated by applying the algorithm specified below for an index ii ranging from 1 to t-2.
- the algorithm consists in repeating as much as necessary, the following sequence:
- Step 1 we calculate w 2 / G ; (mod p).
- Step 2 we raise the result to the power 2 ' "11" 1 . There are two cases to consider.
- the candidate p is accepted as a prime factor congruent to 1 modulo 4 if at the end of the second test, for all m public values G ; , it was not rejected.
- the present invention also relates to a method (GQ2 method) applying the method which has just been described and which makes it possible, let us recall, to produce f prime factors p l 5 p 2 , ... p f having particular properties.
- the method applying the method which has just been described is intended to prove to a controlling entity,
- Said public value G j is the square ; 2 of the base number g j lower than the f prime factors p 15 p 2 , ... p f .
- the basic number g j is such that the two equations: x 2 s iinod n and x 2 ⁇ - ; mod n have no solution in x in the ring of integers modulo n and such that the equation: x v ⁇ g; 2 mod na solutions in x in the ring of integers modulo n.
- Said method implements according to the following steps an entity called witness.
- Said witness entity has the prime factors p ; and / or parameters of the Chinese remains of the prime factors and / or of the public module n and / or of the m private values Q j and / or of the fjn components Q i; j (Q ; j ⁇ Q ⁇ mod P j ) private values Q ; ⁇ t of the public exhibitor c.
- the witness calculates commitments R in the ring of integers modulo n. Each commitment is calculated:
- the witness receives one or more challenges d.
- Each challenge d comprising m integers d ; hereinafter called basic challenges.
- the witness calculates from each challenge of a response D, • either by carrying out operations of the type:
- the process is such that there are as many responses D as there are challenges d as there are commitments R, each group of numbers R, d, D constituting a triplet noted ⁇ R, d, D ⁇ .
- the pairs of private values Q x , Q 2 , ... Q m and public G 1? G 2 , ... G m we use the prime factors p x , p 2 , ... p f and / or the parameters of the Chinese remainders, the base numbers g x , g 2 , ... g m and / or the public values GG 2 , ... G m to calculate:
- the values t and u are calculated as indicated above in the case where P j is congruent to 1 modulo 4.
- this part of the invention relates more specifically to the production of sets of G02 keys intended to ensure dynamic authentication and digital signature.
- GQ2 technology does not use RSA technology. The objective is twofold: on the one hand, to improve performance compared to RSA technology; on the other hand, avoid the problems inherent in RSA technology.
- the private key GQ2 is the factorization of the module n. Any attack at the level of GQ2 triplets comes down to the factorization of the module n: this time there is equivalence. With GQ2 technology, the workload is reduced, as much for the entity that signs or authenticates as for that which controls. Thanks to better use of the factorization problem, both in terms of security and performance, the GQ2 technology competes with the RSA technology.
- GQ2 technology uses one or more small whole numbers larger than 1, say m small whole numbers (m ⁇ 1) called "base numbers" and denoted by g t .
- base numbers m small whole numbers
- v, n a public verification key
- the public verification exponent v is 2 k where k is a small integer greater than 1 (k ⁇ 2).
- the public module n is the product of at least two prime factors larger than the base numbers, say / prime factors (f ⁇ 2) denoted by ⁇ ., Of p, ... p f .
- the prime factors are chosen so that the public module does not have the properties following with respect to each of the m base numbers of g, to g m .
- equations (1) and (2) have no solution in x in the ring of integers modulo n, that is to say that g, - and -g t are two residues non quadratic (mod n). x 2 ⁇ g t (mod) (i) x 2 ⁇ -g t (mod n) (2)
- equation (3) has solutions at x in the ring of integers modulo n. x 2 ⁇ g 2 (mod ⁇ ) (3) Subsequently, these properties are also called the GQ2 principles.
- the public verification key (v, n) being fixed according to the base numbers of g ⁇ to g m with m ⁇ 1, each base number g, determines a pair of values GQ2 comprising a public value G i and a private value Q t : let m be noted pairs of G, ⁇ ) , at G m Q m .
- the private value Q t is one of the solutions to equation (3) or the reverse (mod n) of such a solution.
