Method of elliptic curve digital signature using coefficient splitting - id: 7062043

A method of generating and verifying a cryptographic digital signature using coefficient splitting. The digital signature is formed by first selecting a finite field, an elliptic curve of a first type or a second type, a point P, an integer w.sub.1, and an integer k.sub.1. Next, generating, via coefficient splitting, a point W=w.sub.1P and a point K=k.sub.1P. Next, transforming, K to a bit string K*. Next, combining K*, W, and a message M in a first manner to produce h.sub.1, and in a second manner to produce c. Next, generating s be either s=h.sub.1w.sub.1+ck.sub.1 (mod q), s=(h.sub.1w.sub.1+c)/k.sub.1 (mod q), or s=(h.sub.1k.sub.1+c)/w.sub.1 (mod q). Next, forming the cryptographic digital signature as (K*,s). The digital signature is verified by acquiring the finite field, the elliptic curve, the point P, the point W, the message M, and the cryptographic digital signature (K*,s). Next, computing h.sub.1 and c. Next, selecting (n.sub.0, n.sub.1) from (sc.sup.-1 (mod q), -h.sub.1c.sup.-1 (mod q)), (cs.sup.-1 (mod q), h.sub.1s.sup.-1 (mod q)) or (-ch.sub.1.sup.-1 (mod q), sh.sub.1.sup.-1 (mod q)). Next, generating the point n.sub.0P via coefficient splitting. Next, generating the point n.sub.1W via coefficient splitting. Next, summing the points computed in the last two steps and designating the sum Q. Next, transforming Q to Q*. Lastly, verifying the digital signature (K*,s) if Q*=K*. Otherwise rejecting the cryptographic digital signature (K*,s) as unverified.Method of elliptic curve digital signature using coefficient splitting706204313/06/200628/06/200220061,446Solinas; Jerome A.US Patent and Trademark OfficeGoogle Patent digital signaturemodcoefficient splittingpointdigital signatureelliptic curvenextpoint n.subfinite fieldw.sub