METHOD FOR GENERATING A MESSAGE SIGNATURE FROM A DIGITAL SIGNATURE TOKEN USING A HOMOMORPHIC ENCRYPT

专利摘要:
The invention relates to a method for generating a signature of a message intended to be validated by a verification server, a client device being configured to hold a private key and a corresponding public key and comprising steps of: ) previously offline by a hardware security module of a signature token resulting from an encryption using a homomorphic encryption function, - storing (104) said signature token; generating (105) said signature of said encrypted message using said homomorphic encryption function from the result of the encryption by said homomorphic encryption function of the private key stored by the client device, the signature token and said message said signature being intended to be validated by said verification server using said public key.
公开号:FR3035986A1
申请号:FR1554077
申请日:2015-05-06
公开日:2016-11-11
发明作者:Herve Chabanne；Constance Morel；Olivier Clemot；Julien Bringer
申请人:Morpho SA；
IPC主号:

专利说明:

[0001] FIELD OF THE INVENTION The present invention relates generally to generating a digital signature of a message.
[0002] The invention more specifically relates to a token signing method based on a digital signature algorithm. STATE OF THE ART Numerous digital signature methods are commonly used in cryptography to generate, for a digital message, a signature guaranteeing the identity of the issuer of this message. In order to guarantee a high level of security, these methods may comprise complex operations requiring a large calculation capacity. Such computational power requirement can be problematic when implementing such signature methods for real-time message signing, particularly when these methods are implemented on systems with reduced resources, such as 'a smart card.
[0003] In order to reduce the amount of calculations to be carried out during the signature, signature methods making it possible to carry out part of these calculations in advance have been developed. In this category of signature processes, the token or coupon signatures provide for the calculation, prior to the signature of a message, of a token independent of this message, the storage of this token, and its reuse during the signature. of a message to calculate said signature. Such signature methods make it possible to deport the heavier calculations upstream of the signature and to limit the computing power requirements to a minimum during the generation of the signature itself. An example of such a token signature process is set forth in Benoit Chevallier-Mames, ACNS 2005, Volume 3531, Lecture Notes in Computer Science, pages 513-528. . Springer-Verlag, 2005.
[0004] Among the many existing signature methods, certain methods requiring heavy calculations during the signature are the methods based on the algorithm DSA ("Digital Signature Algorithm") or the ECDSA algorithm ("Elliptic Curve Digital Signature Algorithm"). ") Based on elliptic curves. At each signature of a message, the methods based on these algorithms respectively include calculating an exponentiation gk with k random integer or coordinates of a point of an elliptic curve by multiplying a generator G of an elliptic curve by a random integer k. Such calculations are very expensive operations, particularly for a thin client such as a smart card. Unfortunately, such a calculation can not be safely predicted, as in the case of a token signature. Indeed, in the case of prior calculation and storage of a pair (k, k * G) or (k, r) with r function of gk, if a hacker was able to take cognizance of such values and a generated signature from these according to the DSA or ECDSA algorithm, he could obtain information on the signer's private key. This hacker could then fraudulently sign messages on behalf of the signatory. There is therefore a need for a signature method making it possible to anticipate the most expensive calculations prior to the signature of a message, such as the determination of an elliptic curve point, without jeopardizing the safety of the mechanism of signature.
[0005] SUMMARY OF THE INVENTION To this end, the present invention thus relates in a first aspect to a method of generating a signature of a message to be validated by a server verifier, a client device being configured to hold a private key and a corresponding public key, said method being characterized in that it comprises steps of: 3035986 3 -calculation previously off-line by a hardware security module of a signature token resulting from an encryption at the using a homomorphic encryption function, - storing said signature token; 5 - generating said signature of said encrypted message using said homomorphic encryption function from the result of the encryption by said homomorphic encryption function of the private key stored by the client device, the signature token and said message, said signature being intended to be validated by said server verification using said public key.
