Abstract: A cryptosystem utilizes the properties of discrete logs in finite groups, either in a public key message exchange or in a key exchange and generation protocol. If the group selected has subgroups of relatively small order, the message may be exponentiated by a factor of the order of the group to place the message in a subgroup of relatively small order. To inhibit such substitution, the base or generator of the cryptosystem is chosen to be a generator of a subgroup of prime order or a subgroup of an order having a number of relatively small divisors. The message may be exponentiated to each of the relatively small divisors and the result checked for the group identity. If the group identity is found, it indicates a vulnerability to substitution and is rejected.

Abstract: A method of determining the integrity of a message exchanged between a pair of correspondents. The message is secured by embodying the message in a function of a public key derived from a private key selected by one of the correspondents. The method comprises first obtaining the public key. The public key is then subjected to at least one mathematical test to determine whether the public key satisfies predefined mathematical characteristics. Messages utilizing the public key are accepted if the public key satisfies the predefined mathematical characteristics.

Abstract: A key establishment protocol includes the generation of a value of cryptographic function, typically a hash, of a session key and public information. This value is transferred between correspondents together with the information necessary to generate the session key. Provided the session key has not been compromised, the value of the cryptographic function will be the same at each of the correspondents. The value of the cryptographic function cannot be compromised or modified without access to the session key.

Abstract: A public key encryption system exchanges information between a pair of correspondents. The recipient performs computations on the received data to recover the transmitted data or verify the identity of the sender. The data transferred includes supplementary information that relates to intermediate steps in the computations performed by the recipient.

Abstract: A method of establishing a trusted path of data and a method of verifying the integrity of data presented for signing to a user of the personalized device in a public-key cryptographic scheme. The method comprises establishing a trusted path between the user and secure module residing on the personalized device. The secure module holds the user's private key, displays information about the data message directly to the user, and generates the signature only when instructed to do so. The decision whether or not to sign the data message is determined by the user.

Abstract: A method and apparatus for authenticating a pair of correspondents C, S in an information exchange session to permit exchange of information therebetween. The first correspondent C having log on applets and the correspondent having means for processing applets.

Abstract: A key establishment protocol includes the generation of a value of cryptographic function, typically a hash, of a session key and public information. This value is transferred between correspondents together with the information necessary to generate the session key. Provided the session key has not been compromised, the value of the cryptographic function will be the same at each of the correspondents. The value of the cryptographic function cannot be compromised or modified without access to the session key.

Abstract: A method of verifying a pair of correspondents in electronic transaction, the correspondents each including first and second signature schemes and wherein the first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The method comprises the step of the first correspondent signing information according to the first signature scheme and transmitting the first signature to the second correspondent, the second correspondent verifying the first signature received from the first correspondent, wherein the verification is performed according to the first signature scheme.

Abstract: A digital signature verification protocol utilises a pair of signature components incorporating a pair of private keys, one of which is a long term key and the other of which is a short term key.

Abstract: The present disclosure provides an arithmetic processor comprising: an arithmetic logic unit having a plurality of arithmetic circuits each for performing a group of associated arithmetic operations, such as finite field operations, or modular integer operations. The arithmetic logic unit has an operand input data bus, for receiving operand data thereon and a result data output bus for returning the results of the arithmetic operations thereon. A register file is coupled to the operand data bus and the result data bus. The register file is shared by the plurality of arithmetic circuits. Further a controller is coupled to the ALU and the register file, the controller selecting one of the plurality of arithmetic circuits in response to a mode control signal requesting an arithmetic operation and for controlling data access between the register file and the ALU and whereby the register file is shared by the arithmetic circuits.

Abstract: A digital signature verification protocol utilises a pair of signature components incorporating a pair of private keys, one of which is a long term key and the other of which is a short term key. The long term key is applied to one of the signature components to reveal the short term key. The short term key is then used to compute a value of a signature component contained in the signature. If the computed value and received values agree then authenticity is verified.

