Embed Size (px)
Citation preview
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 1/26
IEEE P1363 Overview
8/22/00 1
IEEE P1363:
Standard Specifications forP ublic-Key Cryptography
David JablonCTO Phoenix Technologies
Treasurer, IEEE P1363
NIST Key Management WorkshopNovember 1-2, 2001
November 1, 2001 NIST Key Management Workshop 2
Outlinen History to date
l Scope & objective of Std 1363-2000 & P1363a
l Highlights of development process
l Review of techniques in Std 1363-2000 & P1363a
l Rationale
l P1363 Study Group begins P1363.1 & P1363.2
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 2/26
IEEE P1363 Overview
8/22/00 2
November 1, 2001 NIST Key Management Workshop 3
Outline (2)
n The presentl Current status of P1363a l Scope and objective of P1363.1l Contents of P1363.1l Scope and objective of P1363.2 l Contents of P1363.2
November 1, 2001 NIST Key Management Workshop 4
Outline (3)n The future
l Schedule for completion of P1363.1 and P1363.2 l Public-key techniques registry l Second amendment to Std 1363-2000: P1363b
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 3/26
IEEE P1363 Overview
8/22/00 3
November 1, 2001 NIST Key Management Workshop 5
The History
November 1, 2001 NIST Key Management Workshop 6
P 1363 W orking GroupHistory
n First meeting January 1994
n Up to now, 31 working group meetings
n 1997: project split into P1363 & P1363a
n 2000: began exploring additional topics
n Late 2000: began P1363.1 & P1363.2
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 4/26
IEEE P1363 Overview
8/22/00 4
November 1, 2001 NIST Key Management Workshop 7
W hat is I EEE Std 1363-2000 ?
n 1994: P1363 Working Group commissionedto start project
l Original P1363 became “IEEE Std 1363-2000”
n IEEE standard for public-key cryptographybased on three families:
l Discrete Logarithm (DL) systems l Elliptic Curve Discrete Logarithm (EC) systems
l Integer Factorization (IF) systems n Sponsored by Microprocessor Standards
Committee
November 1, 2001 NIST Key Management Workshop 8
Objective and Scope of P1363
n Objectivel Facilitate interoperable security by providing
comprehensive coverage of public-key techniques
n Scopel Cryptographic parameters and keys l Key agreement, digital signatures, encryption
l Recommended supporting techniques
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 5/26
IEEE P1363 Overview
8/22/00 5
November 1, 2001 NIST Key Management Workshop 9
W hat is P1363a ?
n 1997: MSC approved P1363 WG to beginwork on amendment to Std 1363-2000
n Supplements techniques in Std 1363-2000
n Intended that the two documents will bemerged in future revisions
n Scope was limited to schemes in the samefamilies and same general goals as in Std1363-2000
November 1, 2001 NIST Key Management Workshop 10
Objective and Scope of P1363a
n Objectivel To facilitate the completion of the base standard
while providing a forum for discussing additional techniques
l To “fill in the gaps” from Std 1363-2000
n Scopel Cryptographic parameters and keys l Key agreement, digital signatures, encryption l Recommended supporting techniques
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 6/26
IEEE P1363 Overview
8/22/00 6
November 1, 2001 NIST Key Management Workshop 11
IEEE Std 1363-2000 and
P1363an IEEE Std 1363-2000 (base standard)
l Established techniques l Goal: timely publication (First balloted early 1999,
approved as a standard January 2000)
n P1363a (supplement)l Techniques in same families that have become
“established” since work ended on P1363 l Call for more submissions in April 1998 l Goal: fill in gaps, assure thorough study and input
from the community
November 1, 2001 NIST Key Management Workshop 12
Existing P ublic-KeyStandards
n Standards are essential in several areas:l Cryptographic schemes l Key representation
n Some work in each area, but no singlecomprehensive standard ...