[0006] The heavy steps of the calculation of the signature can thus be carried out in advance, without compromising security by encrypting the token used to store the result of these calculations. The calculation of the signature may also be delegated by the client device to another device without the latter needing to know either the message to be signed, the deciphered token or the client's private key so as not to put endanger the security of the signature mechanism. In the case of an implementation according to the ECDSA protocol, the public key Q and the private key d can check Q = d * G, G being a point of an elliptic curve of order n a prime integer, and the method of generating a signature according to the first aspect may also include the previously offline implementation by said hardware security module of the steps of: - generating an integer random k belonging to [1; n-1]; calculating the intermediate integer abscissa of the point of the elliptic curve k * G modulo 25 n; said signature token comprising a first signature token portion generated by encrypting the calculated integer integer using said homomorphic encryption function and a second signature token portion generated by encrypting the inverse of the random token. using said homomorphic encryption function. In the case of an implementation according to the DSA protocol, the public key (p, q, g, y) and the private key d such that 0 <d <q satisfy y = gd mod p, where q is a number 3035986 4 first, p being a prime number satisfying (p-1) is a multiple of q, g = mod p with h a random integer satisfying 1 <h <p-1 and g different from 1, and the generating method of a signature according to the first aspect may also include the previously offline implementation by said hardware security module of the steps of: - generating an integer random k belonging to [1; q-1]; - calculating the intermediate integer r = (gk mod p) mod q; said signature token comprising a first signature token portion generated by encrypting the calculated integer integer using said homomorphic encryption function and a second signature token portion generated by encrypting the inverse of the random token; using said homomorphic encryption function. In a first embodiment, the signature of the encrypted message m by means of said homomorphic encryption function (p may comprise a first encrypted signature part using said homomorphic encryption function and generated at the same time. using the formula: (p (s) = (p ((1 / k) * (z + dr)) and a second signature part encrypted using said homomorphic cipher function equal to (p (r ), with 1 / k the inverse of the hazard, z a function of the message m, 20 d the private key stored by the client device, r the calculated integer and (p the homomorphic encryption function. delegate the calculation of the first signature part directly in encrypted form only from (p (d), the message and the encrypted token without decrypting the elements used for its calculation, the client device thus has to calculate only ( p (d) at least thus further reducing the cost of generating the sign In a second embodiment, the signature token may further comprise the result of the encryption by said homomorphic encryption function of the product of the intermediate integer calculated with the inverse of the hazard. . In this second embodiment, the signature of the encrypted message m using said homomorphic encryption function may comprise a first encrypted signature portion using said homomorphic encryption function and generated at the same time. using the formula: (p (s) = (p ((1 / k) .z + d. (r.1 / k)) and a second encrypted signature part using said homomorphic encryption function equal at (p (r), with 1 / k the inverse of the hazard, z the function of the message m, 5 d the private key stored by the client device, r the calculated integer, r.1 / k the product of the intermediate integer calculated with the inverse of the random and cp the homomorphic ciphering function, the signature can thus be computed without having to calculate a homomorphic multiplication of order 2, thus further reducing the generation cost of the According to a second aspect, the present invention relates to a program product of computer comprising program code instructions for performing the steps of the method according to the first aspect when said program is executed on a computer. According to a third aspect, the present invention relates to a system for generating a signature of a message intended to be validated by a verifier server, a client device being configured to hold a private key and a corresponding public key, said system comprising: a security hardware module configured to previously calculate offline a signature token resulting from an encryption using a homomorphic encryption function, a storage device of said signature token, an intermediate server or said security hardware module configured to generate said signature of said encrypted message using said homomorphic encryption function from the result of the encryption by said homomorphic encryption function of the private key stored by the client device, the signature and said message, a verification server configured to validate said signatur e using said public key.
[0007] Such computer program products and signature generation systems have the same advantages as those evoked for the method according to the first aspect.