- the ring of integers modulo n is broken down into / Galois field, from CG (p,) to
- CG (p j ) Here are the projections of equations (1), (2) and (3) in CG (pj). x 2 ⁇ Si ( mod Pj) (La) x 2 ⁇ -g i (oâ Pj ) (2. a) x 2 " ⁇ g 2 (mod Pj ) (3 a)
- Each private value Q i can be represented in a unique way by / private components, one by prime factor: Q. - ⁇ Q. (mod p.
- Each private component Q tj is a solution to equation (3.a) or else the reverse
- the parameters of the Chinese remainders can be as follows (there are a / -l, that is, one of less than prime factors).
- the first parameter of the Chinese remains is a ⁇ ⁇ p 2 (mod / ?,) ⁇ "1 (mod / ?,).
- the second parameter of the Chinese remains is ⁇ ⁇ ⁇ pp 2 (mod p 3 ) ⁇ ⁇ 1 (mod
- the third parameter of the Chinese remains is ⁇ ⁇ ⁇ pp 2. ... p x (mod p,) ⁇ "1 (mod pL).
- the object of the invention is a method for producing at random any set of GQ2 keys among all the possible sets, namely: - randomly producing any module among all the possible GQ2 modules, this is that is, the modules ensuring that, for each of the m base numbers g t , equations (1) and (2) have no solution in x in the ring of integers modulo n while the equation (3) in a. calculate all the possible solutions to each of the equations (3.a).
- the Chinese remainder technique then makes it possible to obtain a private value Q. from each set of / components from Q i X to Q if so as to obtain any solution in x of equation (3) among all possible solutions.
- ⁇ . Chinese Remains (Q i ⁇ , Q 2 , ...
- the period of the sequence ⁇ X ⁇ is p-l or a divisor of p-l. This period depends on the value of a. By definition, this period is called "the rank of a (mod p)". It is the index of appearance of the unit in the sequence ⁇ X ⁇ .
- the Galois body CG (p) has only one element of rank 1: it's 1, only one element of rank 2: it's -l , p'-l elements of rank p ', p'-l elements of rank 2.p', that is to say, of rank pl.
- CG (p) having for rank p-1 are called the “primitive” elements or even, “generators” of CG (p).
- the name is due to the fact that their successive powers in CG (p), that is to say, the terms of the sequence ⁇ X ⁇ for the indices going from 1 to pl, form a permutation of all the non-zero elements of CG (p).
- the public module n is the product of / prime factors, from / ?, to p f with / ⁇ 2, such that for each prime factor /? ; , the public exhibitor v is first with Pf-1.
- the key (v, p) respects the rank of the elements of CG (p): it swaps them.
- the inverse permutation is obtained by a key ($, •,?) Such as? -! divides vS j -1. Squares and square roots in CG (p)
- the elements x and px have the same square in CG (p).
- the key (2, p) does not permute the elements of CG (p) because pl is even.
- each non-zero element of odd rank carries a branch of length t comprising 2-1 elements, namely: an element of rank divisible by two but not by four, then, if t ⁇ 2, two elements of rank divisible by four but not by eight, then, if t ⁇ 3, four elements of rank divisible by eight but not by sixteen, then, if t ⁇ 4, eight elements of rank divisible by sixteen but not by 32, and so on.
- the 2 ' "1 ends of each branch are non-quadratic residues; their rank is divisible by 2'.
- Figures 1A to ID illustrate the function" squaring in CG (p) "by an oriented graph where each of the pl elements non-zero of the body finds its place: the non-quadratic residues are in white and the quadratic residues in black; among the quadratic residues, the elements of odd rank are encircled
- Figure 1A case where? 3 (mod 4); figure 1B: case where p is congruent to 5 (mod 8); - figure 1 C: case where /? Is congruent to 9 (mod 16); figure ID: case where p is congruent to 17 ( mod 32).
- the key (s, p) transforms every quadratic residue a into a first approximation of solution which we name r.
- the following algorithm establishes successive approximations to arrive at a square root of ⁇ from the integers r and b defined above; it uses two integer variables: w initialized by r to represent successive approximations and jj taking values among the powers of 2, from 2 to 2 ' "2 .
- equation (3.a) the rank of g 2 in CG (/?) Is divisible by 2 ", but not by 2" +1 ; the value of u is among the t-1 possible values, from 0 to t-2.
- the existence and the number of solutions in x in CG (p) to equation (3.a) depends on the values of k, t and u.
- equation (3.a) has no solution in x in CG (p).
