90 likes | 251 Vues
Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX. Dan Brown, Certicom Research November 10, 2004. Purpose of I-D. New algorithm identifiers for: NIST recommended curves (FIPS 186-2) New random curve generation ECDSA with new SHAs ECDH & ECMQV with new SHAs
E N D
Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX Dan Brown, Certicom Research November 10, 2004
Purpose of I-D • New algorithm identifiers for: • NIST recommended curves (FIPS 186-2) • New random curve generation • ECDSA with new SHAs • ECDH & ECMQV with new SHAs • Key derivation, wrap & confirmation • Restricting certificates to certain algorithms New-ECC-in-PKIX
Parallel Standardization • Revision of ANSI X9.62 (ECDSA) • New ECDSA syntax (but no key management) • Additional Algs and Ids for RSA in PKIX • New SHAs, New Algs (OAEP, PSS) New-ECC-in-PKIX
NIST Recommended Curves • FIPS 186-2 recommended 15 curves • Old curves named in: • Old X9.62-1998 • RFC 3279 • Some old curves have potential security problems: e.g. defined over GF(2m) with m composite New-ECC-in-PKIX
New Random Curve Generation • The base point generator G can now be derived randomly from a seed • Reason: mainly as a precautionary measure • Requires update to EC domain syntax New-ECC-in-PKIX
ECDSA with New SHAs • FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and SHA-512 • X9.62 requires hash for message digesting be determined from EC key size • Except in backwards compatibility mode where SHA-1 can be used • New syntax is even more flexible New-ECC-in-PKIX
New ECDSA Algorithm Identification • OID ecdsa-with-Recommended (with no parameters) means to use new X9.62 required hash (function of key size) • OID ecdsa-with-Sha1 for backwards compatible mode • OID ecdsa-with-Specified allows for other combinations (just for flexibility) New-ECC-in-PKIX
ECDH and ECMQV • ECDH and ECMQV are used in RFC 3278 (an Informational in S/MIME) • Old syntax from X9.63 (SHA1 only) • New syntax needed for new SHAs • Perhaps for new KDFs (NIST Sp 800-56) • Perhaps for new key confirmation (800-56) • Perhaps for new key wraps New-ECC-in-PKIX
Algorithm Restriction • Current cert key usage restrictions very general (signing, encrypting, etc) • Finer algorithm restrictions may be needed • Algorithm restrictions with a new Alg. Id. in SubjectPublicKeyInfo algorithm for: • Elliptic curve • Set of ECC algorithms New-ECC-in-PKIX