The present invention relates to a public and private key cryptographic method. It can be used in all applications in which it is necessary to ensure confidentiality of the messages transmitted over any channel and/or to identify with certitude a device with which messages have been exchanged.
The confidentiality of messages transmitted between two devices A and B over any communication channel is obtained by encryption of the information transmitted in order to make it unintelligible to any persons for whom it is not intended. The sure identification of a message is for its part based on the calculation of the digital signature of a message.
In practice, two types of cryptographic method can be used, the so-called symmetrical one, with secret keys, a well-known example of which is the DES . . . the so-called asymmetric one, using a pair of public and private keys and described in “Public-key cryptosystem” in “New Directions in Cryptography”, IEEE Transactions on Information Theory, November 1976, by Messrs Diffie and Hellman. A well-known example of an asymmetric method is the RSA, from the name of its inventors Ronald Rivest, Adi Shamir and Leonard Adleman. A description of this RSA method can be found in U.S. Pat. No. 4,405,829.
In the invention, the concern is more particularly with an asymmetric cryptographic method.
An encryption method according to an asymmetric cryptographic method consists mainly, for a transmitter A which wishes to confidentially send a message to a destination B, in taking cognisance, for example in a directory, of the public key KB of the destination B, applying in the encryption method E to the message m to be transmitted, using this public key, and sending, to the destination B, the resulting cryptogramc: c=EKB(m).
This method consists mainly, for the destination B, in receiving the cryptogram c, and decrypting it in order to obtain the original message m, applying the private key K′b which it alone knows in the decryption method D to the cryptogram c: m=Dk′b(c).
According to this method anyone can send an encrypted message to the destination B, but only the latter is capable of decrypting it.
Normally an asymmetric cryptographic method is used for the generation/verification of the signature. In this context, a user who wishes to prove his identity uses a private key, known to him alone, to produce a digital signature s of a message m, a signature which he transmits to the destination device. The latter implements the verification of the signature using the public key of the user. Any device thus has the capability of verifying the signature of a user, taking cognisance of the public key of this user and applying it in the verification algorithm. However, only the user concerned has the ability to generate the correct signature using his private key. This method is for example much used in access control systems or banking transactions. It is in general coupled with the use of an encryption method, for encryption of the signature before transmitting it.
For this generation/verification of digital signatures, it is possible to use in practice asymmetric cryptographic methods dedicated to this application, such as the DSA (Digital Signature Algorithm), which corresponds to an American standard proposed by the US National Institute of Standards and Technology. It is also possible to use the RSA, which has the property of being able to be used both in encryption and in signature generation.
In the invention, the concern is with a cryptographic method which can be used for the encryption of messages and for the generation of a digital signature. In the current state of the art, only the RSA, of which there exist many variant implementations, offers this double functionality.
The RSA comprises a step of generating the public K and private K′ keys for a given device in which the procedure is as follows:
two distinct large prime numbers p and q are chosen,
their product n=p·q is calculated,
a prime number is chosen with the lowest common multiple of (p−1) (q−1). In practice, e is often taken to be equal to 3.
The public key K is then formed by the pair of parameters (n,e) and the secret key K′ is formed by the pair of parameters (p,q).
By choosing p and q of large size, their product n is also of large size. n is therefore very difficult to factorise: it is ensured that it will not be possible to find the secret key K′=(p,q) from a knowledge of n.
The method of encryption of a number m representing a message M, 0≦m<n then consists in performing the following calculation:c=EB(m)=me mod n 
by means of the public key K=(n,e).
The decryption method then for its part consists of the following reverse calculation:m=cd mod(n)
by means of the private key K′=(p,q), kept secret, where
  d  =            1      e        ⁢    mod    ⁢                  ⁢          (              p        -        1            )        ⁢                  (                  q          -          1                )            .      
It has been seen that the RSA has the particularity of being able to be used for signature verification. The corresponding method of signature generation by a user A consists in using the decryption method with the secret key in order to produce the signature s of a number m representing a message. Thus: s=md mod n.
This signature s is transmitted to a destination B. The latter, who knows m (for example, A transmits s and m), verifies the signature by performing the reverse operation, that is to say using the encryption method with the public key of the transmitter A. That is to say he calculates v=se mod n, and verifies v=m.
In general, to improve the security of such a signature verification method, a hash function is first applied to the number m before calculating the signature, which can consist of permutations of bits and/or a compression.
When a message M to be encrypted or signed is spoken of, it is a case of course of digital messages, which can result from prior digital coding. These are in practice strings of bits, whose binary size (the number of bits) can be variable.
However, a cryptography method such as the RSA is such that it makes it possible to encrypt, with the public key (n,e), any number between 0 and n−1. In order to apply it to a message M of any size, it is therefore necessary in practice to divide this message into a series of numbers m which will each satisfy the condition 0≦m<n. Then the encryption method is applied to each of these numbers. Hereinafter, the concern is therefore with the application of the cryptographic method to a number m representing the message M. m can be equal to M, or be only a part thereof. Hereinafter m is used indifferently to designate the message or a number representing the message.
One object of the invention is an asymmetric cryptography method different from those based on the RSA.
One object of the invention is a method based on other properties, which can be applied either to the encryption of messages or to the generation of signatures.
One object of the invention is a cryptography method which affords, in certain configurations, a more rapid processing time.
As characterised, the invention relates to a cryptography method according to claim 1.