- equation (3.a) has 2 'solutions at x in CG (p).
- equation (3.a) has 2 k solutions in x in CG (?).
- Equation (3) prohibits any prime factor /? congruent to 1 (mod 4) as soon as for one of the base numbers g, from g, to g m : or, the symbol of
- the legend of g with respect to p is equal to -1; or else, the Legendre symbol of g with respect to p is equal to +1 with the condition: u positive and greater than tk.
- p congruent to 1 (mod 4) it must fulfill one of the following two conditions for each of the base numbers g, from g, to g m , according to the two integers t and M defined above.
- a product of prime factors congruent to 1 (mod 4) cannot ensure all of the principles of GQ2 technology.
- Each GQ2 module must have at least two prime factors congruent to 3 (mod 4) such that, for each base number g, the Legendre symbol of g with respect to one differs from the Legendre symbol of g with respect to l 'other.
- all the prime factors are congruent to 3 (mod 4)
- we will say that the module GQ2 is basic.
- module n the module includes one or more prime factors congruent to 1 (mod 4), we will say that the module GQ2 is mixed.
- GQ2 is mixed.
- the global constraints to be imposed on module n must be set: a size in bits (for example, 512 or 1024 bits) as well as a number of successive bits at 1 in high order (at least one of course, typically 16 or 32 bits), a number / of prime factors and an e number (which may be zero) of prime factors must be congruent to 1 (mod 4); the other prime factors, that is, at least two, must be congruent to 3 (mod 4).
- the module n will be the product of / prime factors of neighboring sizes.
- a basic GQ2 module is the product of prime factors all congruent to 3 (mod 4).
- a mixed GQ2 module therefore appears as the product of a basic GQ2 module by one or more other prime factors congruent to 1 (mod 4).
- Choice of the prime factors congruent to 3 (mod 4) From the second factor, the program requests and uses a basic number per factor. For the choice of the last factor congruent to 3 (mod 4), the program asks if there are other basic numbers, that is, if m is equal or greater. fe, then, if this is the case, requests and takes into account the last basic numbers, from g ⁇ to g m .
- the profile of g with respect to a single prime number congruent to 3 (mod 4) is always flat. This extension makes it possible to generalize the algorithm for choosing prime factors congruent to 3 (mod 4).
- the profiles of two basic numbers g, and g 2 are different, which implies at least three prime factors congruent to 3 (mod 4)
- the knowledge of the two private values ⁇ 2, and Q 2 induces the knowledge of two decompositions different from module n.
- the base numbers are small prime numbers
- the program ensures that the profiles of the 2 _e_1 -l multiplicative combinations of the first fe-1 base numbers are all different: they take all possible values.
- the notion of profile does not extend to the prime factors congruent to 1 (mod 4).
- Second prime factor p 2 congruent to 3 (mod 4) taking into account the first base number g,: Each candidate must be complementary to / ?, with respect to g j .
- Profile ⁇ g,) is flat, each candidate must be complementary to / ?, with respect to g Otherwise, among the i- basic numbers g ,, g 2 , ...
- G is on a cycle.
- G is on a cycle as soon as p is congruent to 5 (mod 8) and that the Legendre symbol of g, compared to p is worth +1.
- r is neither g, nor -g ,, then u>0; note that the key ⁇ (pl) l2 p) transforms any non-quadratic residue y into an element b which is a 2 nd primitive root of the unit.
- variable wa for value g, or -g ( .
- v is greater than jj, that is, k> tu, reject the candidate to move on to another.
- v is less than or equal to /) ' , that is, k ⁇ tu, continue the evaluation of the candidate.
- the public module n is the product of / prime factors / ?,, /? 2 , ... /? .
- the unsigned integer n can be represented by a binary sequence; this sequence respects the constraints imposed at the start of the program for the size in bits and for the number of successive bits at 1 in high order.
- the choice of prime factors ensures the following properties of the module n with respect to each of the m base numbers g x , g 2 , ... g m .
- equations (1) and (2) have no solution in x in the ring of integers modulo n.
- equation (3) has solutions at x in the ring of integers modulo n.
- Step (1) is executed successively for each of the m base numbers from g x to g m .
- Step (2) is executed successively for each of the m public values from G x to G m .
- We calculate an integer t such that /? - l is divisible by 2 'but not by 2 f + 1 , then an integer s (p-l + 2') / 2 t + l , so as to establish a key (s, p).
