Abstract: A method of generating a pseudorandom sequence of terms belonging to a finite body K of cardinal q?2 intended to be used in a cryptographic procedure, said method comprising the iterative calculation, from an initialization n-tuple X(0)=(X(0)1, X(0)2, . . . , X(0)n), where n?2, of elements of K, of n-tuples X(i)=(X(i)1, X(i)2, . . . , X(i)n) of elements of K (where i=1, 2, . . . ), each n-tuple X(i) being obtained on iteration number i in a predetermined manner at least from certain components Y(i)k of an m-tuple Y(i)=(Y(i)1, Y(i)2, . . . , Y(i)m), where m?n, of elements of K and the terms of said pseudorandom sequence being extracted in a predetermined manner from the n-tuples X and/or the m-tuples Y. For at least one value of i, among said components Y(i)k of the m-tuple Y(i) that are used to obtain the multiplet X(i), at least E(n/2) of them are each represented by a predetermined second degree polynomial function, with coefficients in K, of the components of the n-tuple X(i?1).

Abstract: The present invention relates to a method for establishing a secured communication session in a communication system between a user using an untrusted device and a server. According to the present invention the user first obtains an authentication algorithm and an encryption algorithm and then creates a session key. Next the user obtains a public key of the server and sends a personal identity number to the server for authentication by using the authentication algorithm, the personal identity number being encrypted by using the encryption algorithm and the public key of the server. The user also sends the session key to the server for encrypting purpose between the user and the server, the session key being encrypted by using the encryption algorithm and the public key of the server.

Abstract: The invention proposes a method and a device for decrypting an encrypted message represented by a sequence C or applying an electronic signature to a sequence C, said sequence C consisting of data belonging to a finite field K=GF(q), where q>1, in which there are processed successive blocks each comprising (n·d) successive data items from the sequence C, where n and d are predetermined integers greater than 1, the processing of such a block including the following steps: applying a predetermined affine invertible transformation t?1 to said block; interpreting the resulting block as being formed of n successive elements (y1, y2, . . . , yn) of an extension E=GF(qd) of the field K; calculating an n-tuplet (x1, x2, . . .

Abstract: The present invention relates to a method for establishing a secured communication session in a communication system between a user using an untrusted device and a server. According to the present invention the user first obtains an authentication algorithm and an encryption algorithm and then creates a session key. Next the user obtains a public key of the server and sends a personal identity number to the server for authentication by using the authentication algorithm, the personal identity number being encrypted by using the encryption algorithm and the public key of the server. The user also sends the session key to the server for encrypting purpose between the user and the server, the session key being encrypted by using the encryption algorithm and the public key of the server.

Abstract: The invention proposes a method and a device for decrypting an encrypted message represented by a sequence C or applying an electronic signature to a sequence C, said sequence C consisting of data belonging to a finite field K=GF(q), where q>1, in which there are processed successive blocks each comprising (n·d) successive data items from the sequence C, where n and d are predetermined integers greater than 1, the processing of such a block including the following steps: applying a predetermined affine invertible transformation t?1 to said block; interpreting the resulting block as being formed of n successive elements (y1,y2, . . . ,yn) of an extension E=GF(qd) of the field K; calculating an n-tuplet (x1,x2, . . .

Abstract: The invention concerns an anti-pirate method for the distribution of digital content by pro-active diversified transmission, associated transmitter device and portable receiving object. The method, designed to make the same information (Kc) available to several receivers (1) belonging to a group (G) of receivers, each receiver storing information (SAi) specific to it, is characterized in that it includes the following steps: define a relation Kc=f(K, bi, SAi) where (f) is a given function, (K) is information common to all the receivers, and (bi) is information different for each receiver and for each value of the information (K); —enable each receiver to access information (bi) before making (Kc) available; and transmit the information (K) to all receivers, just before making (Kc) available; so that each receiver can calculate information (Kc) using said relation.

Abstract: A method of generating a pseudorandom sequence of terms belonging to a finite body K of cardinal q?2 intended to be used in a cryptographic procedure, said method comprising the iterative calculation, from an initialization n-tuple X(0)=(X(0)1, X(0)2, . . . , X(0)n), where n?2, of elements of K, of n-tuples X(i)=(X(i)1, X(i)2, . . . , X(i)n) of elements of K (where i=1, 2, . . . ), each n-tuple X(i) being obtained on iteration number i in a predetermined manner at least from certain components Y(i)k of an m-tuple Y(i)=(Y(i)1, Y(i)2, . . . , Y(i)m), where m?n, of elements of K and the terms of said pseudorandom sequence being extracted in a predetermined manner from the n-tuples X and/or the m-tuples Y. For at least one value of i, among said components Y(i)k of the m-tuple Y(i) that are used to obtain the multiplet X(i), at least E(n/2) of them are each represented by a predetermined second degree polynomial function, with coefficients in K, of the components of the n-tuple X(i?1).

Abstract: The present invention relates to a method for establishing a secured communication session in a communication system between a user using an untrusted device and a server. According to the present invention the user first obtains an authentication algorithm and an encryption algorithm and then creates a session key. Next the user obtains a public key of the server and sends a personal identity number to the server for authentication by using the authentication algorithm, the personal identity number being encrypted by using the encryption algorithm and the public key of the server. The user also sends the session key to the server for encrypting purpose between the user and the server, the session key being encrypted by using the encryption algorithm and the public key of the server.

