Claims
- 1. A method of generating and verifying digital signatures comprising the steps of:
- a) selecting a birational mapping (v.sub.1, . . . , vk)=f(x.sub.1, . . . , x.sub.k) comprising k>1 rational functions v.sub.1 =f.sub.i (x.sub.1, . . . , v.sub.k);
- b) selecting first s(1.ltoreq.s<k) of fi functions and using them as a public key;
- c) maintaining inverse of f as a private key;
- d) generating a digital message M;
- e) computing v.sub.1 =h(M,i) for i=1, . . . , s where h is a publicly known cryptographic hash function;
- selecting v.sub.1 =r.sub.i for i=s+1, . . . , k where r.sub.i is a randomly chosen value;
- g) computing signature (x.sub.1, . . . , x.sub.k) using inverse of f to satisfy (v.sub.1, . . . , v.sub.k)=f(x.sub.1, . . . , x.sub.k);
- h) transmitting to a verifier the digital message M, and the signature of step f); and
- i) verifying the signature of step f) of message M by computing v.sub.1 =h(M,i) FDR i=1, . . . , s and checking that v.sub.1 =f.sub.i (x.sub.1, . . . , x.sub.k), where f.sub.1, . . . , f.sub.s is the signer's public key.
- 2. The method of claim 1 wherein the f.sub.i functions of step a) are non-linear.
- 3. The method of claim 2 wherein the equations of step a) are modulo a large public n with secret factorization.
- 4. A method of generating and verifying digital signatures comprising the steps of:
- a) selecting a set F of rational functions in k>l variables;
- b) selecting an algebraic basis G of F with the property that the representation of any f in F can be easily computed in terms of generators g.sub.i in G;
- c) selecting invertible algebraic transformations and maintaining them as a private key;
- d) transforming the easy basis G into a hard basis G";
- e) selecting a proper subset of 1.ltoreq.s<k generators g".sub.i in G as a public key;
- f) generating a digital message M;
- g) assigning to each g".sub.i with i.ltoreq.s the hashed value v.sub.1 =h(M,i) of M wherein h is a publicly known cryptographic hash function, and to each g".sub.i with i>s a random number v.sub.i =r.sub.i ;
- h) expressing each g.sub.i in the easy basis G in terms of generators g".sub.j in the hard basis using private key of step d);
- i) selecting the values x.sub.i of the easy generators of step i) as the signature X of M; and
- j) verifying the signature X by assigning the values x.sub.i from the signature to the easy generators g.sub.i, computing values v.sub.1, . . . , v.sub.s of the s hard generators g".sub.j of step f), evaluating the s hashed forms of M using h of step h) and checking that v.sub.1 =h(M,i) for all i=1, . . . , s.
- 5. The method of claim 4 wherein step c is carried out using invertible linear transformations.
- 6. The method of claim 5 wherein the computations are carried out modulo a large public n with secret factorization.
- 7. The method of claim 6 where F is the set Fd[y.sub.1, . . . ,y.sub.k ] of homogeneous polynomials of degree d in k variables, and G is a set of monomials y.sub.1.sup.e1 y.sub.2.sup.e2, . . .y.sub.k.sup.ek with e.sub.1 +e.sub.2 +. . .+e.sub.k =d such that any other monomial in Fd[y.sub.1, . . . ,y.sub.k ] can be generated by a sequence of multiplications and divisions.
- 8. The method of claim 7 where d=2 and G is either {y.sub.1 y.sub.2, . . . ,y.sub.k-1 y.sub.k,y.sub.k y.sub.1 } for odd k or {y.sub.1.sup.2, y.sub.1 y.sub.1, . . . ,y.sub.k-1 y.sub.k } for arbitrary k.
- 9. Apparatus for generating and verifying digital signatures comprising
- a) means for selecting a birational mapping (v.sub.1, . . . ,v.sub.k)=f (x.sub.1, . . . , x.sub.k) comprising k>l rational functions v.sub.1 =f.sub.i (x.sub.1, . . . ,v.sub.k);
- means for selecting first 1=.ltoreq.s<k of f.sub.i functions and using them as a public key;
- c) means for generating a digital message M;
- d) means for computing v.sub.1 =h(M,i) for i=1, . . . ,s where h is a publicly known cryptographic hash function;
- e) means for selecting v.sub.1 =ri for i=s+1, . . . , k;
- f) means for computing signature (x.sub.1, . . . ,x.sub.k) using inverse of f to satisfy (v.sub.1, . . . ,v.sub.k)=f(x.sub.1, . . . ,x.sub.k);
- g) means for transmitting to a verifier the digital message M, the public key of b) and the signature of f); and
- h) means for verifying the signature of f) of message M by computing v.sub.1 =h(M,i) for i=1, . . . , s and checking that v.sub.1 =f.sub.i (x.sub.1, . . . ,x.sub.k).
- 10. The apparatus of claim 9 wherein the fi functions of a) are non-linear.
- 11. The apparatus of claim 10 wherein the equations of a) are modulo a large public n with secret factorization.
- 12. Apparatus for generating and verifying digital signatures comprising:
- a) means for selecting a set F of rational functions in k>1 variables;
- b) means for selecting an algebraic basis G of F with the property that the representation of any f in F can be easily computed in terms of generators g.sub.i in G;
- c) means for selecting invertible algebraic transformation and maintaining them as a private key;
- d) means for transforming the easy basis G into a hard basis G";
- e) means for selecting a proper subset of 5 generators g".sub.i in G as a public key;
- f) means for generating a digital message M;
- g) means for assigning to each g".sub.i with i.ltoreq.s the hashed value v.sub.i =h(M,i) of M wherein h is a publicly known cryptographic hash function, and to each g".sub.i with i>s a random number v.sub.i =n.sub.i ;
- h) means for expressing each g.sub.i in the easy basis G in terms of generators g".sub.j in the hard basis using the private key of d);
- i) means for selecting the values x.sub.i of the easy generators of i) as signature X of M; and
- j) means for verifying the signature X by assigning the values x.sub.i from the signature to the easy generators g.sub.i, computing v.sub.1, . . . ,v.sub.s of the S hard generators g".sub.j of f), evaluating the S hashed forms of M using h of step h) and checking that v.sub.1 =h (M,i) for all i=1. . . , s.
- 13. Apparatus of claim 12 wherein the means of c) or d) carries out its function using invertible linear transformations.
- 14. Apparatus of claim 13 wherein the computations are carried out modulo a large public n with secret factorization.
Parent Case Info
This application is a continuation-in-part of application Ser. No. 07/974,751 filed Nov. 13, 1992 entitled "A Fast Signature Scheme Based On Sequentially Linearized Equations," now U.S. Pat. No. 5,263,085.
US Referenced Citations (5)
Continuation in Parts (1)
|
Number |
Date |
Country |
Parent |
974751 |
Nov 1992 |
|