Method for issuing and using ml-dsa implicit certificate for v2x communication

WO2026135007A1PCT designated stage Publication Date: 2026-06-25KOOKMIN UNIV IND ACAD COOP FOUND

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
KOOKMIN UNIV IND ACAD COOP FOUND
Filing Date
2025-12-11
Publication Date
2026-06-25

Smart Images

  • Figure KR2025021411_25062026_PF_FP_ABST
    Figure KR2025021411_25062026_PF_FP_ABST
Patent Text Reader

Abstract

The present specification relates to a technology for issuing an implicit certificate for electronic signatures in a vehicle-to-everything (V2X) communication environment and a communication method using the issued certificate. A method for a certification-related authority to issue an implicit certificate, according to an embodiment of the present specification, comprises the steps of: receiving, from a vehicle, an initial public key of an initial key pair generated by the vehicle; extending, by a registration authority (RA), a key on the basis of the initial public key to generate a plurality of intermediate public keys; generating, by an authorization certificate authority (ACA), a plurality of final public keys and final private keys, respectively paired with the final public keys, on the basis of the intermediate public keys to thereby generate a plurality of final key pairs; and transmitting the final key pairs to the vehicle.
Need to check novelty before this filing date? Find Prior Art

Description

Method for Issuing and Using ML-DSA Implicit Certificates for V2X Communication

[0001] This specification relates to post-quantum cryptography technology and digital signature algorithms (DSA), and in particular to a technology for issuing an implicit certificate encrypted through a module-lattice-based digital signature algorithm (ML-DSA) by utilizing the post-quantum-butterfly key expansion (PQ-BKE) method.

[0002] In general, personal information protection is a critical factor in mutual wired and wireless communication, and many protocols aim to achieve the three aspects of information security—integrity, confidentiality, and availability—through efficient and secure cryptographic techniques. However, due to the development of quantum computing, traditional public-key cryptographic technologies such as RSA and ECC are facing significant threats.

[0003] Accordingly, governments around the world are pursuing Post-Quantum Cryptography (PQC) projects to research cryptographic technologies that are secure even in quantum environments. As part of these efforts, the United States and Canada selected Kyber, Dilithium, Falcon, and SPHINCS+ as the first standard algorithms. Among these, Dilithium, Falcon, and SPHINCS+ are Digital Signature Algorithms (DSAs), and standardization work is currently underway for FIPS 204 ML-DSA (Dilithium) and FIPS 205 SLH-DSA (SPHINCS+).

[0004] In particular, ML-DSA provides high security and efficiency based on a modular lattice and can generate and verify secure digital signatures even in quantum computer environments. However, to practically utilize ML-DSA in certificate-based systems, it is necessary to improve the efficiency of key generation and management and reduce the computational complexity of the implicit certificate issuance process.

[0005] Traditional public-key cryptographic technologies, such as RSA and ECC, are highly likely to face weakened security due to advancements in quantum computing technology. This issue poses a more serious security threat in communication environments involving sensitive personal information and data. While current digital signature algorithms propose new algorithms like ML-DSA to ensure security even in quantum environments, the following problems exist when applying them to actual certificate-based systems. First, existing systems suffer from low efficiency in key generation and management, leading to scalability issues in large-scale network environments. Second, existing certificate issuance methods incur significant data overhead, often making them difficult to apply in resource-constrained environments such as the Internet of Things (IoT). Accordingly, there is a need for a technology that utilizes the quantum-resistant ML-DSA algorithm to issue implicit certificates. These certificates save storage space and transmission bandwidth compared to traditional certificates, offer high verification efficiency, and are easy to issue and manage. However, existing research results indicate that the ECQV implicit certificate issuance method applied to the existing cryptographic technology ECDSA is not secure in a quantum computing environment, cannot be applied to the ML-DSA problem as the underlying hard problem guaranteeing security changes, and that it is difficult to design implicit certificates using the ML-DSA algorithm.

[0006] The technical problems to be solved in this specification are not limited to those mentioned above, and other technical problems not mentioned will be clearly understood by those skilled in the art to which this invention belongs from the description below.

[0007] To solve the technical problem described above, a method for an authentication-related authority to issue an implicit certificate for electronic signatures in a V2X (Vehicle-to-Everything) communication environment according to one embodiment of the present specification may include the steps of receiving an initial public key of an initial key pair generated by the vehicle from the vehicle; generating a plurality of intermediate public keys by expanding the key based on the initial public key through a Registration Authority (RA); generating a plurality of final public keys and final private keys paired with each of the final public keys through an Authorization Certificate Authority (ACA) based on the intermediate public keys to generate a plurality of final key pairs; and transmitting the final key pairs to the vehicle.

[0008] At this time, the initial key pair may include the initial public key and the initial private key.

[0009] In addition, the initial public key and the initial private key can each be generated by randomly sampling polynomial coefficients for key generation from the range [-1, 1].

[0010] The step of generating the above intermediate public keys may further include the step of randomly shuffling the intermediate public keys generated from the initial public keys received from a plurality of vehicles.

[0011] At this time, the above intermediate public keys can each be generated by combining polynomial coefficients in the range [-2, 2] based on the polynomial coefficients of the above initial public key.

[0012] The step of generating the above final key pairs may include the step of generating a random key pair including a random public key and a random private key through the certificate issuing authority, the step of generating the above final public keys by combining the intermediate public keys generated through the registration authority and the random public key, and the step of generating the above final private keys by combining the ACA private key, which is the private key of the certificate issuing authority, and the random private key.

[0013] At this time, the above random public key can be generated by randomly sampling polynomial coefficients in the range [-1, 1].