l ANSI X9.30, X9.31, X9.42, X9.44, X9.62, X9.63 l ISO/IEC 9796, 10118, 14888, 15946 l PKCS, SEC, EESS l FIPS 180-1, 186-2 l NESSIE, CryptRec
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 7/26
IEEE P1363 Overview
8/22/00 7
November 1, 2001 NIST Key Management Workshop 13
1363 Standards:
A Different Kind of Standardn A set of tools from which implementations
and other standards can be builtl Framework with selectable components:
applications are expected to “profile” the standard n Example: signature scheme is based on a particular
mathematical primitive (e.g., RSA) with selectable keysizes and “auxiliary” functions (hashing, messageencoding)
l
Functional specifications rather than interface specifications
November 1, 2001 NIST Key Management Workshop 14
Highlightsn Comprehensive
l Three families; a variety of algorithms
n Adoption of new developmentsl “Unified” model of key agreement l “Provably secure” schemes l Key and parameter validation
n A forum for discussing public-key cryptol Active discussion mailing list l Web site for new research contributions
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 8/26
IEEE P1363 Overview
8/22/00 8
November 1, 2001 NIST Key Management Workshop 15
Std 1363-2000 and P 1363a:
Contentsn Overviewn Referencesn Definitionsn Types of cryptographic
techniquesn Math conventionsn DL primitivesn
EC primitivesn IF primitives
n Key agreement schemesn Signature schemesn Encryption schemesn Message encodingn Key derivationn Auxiliary functions
n Annexes
November 1, 2001 NIST Key Management Workshop 16
P rimitives vs. Schemesn Primitives:
l Basic mathematical operations n e.g., c = m e mod n
l Limited-size inputs, limited security
n Schemes:l Operations on byte strings, including hashing,
formatting, other auxiliary functions l Often unlimited-size inputs, stronger security
n Implementations can conform with either
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 9/26
IEEE P1363 Overview
8/22/00 9
November 1, 2001 NIST Key Management Workshop 17
Key Agreement Schemes
n General modell Establish valid domain parameters l Select one or more valid private keys l Obtain other party’s one or more “public keys” l Validate the public keys (optional)l Compute a shared secret value l
Apply key derivation function
November 1, 2001 NIST Key Management Workshop 18
Signature Schemesn General model
l Signature operation n Select a valid private key
n Apply message encoding method and signature primitiveto produce a signature
l Verification operation n Obtain the signer’s “public key”
n Validate the public key (optional)n Apply verification primitive and message encoding
method to verify the signature
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 10/26
IEEE P1363 Overview
8/22/00 10
November 1, 2001 NIST Key Management Workshop 19
Encryption Schemes
n General modell Encryption operation
n Obtain the recipient’s public keyn Validate the public key (optional)n Apply message encoding method and encryption
primitive to produce a ciphertext with optionalauthentication
l Decryption operation n Select the appropriate private keyn Apply decryption primitive and message encoding
method to obtain plaintextn Optionally authenticate the validity of the plaintext
November 1, 2001 NIST Key Management Workshop 20
Summary of Schemes (1)n Discrete Logarithm (DL) systems
l P1363: Diffie-Hellman, MQV key agreement l P1363: DSA, Nyberg-Rueppel signatures l P1363a: Pintsov-Vanstone signatures, signatures
with message recovery (Nyberg-Rueppel 2)l P1363a: DLIES encryption
n Elliptic Curve (EC) systemsl Elliptic curve analogs of DL systems
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 11/26
IEEE P1363 Overview
8/22/00 11
November 1, 2001 NIST Key Management Workshop 21
Summary of Schemes (2)
n Integer Factorization (IF) systemsl P1363: RSA encryption l P1363: RSA, Rabin-Williams signatures l P1363a: EPOC encryption l P1363a: ESIGN signatures, IF signatures with
message recovery
November 1, 2001 NIST Key Management Workshop 22
Message Encoding and KeyDerivation
n Message encoding methodsl For signature l For encryption
n Key derivation function
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 12/26
IEEE P1363 Overview
8/22/00 12
November 1, 2001 NIST Key Management Workshop 23
Auxiliary Functions
n Hash functionsl Hash from arbitrary length input
n Mask generation functionsl Arbitrary length input and output l Hash (message || 0) || hash (message || 1) || ...
November 1, 2001 NIST Key Management Workshop 24
Annexesn Annex A: Number-theoretic background
n Annex B: Conformance
n Annex C: Rationale
n Annex D: Security considerations
n Annex E: Formats
n Annex F: Bibliographyn Test vectors to be posted on the web
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 13/26
IEEE P1363 Overview
8/22/00 13
November 1, 2001 NIST Key Management Workshop 25
Annex A
n Annex A: Number-theoretic background(Informative)
l Supporting algorithms and methods for efficiently performing operations specified in main body
November 1, 2001 NIST Key Management Workshop 26
Annex Bn Annex B: Conformance (Normative)
l Provide implementers with a consistent language for claiming conformance with parts of this standard
l An implementation may claim conformance with one or more primitives, schemes or scheme operations
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 14/26
IEEE P1363 Overview
8/22/00 14
November 1, 2001 NIST Key Management Workshop 27
Annex C
n Annex C: Rationale (Informative)l Some questions the working group considered . . .l Why is the standard the way it is?
