| 摘要 |
PCT No. PCT/NL96/00265 Sec. 371 Date Dec. 5, 1997 Sec. 102(e) Date Dec. 5, 1997 PCT Filed Jun. 27, 1996 PCT Pub. No. WO97/02679 PCT Pub. Date Jan. 23, 1997A method for an issuer party to issue DSA-like secret-key certificates that can be blinded only restrictively. The method includes the step of generating a secret key (x0,y) and a public key (descr(Gq), g, h0, g1, descr(+Z (.))), wherein q is a prime number, Gq is a group of order q, in which computing discrete logarithms is substantially infeasible, but in which multiplication, determination of equivalence of elements and generation of substantially random numbers is relatively easy, descr(Gq) is a description of Gq including q, descr(+Z (.)) is the description of a hash-function +Z (.) for which computing inverses is substantially infeasible, x0, and y are elements of the ring, +Z of integers modulo q, g is an element of order q in the group, Gq, ho is equal to gx0; and g1 is equal to gy. The method further includes the step of issuing to a receiver party a secret-key certificate (r,+E,ovs a+EE ) in +Z on a public key h in Gq, the secret key certificate being generated with a computer such that (gd/chr/c) mod q is equal to +E,ovs a+EE , where c is computed by applying +Z (.) to at least h. |
