摘要 |
A control center (520) finds the public key yA of a user A (510) by using the secret key xA of the user A (510) and informs a user B (530) of the key yA (S550-S553). The user A (510) repeats the generation of a random number (k) and calculation of r1=g<k> (mod p) and r2=f(r1, m)=r1+m (mod p) until r2<q is obtained. When r2<q is obtained, the user A (510) calculates (s) from sk=(r2+s+1)+r2xA (mod q) and transmits a ciphertext (r2, s) to the user B (530) (S554-S559). The user B (530) refuses to accept a proposal for putting his signature when g</=r2, or reproduces a message (m) by using r1=g<k>=g<(r2+m+1)/m>yA<r2/m> (mod p) and f<-1>(r1, r2)=m (mod p) when r2<q. Therefore, a highly safe message reproducing type signature device can be obtained.
|