- the branch of z 4 carries two other solutions: it is the product of z by each of the two square roots of -1, that is, each of the two fourth primitive roots of the unit.
- y is a non-quadratic residue of CG (p)
- y to ⁇ 1 / 4 (mod p) is a square root of -1.
- the branch of the 2 nd power of z carries 2 ' ⁇ l solutions: these are the products (mod p) of z by each of the two roots 2 l th primitives of the unit.
- G is suitably placed on a fairly long branch, that is to say, t ⁇ k + u, there are 2 fc solutions on the branch where G is shown.
- a root 2 k th it is enough to reiterate k times of rank the algorithm of calculation of square root given above, so as to calculate the square roots of successive results up to a solution z.
- This calculation can of course be optimized to approach a 2 k th root directly and then adjust the approximation of a 2 k th root only once to reach a solution z.
- variable wa for value za At the end of the algorithm, the variable wa for value za.
- the generic solution to equation (3.a) is represented by zz- We go to step (4).
- n is the product of two prime factors congruent to 3 (mod 4); there are eight with three prime factors congruent to 3 (mod 4); there are sixteen with two prime factors congruent to 3 (mod 4) and a congruent to 5 (mod 8).
- n is the product of two prime factors congruent to 3 (mod 4); there are eight with three prime factors congruent to 3 (mod 4); there are sixteen with two prime factors congruent to 3 (mod 4) and a congruent to 5 (mod 8).
- Judicious use of these multiple values can complicate attacks by analyzing the power consumption of a smart card using GQ2.
- the constraints due to the m base numbers make applications less and less acceptable.
- k 6
- k 64
- m 3
- g, 3
- ⁇ 2 3 09AA6F4930E51A70CCDFA77442B10770DD1CD77490E3398A
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Complex Calculations (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Peptides Or Proteins (AREA)
- Error Detection And Correction (AREA)
- Storage Device Security (AREA)
- Agricultural Chemicals And Associated Chemicals (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002360887A CA2360887C (fr) | 1999-01-27 | 2000-01-27 | Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message aux moyens de facteurs premiers particuliers |
JP2000597915A JP4772189B2 (ja) | 1999-01-27 | 2000-01-27 | エンティティの真正性および/または特殊素因子を使用するメッセ−ジの完全性および/または真正性を証明するための方法、システム、及び装置 |
EP00901657.7A EP1145473B1 (fr) | 1999-01-27 | 2000-01-27 | Procédé, système, dispositif destinés à prouver l'authenticité d'une entité et/ou l'integrité et/ou l'authenticité d'un message aux moyens de facteurs premiers particuliers |
US09/869,966 US7266197B1 (en) | 1999-01-27 | 2000-01-27 | Method, system, device for proving the authenticity of an entity and/or the integrity and/or the authenticity of a message using specific prime factors |
AU22985/00A AU769444B2 (en) | 1999-01-27 | 2000-01-27 | Method, system, device for proving the authenticity of an entity and/or the integrity and/or the authenticity of message using specific prime factors |
Applications Claiming Priority (10)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR99/01065 | 1999-01-27 | ||
FR9901065A FR2788910A1 (fr) | 1999-01-27 | 1999-01-27 | Procede, systeme, dispositif pour diminuer la charge de travail pendant une session destinee a prouver l'authenticite d'une entite et/ou l'origine et l'integrite d'un message |
FR9903770A FR2788911A1 (fr) | 1999-01-27 | 1999-03-23 | Procede, systeme, dispositif pour diminuer la charge de travail pendant une session destinee a prouver l'authenticite d'une entite et/ou l'origine et l'integrite d'un message |
FR99/03770 | 1999-03-23 | ||
FR9912467A FR2788912B1 (fr) | 1999-01-27 | 1999-10-01 | Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message aux moyens de facteurs premiers particuliers |
FR99/12467 | 1999-10-01 | ||
FR99/12468 | 1999-10-01 | ||
FR9912465A FR2788908B1 (fr) | 1999-01-27 | 1999-10-01 | Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message |