[0014] In addition, the final public key can be generated by combining polynomial coefficients in the range [-3, 3] based on the polynomial coefficients of the intermediate public key and the polynomial coefficients of the random public key.

[0015] The step of transmitting the final key pairs to the vehicle may include receiving a first encryption public key for public key encryption from the vehicle, generating a second encryption public key by expanding the key based on the first encryption public key through the registration authority, encrypting each of the final key pairs using the second encryption public key through the certificate issuing authority, and transmitting the encrypted final key pairs to the vehicle.

[0016] A method for a vehicle to obtain an implicit certificate for electronic signature in a V2X communication environment according to another embodiment of the present specification may include the steps of: generating an initial key pair including an initial public key and an initial private key by sampling polynomial coefficients for key generation in the range [-1, 1]; transmitting the initial public key to a certification authority; receiving from the certification authority a final key pair including a final public key and a final private key generated based on the initial public key; and generating a certificate private key based on the initial private key and the final private key, and setting the final public key as the certificate public key.

[0017] At this time, the final public key may be generated by combining polynomial coefficients in the range [-3, 3] based on the polynomial coefficients of the initial public key.

[0018] In addition, the above final private key may be generated by combining polynomial coefficients in the range [-2, 2].

[0019] In addition, the certificate private key may be generated by combining polynomial coefficients in the range [-4, 4] based on the polynomial coefficients of the initial private key and the polynomial coefficients of the final private key.

[0020] In the method for the vehicle to obtain an implicit certificate, the final public key may be generated based on an intermediate public key generated by extending the initial public key, and the intermediate public key may be generated by combining polynomial coefficients in the range [-2, 2] based on the polynomial coefficients of the initial public key.

[0021] The step of generating the certificate private key and setting the final public key as the certificate public key may include the step of generating an encryption key for public key encryption and a decryption key for decrypting the final key pair received from the certification-related authority, the step of decrypting the final key pair using the decryption key, and the step of generating the certificate private key based on the initial private key and the final private key and setting the final public key as the certificate public key.

[0022] At this time, the above final key pair may be encrypted through the above certification-related authority using the above encryption key.

[0023] A method for a vehicle to communicate with another entity using a certificate in a V2X communication environment according to another embodiment of the present specification may include the steps of: generating a certificate public key and a certificate private key based on a final key pair received by the vehicle from a certification authority; generating an electronic signature based on the certificate private key; and transmitting a Secure Protocol Data Unit (SPDU) containing the electronic signature and the certificate public key to the entity.

[0024] In a method for the vehicle to communicate using a certificate, the step of generating the certificate public key and certificate private key may include: generating an initial key pair including an initial public key and an initial private key by sampling polynomial coefficients for key generation in the range [-1, 1]; transmitting the initial public key to the certification-related authority; receiving from the certification-related authority the final key pair including a final public key and a final private key generated based on the initial public key; and generating a certificate private key based on the initial private key and the final private key, and setting the final public key as the certificate public key.

[0025] At this time, the final public key may be generated by combining polynomial coefficients in the range [-3, 3] based on the polynomial coefficients of the initial public key.

[0026] In addition, the above final private key may be generated by combining polynomial coefficients in the range [-2, 2].

[0027] In addition, the certificate private key may be generated by combining polynomial coefficients in the range [-4, 4] based on the polynomial coefficients of the initial private key and the polynomial coefficients of the final private key.

[0028] In a method for the vehicle to communicate using a certificate, the final public key may be generated based on an intermediate public key generated by extending the initial public key, and the intermediate public key may be generated by combining polynomial coefficients in the range [-2, 2] based on the polynomial coefficients of the initial public key.

[0029] In a method for the above vehicle to communicate using a certificate, the step of generating the certificate private key and setting the final public key as the certificate public key may include the step of generating an encryption key for public key encryption and a decryption key for decrypting the final key pair received from the certificate-related authority, the step of decrypting the final key pair using the decryption key, and the step of generating the certificate private key based on the initial private key and the final private key and setting the final public key as the certificate public key.

[0030] At this time, the final key pair may be encrypted using the encryption key.

[0031] A method for verifying an electronic signature received from a vehicle in a V2X communication environment by an entity around a vehicle according to another embodiment of the present specification may include the steps of: receiving a Secure Protocol Data Unit (SPDU) containing an electronic signature and a certificate public key from the vehicle; generating a verification public key for verifying the electronic signature by combining the certificate public key and an ACA public key received from an Authorization Certificate Authority (ACA); and verifying the electronic signature based on the verification public key.

[0032] At this time, the certificate public key may be generated by generating an intermediate public key by expanding the key based on an initial public key generated by randomly sampling polynomial coefficients for key generation in the range [-1, 1], and by setting polynomial coefficients in the range [-3, 3] based on the intermediate public key.

[0033] In addition, the above ACA public key may be a public key issued for all vehicles by the certificate issuing authority, and may be generated by sampling polynomial coefficients in the range [-1, 1].

[0034] In addition, the verification public key may be generated by combining polynomial coefficients in the range [-4, 4] based on the polynomial coefficients of the certificate public key and the polynomial coefficients of the ACA public key.

[0035] According to the embodiments of the present specification, by issuing implicit certificates using ML-DSA based on the PQ-BKE (Post-Quantum-Butterfly Key Expansion) method, the efficiency of key expansion and management can be significantly improved, thereby contributing to the simplification of the certificate issuance process.

[0036] In addition, by utilizing implicit certificates, data overhead is reduced compared to explicit certificates, and it can operate effectively even on resource-constrained IoT devices.

[0037] Furthermore, it reduces computational complexity and improves scalability, enabling real-time processing even in large-scale network environments. In particular, in V2X communication environments, the present invention supports safe and reliable communication between vehicles and can minimize communication delays by optimizing the certificate issuance and verification processes.

