摘要 |
PROBLEM TO BE SOLVED: To prevent a third party from generating an unauthorized message restoration signature to pass signature verification. SOLUTION: X denotes a secret key of a signature generation device, "m<SB>rec</SB>is one element of a set ä0, 1}<SP>M</SP>" is used as a recovery message, "m<SB>clr</SB>is one element of a set ä0, 1}<SP>N</SP>" is used as a clear message, h denotes a shared value between the signature generation device and a signature verification device, k is set as an optional value, g denotes a generating element of a cyclic group G of an order q, R denotes "g<SP>k</SP>is one element of a set G", H<SB>0</SB>denotes a hash function H<SB>0</SB>:ä0, 1}<SP>*</SP>→ä0, 1}<SP>L+M</SP>of output variable length, H<SB>1</SB>denotes a hash function H<SB>1</SB>:ä0, 1}<SP>*</SP>→ä0, 1}<SP>L</SP>, H<SB>3</SB>denotes a hash function H<SB>3</SB>:ä0, 1}<SP>*</SP>→Z<SB>q</SB>,βis expressed asβ=(R, M),γis expressed asγ=(r, m<SB>clr</SB>, M), t is expressed as t=H<SB>3</SB>(γ), s is expressed as "s=k-t×x is one element of a set Z" , r is expressed as r=H<SB>0</SB>(β)(+)(h¾m<SB>rec</SB>), (+) is expressed as "(+) denotes an exclusive OR operator" and a signature is expressed asσ=(r, s). COPYRIGHT: (C)2008,JPO&INPIT
|