| 摘要 |
Producing a cryptographic signature on a message m, under a key x, at a user computer 2 of a data processing system 1 wherein the key x is shared between the user computer 2, which stores a first key-share c, and an authentication computer (or authentication server) 3 of the system 1. The authentication computer 3 stores a second key-share d and a first authentication value h which encodes a secret value of the user computer 2 and a predetermined user password p. At the user computer 2: in response to provision of the message m and input of the user password p, the message m is encoded to produce a blinded message m; the first authentication value h is produced from the password p and said secret value (which may be either the first key-share c or a different value stored at the user computer 2), and a second authentication value h' is produced by encoding the first authentication value h and a nonce n (which may be received from the authentication computer 3 in response to a nonce request); the second authentication value h' and the blinded message m is then sent to the authentication computer 3. In response, the authentication computer 3: uses the nonce n to determine if the first authentication value h encoded in the second authentication value h' is correct; and, if so, encodes the blinded message using the second key-share d to produce a partial signature s'; and sends the partial signature s' to the user computer 2. |