[0038] In addition, ensuring safety even in a quantum computer environment can enhance the reliability of future security systems.

[0039] The effects obtainable in this specification are not limited to those mentioned above, and other unmentioned effects will be clearly understood by those skilled in the art from the description below.

[0040] The drawings attached below are intended to aid in understanding the present disclosure and may provide embodiments of the present disclosure together with the detailed description. However, the technical features of the present disclosure are not limited to specific drawings, and the features disclosed in each drawing may be combined with one another to form new embodiments. Reference numerals in each drawing may denote structural elements.

[0041] Figure 1 is a diagram illustrating a V2X communication environment.

[0042] Figure 2 is a diagram illustrating the Butterfly Key Expansion (BKE) method among the certificate issuance methods for electronic signatures.

[0043] FIG. 3 is a flowchart showing the method of a certification-related authority issuing a certificate in chronological order according to an embodiment of the present specification.

[0044] Figure 4 is a flowchart showing a specific example of the process by which a certification authority generates a final key pair in chronological order.

[0045] Figure 5 is a flowchart showing a specific example of the process in which an authentication-related authority transmits a final key pair to a vehicle in chronological order.

[0046] FIG. 6 is a diagram illustrating an algorithm for generating an initial key to issue an ML-DSA implicit certificate according to an embodiment of the present specification.

[0047] Figure 7 is a diagram showing an algorithm in which a certification authority generates an intermediate public key through key expansion based on an initial public key.

[0048] Figure 8 is a diagram showing an algorithm in which a certification authority generates a final public key based on an intermediate public key.

[0049] Figure 9 is a diagram showing an algorithm in which a certification authority generates a final private key.

[0050] FIG. 10 is a flowchart illustrating, in chronological order, a method for a vehicle to receive an implicit certificate according to an embodiment of the present specification.

[0051] Figure 11 is a flowchart showing specific examples of the process of decrypting the final key pair received by the vehicle and the process of generating the certificate private key in chronological order.

[0052] Figure 12 is a diagram showing an algorithm to explain the process of a vehicle generating a certificate private key based on an initial private key.

[0053] Figure 13 is a diagram showing an algorithm for verifying a certificate issued to a vehicle.

[0054] FIG. 14 is a flowchart showing, in chronological order, a method for a vehicle to communicate with entities around the vehicle using a certificate issued according to an embodiment of the present specification.

[0055] FIG. 15 is a flowchart illustrating, in chronological order, a method for verifying an electronic signature received by a vehicle surrounding entity according to an embodiment of the present specification.

[0056] FIG. 16 is a diagram showing the overall process of different vehicles communicating through certificates issued according to an embodiment in a V2X communication environment.

[0057] Embodiments of the present specification will be described in detail below with reference to the drawings. However, detailed descriptions of known functions or configurations that may obscure the essence of the embodiments in the following description and the attached drawings are omitted. Additionally, throughout the specification, the term 'comprising' a component means that, unless specifically stated otherwise, it does not exclude other components but may include additional components.

[0058] The terms used herein are merely for describing specific embodiments and are not intended to limit the specification. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, terms such as “comprising” or “comprising” are intended to specify the existence of the described features, numbers, steps, actions, components, parts, or combinations thereof, and should be understood as not precluding the existence or addition of one or more other features, numbers, steps, actions, components, parts, or combinations thereof.

[0059] Unless specifically defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as generally understood by those skilled in the art to which this specification pertains. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with their meaning in the context of the relevant technology, and should not be interpreted in an ideal or overly formal sense unless explicitly defined in this specification.

[0060] Figure 1 is a diagram illustrating a V2X communication environment.

[0061] V2X communication (Vehicle-to-Everything communication) is a technology that enhances road safety and traffic efficiency by exchanging information between vehicles and their surroundings in real time. As a core technology for autonomous driving and smart transportation systems, V2X communication plays a crucial role in preventing traffic accidents and enabling efficient road usage. Major applications of V2X communication include priority signal control for emergency vehicles, blind spot warnings, cooperative driving between autonomous vehicles, and the provision of traffic information.

[0062] Referring to Fig. 1, various types of V2X communication are shown. V2X communication includes various forms such as vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), vehicle-to-pedestrian (V2P), and vehicle-to-network (V2N) communication, and is achieved through an on-board unit (OBU) mounted on the vehicle and a roadside unit (RSU) installed on the road infrastructure.

[0063] An OBU is a device that processes information inside a vehicle and communicates with the outside world, providing various functions such as vehicle location tracking, safety warnings, and toll payments.

[0064] RSUs are communication devices installed along roadsides that not only exchange information with vehicles but also connect to traffic management centers or cloud servers to collect and transmit information.

[0065] V2X communication technology is essential for reducing traffic accidents, alleviating traffic congestion, and ensuring the safety of autonomous vehicles. V2V communication exchanges vehicle speed, location, and brake status via the OBU, and provides warnings for sudden braking or collision prevention.

[0066] V2I communication transmits traffic light status, road construction information, traffic volume data, etc., to the OBU via the RSU, and the vehicle makes driving decisions based on this information.

[0067] V2P communication detects the location of pedestrians and provides warnings to drivers through a connection between the OBU and the pedestrian terminal (User Equipment, UE).

[0068] V2N communication enables OBUs and RSUs to communicate with traffic management centers and cloud servers via cellular networks to receive real-time traffic information, weather data, and optimize routes.