November 1, 2001 NIST Key Management Workshop 28
General Questionsn Why three families?
l All are well understood, established in marketplace to varying degrees
l Different attributes: performance, patents, etc.l Goal is to give standard specifications, not to give
a single choice
n Why no key sizes?l Security requirements vary by application, strength
of techniques vary over time l Goal is to give guidance but leave flexibility
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 15/26
IEEE P1363 Overview
8/22/00 15
November 1, 2001 NIST Key Management Workshop 29
Annex D
n Annex D: Security Considerations(Informative)
l Key management (authentication, generation,validation)
l Security parameters (key sizes)l Random number generation l Emphasis on common uses and secure practice
November 1, 2001 NIST Key Management Workshop 30
Annex En Annex E: Formats (Informative)
l Suggested interface specifications, such as representation of mathematical objects and scheme outputs
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 16/26
IEEE P1363 Overview
8/22/00 16
November 1, 2001 NIST Key Management Workshop 31
Annex F
n Annex F: Bibliography (Informative)l Well, it’s a bibliography . . .
November 1, 2001 NIST Key Management Workshop 32
Annex Gn Annex G: Patent Information (Informative)
l Collection of information that the working group has gathered on intellectual property relating to techniques in the standard (new in P1363a)
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 17/26
IEEE P1363 Overview
8/22/00 17
November 1, 2001 NIST Key Management Workshop 33
Study Group
n March 2000: Study Group for Future Public-Key Cryptography Standards commissioned
n Considered broader scopes for future projectsrelating to public-key crypto
n Determined where all previously out-of-scopesubmissions fit
n Completed work in 2001 with 2 new projectsand additional ideas for the future
November 1, 2001 NIST Key Management Workshop 34
New P roject I deasn Key and domain parameter generation and validationn Threshold cryptosystemsn Key establishment protocolsn Entity authentication protocolsn Proof-of-possession protocolsn Guidelines for implementations
l
updated security considerations, key size recommendations,interoperability issues, etc.
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 18/26
IEEE P1363 Overview
8/22/00 18
November 1, 2001 NIST Key Management Workshop 35
New P roject Ideas (2)
n Conformance testing
n ASN.1 syntax
n S-expression syntax
n Identification schemes
n Password-based security protocols
n Fast implementation techniques and number-theoretic algorithms
n New families of cryptosystems
November 1, 2001 NIST Key Management Workshop 36
The Present
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 19/26
IEEE P1363 Overview
8/22/00 19
November 1, 2001 NIST Key Management Workshop 37
P 1363a: Current Status
n Document approved by working group andMSC for ballot
n IEEE is assembling ballot body
n Only minor edits and voting remain
November 1, 2001 NIST Key Management Workshop 38
W hat is P 1363.1?n MSC approved WG to begin P1363.1
l Standard Specifications for Public-Key Cryptography: Techniques Based on Hard Problems over Lattices
n Grew out of Study Group work in 2000
n Public-key techniques in a fourth family
n Parallel, but independent effort to P1363an Submissions for new techniques close
October 1, 2001
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 20/26
IEEE P1363 Overview
8/22/00 20
November 1, 2001 NIST Key Management Workshop 39
Objective and Scope of
P1363.1n Objective
l To continue to facilitate interoperable security by providing comprehensive coverage of public-key techniques in the “lattice family”
n Scopel Cryptographic parameters and keys l Digital signatures, encryption in lattice family l Recommended supporting techniques l Updated specification format
November 1, 2001 NIST Key Management Workshop 40
Contents of P 1363.1n Same general contents as Std 1363-2000
(overview, references, definitions, mathconventions, etc.)