[0008] DESCRIPTION OF THE FIGURES Other features and advantages will become apparent from the description which follows, which is purely illustrative and nonlimiting, and should be read with reference to the appended figures, in which: FIG. 1 schematically illustrates material means in a control system. signature generation according to one embodiment of the invention; FIG. 2 illustrates a flow chart representing an implementation of a method for generating a signature of a message according to the invention. DETAILED DESCRIPTION OF AT LEAST ONE EMBODIMENT One embodiment relates to a method of generating a signature of a message m implemented by a signature generation system 1 illustrated in FIG. signature generation may comprise a client device 2 requiring the generation of the signature for a message m to sign and a server 3 to validate the signature of said message m.
[0009] Such a signature generation system further comprises a security hardware module 4 intended to implement in a secure manner steps of the calculation of the signature, particularly the expensive steps that can be implemented independently of the message m. These calculations can then be made in advance, upstream of the generation of the signature for the client device.
[0010] Such a security hardware module may be a HSM ("Hardware Security Module") or a smart card or any other secure device provided with processing means such as a secure computer for example a computer isolated from the outside world. Such a security hardware module 4 may comprise a random number generator 5 and a computer 6 and be configured to be connected to the client device. The client device 2 does not necessarily include large calculation means for the implementation of the signature generation steps which are not devolved to the security hardware module 4. The signature generation system can then also include a intermediate server 7 configured to be connected to the security hardware module 4, and to which it can delegate calculation steps. Such a connection may be local or remote, via a communication network such as an Ethernet network or the Internet. The client device 2 is configured to hold a private key and the corresponding public key. The method proposes to make the security hardware module perform the 15 expensive steps that can be implemented independently of the message m in advance, that is to say before its knowledge (offline) and to store the result of these calculations. in the form of a token. In order to guarantee the security of the signature mechanism during the reuse of this token to calculate a signature for the message m, the invention proposes to keep this token in encrypted form. In order to prevent an attacker from becoming aware of this token, without requiring expensive decryption calculations when calculating the signature, the token can be encrypted using a homomorphic function. Such a function makes it possible to calculate on the fly (online) an encrypted signature from the encrypted token without having to decipher it. The calculation of such a signature can thus also be delegated by the client device to another device without compromising the security of the signature process. The signature generation system may also include a storage device 8 for storing the token. Such a storage device may be integrated with the security hardware module or independent and connected to the other 30 elements of the signature generation system through a communication network. An implementation of the method for generating a signature of a message m can thus comprise, as illustrated in FIG. 2, the steps of: 3035986 8 -calculation 103 previously offline by the security hardware module 4 of a signature token (q) (r), (p (1 / k)) result of an encryption using a homomorphic cp function, - storage 104 of said signature token (p (r), (p (1 / k); 5 - generation 105 of said signature (r, $) of said encrypted message m using said homomorphic encryption function (q) (r), (p (s)) from the result of the encryption by said homomorphic encryption function of the private key stored by the client device, the signature token (q) (r), (p (1 / k)) and said message m, said signature being intended to be validated by said verification server; 3 using said public key This signature generation step can be performed by the security hardware module 4 or the server i The signature calculation is thus delegated to the security hardware module or to this intermediate server, which makes it possible to reduce the costs of the calculations performed by the client device.
[0011] In addition, by the homomorphism property of the homomorphic encryption, the intermediate server can calculate the signature without performing any decryption and therefore did not need to be sure not to jeopardize the security of the signature. As a reminder, such a homomorphic function cp is a function such that, for a masking operation M such as the multiplication by a mask datum a, there exists an operation 0, such as the exponentiation by a, such that 0 (p ( x)) = p (M (x)), i.e. (q) (x)) Aa = p (x * a). Such a function can also be homomorphic between two operations Op1 and 0p2 if performing the operation 0p2 on (q) (x), (p (y)) makes it possible to obtain cp (x Op1 y). Next, "homomorphic multiplication of order 1" will be understood to mean a multiplication effected between two ciphers which have not undergone any multiplication before and by "homomorphic multiplication