[0069] In such V2X communication environments, ensuring data security and reliability is essential as real-time data exchange occurs between vehicles and various entities. In particular, regarding messages between vehicles, the forgery or alteration of information can lead to traffic accidents, congestion, or life-threatening incidents. Therefore, an efficient and secure authentication system is required to verify data integrity and the sender's identity. Furthermore, due to the advancement of quantum computers, the likelihood of existing Public Key Infrastructure (PKI) becoming vulnerable to quantum algorithms has increased; this implies that traditional authentication systems used in V2X communication environments are not safe from quantum computing attacks. Accordingly, quantum-resistant cryptographic technologies are essential for V2X communication.

[0070] The invention according to the embodiments of this specification can improve computational and communication efficiency while maintaining high security through a lightweight electronic signature method based on implicit certificates and a key generation and expansion technique utilizing polynomial coefficients. In particular, according to the embodiments of this specification, quantum resistance is provided by utilizing range limitations and combinations of polynomial coefficients during the key generation process, and the real-time authentication requirements necessary in a V2X communication environment can be met.

[0071] Figure 2 is a diagram illustrating the Butterfly Key Expansion (BKE) method among the certificate issuance methods for electronic signatures.

[0072] The BKE method is an encryption technique designed to provide efficient key management and scalability in large-scale network environments, focusing particularly on reducing the complexity of key exchanges occurring during communication between multiple entities. Existing public-key-based authentication schemes require each communicating party to generate and manage keys individually, which increases the burden of storage and computation as the network grows. This issue becomes even more pronounced in environments requiring frequent message exchange between vehicles, such as V2X communication.

[0073] BKE can reduce this burden by efficiently generating and scaling multiple levels of keys using initial keys and random values. Specifically, BKE is evaluated as a suitable technology for simplifying certificate-based authentication methods and providing high security and efficiency in V2X communication environments requiring multiple communication entities; furthermore, BKE can simultaneously satisfy the real-time capabilities, low computational costs, and quantum resistance required for V2X communication.

[0074] Referring to Fig. 2, it can be seen that a Cocoon key is generated through key expansion based on the Caterpillar key, which is an initial key pair generated from the vehicle, and a Butterfly key is generated based on the Cocoon key to form a Pseudonym Certificate.

[0075] A Caterpillar Key refers to the initial public key that serves as the seed for a pseudonym certificate. The Caterpillar Key is generated by the vehicle.

[0076] A cocoon key refers to multiple intermediate public keys generated through key expansion based on the caterpillar key provided by the vehicle. Cocoon keys are generated by a Registration Authority (RA) among certification-related authorities. To prevent an Authorization Certificate Authority (ACA) from identifying the vehicle's ID from the cocoon keys, the RA shuffles the generated cocoon keys based on caterpillar keys received from multiple vehicles and transmits them to the ACA. In other words, during the BKE process, only the vehicle can simultaneously know the vehicle's ID information and the pseudonym certificate.

[0077] A butterfly key refers to a key pair used for a pseudonym certificate generated by the ACA based on the cocoon key received from the RA. The ACA transmits the butterfly key to the RA, and the RA immediately transmits the butterfly key to the vehicle. The pseudonym certificate is designed to be inaccessible to the RA; accordingly, the RA can know the vehicle's ID information but cannot know the pseudonym certificate information. Consequently, the certificate issuance method based on the BKE method guarantees unlinkability.

[0078] First embodiment: Method for a certification authority to issue an implicit certificate

[0079] FIG. 3 is a flowchart showing the method of a certification-related authority issuing a certificate in chronological order according to an embodiment of the present specification.

[0080] Referring to FIG. 3, in step S110, the certification authority may receive the initial public key of the initial key pair generated by the vehicle from the vehicle. At this time, the initial key pair may include the initial public key and the initial private key. Additionally, the initial public key and the initial private key may each be generated by randomly sampling polynomial coefficients for key generation within the range [-1, 1]. An explanation of the process by which the vehicle generates the initial key pair will be supplemented in FIG. 6.

[0081] In step S130, the certification authority may generate multiple intermediate public keys by extending the key based on the initial public key through the registration authority (RA). At this time, the registration authority may randomly shuffle the intermediate public keys generated from the initial public keys received from multiple vehicles and transmit them to the certificate issuing authority (ACA). Through this process, the certificate issuing authority becomes unable to identify the ID information of the vehicle from the intermediate public keys.

[0082] In addition, the above intermediate public keys can each be generated by combining polynomial coefficients in the range [-2, 2] based on the polynomial coefficients of the above initial public key. An explanation of the process by which the certification authority generates the above intermediate public keys through the registration authority is supplemented in FIG. 7.

[0083] In step S150, the certification authority may generate multiple final key pairs by generating multiple final public keys and final private keys that are paired with each of the final public keys based on the intermediate public keys through the certificate issuing authority. For a more specific explanation of the step of generating the final key pairs (step S150), refer to FIG. 4 for a moment.

[0084] Figure 4 is a flowchart showing a specific example of the process by which a certification authority generates a final key pair in chronological order.

[0085] Referring to FIG. 4, in step S151, the certification authority may generate a random key pair including a random public key and a random private key through the certificate issuing authority. At this time, the random key pair may be generated in the same way as the initial key pair, and the polynomial coefficients for key generation may be generated by randomly sampling from the range [-1, 1]. A specific description of the process by which the certification authority generates the random key pair will be supplemented in FIG. 6 along with the description of the process by which the vehicle generates the initial key pair.

[0086] In step S153, the certification authority may generate the final public keys by combining the intermediate public keys generated through the registration authority and the random public key. At this time, the final public key may be generated by combining polynomial coefficients in the range [-3, 3] based on the polynomial coefficients of the intermediate public key and the polynomial coefficients of the random public key.

[0087] In step S155, the certification authority may generate final private keys by combining the ACA private key, which is the private key of the certificate issuing authority, and the random private key. A detailed explanation of the process by which the certification authority generates the final key pairs will be supplemented in FIGS. 8 and 9.

