Abstract: In power residue calculation in the primality determination, in addition to the conventional randomization of an exponent, a modulus is also randomized. A random number generated by a random number generator is set to a randomizing number, and is input to a modulus generator and an exponent generator. The modulus generator and the exponent generator randomize a prime number candidate P using the randomizing number to generate a randomized modulus R1 and exponent R2. Using the randomized modulus R1 and exponent R2, the power residue calculation for primality determination is executed, and based on the result, the primality of the prime number candidate P is determined. The power consumption during the primality determination of a semiconductor device becomes noncorrelated with a value of a prime number candidate to be determined, and the leakage of a prime number due to side channel attacks can be prevented.

Abstract: A modular multiplication processing apparatus is provided that can process modular multiplication of data exceeding a bit length which a coprocessor can readily process, by using the coprocessor based upon Montgomery multiplication In the modular multiplication processing apparatus, data to be subjected to modular multiplication is decomposed, and the decomposed data elements are transformed into a form suitable for Montgomery multiplication, respectively. Further, after respective data elements are transformed to have sizes that can be inputted into a coprocessor, Montgomery multiplication is repeatedly performed in the coprocessor. A remainder of Montgomery multiplication of an original bit length is restored from the obtained remainder.

Abstract: A technique for efficient encryption for use with devices such as smartcards restricted in memory resource, including a calculation unit for reconstructing a large number of small primes, a sieving unit for checking the divisibility of an integer by small primes, a recoding unit for changing the representation of an integer, and a primality testing unit. The sieving unit eliminates “bad” candidates by checking their divisibility by small primes reconstructed by the calculation unit. The primality of the remaining candidates is tested using the primality testing unit. The primality testing unit uses the recoding unit to change the representation of prime candidates. The primality testing unit performs a primality test using the representation after change.

Abstract: A system and method for authentication and digital signatures on memory-only supports, comprising a read-once memory unit storing secret arrays, whose contents are destroyed upon reading, a standard memory unit storing encrypted arrays, tree data authenticating the encrypted arrays to one single public key, and a certificate of the public key issued by a certificate authority. The memory support sends its public key and certificate to a verifier, receives a challenge which is signed by elements from secret arrays in the read-once memory. The verifier system checks the authenticity of the data revealed from the read-once memory by encrypting it and comparing the result to one of the encrypted arrays, and verifies that the encrypted array authenticates to the public key using tree data. Finally, the verifier checks the authenticity of the public key using the certificate.

Abstract: A modular multiplication processing apparatus is provided that can process modular multiplication of data exceeding a bit length which a coprocessor can readily process, by using the coprocessor based upon Montgomery multiplication In the modular multiplication processing apparatus, data to be subjected to modular multiplication is decomposed, and the decomposed data elements are transformed into a form suitable for Montgomery multiplication, respectively. Further, after respective data elements are transformed to have sizes that can be inputted into a coprocessor, Montgomery multiplication is repeatedly performed in the coprocessor. A remainder of Montgomery multiplication of an original bit length is restored from the obtained remainder.

Abstract: A modular multiplication processing apparatus is provided that can process modular multiplication of data exceeding a bit length which a coprocessor can process, by using the coprocessor based upon Montgomery multiplication In the modular multiplication processing apparatus, data to be subjected to modular multiplication is decomposed, and the decomposed data elements are transformed into a form suitable for Montgomery multiplication, respectively. Further, after respective data elements are transformed to have sizes that can be inputted into a coprocessor, Montgomery multiplication is repeatedly performed in the coprocessor. A remainder of Montgomery multiplication of an original bit length is restored from the obtained remainder.

Abstract: A technique which contributes to materialization of efficient encryption even with devices such as smartcards restricted in memory resource is provided. The system for generating cryptographic keys includes: a calculation unit for reconstructing a large number of small primes, a sieving unit for checking the divisibility of an integer by small primes, a recoding unit for changing the representation of an integer, a primality testing unit. First, the sieving unit eliminates “bad” candidates by checking their divisibility by small primes reconstructed by the calculation unit. After that, the primality of the remaining candidates is tested using the primality testing unit. The primality testing unit uses the recoding unit to change the representation of prime candidates. The primality testing unit performs a primality test using the representation after change. Thus, the number of operations for the primality test can be decreased without further memory requirements.

Abstract: A system and method for authentication and digital signatures on memory-only supports, comprising a read-once memory unit storing secret arrays, whose contents are destroyed upon reading, a standard memory unit storing encrypted arrays, tree data authenticating the encrypted arrays to one single public key, and a certificate of the public key issued by a certificate authority. The memory support sends its public key and certificate to a verifier, receives a challenge which is signed by elements from secret arrays in the read-once memory. The verifier system checks the authenticity of the data revealed from the read-once memory by encrypting it and comparing the result to one of the encrypted arrays, and verifies that the encrypted array authenticates to the public key using tree data. Finally, the verifier checks the authenticity of the public key using the certificate.

Abstract: Using the same secret key for different secret operations in the frame of public key cryptosystems raises security problems because attackers can gain statistical information about the secret key. Indeed, when randomization techniques are used, the same secret key is randomized differently for every new operation, and since information leakage sums up, eventually, the attacker is able to recover the secret key. A system and method for using the same secret key of a public key cryptosystem several times comprising a recoding method which can generate several distinct representations for the secret key, where one representation is chosen as recoded secret according to a selection data. In addition, the pair consisting of the secret key and selection data is uniquely defined, resulting in the same recoded secret for every new encryption operation. As a consequence, information leakage does not sum up and the secret key can be securely re-used.

Abstract: A signature system in which size of data to be transmitted is small and data can be processed efficiently in a Merkle signature system having high security. A processing part 112 of a smartcard 110 divides a message to be signed into groups of specific numbers of bits, starting from the first bit of the message. Then, respective partial one-time signatures of the groups are generated by encrypting each group by a one-way function processing part 112c. The partial one-time signatures are sequentially outputted to a verification apparatus through a interface part 113.

Abstract: A modular multiplication processing apparatus is provided that can process modular multiplication of data exceeding a bit length which a coprocessor can process, by using the coprocessor based upon Montgomery multiplication. In the apparatus, data to be subjected to modular multiplication is decomposed, and the decomposed data elements are respectively transformed into a form suitable for Montgomery multiplication. After respective data elements are transformed to have sizes that can be inputted into a coprocessor, Montgomery multiplication is repeatedly performed in the coprocessor. A remainder of Montgomery multiplication of an original bit length is restored from the obtained remainder.