FR9912468A FR2824974B1 (fr) | 1999-01-27 | 1999-10-01 | Procede destine a prouver l'authenticite d'une entite ou l'integrite d'un message au moyen d'un exposant public egal a une puissance de deux. |
FR99/12465 | 1999-10-01 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2000046947A2 true WO2000046947A2 (fr) | 2000-08-10 |
WO2000046947A3 WO2000046947A3 (fr) | 2002-04-04 |
Family
ID=27515634
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2000/000189 WO2000046947A2 (fr) | 1999-01-27 | 2000-01-27 | Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message aux moyens de facteurs premiers particuliers |
PCT/FR2000/000190 WO2000045550A2 (fr) | 1999-01-27 | 2000-01-27 | Procede destine a prouver l'authenticite d'une entite ou l'integrite d'un message au moyen d'un exposant public egal a une puissance de deux |
PCT/FR2000/000188 WO2000046946A2 (fr) | 1999-01-27 | 2000-01-27 | Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2000/000190 WO2000045550A2 (fr) | 1999-01-27 | 2000-01-27 | Procede destine a prouver l'authenticite d'une entite ou l'integrite d'un message au moyen d'un exposant public egal a une puissance de deux |
PCT/FR2000/000188 WO2000046946A2 (fr) | 1999-01-27 | 2000-01-27 | Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message |
Country Status (7)
Country | Link |
---|---|
US (2) | US7386122B1 (fr) |
EP (3) | EP1145473B1 (fr) |
JP (3) | JP4772965B2 (fr) |
CN (3) | CN1408154A (fr) |
AU (3) | AU769446C (fr) |
CA (3) | CA2360887C (fr) |
WO (3) | WO2000046947A2 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1326354C (zh) * | 2001-03-12 | 2007-07-11 | 法国电信公司 | 利用瞬时模数的密码验证 |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2841411B1 (fr) * | 2002-06-19 | 2004-10-29 | Gemplus Card Int | Procede de generation de cles electroniques pour procede de crytographie a cle publique et objet portatif securise mettant en oeuvre le procede |
FR2865590A1 (fr) * | 2004-01-23 | 2005-07-29 | France Telecom | Procede pour etablir, a partir d'un jeu de grands nombres premiers, un jeu de cles destine a prouver l'authenticite d'une entite ou l'integrite d'un message |
CN101243513A (zh) * | 2005-08-23 | 2008-08-13 | 皇家飞利浦电子股份有限公司 | 使用物理单向函数的信息载体鉴别 |
JP4968622B2 (ja) * | 2006-11-02 | 2012-07-04 | 日本電気株式会社 | グループメンバー確認システム、及びグループメンバー確認方法、及びプログラム |
TWI405481B (zh) * | 2007-05-18 | 2013-08-11 | Innovative Sonic Ltd | 無線通訊系統比較狀態變數或封包序號的方法及其相關裝置 |
US8832110B2 (en) | 2012-05-22 | 2014-09-09 | Bank Of America Corporation | Management of class of service |
US9961059B2 (en) * | 2014-07-10 | 2018-05-01 | Red Hat Israel, Ltd. | Authenticator plugin interface |
EP2966803A1 (fr) * | 2014-07-11 | 2016-01-13 | Thomson Licensing | Procédé et dispositif de génération de clé cryptographique |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0311470A1 (fr) * | 1987-09-07 | 1989-04-12 | France Telecom | Procédés et systèmes d'authentification d'accréditations ou de messages à apport nul de connaissance et de signature de messages |
EP0381523A2 (fr) * | 1989-02-02 | 1990-08-08 | Kabushiki Kaisha Toshiba | Procédé de calcul assisté par serveur et unité distribuée de traitement d'information |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5218637A (en) * | 1987-09-07 | 1993-06-08 | L'etat Francais Represente Par Le Ministre Des Postes, Des Telecommunications Et De L'espace | Method of transferring a secret, by the exchange of two certificates between two microcomputers which establish reciprocal authorization |
US5140634A (en) * | 1987-09-07 | 1992-08-18 | U.S Philips Corporation | Method and apparatus for authenticating accreditations and for authenticating and signing messages |
AU622915B2 (en) * | 1988-05-19 | 1992-04-30 | Ncr Corporation | Method and device for authentication |
US5046094A (en) * | 1989-02-02 | 1991-09-03 | Kabushiki Kaisha Toshiba | Server-aided computation method and distributed information processing unit |
US5224162A (en) * | 1991-06-14 | 1993-06-29 | Nippon Telegraph And Telephone Corporation | Electronic cash system |
