1. Patent Search
  2. Details

METHOD FOR GENERATING DIGITAL SIGNATURES

20220329439 · 2022-10-13

Assignee

Inventors

Cpc classification

International classification

Abstract

A method for generating digital signatures is disclosed. The method contains the steps of generating at least one private key, generating at least one table by using the private key in at least one white box cryptosystem, generating at least one random number, generating pre images, each to be used in a digital signature by encrypting the random numbers using the generated table in at least one white box cryptosystem, and generating at least one digital signature by using at least one generated pre image.

Claims

1. A method for generating digital signatures characterized by comprising the steps of; generating at least one private key (101); generating at least one table (102) by using said private key in at least one white box cryptosystem; generating at least one random number (103); generating pre images (104), each of which to be used in a digital signature, by encrypting said random numbers using the generated table in at least one white-box cryptosystem generating at least one digital signature by using at least one generated pre image.

2. The method according to claim 1, wherein said method further comprises the step of deleting the private key (107) after the step of generating table (102).

3. The method according to claim 1, wherein step of generating at least one table (102) by using said private key in at least one white box cryptosystem is repeated using at least one different white box cryptosystem.

4. The method according to claim 1, wherein said method further comprises the step of generating hash images (106) by hashing the pre images which corresponds to one-time public key to be used to verify one-time digital signature.

5. The method according to claim 4, wherein SHA-256 algorithm used for generating hash images (106).

6. The method according to claim 1, wherein step of generating at least one random number (103) comprises the steps of, generating at least one random seed; adding an output at least one counter to generated seed to generate at least one random number.

7. The method according to claim 1, wherein said private key is a symmetric key.

8. The method according to claim 1, wherein said method further comprises the step of erasing at least one pre image (108) used in at least one digital signature, after the step of generating at least one digital signature by using at least one generated pre image

Description

DESCRIPTION OF THE DRAWINGS

[0015] FIG. 1 shows a flow diagram of the digital signature generation method of the invention.

[0016] The references in the figures may possess following meanings; [0017] Message (M) [0018] Generating private key (101) [0019] Generating table (102) [0020] Generating random number (103) [0021] Generating pre images (104) [0022] Signing (105) [0023] Generating hash images (106) [0024] Deleting private key (107) [0025] Erasing pre image (108)

DESCRIPTION OF THE INVENTION

[0026] One of the methods for authenticating digital files is signing said files with digital signatures. In order to guarantee the authenticity of a digitally signed document, used digital signature must be a secure one. In other words, an attacker should not have access to the private key used in said digital signature. In order to enhance the security of the digital signatures against the possible attackers or for variety of other reasons, hash-function based one time digital signatures could be preferred. Although one time digital signatures hold various advantages, protecting security of the private key is troublesome. Therefore, according to the present invention, a method for generating the digital signature and protecting private key is provided.

[0027] Digital signature generation method of the present invention, a flow diagram of which is given in FIG. 1, comprises the steps of, generating at least one private key (101); generating at least one table (102) by using said private key in at least one white box cryptosystem; generating at least one random number (103); generating pre images (104), each of which to be used in a digital signature, by encrypting said random numbers using the generated table in at least one white-box cryptosystem; generating at least one digital signature by using at least one generated pre image.

[0028] In an exemplary embodiment of the present invention, a private key (for example a symmetric key) is generated by any methods known in the art. In at least one white box cryptosystem, at least one table is generated by using said private key. In other words, by performing at least one known table generation method in a known white box cryptography method on the private key, said table is generated. At least one random number is generated. By using the generated table, said random numbers are encrypted. As a result of said encryption process, plurality of pre images are generated. In detail, each of the said pre images are generated by encrypting a random number with the generated table and the chosen white-box crypto system. One of the white-box crypto system is given in Bogdanov, Andrey, and Takanori Isobe. “White-box cryptography revisited: space-hard ciphers.” Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015. Generated pre images are used in a digital signature. For example, a message (M) is able to be signed (105) using said pre images. According to the present invention, since plurality of pre images are generated by using a private key, each of said pre images are able to be used in one time digital signatures.

[0029] In a preferred embodiment of the present invention, said method comprises the step of deleting the private key (107) after the step of generating table (102). Since the private key is only used for generating table (102), said private key has no use after the table is generated. Therefore, in order to eliminate the risk of un-authorized access to the private key by a malicious third party, private key is deleted securely.

[0030] In another preferred embodiment of the present invention, step of generating at least one table (102) by using said private key in at least one white box cryptosystem may be repeated using at least one different white box cryptosystem. In this embodiment, by using different white box cryptosystem, different table is generated. Therefore, number of generated pre images are increased.

[0031] In another preferred embodiment of the present invention, said method comprises the step of generating hash images (106) by standard hashing operation (for example by using SHA-256 algorithm) the pre images. In this embodiment, a hash image is generated for each of the pre images. When a pre image is used as a digital signature, hash image corresponding to said pre image is used as public key for said digital signature. Therefore, any third party is able to examine the authenticity of a signed message (M) using the hash images (due to the nature of hashing algorithms, a hash image corresponds to a pre image).

[0032] By increasing the number of pre-images and hash images and assigning special pre-images and message (M) relations, virtually unlimited number of digital signatures corresponding to unlimited number of different messages (M) could be generated. One of the known applications for this type of relation (digital signature and public key relation) is given in Buchmann, Johannes, et al. “Merkle signatures with virtually unlimited signature capacity.” International Conference on Applied Cryptography and Network Security. Springer, Berlin, Heidelberg, 2007.

[0033] In another preferred embodiment of the present invention, step of generating at least one random number (103) comprises the steps of, generating at least one random seed; adding at least one counter value to generated seed to generate at least one random number. In this embodiment, the counter value is preferably increased by one for the generation of a new random number. In an exemplary embodiment, the counter value is 0 for generating a first random number; the counter value is 1 for generating a second random number and this goes on until all random numbers are generated.

[0034] In another preferred embodiment of the present invention, said method comprises the step of erasing at least one pre image (108) used in at least one digital signature, after the step of generating at least one digital signature by using at least one generated pre image. By this way, the white-box attacker could only access the pre images in a short amount of time (just after pre images are generated but before they are used). Note that the white-box attacker could not access the private key in any way. Generating the pre images just before they are used and erasing them shortly after reduces significantly the damage caused by a white-box attacker.

[0035] According to the present invention, digital signatures are generated using at least one private key in a white box cryptosystem (the private key of the digital signature corresponds to the symmetric key of the white box cryptosystem). Moreover, for the generation of each of the pre images, to be used as digital signatures, a random number is used as well. Therefore, according to the present invention, unlimited numbers pre images are able to be generated using a single private key. Moreover, due to the nature of the white box cryptography and usage of random numbers, each of the pre images are protected against possible attackers.