Abstract: A cryptographic method including: generating by a first device having a datum x an RSA module N; computing by the first device a number C=gbaxh1, g being an element of sub-group G of order bd, h1 being an element of sub-group H of order f, and a, b, d, f being integers, b and f being mutually prime, and x and y being less than d/a; sending C to a second device having datum y; computing by the second device D=Cu·bd?ay(gh3)vh2, u and v being random numbers and h2 and h3 being elements of H, and a first fingerprint (gh3)v; sending to the first device, D and the first fingerprint; computing by the first device (Df)f?, f?=1/f; obtaining based on (Df)f? a second fingerprint; and determining whether x is greater than or equal to y or x is less than y by comparing the first and the second fingerprints.

Abstract: Method and device for authentication of non-revocation. A revocation list includes at least one pair extracted from a signature generated by a revoked entity, where hi is an element of a mathematical group and ki=hixi, where xi is a secret of the revoked entity. A first entity sends, to a second entity, to authenticate itself therewith: a signature generated by the first entity for this authentication; a character string; an element of the group for each pair in the revocation list; and a zero-knowledge proof that the first entity used a secret of this first entity and the character string to obtain the group element for each pair. The second entity rejects the first entity if the zero-knowledge proof is not valid or if, for at least one the pair, the group element is such that Ci=hiA, where A is a known value.

Abstract: A method for deriving a partial signature for a subset of a set of messages. The method includes: receiving the set of messages and a signature of the set, which includes signature elements of the set; generating anonymized elements of the signature; generating a first verification element from messages other than those of the subset; generating a second verification element to prove the first verification element is well formed; and sending, to a verification entity, a partial signature specific to the subset. The partial signature includes a constant number of elements having at least the elements of the signature of the set of anonymized messages, the first verification element and the second verification element. The partial signature is verifiable with only the messages of the subset of messages. The second verification element is a function of derived values calculated from at least the other elements of the partial signature.

Abstract: A method for deriving a partial signature for a subset of a set of messages. The method is implemented by a partial signature derivation entity and includes: receiving the set of messages and a signature of the set of messages, the signature including signature elements of the set of messages; deriving a first verification element calculated from the messages of the set other than those of the subset; deriving a second verification element to prove that the first verification element is formed correctly; and sending to a verification entity a partial signature specific to the subset, the partial signature including a constant number of elements having at least the elements of the signature of the set of messages, the first verification element and the second verification element, the partial signature being verifiable with only messages of the subset.

Abstract: A cryptographic method including: generating by a first device having a datum x an RSA module N; computing by the first device a number C=gbaxh1, g being an element of sub-group G of order bd, h1 being an element of sub-group H of order f, and a, b, d, f being integers, b and f being mutually prime, and x and y being less than d/a; sending C to a second device having datum y; computing by the second device D=Cu·bd?ay(gh3)vh2, u and v being random numbers and h2 and h3 being elements of H, and a first fingerprint (gh3)v; sending to the first device, D and the first fingerprint; computing by the first device (Df)f?, f?=1/f; obtaining based on (Df)f? a second fingerprint; and determining whether x is greater than or equal to y or x is less than y by comparing the first and the second fingerprints.

Abstract: A method for searchable encryption of a system defining a secret key and a public is provided. A data stream cipher can include n elementary data (b1, b2, . . . , bn). The method can include generation of a variate for all elementary data bj, for values of j from 1 to n, generation of an element function of the public key (gx(bj),zj) and the variate, the element being associated with a random element of a group of a bilinear environment, the element associated with the random element of the group forming first encryption data (Cj,1). The method can also include generation of a shift factor (ga.zj?1) function of the variate and the public key, and associated with the random element of the group, the shift factor representing a position of the monomial in the encrypted stream, the shift factor associated with the random element of the group forming second encryption data. The data stream cipher can include the first and second encryption data for all values of j from 1 to n.

Abstract: A cryptographic method for signing a message m by a user device on behalf of a group managed by a group manager, which has a secret key generated from two variates x and y, the group having a public key formed from a plurality of elements comprising an element g and an element gz pertaining to a cyclic group of order p, p being a whole prime number and z a variate, and an element h, an element hx, an element h1/z and an element hy/z pertaining to a cyclic group of order p. The method includes: receiving a certificate from the group manager, including elements S1=gr, S2=gr(x+y.u) and S3=gz.r where r is a variate selected by the group manager for the user device; and generating a group signature for the message m, based on the certificate, a variate t generated by the user device, and the secret u.

Abstract: A cryptographic method for signing a message m by a user device on behalf of a group managed by a group manager, which has a secret key generated from two variates x and y, the group having a public key formed from a plurality of elements comprising an element g and an element gz pertaining to a cyclic group of order p, p being a whole prime number and z a variate, and an element h, an element hx, an element h1/z and an element hy/z pertaining to a cyclic group of order p. The method includes: receiving a certificate from the group manager, including elements S1=gr, S2=gr(x+y.u) and S3=gz.r where r is a variate selected by the group manager for the user device; and generating a group signature for the message m, based on the certificate, a variate t generated by the user device, and the secret u.

Abstract: A method for searchable encryption of a system defining a secret key and a public is provided. A data stream cipher can include n elementary data (b1, b2, . . . , bn). The method can include generation of a variate for all elementary data bj, for values of j from 1 to n, generation of an element function of the public key (gx(bj).zj) and the variate, the element being associated with a random element of a group of a bilinear environment, the element associated with the random element of the group forming first encryption data (Cj,1). The method can also include generation of a shift factor (ga.zj?1) function of the variate and the public key, and associated with the random element of the group, the shift factor representing a position of the monomial in the encrypted stream, the shift factor associated with the random element of the group forming second encryption data. The data stream cipher can include the first and second encryption data for all values of j from 1 to n.

Abstract: One embodiment relates to a method for enabling an entity to delegate calculation of a bilinear pairing value e(A,B) between two values A and B to a calculation server. The entity may select public elements P1 and P2 and secret elements S1 and S2, two of the elements from among P1, P2, S1, and S2 being selected to be equal to A and B, generate elements R1=vS1, R2=uS2, T1=uP1+S1, T2=vP2=S2, where u and v are random numbers, and transmit R1, R2, T1, and T2 to the calculation server. The server may calculate (a1)y=e(T1,T2)[e(R1,P2)e(P1,R2)]?1, and (a2)z=e(D1,D2), y and z designating two integers equal to 1 or to an integer c, D1 and D2 designating two public elements from among A and B or from among R1 and R2 and transmit a1 and a2 to the entity. The entity may obtain the value e(A,B) from a1 or a2.

Abstract: One embodiment relates to a method for enabling an entity to delegate calculation of a bilinear pairing value e(A,B) between two values A and B to a calculation server. The entity may select public elements P1 and P2 and secret elements S1 and S2, two of the elements from among P1, P2, S1, and S2 being selected to be equal to A and B, generate elements R1=vS1, R2=uS2, T1=uP1+S1, T2=vP2=S2, where u and v are random numbers, and transmit R1, R2, T1, and T2 to the calculation server. The server may calculate (a1)y=e(T1,T2)[e(R1,P2)e(P1,R2)]?1, and (a2)z=e(D1,D2), y and z designating two integers equal to 1 or to an integer c, D1 and D2 designating two public elements from among A and B or from among R1 and R2 and transmit a1 and a2 to the entity. The entity may obtain the value e(A,B) from a1 or a2.