[go: up one dir, main page]

WO2008133521A1 - Method for signing and encrypting digital data - Google Patents

Method for signing and encrypting digital data Download PDF

Info

Publication number
WO2008133521A1
WO2008133521A1 PCT/NO2007/000149 NO2007000149W WO2008133521A1 WO 2008133521 A1 WO2008133521 A1 WO 2008133521A1 NO 2007000149 W NO2007000149 W NO 2007000149W WO 2008133521 A1 WO2008133521 A1 WO 2008133521A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
combined
ciphertext
block
hash value
Prior art date
Application number
PCT/NO2007/000149
Other languages
French (fr)
Inventor
Tønnes BREKNE
Øyvind GRINDE
Original Assignee
Conax As
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Conax As filed Critical Conax As
Priority to PCT/NO2007/000149 priority Critical patent/WO2008133521A1/en
Publication of WO2008133521A1 publication Critical patent/WO2008133521A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • Present invention relates to a method for digital signing and/or encryption of documents primarily for digital signing and/or encryption of small electronic documents such as for smart card systems, television broadcast systems, Short Message Service (SMS), Multimedia Message Service (MMS), etc.
  • SMS Short Message Service
  • MMS Multimedia Message Service
  • the objective of present invention is to overcome the problems with the prior art by combining the signature and message when signing.
  • PKI Public Key Infrastructure
  • the session key and the message are combined. This is achieved with the methods according to present invention as they are defined by the features of the claims.
  • figure 1 shows a typical communication link between two points
  • figure 2 shows how the signing process works
  • figure 3 shows how the signature verification is carried out
  • figure 4 shows how the encryption process works
  • figure 5 shows how the decryption process works.
  • a message which can be text, a picture, audio, video, software, bit stream, etc., being sent from a sender 101 to a recipient 103 is to be signed by sender 101.
  • the message 201 is passed through a hash function 204 to generate the hash value 207 as
  • the message 201 is split 203 into at least one part 205 not to be combined with the hash value, and at least one part 206 to be combined with the hash value.
  • the hash value 207 is combined 208 with the at least one part of the message 206 to obtain a full signature block 209.
  • the signature block 209 is signed 210 with the private part of the signature key 202, resulting in the signedQ block 211.
  • the at least one part of the message not combined with the hash value 205 is combined 212 with signed block 211 to obtain the signed message 213.
  • a signed message sent from a sender 101 to a recipient 103 is to be verified bys recipient 103.
  • the signed message 301 is split 303 into the at least one part of the message not in the signed block 308 and the signed block 304.
  • the signed block 304 and the public part of the signature key pair 302 are used to recover 305 the signature block 306.
  • the signature block 306 is split 307 into the at least one part of the message 309 combined with the hash value, and the hash value 310.
  • the at least one part of theQ message 308 not in the signed block is combined 311 with the at least one part 309 previously combined with the hash value, to produce the recovered message 312.
  • the recovered message 312 is passed through the hash function 313 to obtain a calculated hash 314.
  • the recovered hash 310 and the calculated hash 314 are compared 315. If they are equal, the signature verification has succeeded, and the recovered message 312 5 is output 316, if not the signature verification has failed 317.
  • a message to be sent from a sender 101 to a recipient 103 is to be encrypted by sender 101.
  • the message 401 is encrypted 404 using the session key 402, to produce0 the ciphertext 405.
  • the ciphertext 405 is split 406 into at least one part 407 not to be combined with the session key, and at least one part 408 to be combined with the session key.
  • the at least one part of the ciphertext to be combined with the session key 408, is combined 409 with the session key 402 to produce the block to be asymmetrically encrypted 410.
  • the block to be asymmetrically encrypted 410 is 5 asymmetrically encrypted 411 with the public key 403 to produce the asymmetrically encrypted block 412.
  • the at least one part of the ciphertext 407 not combined with the session key 402 is combined 413 with the asymmetrically encrypted block 412 to produce the complete ciphertext 414.
  • a ciphertext message sent from a sender 101 to a recipient 103 is to be decrypted by recipient 103.
  • a complete ciphertext 501 is split 503 into the at least one part of the ciphertext 508 not in the asymmetrically encrypted block and the asymmetrically encrypted block 504.
  • the asymmetrically encrypted block 504 is decrypted 505 using the private key 502 to recover the block 506.
  • the block 506 is split 507 into the part of the ciphertext 509 combined with the session key, and the session key 510.
  • the parts of the ciphertext 508 and 509 are combined 511 to produce the ciphertext 512.
  • the ciphertext 512 is decrypted 513 using the session key 510 resulting in the message 514.
  • the signature and encryption methods can be combined. It is possible to encrypt a message and then sign it, or to sign a message and then encrypt it. Although the advantages of present invention are most easily noticed in the context of small messages, the invention is also fully applicable to signing and encrypting long messages. As indicated above the data signed and/or encrypted need not be a message intended for transmission per se, but can be any digital data. Methods defined in present invention are not limited to using hash values, but may for example use: keyed hash values, also known as Message
  • MACs Authentication Codes
  • keys various management data related to the message or the communication it represents, auditing data, anonymization data, etc.
  • the invention seems to be particularly advantageous when signing and/or encrypting short messages that are limited to a small total length (such as 1120 bits for SMS messages).
  • Some possible embodiments are cryptographically strong signature systems and/or cryptographically strong asymmetric encryption for, but not limited to: o Short Message Service (SMS) messages, where this is not practical without present invention; o Multimedia Messaging Service (MMS) messages, where present invention saves precious transmission capacity; o DVB transport packages and similar broadcast scenarios, where present invention makes possible the use of strong signatures and asymmetric cryptography; o offline smart card payment and smart card based payment transactions in general, which is another example of a system where total message length is very limited, and where strong cryptographical security is important; o cryptographically protected networking protocols, where a moderate packet/window size is employed, so that space is saved on signed packets/transmission units