of order 2" a multiplication effected between a cipher having already undergone a multiplication and a cipher having already undergone at most a multiplication. A pair of asymmetric encryption keys (pkg), sk (p) dedicated to the implementation of the homomorphic encryption algorithm cp may be previously generated, for example by the hardware security module, by another hardware module of security, by the client device or by the verification server which then has the private key sk (p The public key pkg) is shared with the other elements of the signature generation system 1. Such an algorithm may for example be 3035986 9 Paillier algorithm according to the following reference: Pascal Paillier, Public-key cryptosystems based on composite degree residuosity classes, EUROCRYPT 1999, 223-238. This reference proposes an additively homomorphic schema. This can be transformed into a homomorphic scheme that can evaluate polynomials of degree 2 by applying a method such as the method of Catalano and Fiore presented in the article Boosting linearly-homomorphic encryption to evaluate degree-2 functions on enctypted data , Cryptology ePrint Archive, 2014, p813. Such a homomorphic encryption algorithm may also be an algorithm making it possible to perform a limited number of additions and multiplications on the 10 encrypted, namely an algorithm called "somewhat homomorphic encryption" (SHE). Such algorithms are presented in the article by Zvika Brakerski and Vinod Vaikuntanathan entitled "Fully Homomorphic Encryption from Ring-LVVE and Security for Key Dependent Messages" and the article by Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan entitled "(Leveled) fully homomorphic encryption without bootstrapping "In ITCS, pages 309-325,2012. The security hardware module 4 may have the private key of said asymmetric encryption key pair skcp in order to decrypt the signature tokens. It can also generate the private key skcp, transmit it to the server verifier 3 and not keep it after this transmission. On the other hand, the intermediate server does not have this private key, as it is not considered safe. The signature may for example be a signature generated according to the DSA ("Digital Signature Algorithm") protocol or the ECDSA ("Elliptic Curve Digital Signature Algorithm") protocol detailed below.
[0012] An implementation of the signature generation method according to the invention may comprise in more detail the steps described in the paragraphs below with reference to FIG. 2. In the case of an implementation according to the DSA protocol the public key 30 (p, q, g, y) and the private key d such that 0 <d <q can check y = gd mod p with q a prime number, p a prime number satisfying (p-1) is a multiple of q, g = mod p, h being a random integer satisfying 1 <h <p-1 and g being different from 1. In the case of an implementation according to the ECDSA protocol, the public key Q and the private key d selected randomly in [1; n-1] with n integer prime 3035986 10 can check Q = d * G, G being a point of an elliptic curve of order n. By way of example, n may be equal to 256 bits for a security of 128 bits. During a random generation step 101, the random number generator 5 of the security hardware module 4 can previously generate offline a random integer k belonging to [1; n-1] in an implementation mode. according to the ECDSA protocol and belonging to [1; q-1] in an implementation mode according to the DSA protocol.
[0013] Then, in the case of an implementation according to the DSA or ECDSA protocol, the computer 6 of the security hardware module 4 can respectively calculate, during an integer calculation step 102, the intermediate integer r = ( gk mod p) mod q or else a point of the elliptic curve by calculating k * G (multiplication of the point G of the elliptic curve by the scalar k) then the intermediate integer r corresponding to the abscissa of this point modulo n . A signature token is then calculated offline, that is to say well before the knowledge of the message m by the computer 6 of the security hardware module 4 during a signature token calculation step 103 and stored in the storage device 8 during a signature token storing step 104. Such token may be the result of encryption using the homomorphic encryption function (eg, such a signature token is stored). in a secure manner and allows the subsequent online generation of the signature of the message m intended to be validated by the verification server by means of the public key Q or (p, q, g, y). The calculation of the security hardware module in a previous off-line step significantly reduces the cost of generating a signature for the client device, and thus calculates a signature for a particular message much more quickly. Randomization 101, point calculation 102 and signature token calculation 103 may be repeated to generate in advance and store a multitude of ready-to-use encrypted tokens for calculating a number of tokens. signature.
[0014] The stored signature token is then transmitted, if necessary, to the device to which the client device delegates the generation of the signature for the message m, that is to say to the intermediate server 7 or to the hardware security module 4. client 2 sends to intermediate server 7 or security hardware module 4 the result (p (d) of encryption by said homomorphic encryption function cp of the private key stored in. The client device may also transmit the result (p (z ) of the encryption by said homomorphic cipher function cp of an element z function of the message m.
