| 摘要 |
A method and system for a user to obtain a derived value Kr of m bits, in which, given two pseudo-random functions g0 and g1 from m bits to m bits, said user obtains, on the basis of an input parameter consisting of a word r of n bits, a derived value Kr=grn∘. . . gr2∘gr1 (S), where, for i=1, . . . , n, gri=g0 if ri=0, and gri=g1 if ri=1, and where S is a master value of m bits which is not disclosed to said user. This method comprises the following steps: a search is conducted, from among a set of words of m bits Uj, where j=1, . . . , p, recorded in a table TU and equal to Uj=gvl(j)(j)∘. . . gv2(j)∘gv1(j) (S), where, for i=1, . . . , l(j), the indices vi(j) are predetermined bits, for a word Uσequal to Uσ=grl(σ)∘. . . gr2∘gr1 (S); said derived value Kr is thereafter obtained by calculating Kr=grn∘. . . grl(σ)+1 (Uσ). Application to the encryption/decryption of pay-per-use digital contents, and to authentication. |