Abstract: The invention provides for a cryptographic method for digital signature. A set S1 of k polynomial functions Pk(x1, . . . , xn+v, y1, . . . , yk) are supplied as a public key, where k, v, and n are integers, x1, . . . , xn+v are n+v variables of a first type, and y1, . . . , yk are k variables of a second type, the set S1 being obtained by applying a secret key operation on a given set S2 of k polynomial functions P?k(a1, . . . , an+v, y1, . . . , yk), a1, . . . , an+v designating n+v variables including a set of n “oil” and v “vinegar” variables. A message to be signed is provided and submitted to a hash function to produce a series of k values b1, . . . , bk. These k values are substituted for the k variables y1, . . . . , yk of the set S2 to produce a set S3 of k polynomial functions P?k(a1, . . . , an+v), and v values a?n+1, . . . , a?n+1, are selected for the v “vinegar” variables. A set of equations P?k(a1, . . . , a?n+v)=0 is solved to obtain a solution for a?1, . . .

Abstract: The invention relates to a method for protecting one or more computer systems using the same secret key (Ks) cryptographic algorithm, characterized in that the way in which said calculation is performed depends, for each computer system and for each secret key, on secret data (Ds) stored in a secret area of the computer system or systems.

Abstract: The invention concerns an anti-pirate method for the distribution of digital content by pro-active diversified transmission, associated transmitter device and portable receiving object. The method, designed to make the same information (Kc) available to several receivers (1) belonging to a group (G) of receivers, each receiver storing information (SAi) specific to it, is characterised in that it includes the following steps: define a relation Kc=f(K, bi, SAi) where (f) is a given function, (K) is information common to all the receivers, and (bi) is information different for each receiver and for each value of the information (K);- enable each receiver to access information (bi) before making (Kc) available; and transmit the information (K) to all receivers, just before making (Kc) available; so that each receiver can calculate information (Kc) using said relation.

Abstract: The invention relates to a secret-key cryptographic calculation process for protecting a computer system against physical attacks, wherein a) the standard cryptographic calculation process is separated into several distinct, parallel process parts using partial intermediate results distinct from those of the standard calculation, and b) the final value of the standard cryptographic calculation is reconstructed from the distinct partial intermediate results. The invention is particularly applicable to computer systems such as embedded systems such as a smart card.

Abstract: The invention relates to an asymmetric cryptographic communication process which establishes a correspondence between a first value (x) represented by n elements (x.sub.1, . . . , x.sub.n) of a ring (A) and a second value (y) represented by m elements (y.sub.1, . . . , y.sub.m) of this ring, n and m being integers greater than or equal to 2. The said correspondence is defined by multi variable public polynomials (P.sub.i) of A.sup.n+m+k ->A, with a low total degree, such that there are equations of the type P.sub.i (x.sub.1, . . . , x.sub.n ; y.sub.1, . . . , y.sub.m ; z.sub.1, . . . , z.sub.k)=0, where(z.sub.1, . . . , z.sub.k) are possible intermediate variables and k is an integer. At least the majority of the polynomials (P.sub.i) do not have the form T.sub.i (y.sub.1, . . . , y.sub.m)=S.sub.i (x.sub.1, . . . , x.sub.n), where the S.sub.i s would be polynomials with a total degree of 2 and the T.sub.i s would be polynomials with a total degree of 1.

Abstract: A method and an apparatus for authenticating a data carrier enables a transaction or access to a service or a location, and the corresponding carrier. The carrier (1) has a specific number (Ns) and an authentication value calculated from the specific number and from information (I) that defines the rights attaching to the carrier by means of an asymmetrical algorithm (F) and a secret key (Ks). Two types of authentication are provided. One is current, in a mode disconnected from the authorizing organization. The other is periodic, in a connected mode. In the disconnected mode, an algorithm (G) correlated with the asymmetrical algorithm (F) and using a public key (Kp) is applied to the authentication value (VA), read from the carrier, in order to verify that the authentication value (VA) is compatible with the specific number (Ns) and the information (I), and that the transaction or service requested is compatible with the information (I).

Abstract: With confidential information being composed of authenticating signs which belong to a first series, a second series of signs or designating symbols is defined, the first and second series of signs are displayed in a relatively random position, and this placement in correspondence is used to enter the confidential information in such a way that a third party who observes the entry operations cannot determine the confidential information. The invention also relates to the terminal associated with this process.

Abstract: A novel asymmetrical cryptographic schema which can be used for enciphering, signature and authentication. The schema is based on low degree public polynomial equations with value in a finite ring K.The mechanism is not necessarily bijective. The secret key makes it possible to hide polynomial equations with value in extensions of the ring K. The solving of these equations makes it possible, if one has the secret key, to execute operations which are not executable with the public key alone.

Abstract: A process for authentication by an offline terminal (1) of a portable object (2) including a processing circuit (4) able to deliver a secondary value (Rx) which the function of a primary value (Qi) transmitted by the terminal. An authentication table (5) is placed in the terminal which associates a series of primary values (Qi) and a series of control values (Ui), each control value being the transformation by a oneway function of the secondary value (Rx) calculated by the processing circuit of an authentic portable object. At the time of a connection of a portable object with the terminal, one of the primary values (Qi) from the table is transmitted to the portable object, the one-way function is applied to the secondary value (Rx) received from the portable object, and the result obtained is compared with the corresponding control value (Ui) from the table.