[0015] The element z which is a function of the message m used for the calculation of the signature can be the result of the application of a hash function to the message m such that SHA-2, in particular in order to obtain for the signature a datum of message z of fixed size chosen, regardless of the length of the message m. Alternatively, the client device can directly transmit the message 15 m. The intermediate server or the security hardware module can then calculate therefrom the element z and the encrypted value (p (z)) Alternatively, the client device may not hold the message M. The intermediate server or the module The security hardware can then itself obtain the message m from an external entity and calculate therefrom the element z and the encryption (p (z). The intermediate server 7 or the hardware module of security 4 generates at a signature generation step 105 said signature (r, $) of said encrypted message m using said homomorphic encryption function (q) (r), (p (s)) from 25 the result (p (d) of the encryption by said homomorphic encryption function of the private key d stored by the client device, the signature token (q) (r), (p (1 / k)) and the result (p (z) encryption by said homomorphic encryption function of the element z function of the message m received In a first embodiment, this signature token may include a first signature token portion. Such a first signature token portion (p (r) may be generated by encrypting the calculated intermediate integer (r) using said homomorphic cipher function (eg, it may include a second token portion of signature (p (1 / k) generated by encrypting the inverse of the hazard 1 / k using said homomorphic encryption function (p In this embodiment, the signature of the encrypted message m using said homomorphic encryption function may comprise a first encrypted signature portion using said homomorphic encryption function and generated using the formula: (p (s) = (p ((1 / k) * (z + dr)) and a second encrypted signature part using said homomorphic encryption function equal to (p (r) with 1 / k the inverse of the random, z function of the message m, d the private key stored by the client device, r the calculated intermediate integer and cp the function of homomorphic encryption Thanks to the homomorphic property of the function cp, the first encrypted signature part (p (s) can be calculated from the encrypted token (p (1 / k), (p (r), of the private key encrypted (p (d) and encrypted message (p (z) without having to decipher any of these elements.
[0016] In a second embodiment, the signature token further comprises the result (p (r.1 / k) of the encryption by said homomorphic encryption function of the product of the intermediate integer calculated with the inverse of the At the signature generation step 105, the first encrypted signature portion 20 (p (s) can then be generated using the formula: (p (s) = (p ( (1 / k) .z + d. (R.1 / k)) The only homomorphic operations on the multiplication to be calculated are then the computation of (p ((1 / k) .z) from (p (1 / k) and (p (z) and the computation of (p (d. (r.1 / k)) from (p (d) and (p (r.1 / k). The calculation of the signature therefore requires only homomorphic multiplications of order 1 and is then lighter than in the previous embodiment in which it is necessary to calculate a first multiplication of order 1, for example (p (dr) from of (p (d) and (p (r), then a second order multiplication, for example (p (1 / k.d.r) from (p (1 / k) and the result of the computation of (p (d.r).
[0017] In both embodiments, the signature is thus obtained in encrypted form (p (r), (p (s)) It can be transmitted to the client device 2 and / or the security hardware module 4 and stored by the latter in encrypted form, alternatively the signature can be decrypted before storage, provided that the device performing this decryption is aware of the private key of the homomorphic encryption skcp making it possible to decrypt the encrypted elements. , the signature can be decrypted only during its verification, for example before transmission to the server verification.
[0018] In the case of an implementation according to the DSA or ECDSA algorithm, such a verification can be implemented by the verification server in accordance with the standard DSA or EDCSA algorithm of the state of the art. In all implementation modes, once the token has been generated, the 10 elements used for its generation (k, 1 / k, k * G, r, r.1 / k) can be erased in order to limit the risks piracy. For security reasons the generated token can also be used only once for the generation of a signature. Calculations constituting the heaviest steps of the calculation of a signature can thus be performed offline in advance, without jeopardizing the security of the signature mechanism by means of the token encryption. The use of a homomorphic function makes it possible to limit the cost of computing a signature by a client device by making it possible to delegate calculations in encrypted form.