[0088] Referring again to FIG. 3, in step S170, the certification authority may transmit the final key pairs to the vehicle. Refer to FIG. 5 for a more specific explanation of the step (step S170) of transmitting the final key pairs to the vehicle.

[0089] Figure 5 is a flowchart showing a specific example of the process in which an authentication-related authority transmits a final key pair to a vehicle in chronological order.

[0090] Referring to FIG. 5, in step S171, the certification authority may receive a first encryption public key for public key encryption from the vehicle.

[0091] In step S173, the certification authority may generate a second encryption public key by extending the key based on the first encryption public key through the registration authority.

[0092] In step S175, the certification authority may encrypt each of the final key pairs using the second encryption public key through the certificate issuing authority.

[0093] In step S177, the certification authority may transmit the encrypted final key pairs to the vehicle.

[0094] FIG. 6 is a diagram illustrating an algorithm for a vehicle to generate an initial key to obtain an implicit certificate according to an embodiment of the present specification.

[0095] Referring to FIG. 6, it can be seen that the implicit certificate issuance method according to the embodiment of the present specification is a certificate issuance method based on ML-DSA (Module-Lattice-based Digital Signature Algorithm).

[0096] The National Institute of Standards and Technology (NIST) conducted a technology competition for quantum-resistant public-key algorithms to standardize Post-Quantum Cryptography (PQC) technology, and PQC-DSA algorithms such as Falcon, Dilithium, and Sphincs+, as well as KEM algorithms such as Kyber, were selected as NIST PQC standards.

[0097] ML-DSA is a technique derived from Crystal-Dilithium among the selected schemas, and is based on the Module Learning With Errors (MLWE) problem. Table 1 below shows the parameter set of the ML-DSA algorithm.

[0098]

[0099] Referring to FIG. 6, a key generation process based on ML-DSA is shown. The algorithm shown in FIG. 6 can use ML-DSA-65 of Table 1. Additionally, the algorithm in FIG. 6 can use ML-KEM of any security level, including ML-KEM-786, which has the same security level as ML-DSA-65.

[0100] The vehicle can generate the initial key pair, i.e., the caterpillar key, through the algorithm of FIG. 6. At all security levels of ML-DSA, the private key consists of vectors s1 and s2, which are composed of polynomials whose coefficients are small values ​​within the range [-η,η]. It belongs to a ring. The key generation algorithm samples s1 and s2 using rejection sampling. In other words, the key generation algorithm samples s1 and s2 by setting η, a parameter value that sets the rejection sampling range, to 1. The public key t is calculated using the following mathematical formula.

[0101]

[0102] In the above mathematical formula, A is It means the public matrix of.

[0103] Referring to line 3 of Fig. 6, it can be seen that the same public matrix A is used to achieve the homomorphic property.

[0104] Referring to line 4 of FIG. 6, it can be seen that the initial private key among the initial key pairs is sampled within a range where the polynomial coefficient η for key generation is set to 1. Through the algorithm of FIG. 6, η in the generation of the initial key pair is 1, but η in the key pair used for digital signature is set to 4. That is, the certificate issuance method according to the embodiment of the present specification generates the initial key pair under the condition that η = 1, but uses a key with η = 4 for the certificate public key and the public key used for certificate verification, so that the certificate can be issued efficiently while complying with relevant standards.

[0105] An initial key pair (pk) including the initial public key and the private key generated by the vehicle using the algorithm of FIG. 6 V ,sk V ) can be generated. In the BKE process, the above initial key pair may correspond to a caterpillar key. The vehicle is the initial public key (pk) among the above initial key pair. V ,sk V ) is transmitted to the registration authority among the above certification-related authorities.

[0106] The algorithm of Fig. 6 is such that the registration authority uses the intermediate public key pk i The process of generating, where the above certificate issuing authority generates the above ACA public key pk ACA and the above ACA private key sk ACA The process of generating and the above random public key PK rand and the above random private key sk rand The same can be applied to the process of creating.

[0107] Figure 7 is a diagram showing an algorithm in which a certification authority generates an intermediate public key through key expansion based on an initial public key.

[0108] The above-mentioned registration authority performs key expansion based on the initial public key using the algorithm of FIG. 7, thereby obtaining multiple intermediate public keys pk iGenerates an intermediate public key. In the BKE process, the intermediate public key may correspond to a cocoon key. Due to the isomorphic nature of the intermediate public key, it has a range of η = 2.

[0109] Subsequently, the registration authority may randomly shuffle multiple intermediate public keys generated through key expansion based on the initial public keys received from multiple vehicles, and transmit the shuffled multiple intermediate public keys to the certificate issuing authority.

[0110] Figure 8 is a diagram showing an algorithm in which a certification authority generates a final public key based on an intermediate public key. Figure 9 is a diagram showing an algorithm in which a certification authority generates a final private key.

[0111] The certificate issuing authority of the aforementioned certification-related authority generates the aforementioned random public key and the aforementioned random private key to calculate the aforementioned final key pair. In the BKE process, the aforementioned final key pair may be a concept corresponding to a butterfly key.

[0112] Referring to FIG. 8, the intermediate public key pk received by the certificate issuing authority from the registration authority i (η = 2) and the above random public key pk rand The above final public key based on (η = 1) You can verify the process of generating it. This process is the certificate public key U, which is the public key of the implicit certificate. i As a procedure to generate, the random public key is added to the intermediate public key. As a result, the final public key η will have a value of 3.