n Shortest Vector Problem (SVP) Primitivesn Signature and Encryption schemesn Message Encoding Methodsn
Additional Auxiliary Functionsn Number theoretic backgroundn Security Considerations
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 21/26
IEEE P1363 Overview
8/22/00 21
November 1, 2001 NIST Key Management Workshop 41
Summary of P 1363.1
Schemesn Shortest Vector (SV) Systems
l NTRU encryption l NSS signatures (tentative)
November 1, 2001 NIST Key Management Workshop 42
W hat is P 1363.2?n MSC approved the P1363 WG to begin work on
P1363.2 – Standard Specifications for Public-KeyCryptography: Password-based Techniques
n Grew out of Study Group work in 2000n Public-key techniques utilizing “low-grade” secretsn Parallel, but independent effort to P1363a and
P1363.1
n Submissions for new techniques close October 1,2001
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 22/26
IEEE P1363 Overview
8/22/00 22
November 1, 2001 NIST Key Management Workshop 43
Objective and Scope of
P1363.2n Objective
l Continue to facilitate interoperable security by providing comprehensive coverage of public-key techniques using passwords and other low-grade secrets
n Scopel Cryptographic parameters and keys
l Password-based key establishment &authentication
l Recommended supporting techniques
November 1, 2001 NIST Key Management Workshop 44
Contents of P 1363.2n Same general structure as Std 1363-2000
l overview, references, definitions, math conventions, etc.n Random element derivation, key derivation & secret
value derivation primitivesn Password-authenticated key retrieval and key
agreement schemesl balanced and augmented trust models
n Password-authenticated key agreement protocolsn
Additional auxiliary functionsn Number theoretic backgroundn Security considerations
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 23/26
IEEE P1363 Overview
8/22/00 23
November 1, 2001 NIST Key Management Workshop 45
Summary of P 1363.2
Schemesn Discrete Log Systems
l Password-authenticated key agreement n AMP, PAK, SPEKE, SRP (tentative)
n Balanced and Augmented schemes
l Password-authenticated key retrieval n FK (tentative)
n Elliptic Curve Systemsl Analogs to DL systems
November 1, 2001 NIST Key Management Workshop 46
The Future
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 24/26
IEEE P1363 Overview
8/22/00 24
November 1, 2001 NIST Key Management Workshop 47
Schedule for Completion of
P 1363.1 and P 1363.2n October 2001: Both projects closing
submissions
n 2002: Working group to review eachdocument
n Late 2002: Balloting for P1363.1 expected
n Early 2003: Balloting for P1363.2 expected
November 1, 2001 NIST Key Management Workshop 48
P ublic-Key Registryn Discussed at great length in study group and
later in working group
n IEEE may support effort
n Three documentsl Process document l Format specification (Standard)l Registry of public-key cryptographic techniques
n Continuing investigation to determineusefulness and feasibility
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 25/26
IEEE P1363 Overview
8/22/00 25
November 1, 2001 NIST Key Management Workshop 49
P 1363b: A 2 nd Amendment to
Std 1363-2000n Continue adding mature techniques
n Maintain the currency of the document
n Working group currently considering theproject
November 1, 2001 NIST Key Management Workshop 50
Meetings in Late 2001n August 23-24 (after Crypto) Santa Barbara
l working group presentations l working group meeting
n October 22-24 – Seoul, Koreal Cancelled l ... next meeting to be announced ...
8/8/2019 p1363 (b-w)
http://slidepdf.com/reader/full/p1363-b-w 26/26
IEEE P1363 Overview
November 1, 2001 NIST Key Management Workshop 51
Current IEEE P 1363 Officers
n Chair: William Whytel [email protected]
n Vice Chair: Don Johnsonl [email protected]
n Secretary: Ari Singerl [email protected]
n Treasurer: David Jablonl [email protected]
n Primary Editor: David Sternl [email protected]
November 1, 2001 NIST Key Management Workshop 52
For More Informationn IEEE P1363 Web site
l http://grouper.ieee.org/groups/1363 l publicly accessible research contributions and
document submissions
n Two mailing listsl general announcements list, low volume l technical discussion list, high volume l everybody is welcome to subscribe
n web site contains subscription information
![ボーリング調査 報告書サンプルw: :w: :w: :w:Ý: : : :w v ] ï/ .\6Î:w.\ ± B.BKBM çBLBOB" ï/ .\ ±B* G.\6ÎBU- B&B"Aï.\6ÎB2 G.\6ÎB+B B) û0² ö 'W.\6ÎBU- B&B"Aï.\6ÎB2](https://img.pdfslide.net/doc/110x75/5c9714f709d3f20d198b72f7/-w-w-w-wy-w-v-i-6iw.jpg)
![ã Ä. :w BGB B B ã Ä. :w H ] G f. z ]:w :w :w :w M? ! : :w :w LÛ · 2017-01-20 · Maaaring magdonate ng kontribusyon sa ( ²9Õ nang ( ( Þ9Õ 'Õ 4.= ÿ B2@¾@¾ (B.@¾@¾B*BEBLB](https://img.pdfslide.net/doc/110x75/5e4548651cfe0c77b27327ce/-w-bgb-b-b-w-h-g-f-z-w-w-w-w-m-w-w-l-2017-01-20.jpg)
