Download
additional algorithms and identifiers for elliptic curve cryptography in pkix n.
Skip this Video
Loading SlideShow in 5 Seconds..
Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX PowerPoint Presentation
Download Presentation
Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

114 Vues Download Presentation
Télécharger la présentation

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX Dan Brown, Certicom Research November 10, 2004

  2. Purpose of I-D • New algorithm identifiers for: • NIST recommended curves (FIPS 186-2) • New random curve generation • ECDSA with new SHAs • ECDH & ECMQV with new SHAs • Key derivation, wrap & confirmation • Restricting certificates to certain algorithms New-ECC-in-PKIX

  3. Parallel Standardization • Revision of ANSI X9.62 (ECDSA) • New ECDSA syntax (but no key management) • Additional Algs and Ids for RSA in PKIX • New SHAs, New Algs (OAEP, PSS) New-ECC-in-PKIX

  4. NIST Recommended Curves • FIPS 186-2 recommended 15 curves • Old curves named in: • Old X9.62-1998 • RFC 3279 • Some old curves have potential security problems: e.g. defined over GF(2m) with m composite New-ECC-in-PKIX

  5. New Random Curve Generation • The base point generator G can now be derived randomly from a seed • Reason: mainly as a precautionary measure • Requires update to EC domain syntax New-ECC-in-PKIX

  6. ECDSA with New SHAs • FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and SHA-512 • X9.62 requires hash for message digesting be determined from EC key size • Except in backwards compatibility mode where SHA-1 can be used • New syntax is even more flexible New-ECC-in-PKIX

  7. New ECDSA Algorithm Identification • OID ecdsa-with-Recommended (with no parameters) means to use new X9.62 required hash (function of key size) • OID ecdsa-with-Sha1 for backwards compatible mode • OID ecdsa-with-Specified allows for other combinations (just for flexibility) New-ECC-in-PKIX

  8. ECDH and ECMQV • ECDH and ECMQV are used in RFC 3278 (an Informational in S/MIME) • Old syntax from X9.63 (SHA1 only) • New syntax needed for new SHAs • Perhaps for new KDFs (NIST Sp 800-56) • Perhaps for new key confirmation (800-56) • Perhaps for new key wraps New-ECC-in-PKIX

  9. Algorithm Restriction • Current cert key usage restrictions very general (signing, encrypting, etc) • Finer algorithm restrictions may be needed • Algorithm restrictions with a new Alg. Id. in SubjectPublicKeyInfo algorithm for: • Elliptic curve • Set of ECC algorithms New-ECC-in-PKIX