JP2631781B2 (ja) * | 1991-07-10 | 1997-07-16 | 日本電信電話株式会社 | 電子現金実施方法 |
US5299262A (en) * | 1992-08-13 | 1994-03-29 | The United States Of America As Represented By The United States Department Of Energy | Method for exponentiating in cryptographic systems |
US5442707A (en) * | 1992-09-28 | 1995-08-15 | Matsushita Electric Industrial Co., Ltd. | Method for generating and verifying electronic signatures and privacy communication using elliptic curves |
US5414772A (en) * | 1993-06-23 | 1995-05-09 | Gemplus Development | System for improving the digital signature algorithm |
US5604805A (en) * | 1994-02-28 | 1997-02-18 | Brands; Stefanus A. | Privacy-protected transfer of electronic information |
FR2733379B1 (fr) * | 1995-04-20 | 1997-06-20 | Gemplus Card Int | Procede de generation de signatures electroniques, notamment pour cartes a puces |
DE69704684T2 (de) | 1996-02-23 | 2004-07-15 | Fuji Xerox Co., Ltd. | Vorrichtung und Verfahren zur Authentifizierung von Zugangsrechten eines Benutzers zu Betriebsmitteln nach dem Challenge-Response-Prinzip |
IL120303A0 (en) * | 1996-03-27 | 1997-06-10 | Pfizer | Use of alpha1-adrenoreceptor antagonists in the prevention and treatment of cancer |
WO1998033159A1 (fr) * | 1997-01-28 | 1998-07-30 | Matsushita Electric Industrial Co., Ltd. | Dispositif d'identification du type a reproduction de message |
US6389136B1 (en) * | 1997-05-28 | 2002-05-14 | Adam Lucas Young | Auto-Recoverable and Auto-certifiable cryptosystems with RSA or factoring based keys |
DE69816986T2 (de) * | 1997-05-29 | 2004-07-22 | Sun Microsystems, Inc., Palo Alto | Verfahren und vorrichtung zur versiegelung und unterschrift von objekten |
US7246098B1 (en) * | 1997-07-15 | 2007-07-17 | Silverbrook Research Pty Ltd | Consumable authentication protocol and system |
JP3671611B2 (ja) * | 1997-08-05 | 2005-07-13 | 富士ゼロックス株式会社 | アクセス資格認証装置および方法 |
JP3562262B2 (ja) * | 1997-10-17 | 2004-09-08 | 富士ゼロックス株式会社 | 認証方法および装置 |
EP0917047B1 (fr) * | 1997-11-04 | 2004-10-13 | Nippon Telegraph and Telephone Corporation | Dispositif pour l'inversion modulaire à l'usage de la sécurité d'information |
US7280663B1 (en) * | 2000-05-22 | 2007-10-09 | University Of Southern California | Encryption system based on crossed inverse quasigroups |
-
2000
- 2000-01-27 EP EP00901657.7A patent/EP1145473B1/fr not_active Expired - Lifetime
- 2000-01-27 WO PCT/FR2000/000189 patent/WO2000046947A2/fr active IP Right Grant
- 2000-01-27 CN CN00804617A patent/CN1408154A/zh active Pending
- 2000-01-27 JP JP2000596696A patent/JP4772965B2/ja not_active Expired - Lifetime
- 2000-01-27 CA CA002360887A patent/CA2360887C/fr not_active Expired - Fee Related
- 2000-01-27 CN CNB008031975A patent/CN100377520C/zh not_active Expired - Lifetime
- 2000-01-27 CN CNB008047189A patent/CN1322700C/zh not_active Expired - Lifetime
- 2000-01-27 CA CA002361627A patent/CA2361627A1/fr not_active Abandoned
- 2000-01-27 AU AU22986/00A patent/AU769446C/en not_active Ceased
- 2000-01-27 CA CA002360954A patent/CA2360954A1/fr not_active Abandoned
- 2000-01-27 WO PCT/FR2000/000190 patent/WO2000045550A2/fr active IP Right Grant
- 2000-01-27 JP JP2000597914A patent/JP2003519447A/ja not_active Withdrawn
- 2000-01-27 EP EP00901656A patent/EP1145472A3/fr not_active Withdrawn
- 2000-01-27 AU AU22985/00A patent/AU769444B2/en not_active Ceased
- 2000-01-27 US US09/889,918 patent/US7386122B1/en not_active Expired - Lifetime
- 2000-01-27 US US09/869,966 patent/US7266197B1/en not_active Expired - Lifetime
- 2000-01-27 JP JP2000597915A patent/JP4772189B2/ja not_active Expired - Lifetime
- 2000-01-27 EP EP00901658.5A patent/EP1145482B1/fr not_active Expired - Lifetime
- 2000-01-27 AU AU22984/00A patent/AU769464B2/en not_active Ceased
- 2000-01-27 WO PCT/FR2000/000188 patent/WO2000046946A2/fr not_active Application Discontinuation
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0311470A1 (fr) * | 1987-09-07 | 1989-04-12 | France Telecom | Procédés et systèmes d'authentification d'accréditations ou de messages à apport nul de connaissance et de signature de messages |
