Search

CN-122001590-A - Method and system for accelerating signature time in HBS running by using dummy signature

CN122001590ACN 122001590 ACN122001590 ACN 122001590ACN-122001590-A

Abstract

A method for speeding up the signature time in the HBS run using dummy signatures, and a method for more efficiently using limited computing resources in signature generation is presented.

Inventors

  • Cristina. Van fredendal
  • Frank Castells
  • Dennis Elizabeth. Petronella Wibakir
  • Eva Van Nickirk

Assignees

  • 恩智浦有限公司

Dates

Publication Date
20260508
Application Date
20251104
Priority Date
20241107

Claims (10)

  1. 1. A computer-implemented method of generating authentication path data for a cryptographic signature generation process, the method implemented by a processing resource, the method comprising: traversing a hash tree, wherein the hash tree is associated with a signature generation process on a computing device; Identifying a future cryptographic signature to be generated in association with the hash tree based on the traversal of the hash tree; Applying a signature generation threshold to the identified future cryptographic signature to identify a future cryptographic signature that exceeds the signature generation threshold and a cryptographic signature that does not exceed the signature generation threshold, wherein the signature generation threshold is based on a calculation associated with the identified cryptographic signature; Wherein if at least one future cryptographic signature exceeds the signature generation threshold, the method additionally includes generating a dummy signature for use as part of the authentication path data associated with the at least one future cryptographic signature.
  2. 2. The method of claim 1, further comprising receiving a request for a cryptographic signature.
  3. 3. The method of claim 2, wherein the request is from an external computing resource or generated by a computing process implemented on the processing resource.
  4. 4. The method according to any of the preceding claims, wherein the signature generation threshold is based on a maximum signature generation time and a signature node calculation cost.
  5. 5. The method of claim 4, wherein the maximum signature generation time is specified by an entity that performs or requests the signature generation.
  6. 6. A method according to any preceding claim, further comprising optimizing the signature generation threshold by iteratively modifying the signature generation threshold prior to applying the signature generation threshold.
  7. 7. The method according to any of the preceding claims, wherein the dummy signature is based on a randomly generated character sequence.
  8. 8. A non-transitory computer readable storage medium having stored thereon executable instructions that, as a result of being executed by a processor of a computer system, cause the computer system to perform at least the method of any of claims 1 to 7.
  9. 9. A system configured to implement the method of claims 1 to 12.
  10. 10. A processing resource comprising a processor and a memory, the memory comprising executable instructions that, as a result of execution by the processor, cause a reader to perform the method of claims 1 to 7.

Description

Method and system for accelerating signature time in HBS running by using dummy signature Technical Field The present invention relates to a method and system. In particular, but not exclusively, the invention relates to the generation of authentication path data. Background Digital signatures are critical to our cryptographic infrastructure. For example, they support authentication infrastructure in the form of digital certificates on the internet, which is increasingly being turned to resource-constrained devices as part of the internet of things (IoT). In order for such small devices to have access to digital signatures, it is important to minimize resource requirements and optimize the efficiency of the involved algorithms (e.g., key generation, signature and verification). The generation of these signatures can be computationally intensive and this can be problematic for signature generation for devices with limited memory resources. Aspects and embodiments are contemplated in view of the foregoing. Disclosure of Invention Aspects relate to generating a cryptographic signature and authentication path data to be used with or as part of the cryptographic signature. Viewed from a first aspect, a computer-implemented method of generating authentication path data for a cryptographic signature generation process is provided. The authentication path may include data to be used to support a cryptographic signature generated by the authentication. The data may include a series of hashes corresponding to nodes on the authentication path. The method may be implemented by a processing resource. The processing resources may be hardware or software implemented. The processing resources may be hosted by the embedded computing device. The processing resources may be hosted within the computing device. The processing resource may be a cryptographic processing resource configured to perform cryptographic operations. The processing resource may receive an input request from an external computing entity or another computing entity sharing the same chip. The method may include traversing a hash tree. The traversal may include an application computer program including instructions that may be used to access each node on the hash tree to determine a hash value. The hash tree may be associated with a signature generation process on the computing device. The signature generation process may implement hash-based signature generation in accordance with, for example, the Leghton-Micali signature (LMS) or the extended Merkle signature scheme (XMSS). The method may identify future cryptographic signatures to be associated with or generated using the hash tree based on the traversal of the hash tree. The method may include applying a signature generation threshold to the identified future cryptographic signature to identify future cryptographic signatures that exceed the signature generation threshold and cryptographic signatures that do not exceed the signature generation threshold. The signature generation threshold may be based on a calculation associated with the identified cryptographic signature. If at least one future cryptographic signature exceeds a signature generation threshold, the method additionally includes generating a dummy signature to be used as part of the authentication path data associated with the at least one future cryptographic signature. The method may additionally include updating the state of the underlying hash tree to indicate that future signatures have been used or have dummy signatures associated therewith. The dummy signature is a cryptographic signature that may be generated in response to identifying the computationally intensive signature. The dummy signature is a cryptographic signature generated, for example, according to the LMS or XMSS method described in the NIST special publication 800-208, which NIST special publication 800-208 assigns the cryptographic signature to a randomly generated sequence of characters. The randomly generated character sequence does not correspond to a message or data item to be signed in response to input from a user or computing entity. That is, the dummy signature is generated in response to the identification of the computationally intensive signature because the dummy signature is a cryptographic signature used to sign the random character sequence. The randomly generated character sequence may be randomly or pseudo-randomly generated by the processing resource or it may be retrieved from an external entity. The dummy signature may also be generated in association with a message consisting of only zeros, as a cryptographic signature may be generated to sign a zero sequence of message lengths specified by the user, the processing resource, or a manufacturer of the processing resource, or an entity external to the processing resource. The use of all zero messages in this response further improves the signature time. Further, according to NIST special publication