| CPC H04L 9/3252 (2013.01) [H04L 9/004 (2013.01); H04L 9/008 (2013.01); H04L 2209/16 (2013.01)] | 15 Claims |
|
1. A method comprisinq steps executing on a client device for generating a digital signature of an input message (M) based on a secret key (dA) of a client device having access to a first set and a second set of precomputed data stored in a storage unit,
said first set of precomputed data comprising private element parts (ki) protected with an homomorphic encryption,
and said second set of precomputed data comprising public element parts (Qi) paired with said private element parts (kj) of the first set,
each private element part being a discrete logarithm of the public element part paired therewith,
said method comprising said steps below, performed by said client device:
generating (S1) a private element (k), homomorphically encrypted, by combining homomorphically encrypted private element parts (kj) selected in the first set;
generating (S2) a public element (Q) by combining the public element parts (Qi) selected from the second set and paired with the private element parts (kj) selected in the first set, said private element being the discrete logarithm of said public element;
generating (S3) a first part of the digital signature (r) from said public element; and
generating (S4) a second part of the digital signature (s) function of the input message (M), the secret key (dA), the public element and the private element, wherein said selection of the public and private element parts depends on the input message.
|