[0113] Referring to FIG. 9, the certificate issuing authority uses the random private key sk rand (η = 1) where the above ACA private key sk, which is the private key of the above certificate issuing authority, is located. ACA The above final private key having the range η = 2 by combining (η = 1). Creates. Through this, sk rand and sk ACA Ensures the reliability of the certificate while maintaining the confidentiality of.

[0114] Subsequently, in order to achieve connectionlessness of PQ-BKE and to prevent the registration authority from decrypting it, the certificate issuing authority may encrypt the final key pair and transmit it to the vehicle through the registration authority. At this time, the certificate issuing authority may encrypt the final key pair using the ML-KEM encryption algorithm. Specifically, the certificate issuing authority may encrypt the final key pair by performing steps S171 through S175.

[0115] Second Embodiment: Method for a vehicle to receive an implicit certificate

[0116] According to another embodiment of the present specification, a method is disclosed for a vehicle to receive an implicit certificate for an electronic signature in a V2X communication environment.

[0117] FIG. 10 is a flowchart illustrating, in chronological order, a method for a vehicle to receive an implicit certificate according to an embodiment of the present specification.

[0118] Referring to FIG. 10, in step S210, the vehicle may generate an initial key pair including an initial public key and an initial private key by sampling polynomial coefficients (i.e., η = 1) for key generation in the range [-1, 1]. At this time, the initial key pair may be generated through the algorithm of FIG. 6.

[0119] The vehicle can transmit the initial private key among the initial key pair to an authentication-related authority.

[0120] In step S230, the vehicle may receive a final key pair comprising a final public key and a final private key generated based on the initial public key. At this time, the final public key may be generated by combining polynomial coefficients within the range [-3, 3] based on the polynomial coefficients of the initial public key (i.e., η = 3). Specifically, the vehicle may receive the final public key with η = 3, generated through a combination of the polynomial coefficients of the intermediate public key (i.e., η = 2), generated through key expansion based on the initial public key, and the random public key (i.e., η = 1). Additionally, the final private key may be generated by combining polynomial coefficients within the range [-2, 2] (i.e., η = 2). Specifically, the vehicle may receive the final private key (η = 2), generated by a combination of the random private key (η = 1) and the ACA private key (η = 1).

[0121] In steps S250 and S270, the vehicle can generate a certificate private key based on the initial private key and the final private key. Additionally, the vehicle can set the final public key as the certificate public key. For a more specific explanation of the step (step S250) in which the vehicle generates the certificate private key, refer to FIG. 11 for a moment.

[0122] Figure 11 is a flowchart showing specific examples of the process of decrypting the final key pair received by the vehicle and the process of generating the certificate private key in chronological order.

[0123] Referring to FIG. 11, in step S251, the vehicle may generate an encryption key for public key encryption and a decryption key for decrypting the final key pair received from the certification authority. At this time, the encryption key and the decryption key form a pair, and the encryption key may be the first encryption public key.

[0124] The above first encryption public key is used to generate the above second encryption public key through key expansion by the registration authority among the above certification-related authorities, and the above certificate issuing authority among the above certification-related authorities can encrypt the above final public key pair using the above second encryption public key.

[0125] In step S253, the vehicle can decrypt the final key pair using the decryption key.

[0126] In step S255, the vehicle can generate a certificate private key based on the initial private key and the final private key. The vehicle generates the certificate private key u i Refer to Fig. 12 to explain the process of generating.

[0127] Figure 12 is a diagram showing an algorithm to explain the process of a vehicle generating a certificate private key based on an initial private key.

[0128] Referring to FIG. 12, the vehicle is the initial private key sk V Intermediate private key sk based on (η = 1) i (η = 2) can be generated.

[0129] Afterwards, the vehicle is the aforementioned intermediate private key sk i and the above final private key Based on the above certificate private key u i It can generate. In this case, the certificate private key u generated based on the polynomial coefficients of the intermediate private key (i.e., η = 2) and the polynomial coefficients of the final private key (i.e., η = 2). i The polynomial coefficients of are generated by combining within the range [-4, 4].

[0130] The vehicle is the above final public key certificate public key U i It can be set to.

[0131] Figure 13 is a diagram showing an algorithm for verifying a certificate issued to a vehicle.

[0132] According to FIG. 13, the vehicle has the above-mentioned certificate private key u i After generating it, the validity of the issued implicit certificate can be verified. Specifically, the vehicle uses the private key u of the aforementioned certificate. i Using the above certificate public key U i It can verify, and more specifically, the above certificate public key U i of The value contains the ACA public key pk, which is the public key of the aforementioned certificate issuing authority. ACA t of ACA Added values value The validity of the above certificate public key can be verified by comparing it with the value. At this time, the above ACA public key pk ACA ACA is a public key that is pre-distributed to all vehicles and related entities in a V2X communication environment, representing the public key of the certificate issuing authority, and all entities within the network use the ACA public key to perform an authentication process based on the trust of the certificate issuing authority.

[0133] Third Embodiment: A method for a vehicle to communicate with another entity using a certificate

[0134] According to another embodiment of the present specification, a method is disclosed in which a vehicle communicates with another entity using a certificate in a V2X communication environment.

[0135] FIG. 14 is a flowchart showing, in chronological order, a method for a vehicle to communicate with entities around the vehicle using a certificate issued according to an embodiment of the present specification.

[0136] Referring to FIG. 14, in step S310, the vehicle can generate a certificate public key and a certificate private key based on the final key pair received from a certification authority.

[0137] At this time, the certificate public key and certificate private key can be generated by the vehicle sampling polynomial coefficients for key generation in the range [-1, 1] to generate an initial key pair including an initial public key and an initial private key, transmitting the initial public key to the certification-related authority, receiving from the certification-related authority the final key pair including a final public key and a final private key generated based on the initial public key, generating a certificate private key based on the initial private key and the final private key, and setting the final public key as the certificate public key.