权利要求:
Claims (8)
[0001]
REVENDICATIONS1. A method of generating a signature of a message (m) to be validated by a verification server (3), a client device (2) configured to hold a private key (d) and a public key (Q, (p, q, g, y)), said method being characterized in that it comprises steps of: -calculation (103) previously offline by a security hardware module (4) of a signature token ( q) (r), (p (1 / k)) result of an encryption using a homomorphic encryption function ((p), - storage (104) of said signature token (q) (r) , (p (1 / k)); - generating (105) said signature (r, $) of said encrypted message (m) using said homomorphic ciphering function (q) (r), (p (s) )) from the result (q) (d)) of the encryption by said homomorphic encryption function of the private key stored by the client device (d), the signature token (q) (r), (p (1) k)) and said message (m), said signature being intended to be v alidée by said server verifier (3) using said public key (Q, (p, q, g, y)).
[0002]
2. A method of generating a signature according to the preceding claim wherein the public key Q and the private key d satisfy Q = d * G, G being a point of an elliptic curve of order n a prime integer, in which said security hardware module also implements previously offline steps of: - generation (101) of a random integer k belonging to [1; n-1]; calculating (102) the intermediate integer (r) abscissa of the point of the elliptic curve k * G modulo n; and wherein said signature token comprises a first signature token portion (q) (r)) generated by encrypting the calculated intermediate integer (r) using said homomorphic ciphering function ((p) and a second A signature token portion (p (1 / k)) generated by encrypting the inverse of the hazard (1 / k) using said homomorphic cipher function 5
[0003]
3. A method of generating a signature according to claim 1 wherein the public key (p, q, g, y) and the private key d such that 0 <d <q satisfy y = gd mod p, q being a number first, p being a prime number satisfying (p-1) is a multiple of q, g = 1-1 mod p with h a random integer satisfying 1 <h <p-1 and g different from 1, 10 in which said module security hardware also implements previously offline steps of: - generation (101) of a random integer k belonging to [1; q-1]; calculating (102) the intermediate integer r = (gk mod p) mod q; and wherein said signature token comprises a first signature token portion (q) (r)) generated by encrypting the calculated intermediate integer (r) with said homomorphic cipher function ((p) and a second signature token portion (p (1 / k)) generated by encrypting the inverse of the hazard (1 / k) using said homomorphic cipher function 20
[0004]
4. A method of generating a signature according to one of claims 2 or 3, wherein the signature of the message m encrypted using said homomorphic encryption function comprises a first encrypted signature portion using said homomorphic encryption function and generated using the formula: (p (s) = (p ((1 / k) * (z + dr)) and a second signature part encrypted using said function homomorphic encryption equal to (p (r), with 1 / k the inverse of the hazard, z the function of the message m, d the private key stored by the client device, r the calculated integer and cp the function of homomorphic encryption 30
[0005]
5. A method of generating a signature according to one of claims 2 or 3 wherein the signature token further comprises the result (q) (r.1 / k)) of the encryption by said homomorphic encryption function of the product of the calculated integer (r) with the inverse of the hazard (1 / k). 3035986 16
[0006]
A method of generating a signature according to the preceding claim, wherein the signature of the encrypted message m using said homomorphic encryption function comprises a first encrypted signature portion using said homomorphic encryption function. and generated using the formula: (p (s) = (p ((1 / k) .z + d. (r.1 / k)) and a second encrypted signature part using said homomorphic encryption function equal to (p (r), with 1 / k the inverse of the hazard, z a function of the message m, d the private key stored by the client device, r the calculated integer, r. 1 / k the product of the intermediate integer calculated with the inverse of the random and cp the homomorphic cipher function.
[0007]
A computer program product comprising program code instructions for executing the steps of the method according to any one of the preceding claims when said program is run on a computer.
[0008]
8. System (1) for generating a signature of a message (m) intended to be validated by a verification server (3), a client device (2) being configured to hold a private key (d) and a corresponding public key (Q, (p, q, g, y)), said system comprising: a security hardware module (4) configured to previously calculate offline a signature token (q) (r), (p ( 1 / k)) result of an encryption using a homomorphic encryption function ((p), - a storage device (8) of said signature token (q) (r), (p (1) / k)), an intermediate server (7) or said security hardware module (4) configured to generate said signature (r, $) of said encrypted message (m) using said homomorphic encryption function (q) (r), (p (s)) from the result (q) (d)) of the encryption by said homomorphic encryption function (p) of the private key stored by the client device (d), the token of signature (q) (r), (p (1 / k) ) and said message (m), a verification server (3) configured to validate said signature using said public key (Q, (p, q, g, y)).

