Device, method, program, and system

The derandomized hash-and-sign structures with bounded retries, using non-PSF trapdoor functions, address the lack of PO and BU security in electronic signatures, enhancing security for quantum-resistant cryptography.

WO2026140069A1PCT designated stage Publication Date: 2026-07-02NT T INC

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
NT T INC
Filing Date
2024-12-24
Publication Date
2026-07-02

AI Technical Summary

Technical Problem

Existing electronic signature structures lack proof of Plus-One (PO) security and Blind Unforgeability (BU) security when using trapdoor functions other than Preimage-Sampleable Functions (PSF), especially in the context of quantum computing threats.

Method used

Implementing a derandomized hash-and-sign structure with bounded retries, utilizing pseudorandom functions and a trapdoor function other than PSF, to achieve PO and BU security, specifically through the DHASWBR and HHASWBR structures.

Benefits of technology

The proposed structures enhance security by ensuring PO and BU security, allowing for wider implementation in cryptographic fields and improving the security of post-quantum cryptography candidates like UOV and QR-UOV.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure JP2024045653_02072026_PF_FP_ABST
    Figure JP2024045653_02072026_PF_FP_ABST
Patent Text Reader

Abstract

A device according to one aspect comprises: a key generation unit that generates a signature key (sk, s, s') using a public key vk, which has been generated by a key generation algorithm of a trapdoor function, as a verification key vk and using a secret key sk, which has been generated by the key generation algorithm, and a first key s and a second key s', which have been selected from a key space; and a signature generation unit that generates a signature for a message m on the basis of the message m, a counter k, a first pseudo-random function PRF(s, ·), a second pseudo-random function PRF'(s', ·), an inverse function algorithm Inv of the trapdoor function, and a hash function H. The signature generation unit uses xk: = Inv(sk, H(PRF(s, (m, k)), m); PRF'(s', (m, k))) and generates (PRF(s, (m, k)), xk) as said signature by calculating xk for k = 1, ..., B until xk becomes a value other than a symbol that means a failure or until k≥B is reached (where B is an upper limit value).
Need to check novelty before this filing date? Find Prior Art