[0138] The above final public key can be generated by combining polynomial coefficients in the range [-3, 3] based on the polynomial coefficients of the above initial public key (i.e., η = 3). More specifically, the above final public key is generated based on the above intermediate public key and the above random public key, and can be generated by combining the above intermediate public key (η = 2) and the above random public key (η = 1) generated through key expansion based on the above initial public key.

[0139] The above final private key can be generated by combining polynomial coefficients in the range [-2, 2] (i.e., η = 2). More specifically, the above final private key can be generated by combining the above random private key (η = 1) and the above ACA private key (η = 1).

[0140] The above certificate private key can be generated by combining polynomial coefficients in the range [-4, 4] based on the polynomial coefficients of the above initial private key and the above final private key. More specifically, the above certificate private key can be generated by combining the above intermediate private key (η = 2) and the above final private key (η = 2) generated by the vehicle.

[0141] The vehicle can generate an encryption key for public key encryption and a decryption key for decrypting the final key pair received from the certification-related authority.

[0142] The final key pair received by the vehicle may be encrypted using the encryption key.

[0143] The vehicle can decrypt the final key pair using a decryption key, generate the certificate private key based on the initial private key and the final private key, and set the final public key as the certificate public key.

[0144] In step S330, the vehicle can generate an electronic signature based on the private key of the certificate.

[0145] In step S350, the vehicle can generate a Secure Protocol Data Unit (SPDU) structure containing the electronic signature and the certificate public key, and transmit the SPDU to the entity.

[0146] Fourth Embodiment: Method for entities around a vehicle to verify an electronic signature

[0147] According to another embodiment of the present specification, a method is disclosed for verifying an electronic signature received from a vehicle by an entity around a vehicle in a V2X communication environment. In this case, the entity may include another vehicle that has received the electronic signature from the vehicle.

[0148] FIG. 15 is a flowchart illustrating, in chronological order, a method for verifying an electronic signature received by a vehicle surrounding entity according to an embodiment of the present specification.

[0149] Referring to FIG. 15, in step S410, the entity may receive an SPDU containing an electronic signature and a certificate public key from the vehicle. At this time, the certificate public key may be generated by generating an intermediate public key by key expansion based on an initial public key generated by randomly sampling polynomial coefficients for key generation in the range [-1, 1], and by setting polynomial coefficients in the range [-3, 3] based on the intermediate public key.

[0150] In step S430, the entity may generate a verification public key for electronic signature verification by combining the certificate public key and the ACA public key received from the certificate issuing authority. At this time, the ACA public key is a public key issued to all vehicles by the certificate issuing authority, and refers to a public key generated with polynomial coefficients set in the range [-1, 1].

[0151] In step S450, the entity can verify the digital signature based on the verification public key. More specifically, the verification public key is generated by combining the certificate public key (η = 3) and the ACA public key (η = 1). Alternatively, the verification public key can be generated by combining polynomial coefficients in the range [-4, 4] based on the polynomial coefficients of the certificate public key and the polynomial coefficients of the ACA public key (i.e., η = 4).

[0152] FIG. 16 is a diagram showing the overall process of different vehicles communicating through certificates issued according to an embodiment in a V2X communication environment.

[0153] Referring to FIG. 16, a vehicle that generates an electronic signature and transmits it to surrounding entities may be represented as “Vehicle A,” and another vehicle that receives and verifies the electronic signature may be represented as “Vehicle B.” In this case, the entities may include not only vehicles but also all communicable objects around the vehicle, such as pedestrians, networks, and infrastructure.

[0154] In Fig. 16, represents an electronic signature generated according to an embodiment of the present specification, and BSM is a Basic Safety Message, which means a message designed to convey safety-related information in V2X communication between vehicles or between a vehicle and infrastructure.

[0155] Vehicle A uses the above certificate private key u i The above electronic signature including BSM based on Generate, BSM, and the above certificate public key U i and the above electronic signature You can generate an SPDU containing and transmit it to Vehicle B.

[0156] Vehicle B receives the above SPDU and the certificate public key U i Regarding the above ACA public key pk ACA By adding Calculate the value, second The digital signature for the BSM can be verified by comparing it with the value.

Claims

1. A method for a certification authority to issue an implicit certificate for an electronic signature in a V2X (Vehicle-to-Everything) communication environment, A step of receiving the initial public key of the initial key pair generated by the vehicle from the vehicle; A step of generating multiple intermediate public keys by extending the key based on the initial public key through a Registration Authority (RA); A step of generating multiple final key pairs by generating multiple final public keys and final private keys, each paired with said final public keys, based on said intermediate public keys through an Authorization Certificate Authority (ACA); and The method includes the step of transmitting the above final key pairs to the vehicle; The above initial key pair includes the above initial public key and initial private key, and A method for issuing an implicit certificate, characterized in that the initial public key and the initial private key are each generated by randomly sampling polynomial coefficients for key generation within the range [-1, 1].

2. In Paragraph 1, The step of generating the above intermediate public keys is, A method for issuing an implicit certificate, further comprising the step of randomly mixing intermediate public keys generated from initial public keys received from multiple vehicles.

3. In Paragraph 1, The above intermediate public keys are each, A method for issuing an implicit certificate, characterized by being generated by combining polynomial coefficients in the range [-2, 2] based on the polynomial coefficients of the initial public key.

4. In Paragraph 1, The step of generating the above final key pairs is, A step of generating a random key pair including a random public key and a random private key through the above-mentioned certificate issuing authority; A step of generating the final public keys by combining the intermediate public keys generated through the registration authority and the random public key: and A method for issuing an implicit certificate, comprising the step of generating final private keys by combining the ACA private key, which is the private key of the certificate issuing authority, and the random private key.