类似技术:

---

公开号 | 公开日 | 专利标题

---

EP3091689B1|2018-03-21|Method for generating a message signature from a signature token encrypted by means of an homomorphic encryption function

---

Parmar et al.2014|Survey of various homomorphic encryption algorithms and schemes

---

EP3010177B1|2018-07-25|Method for authenticating a client device with a server using a secret element

---

CN108667625B|2021-09-24|Digital signature method of cooperative SM2

---

US20050089173A1|2005-04-28|Trusted authority for identifier-based cryptography

---

WO1998007253A1|1998-02-19|Accelerating public-key cryptography by precomputing randomly generated pairs

---

US8681986B2|2014-03-25|Single-round password-based key exchange protocols

---

WO1998007253A9|1998-07-23|Accelerating public-key cryptography by precomputing randomly generated pairs

---

Mallouli et al.2019|A survey on cryptography: comparative study between RSA vs ECC Algorithms, and RSA vs El-Gamal algorithms

---

FR2788650A1|2000-07-21|PUBLIC AND PRIVATE KEY CRYPTOGRAPHIC PROCESS

---

Malina et al.2015|Privacy-preserving security solution for cloud services

---

US10615961B2|2020-04-07|Method and encryption node for encrypting message

---

US10511434B2|2019-12-17|Method and encryption node for encrypting message

---

Rabah2005|Elliptic curve elgamal encryption and signature schemes

---

Sharma et al.2013|Security architecture of cloud computing based on elliptic curve cryptography |

---

Zhao et al.2011|Secret sharing in the encrypted domain with secure comparison

---

EP2587716A1|2013-05-01|Method for cryptographic signing of messages, signature verification method and corresponding signing and verification devices

---

Paillier et al.1999|Self-escrowed public-key infrastructures

---

WO2006010692A2|2006-02-02|Method for protecting a public key algorithm in an electronic component

---

CN113254985B|2021-12-21|Data encryption method, data processing method, data decryption method and electronic equipment

---

US20210336771A1|2021-10-28|Adaptive attack resistant distributed symmetric encryption

---

Frolov2013|Effective Oblivious Transfer Using a Probabilistic Encryption

---

WO2021222272A1|2021-11-04|Adaptive attack resistant distributed symmetric encryption

---

Shin et al.2021|A Verifier-Based Password-Authenticated Key Exchange Using Tamper-Proof Hardware

---

Chouhan et al.2017|Security Based Issues in View of Cloud Based Storage System

同族专利:

---

公开号 | 公开日

---

US20160344557A1|2016-11-24|

---

US10326598B2|2019-06-18|

---

EP3091689B1|2018-03-21|

---

EP3091689A1|2016-11-09|

---

FR3035986B1|2018-07-27|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

EP0807908A2|1996-04-16|1997-11-19|Certicom Corp.|Digital signatures on a smartcard|

---

US8667288B2|2012-05-29|2014-03-04|Robert Bosch Gmbh|System and method for message verification in broadcast and multicast networks|

---

CN103427997B|2013-08-16|2016-06-22|西安西电捷通无线网络通信股份有限公司|A kind of method generating digital signature and device|

---

JP6459658B2|2015-03-10|2019-01-30|富士通株式会社|Cryptographic processing apparatus, cryptographic processing method, and cryptographic processing program|US10700870B2|2015-09-22|2020-06-30|Veridify Security Inc.|Signature generation and verification system|