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

Method for digital signing of a document where a hash function is first applied to the document to generate the hash value, where the hash value and part of the plain text are combined before being signed. Corresponding method for verification of documents signed with said signing method. Furthermore a method for encryption of a document is described, where a symmetric key and part of the symmetrically encrypted document are combined before being encrypted with the public key of an asymmetric key pair. Corresponding method for decryption of documents encrypted with said encryption method.

Description

Method for signing and encrypting digital data
Present invention relates to a method for digital signing and/or encryption of documents primarily for digital signing and/or encryption of small electronic documents such as for smart card systems, television broadcast systems, Short Message Service (SMS), Multimedia Message Service (MMS), etc.
In the market today there exist public key cryptography schemes with message recovery, such as RSA. These schemes work well with normal written documents since the written documents, typically 100 000 bits or more in size, are comparatively much larger than the length/size of the signature generated, typically 1024 bits in size. However, with small messages, such as those used for television broadcast systems, conventional public key cryptography schemes leave very little space for the message itself. This applies to signed messages and encrypted messages, and especially to messages that are both signed and encrypted. In fact this prevents the practical use of public key cryptosystems for such short messages, such as SMS, television broadcast messages, etc.
References to known art can be found in, amongst others, "The Handbook of Applied Cryptography" by AJ. Menezes, et. al. published by CRC Press.
The objective of present invention is to overcome the problems with the prior art by combining the signature and message when signing. For encryption with Public Key Infrastructure (PKI), the session key and the message are combined. This is achieved with the methods according to present invention as they are defined by the features of the claims.
Different embodiments of present invention will be described in the following with reference to the attached drawings, where figure 1 shows a typical communication link between two points, figure 2 shows how the signing process works, figure 3 shows how the signature verification is carried out, figure 4 shows how the encryption process works and figure 5 shows how the decryption process works.
Presently and for the foreseeable future, the cryptographical hash values generated during the signing of data, as well as the session keys used to encrypt data, are much shorter than PKI based signature/encryption blocks. Present invention exploits this fact to save space, and in many instances improves security. A description of the invention is given below with reference to figures 1, 2, 3,
4 and 5. Example of Generating a Signed Message
A message, which can be text, a picture, audio, video, software, bit stream, etc., being sent from a sender 101 to a recipient 103 is to be signed by sender 101. The message 201 is passed through a hash function 204 to generate the hash value 207 as
5 with many common signature schemes. The message 201 is split 203 into at least one part 205 not to be combined with the hash value, and at least one part 206 to be combined with the hash value. The hash value 207 is combined 208 with the at least one part of the message 206 to obtain a full signature block 209. The signature block 209 is signed 210 with the private part of the signature key 202, resulting in the signedQ block 211. The at least one part of the message not combined with the hash value 205 is combined 212 with signed block 211 to obtain the signed message 213.
Example of Verification and Recovery of a Signed Message