Abstract: A protocol for authenticating at least one of a pair of first and second correspondents C and T in a data communication system, the method comprising the steps or storing a public key in the first correspondent C; computing a shared secret by the second correspondent T incorporating the public key C; storing the shared secret in the first correspondent C: the second correspondent T generating a challenge value a; the first correspondent C transmitting to the second correspondent T information including the stored public key C; the second correspondent T computing a test shared secret from the received public key C; the first and second correspondents computing response signals using the challenge value z and the shared secret in a one-way function fr; and the first correspondent C transmitting the computed response signal to the second correspondent T whereby the second correspondent verifies the first correspondent.

Abstract: A public key encryption system exchanges information between a pair of correspondents. The recipient performs computations on the received data to recover the transmitted data or verify the identity of the sender. The data transferred includes supplementary information that relates to intermediate steps in the computations performed by the recipient.

Abstract: A digital signature scheme for a “smart” card utilizes a set of prestored signing elements and combines pairs of the elements to produce a new session pair. The combination of the elements is performed partly on the card and partly on the associated transaction device so that the exchange of information between card and device does not disclose the identity of the signing elements. The signing elements are selected in a deterministic but unpredictable manner so that each pair of elements is used once. Further signing pairs are generated by implementing the signing over an anomalous elliptic curve encryption scheme and applying a Frobenius Operator to the normal basis representation of one of the elements.

Abstract: A potential bias in the generation or a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated.

Abstract: This invention provides a method for accelerating multiplication of an elliptic curve point Q(x,y) by a scalar k, the method comprising the steps of selecting an elliptic curve over a finite field Fq where q is a prime power such that there exists an endomorphism &psgr;, where &psgr; (Q)=&lgr;−Q for all points Q(x,y) on the elliptic curve; and using smaller representations ki of the scalar k in combination with the mapping &psgr; to compute the scalar multiple of the elliptic curve point Q.

Abstract: A method for communicating information between at least a pair of correspondents, the method comprising the steps of each of the correspondents selecting a plurality of cryptographic algorithms known to each of the correspondents. One of the correspondents applies the algorithms in a predetermined manner lo a message for producing a set of processed information. The set of processed information is transmitted to the other correspondent. The other correspondent applies complimentary operations of the cryptographic schemes in accordance with the predetermined manner for deriving information related to the message from the processed information.

Abstract: This invention provides a method for accelerating multiplication of an elliptic curve point Q(x,y) by a scalar k, the method comprising the steps of selecting an elliptic curve over a finite field Fq where q is a prime power such that there exists an endomorphism &PSgr;, where &PSgr;(Q)=&lgr;.Q for all points Q(x,y) on the elliptic curve: and using smaller representations ki of the scalar k in combination with the mapping &PSgr; to compute the scalar multiple of the elliptic curve point Q.

Abstract: A method and systems provided for basis conversion in a cryptographic system. The method comprises the steps of a first correspondent transmitting an element represented in the first basis to an intermediate processor, the intermediate processor converting the element into a second basis representation and forwarding the converted element to the first correspondent who then uses the converted element in a cryptographic operation. A further embodiment of the invention provides for the intermediate processor to perform the basis conversion on a field element and then forward the converted element to a second correspondent. A still further embodiment of the invention provides for the correspondents in a cryptographic scheme making use of a bit string as a function of a sequence of traces of a field element, wherein the bit string is a shared secret for performing certain cryptographic operations.

Abstract: The present disclosure provides an arithmetic processor having an arithmetic logic unit having a plurality of arithmetic circuits each for performing a group of associated arithmetic operations, such as finite field operations, or modular integer operations. The arithmetic logic unit has an operand input data bus, for receiving operand data thereon and a result data output bus for returning the results of the arithmetic operations thereon. A register file is coupled to the operand data bus and the result data bus. The register file is shared by the plurality of arithmetic circuits. Further a controller is coupled to the ALU and the register file, the controller selecting one of the plurality of arithmetic circuits in response to a mode control signal requesting an arithmetic operation and for controlling data access between the register file and the ALU and whereby the register file is shared by the arithmetic circuits.