---

NL1041549B1|2015-10-28|2017-05-24|Quiver B V|A method, system, server, client and application for sharing digital content between communication devices within an internet network.|

---

US10333715B2|2016-11-14|2019-06-25|International Business Machines Corporation|Providing computation services with privacy|

---

US10693627B2|2017-01-20|2020-06-23|Enveil, Inc.|Systems and methods for efficient fixed-base multi-precision exponentiation|

---

US11196541B2|2017-01-20|2021-12-07|Enveil, Inc.|Secure machine learning analytics using homomorphic encryption|

---

US20180212753A1|2017-01-20|2018-07-26|Enveil, Inc.|End-To-End Secure Operations Using a Query Vector|

---

US10771237B2|2017-01-20|2020-09-08|Enveil, Inc.|Secure analytics using an encrypted analytics matrix|

---

US10341098B2|2017-01-24|2019-07-02|Nxp B.V.|Method of generating cryptographic key pairs|

---

US10530585B2|2017-06-07|2020-01-07|Bar-Ilan University|Digital signing by utilizing multiple distinct signing keys, distributed between two parties|

---

CN107911217B|2017-10-30|2021-02-26|陈彦丰|Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system|

---

US11032061B2|2018-04-27|2021-06-08|Microsoft Technology Licensing, Llc|Enabling constant plaintext space in bootstrapping in fully homomorphic encryption|

---

CN110661610B|2018-06-29|2020-11-03|创新先进技术有限公司|Input acquisition method and device of secure multi-party computing protocol|

---

CN109639409B|2018-09-20|2021-05-04|创新先进技术有限公司|Key initialization method, key initialization device, electronic equipment and computer-readable storage medium|

---

US10902133B2|2018-10-25|2021-01-26|Enveil, Inc.|Computational operations in enclave computing environments|

---

US10817262B2|2018-11-08|2020-10-27|Enveil, Inc.|Reduced and pipelined hardware architecture for Montgomery Modular Multiplication|

---

US11108567B2|2019-02-15|2021-08-31|International Business Machines Corporation|Compute digital signature authentication verify instruction|

---

US11075763B2|2019-02-15|2021-07-27|International Business Machines Corporation|Compute digital signature authentication sign with encrypted key instruction|

---

US11184149B2|2019-02-19|2021-11-23|International Business Machines Corporation|Computing range queries over encrypted data|

---

US10985904B2|2019-06-18|2021-04-20|International Business Machines Corporation|Compressible HE with applications to PIR|

法律状态:
2016-04-21| PLFP| Fee payment|Year of fee payment: 2 |

---

2016-11-11| PLSC| Search report ready|Effective date: 20161111 |

---

2017-04-21| PLFP| Fee payment|Year of fee payment: 3 |

---

2018-04-23| PLFP| Fee payment|Year of fee payment: 4 |

---

2019-04-19| PLFP| Fee payment|Year of fee payment: 5 |

---

2020-04-22| PLFP| Fee payment|Year of fee payment: 6 |

---

2021-04-21| PLFP| Fee payment|Year of fee payment: 7 |

优先权:

---

申请号 | 申请日 | 专利标题

---

FR1554077A|FR3035986B1|2015-05-06|2015-05-06|METHOD FOR GENERATING A MESSAGE SIGNATURE FROM A DIGITAL SIGNATURE TOKEN USING A HOMOMORPHIC ENCRYPTION FUNCTION|

---

FR1554077|2015-05-06|FR1554077A| FR3035986B1|2015-05-06|2015-05-06|METHOD FOR GENERATING A MESSAGE SIGNATURE FROM A DIGITAL SIGNATURE TOKEN USING A HOMOMORPHIC ENCRYPTION FUNCTION|

---

US15/144,636| US10326598B2|2015-05-06|2016-05-02|Method for generating a message signature from a signature token encrypted by means of a homomorphic encryption function|

---

EP16168407.1A| EP3091689B1|2015-05-06|2016-05-04|Method for generating a message signature from a signature token encrypted by means of an homomorphic encryption function|