Cryptography – Key management – Key distribution
Patent
1997-12-05
2000-11-14
Laufer, Pinchus M.
Cryptography
Key management
Key distribution
380 30, 705 69, 713156, 713180, H04L 930
Patent
active
061480843
DESCRIPTION:
BRIEF SUMMARY
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to cryptographic techniques, and more particularly to systems for issuing and showing of DSA-like secret-key certificates that can be blinded only restrictively.
2. Description of the Prior Art
Secret-key certificate systems are described and claimed in U.S. Pat. No. 5,606,617, issued on Feb. 25, 1997, to the present applicant. Triples consisting of a secret key, a corresponding public key and a secret-key certificate on the public key can only be obtained by engaging in a certificate issuing protocol with a Certification Authority. The difference with the technique of public-key certificates, well-known in the art, is that pairs consisting of a public key and a secret-key certificate on the public key can be generated by anyone without the assistance of the Certification Authority.
Mechanisms for transporting digital signatures often require a Certification Authority of issue triples, consisting of a secret key, a matching public key, and a certificate of the Certification Authority on the public key. Of particular interest for privacy-protecting mechanisms for signature transport are so-called restrictive blind certificate issuing protocols, in which the receiver can blind the issued public key and the certificate, but not a predetermined non-trivial predicate of the secret key ("non-trivial" meaning that the predicate is at least one bit of information); this part of the secret key is invariant under any blinding operations that can feasibly be applied by the receiver, and hence the Certification Authority can encode information into it that cannot be altered. Restrictive blind certificate issuing protocols, and methods for applying them to privacy-protecting mechanisms for value transfer such as in particular off-line electronic cash, are described and claimed in U.S. Pat. No. 5,522,980 issued May 28, 1996, to the present applicant.
U.S. Pat. No. 5,521,980, issued May 29, 1996, and U.S. Pat. No. 5,606,617, issued Feb. 27, 1992, describe and claim restrictive blind certificate issuing protocols for secret-key certificates based on the Discrete Logarithm problem as well as on the RSA problem, both of which are believed in the art to be intractable. In particular the security of the described secret-key certificates and restrictive blind issuing protocols relies on the security of Schnorr digital signatures (see: Schnorr, C., "Efficient Signature Generation by Smart Cards," Journal of Cryptology, Vol. 4, No. 3, 1991, pp. 161-174), on the security of Guillou-Quisquater digital signatures (see: Guillou, L. and Quisquater, J., "A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory," Lecture Notes in Computer Science 330, Proceedings of Eurocrypt '88, Springer-Verlag 1989, pp. 123-128), or on the security of other digital signatures with similar characteristics, commonly referred to in the art as Fiat-Shamir type digital signatures.
Most of the secret-key certificate issuing protocols described in U.S. Pat. No. 5,521,980, issued May 18, 1996, and U.S. Pat. No. 5,606,617, issued Feb. 25, 1997, are restrictive blind only when the issuing protocol is executed sequentially, in case different blinding-invariant numbers are involved. This means that the Certification Authority should send new initial information for a next execution of the protocol only after is has received a challenge number for the previous execution of the protocol, in case distinct blinding-invariant numbers are involved. To enable the Certification Authority to perform executions of the issuing protocol in parallel without any limitations, the inventive and generally applicable method described in Dutch patent application NL 9500584, filed Mar. 27, 1995, by the present applicant, can be applied, to immunize against attacks in parallel execution mode.
U.S. Pat. No. 5,606,617, issued Feb. 27, 1997, describes a secret-key certificate system based on DSA digital signatures (see: NIST, "Specifications for a d
REFERENCES:
patent: 5521980 (1996-05-01), Brands
patent: 5606617 (1997-02-01), Brands
S. A. Brands "Restrictive Blinding of Secret-Key Certificates" Centrum voor Wikunde Report, CS-9509 (Feb. 1995, Amsterdam).
S. A. Brands "Secret-Key Certificates" Centrum voor Wikunde Report, CS-9555 (Jul. 1995, Amsterdam).
S. A. Brands, "Untraceable Off-Line Cash in Wallet With Observers" Proceedings of Crypto '93 pp. 302-318.
P. Horster et al "Meta-Elgamal Signature Schemes", Technical Report TR-941-5-F, 1994 University of Technology Chemnitz-Zwickau 16 pages.
P. Horster et al "Meta-Message Recovery and Meta-Blind Signature Schemes Based on the Discrete Logarithm Problem and Their Applications" Asiacrypt '94 Proceedings pp. 224-237.
LandOfFree
Restrictedly blindable certificates on secret keys does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Restrictedly blindable certificates on secret keys, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Restrictedly blindable certificates on secret keys will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2073021