A signed message sent from a sender 101 to a recipient 103 is to be verified bys recipient 103. The signed message 301 is split 303 into the at least one part of the message not in the signed block 308 and the signed block 304. The signed block 304 and the public part of the signature key pair 302 are used to recover 305 the signature block 306. The signature block 306 is split 307 into the at least one part of the message 309 combined with the hash value, and the hash value 310. The at least one part of theQ message 308 not in the signed block is combined 311 with the at least one part 309 previously combined with the hash value, to produce the recovered message 312. The recovered message 312 is passed through the hash function 313 to obtain a calculated hash 314. The recovered hash 310 and the calculated hash 314 are compared 315. If they are equal, the signature verification has succeeded, and the recovered message 3125 is output 316, if not the signature verification has failed 317.
Example of Generating an Asymmetrically Encrypted Message
A message to be sent from a sender 101 to a recipient 103 is to be encrypted by sender 101. The message 401 is encrypted 404 using the session key 402, to produce0 the ciphertext 405. The ciphertext 405 is split 406 into at least one part 407 not to be combined with the session key, and at least one part 408 to be combined with the session key. The at least one part of the ciphertext to be combined with the session key 408, is combined 409 with the session key 402 to produce the block to be asymmetrically encrypted 410. The block to be asymmetrically encrypted 410 is5 asymmetrically encrypted 411 with the public key 403 to produce the asymmetrically encrypted block 412. The at least one part of the ciphertext 407 not combined with the session key 402 is combined 413 with the asymmetrically encrypted block 412 to produce the complete ciphertext 414. Example of Decrypting a Ciphertext
A ciphertext message sent from a sender 101 to a recipient 103 is to be decrypted by recipient 103. A complete ciphertext 501 is split 503 into the at least one part of the ciphertext 508 not in the asymmetrically encrypted block and the asymmetrically encrypted block 504. The asymmetrically encrypted block 504 is decrypted 505 using the private key 502 to recover the block 506. The block 506 is split 507 into the part of the ciphertext 509 combined with the session key, and the session key 510. The parts of the ciphertext 508 and 509 are combined 511 to produce the ciphertext 512. The ciphertext 512 is decrypted 513 using the session key 510 resulting in the message 514.
It should be apparent to someone versed in the art, that the signature and encryption methods can be combined. It is possible to encrypt a message and then sign it, or to sign a message and then encrypt it. Although the advantages of present invention are most easily noticed in the context of small messages, the invention is also fully applicable to signing and encrypting long messages. As indicated above the data signed and/or encrypted need not be a message intended for transmission per se, but can be any digital data. Methods defined in present invention are not limited to using hash values, but may for example use: keyed hash values, also known as Message
Authentication Codes (MACs), keys, various management data related to the message or the communication it represents, auditing data, anonymization data, etc.
Furthermore, there are numerous possible embodiments for present invention.
The invention seems to be particularly advantageous when signing and/or encrypting short messages that are limited to a small total length (such as 1120 bits for SMS messages). Some possible embodiments are cryptographically strong signature systems and/or cryptographically strong asymmetric encryption for, but not limited to: o Short Message Service (SMS) messages, where this is not practical without present invention; o Multimedia Messaging Service (MMS) messages, where present invention saves precious transmission capacity; o DVB transport packages and similar broadcast scenarios, where present invention makes possible the use of strong signatures and asymmetric cryptography; o offline smart card payment and smart card based payment transactions in general, which is another example of a system where total message length is very limited, and where strong cryptographical security is important; o cryptographically protected networking protocols, where a moderate packet/window size is employed, so that space is saved on signed packets/transmission units
Finally, these methods can function with all existing public key cryptography schemes that have a signature with message recovery, such as RSA.