EP0381523A2 (fr) * | 1989-02-02 | 1990-08-08 | Kabushiki Kaisha Toshiba | Procédé de calcul assisté par serveur et unité distribuée de traitement d'information |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1326354C (zh) * | 2001-03-12 | 2007-07-11 | 法国电信公司 | 利用瞬时模数的密码验证 |
US7822986B2 (en) | 2001-03-12 | 2010-10-26 | Louis Guillou | Cryptographic authentication with ephemeral modules |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1738517B1 (fr) | Procedes et dispositifs cryptographiques sans transfert de connaissance | |
EP1151576B1 (fr) | Procede cryptographique a cles publique et privee | |
FR2822002A1 (fr) | Authentification cryptographique par modules ephemeres | |
EP1807967B1 (fr) | Procede de delegation securisee de calcul d'une application bilineaire | |
EP0346180B1 (fr) | Dispositif de communication sécurisée de données | |
EP0878934B1 (fr) | Procédé d'identification à clé publique utilisant deux fonctions de hachage | |
WO2000046947A2 (fr) | Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message aux moyens de facteurs premiers particuliers | |
WO2003017569A1 (fr) | Procede de realisation d'une unite cryptographique pour un systeme de cryptographie asymetrique utilisant une fonction logarithme discret | |
CA2360953C (fr) | Procede d'authentification ou de signature a nombre de calculs reduit | |
EP1216537B1 (fr) | Procede, systeme, dispositif a prouver l'authenticite d'un entite ou l'integrite d'un message | |
WO2006030107A1 (fr) | Procede de traitement de donnees, entite electronique et carte a microcircuit, notamment pour dechiffrer ou signer un message de façon securisee | |
FR2747257A1 (fr) | Procede d'identification et/ou de signature | |
FR2773027A1 (fr) | Procede de signature numerique | |
EP1829279A2 (fr) | Procede et dispositif d'execution d'un calcul cryptographique | |
FR2788912A1 (fr) | Procede, systeme, dispositif destines a prouver l'authenticite d'une entite et/ou l'integrite et/ou l'authenticite d'un message aux moyens de facteurs premiers particuliers | |
EP3840282A1 (fr) | Procédé de traitement cryptographique, dispositif électronique et programme d'ordinateur associés | |
EP0743775B1 (fr) | Procédé de signature numérique à connaissance nulle, permettant d'élaborer une signature résistant aux collisions | |
EP3857810A1 (fr) | Procédé cryptographique de comparaison sécurisée de deux données secrètes x et y | |
WO2001010078A1 (fr) | Schemas de signature a base de logarithme discret avec reconstitution partielle ou totale du message | |
EP1989820A1 (fr) | Dispositif et procede de hachage cryptographique | |
EP3929726A1 (fr) | Procede de traitement cryptographique,dispositif electronique et programme d'ordinateur associes | |
KR100844546B1 (ko) | 엔티티의 진정성 또는 메시지의 무결성 검증방법, 시스템 및 장치 | |
FR2850502A1 (fr) | Procedes d'authentification numerique et de signature numerique a faible cout calculatoire et systeme signataire |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 00803197.5 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2000901657 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2360887 Country of ref document: CA Ref document number: 2360887 Country of ref document: CA Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2000 597915 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020017009493 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 22985/00 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09869966 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2000901657 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWP | Wipo information: published in national office |
Ref document number: 1020017009493 Country of ref document: KR |
|
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
WWG | Wipo information: grant in national office |
Ref document number: 22985/00 Country of ref document: AU |
|
WWG | Wipo information: grant in national office |
Ref document number: 1020017009493 Country of ref document: KR |