5. In Paragraph 4, The above random public key is, Polynomial coefficients are generated by randomly sampling from the range [-1, 1], and The above final public key is, A method for issuing an implicit certificate, characterized in that polynomial coefficients are combined and generated within the range [-3, 3] based on the polynomial coefficients of the intermediate public key and the polynomial coefficients of the random public key.

6. In Paragraph 4, The step of transmitting the above final key pairs to the vehicle is, A step of receiving a first encryption public key for public key encryption from the above vehicle; A step of generating a second encryption public key by expanding the key based on the first encryption public key through the registration authority; A step of encrypting each of the final key pairs using the second encryption public key through the certificate issuing authority; and A method for issuing an implicit certificate, comprising the step of transmitting encrypted final key pairs to the vehicle.

7. A method for a vehicle to obtain an implicit certificate for electronic signatures in a V2X (Vehicle-to-Everything) communication environment, A step of generating an initial key pair including an initial public key and an initial private key by sampling polynomial coefficients for key generation in the range [-1, 1]; A step of transmitting the above initial public key to a certification authority; A step of receiving a final key pair including a final public key and a final private key generated based on the initial public key from the aforementioned certification-related authority; and The method includes the step of generating a certificate private key based on the initial private key and the final private key, and setting the final public key as the certificate public key; The above final public key is generated by combining polynomial coefficients within the range [-3, 3] based on the polynomial coefficients of the above initial public key, and The above final private key is generated by combining polynomial coefficients in the range [-2, 2], and A method for issuing an implicit certificate, wherein the certificate private key is generated by combining polynomial coefficients in the range [-4, 4] based on the polynomial coefficients of the initial private key and the polynomial coefficients of the final private key.

8. In Paragraph 7, The above final public key is, It is generated based on an intermediate public key created by extending the above initial public key, and The above intermediate public key is, A method for issuing an implicit certificate, characterized by being generated by combining polynomial coefficients in the range [-2, 2] based on the polynomial coefficients of the initial public key.

9. In Paragraph 7, The step of generating the above-mentioned certificate private key and setting the above-mentioned final public key as the certificate public key is A step of generating an encryption key for public key encryption and a decryption key for decrypting the final key pair received from the certification-related authority; A step of decrypting the final key pair using the decryption key; and The method includes the step of generating the certificate private key based on the initial private key and the final private key, and setting the final public key as the certificate public key; The above final key pair is, A method for obtaining an implicit certificate characterized by being encrypted through the aforementioned certification-related authority using the aforementioned encryption key.

10. A method for a vehicle to communicate with another entity using a certificate in a V2X (Vehicle-to-Everything) communication environment, A step of generating a certificate public key and a certificate private key based on the final key pair received by the vehicle from a certification authority; A step of generating an electronic signature based on the private key of the certificate above; and The method includes the step of transmitting a Secure Protocol Data Unit (SPDU) containing the electronic signature and the certificate public key to the entity; wherein The step of generating the above-mentioned certificate public key and certificate private key is, A step of generating an initial key pair including an initial public key and an initial private key by sampling polynomial coefficients for key generation in the range [-1, 1]; A step of transmitting the above initial public key to the above certification-related authority; A step of receiving the final key pair, comprising a final public key and a final private key generated based on the initial public key, from the aforementioned certification-related authority; and The method includes the step of generating a certificate private key based on the initial private key and the final private key, and setting the final public key as the certificate public key. The above final public key is generated by combining polynomial coefficients within the range [-3, 3] based on the polynomial coefficients of the above initial public key, and The above final private key is generated by combining polynomial coefficients in the range [-2, 2], and A communication method using a certificate, wherein the certificate private key is generated by combining polynomial coefficients in the range [-4, 4] based on the polynomial coefficients of the initial private key and the polynomial coefficients of the final private key.

11. In Paragraph 10, The above final public key is, It is generated based on an intermediate public key created by extending the above initial public key, and The above intermediate public key is, A communication method using a certificate, characterized by being generated by combining polynomial coefficients in the range [-2, 2] based on the polynomial coefficients of the initial public key.

12. In Paragraph 10, The step of generating the above-mentioned certificate private key and setting the above-mentioned final public key as the certificate public key is A step of generating an encryption key for public key encryption and a decryption key for decrypting the final key pair received from the certification-related authority; A step of decrypting the final key pair using the decryption key; and The method includes the step of generating the certificate private key based on the initial private key and the final private key, and setting the final public key as the certificate public key; The above final key pair is, A communication method using a certificate characterized by being encrypted using the above encryption key.

13. A method for verifying an electronic signature received from a vehicle by an entity around a vehicle in a V2X (Vehicle-to-Everything) communication environment, A step of receiving a Secure Protocol Data Unit (SPDU) containing an electronic signature and a certificate public key from the above vehicle; A step of generating a verification public key for electronic signature verification by combining the above-mentioned certificate public key and the ACA public key received from the Certificate Authority (ACA); and The method includes the step of verifying the electronic signature based on the verification public key; The above certificate public key is generated by generating an intermediate public key through key expansion based on an initial public key generated by randomly sampling polynomial coefficients for key generation within the range [-1, 1], and is generated by setting polynomial coefficients within the range [-3, 3] based on the intermediate public key. The above ACA public key is a public key issued for all vehicles by the certificate issuing authority, generated by sampling polynomial coefficients within the range [-1, 1], and An electronic signature verification method characterized in that the verification public key is generated by combining polynomial coefficients in the range [-4, 4] based on the polynomial coefficients of the certificate public key and the polynomial coefficients of the ACA public key.