Claims

P a t e n t c l a i m s
1. Method for digital signing of a message (201) where a hash function
(204) is first applied to the message to generate a hash value (207), characterized in that the message (201) is split (203) into at least one part (205) not to be combined with the hash value, and at least one part (206) to be combined with the hash value (207); the at least one part of the message (206) is combined (208) with the hash value (207) to obtain a full signature block (209), which is signed (210) with the private part of a signature key pair (202).
2. Method for recovery of a message (201) signed according to the method in claim 1, characterized in that the signature block (306) is split (307) into the at least one part of the message (309) combined with the hash value, and the hash value (310); the at least one part of the message (308) not in the signature block, is combined (311) with the at least one part (309) previously combined with the hash value to obtain the recovered message (312).
3. Method for verification of a message (201) recovered according to the method in claim 2, characterized in that the recovered message (312) is passed through the hash function (313) to obtain the recalculated hash value (314); the recovered hash value (310) and the recalculated hash value (314) are compared (315), and if found equal, the signature verification succeeds (316), otherwise the signature verification fails (317).
4. Method for encrypting a message (401), where a symmetric key (402) is used to symmetrically encrypt (404) the message (401) to produce a ciphertext (405), characterized in that the ciphertext (405) is split (406) into at least one part (407) not to be combined with the session key, and at least one part (408) to be combined with the session key; the at least one part (408) of the ciphertext to be combined with the session key, is combined (409) with the session key (402) to produce the block to be asymmetrically encrypted (410) is asymmetrically encrypted (411) with the public key (403) to produce the asymmetrically encrypted block (412); the at least one part of the ciphertext (407) not combined with the session key (402) is combined (413) with the asymmetrically encrypted block (412) to produce the complete ciphertext (414).
5. Method for decrypting a message (401) encrypted according to the method in claim 3, characterized in that the complete ciphertext (501) is split (503) into the at least one part of the ciphertext (508) not in the asymmetrically encrypted block and the asymmetrically encrypted block (504); the asymmetrically encrypted block (504) is decrypted (505) using the private key (502) to recover the block (506), and the block (506) is split (507) into the part of the ciphertext (509) combined with the session key, and the session key (510); the parts of the ciphertext (508) and (509) are combined (511) to produce the ciphertext (512), and decrypted (513) using the session key (510) resulting in the message (514).
6. Method according to any of the claims above, characterized in that the message (201, 401) can be any digitally represented object or communication.
PCT/NO2007/000149 2007-04-26 2007-04-26 Method for signing and encrypting digital data WO2008133521A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/NO2007/000149 WO2008133521A1 (en) 2007-04-26 2007-04-26 Method for signing and encrypting digital data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/NO2007/000149 WO2008133521A1 (en) 2007-04-26 2007-04-26 Method for signing and encrypting digital data

Publications (1)

Publication Number Publication Date
WO2008133521A1 true WO2008133521A1 (en) 2008-11-06

Family

ID=39925881

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2007/000149 WO2008133521A1 (en) 2007-04-26 2007-04-26 Method for signing and encrypting digital data

Country Status (1)

Country Link
WO (1) WO2008133521A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103946856A (en) * 2013-09-30 2014-07-23 华为技术有限公司 Encryption and decryption processing method, device and equipment
CN103971245A (en) * 2014-01-30 2014-08-06 四川谦泰仁投资管理有限公司 Combined encryption system for commodity electronic forgery proofing
CN104052606A (en) * 2014-06-20 2014-09-17 北京邮电大学 Digital signature, signature authentication device and digital signature method
CN105848119A (en) * 2016-03-22 2016-08-10 赵莉莉 Method for providing short message reception confirmation display, mobile terminal, server and system
GB2541975A (en) * 2015-09-01 2017-03-08 Wistron Neweb Corp Data protection device and data protection method thereof
CN113595727A (en) * 2021-09-26 2021-11-02 南京慧链和信数字信息科技研究院有限公司 Key safety system based on key separate storage and hardware binding

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1083700A2 (en) * 1999-09-07 2001-03-14 Certicom Corp. Hybrid digital signature scheme
JP2005012466A (en) * 2003-06-18 2005-01-13 Denso Corp Message authentication method and system
WO2005043326A2 (en) * 2003-10-31 2005-05-12 Docomo Communications Laboratories Usa, Inc. Encryption and signature schemes using message mappings to reduce the message size
US20060078125A1 (en) * 2004-10-08 2006-04-13 Philip Cacayorin Devices and methods for implementing cryptographic scrambling

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1083700A2 (en) * 1999-09-07 2001-03-14 Certicom Corp. Hybrid digital signature scheme
JP2005012466A (en) * 2003-06-18 2005-01-13 Denso Corp Message authentication method and system
WO2005043326A2 (en) * 2003-10-31 2005-05-12 Docomo Communications Laboratories Usa, Inc. Encryption and signature schemes using message mappings to reduce the message size
US20060078125A1 (en) * 2004-10-08 2006-04-13 Philip Cacayorin Devices and methods for implementing cryptographic scrambling

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103946856A (en) * 2013-09-30 2014-07-23 华为技术有限公司 Encryption and decryption processing method, device and equipment
EP2879327A4 (en) * 2013-09-30 2015-06-03 Huawei Tech Co Ltd Encryption and decryption processing method, apparatus and device
CN103946856B (en) * 2013-09-30 2016-11-16 华为技术有限公司 Encryption and decryption processing method, device and equipment
CN103971245A (en) * 2014-01-30 2014-08-06 四川谦泰仁投资管理有限公司 Combined encryption system for commodity electronic forgery proofing
CN103971245B (en) * 2014-01-30 2017-06-27 四川谦泰仁投资管理有限公司 A kind of combined ciphering system false proof for electronic article
CN104052606A (en) * 2014-06-20 2014-09-17 北京邮电大学 Digital signature, signature authentication device and digital signature method
CN104052606B (en) * 2014-06-20 2017-05-24 北京邮电大学 Digital signature, signature authentication device and digital signature method
GB2541975A (en) * 2015-09-01 2017-03-08 Wistron Neweb Corp Data protection device and data protection method thereof
GB2541975B (en) * 2015-09-01 2019-08-28 Wistron Neweb Corp Data protection device and data protection method thereof
CN105848119A (en) * 2016-03-22 2016-08-10 赵莉莉 Method for providing short message reception confirmation display, mobile terminal, server and system
CN113595727A (en) * 2021-09-26 2021-11-02 南京慧链和信数字信息科技研究院有限公司 Key safety system based on key separate storage and hardware binding
CN113595727B (en) * 2021-09-26 2021-12-21 南京慧链和信数字信息科技研究院有限公司 Key safety system based on key separate storage and hardware binding

Similar Documents

Publication Publication Date Title
CN109743171B (en) Key series method for solving multi-party digital signature, timestamp and encryption
CA2698000C (en) Signatures with confidential message recovery
US6396926B1 (en) Scheme for fast realization of encrytion, decryption and authentication
US8688998B2 (en) Resilent cryptographic scheme
US20120096274A1 (en) Authenticated encryption for digital signatures with message recovery
US7450717B1 (en) Self authentication ciphertext chaining
US11888832B2 (en) System and method to improve user authentication for enhanced security of cryptographically protected communication sessions
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN109104271A (en) A kind of methods, devices and systems of digital signature
CN111049738B (en) E-mail data security protection method based on hybrid encryption
US20100005307A1 (en) Secure approach to send data from one system to another
WO2008133521A1 (en) Method for signing and encrypting digital data
WO2014205571A1 (en) Signature protocol
WO2013039659A1 (en) Hybrid encryption schemes
CN113837756A (en) Electronic invoice verification method and system
CN117955688A (en) Tamper-resistant network data encryption method and device
KR100323799B1 (en) Method for the provably secure elliptic curve public key cryptosystem
CN111641494A (en) Method and device for realizing global block chain
TWI242966B (en) Security transmitting method and system of digital medical information
JPS62216447A (en) Message validation communication system
JP3862397B2 (en) Information communication system
CN113014531B (en) Method for encrypting and transmitting e-mail data
CN113676329A (en) Electronic official document exchange encryption method based on ECDSA algorithm
Prakash et al. A Numerical and Security Analysis of RSA: From Classical Encryption to Post-Quantum Strategies
CN111654376A (en) Block chain anonymous data transmission method and device based on ring signature

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07747610

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07747610

Country of ref document: EP

Kind code of ref document: A1