1 / 9

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX. Dan Brown, Certicom Research November 10, 2004. Purpose of I-D. New algorithm identifiers for: NIST recommended curves (FIPS 186-2) New random curve generation ECDSA with new SHAs ECDH & ECMQV with new SHAs

waldo
Télécharger la présentation

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX Dan Brown, Certicom Research November 10, 2004

  2. Purpose of I-D • New algorithm identifiers for: • NIST recommended curves (FIPS 186-2) • New random curve generation • ECDSA with new SHAs • ECDH & ECMQV with new SHAs • Key derivation, wrap & confirmation • Restricting certificates to certain algorithms New-ECC-in-PKIX

  3. Parallel Standardization • Revision of ANSI X9.62 (ECDSA) • New ECDSA syntax (but no key management) • Additional Algs and Ids for RSA in PKIX • New SHAs, New Algs (OAEP, PSS) New-ECC-in-PKIX

  4. NIST Recommended Curves • FIPS 186-2 recommended 15 curves • Old curves named in: • Old X9.62-1998 • RFC 3279 • Some old curves have potential security problems: e.g. defined over GF(2m) with m composite New-ECC-in-PKIX

  5. New Random Curve Generation • The base point generator G can now be derived randomly from a seed • Reason: mainly as a precautionary measure • Requires update to EC domain syntax New-ECC-in-PKIX

  6. ECDSA with New SHAs • FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and SHA-512 • X9.62 requires hash for message digesting be determined from EC key size • Except in backwards compatibility mode where SHA-1 can be used • New syntax is even more flexible New-ECC-in-PKIX

  7. New ECDSA Algorithm Identification • OID ecdsa-with-Recommended (with no parameters) means to use new X9.62 required hash (function of key size) • OID ecdsa-with-Sha1 for backwards compatible mode • OID ecdsa-with-Specified allows for other combinations (just for flexibility) New-ECC-in-PKIX

  8. ECDH and ECMQV • ECDH and ECMQV are used in RFC 3278 (an Informational in S/MIME) • Old syntax from X9.63 (SHA1 only) • New syntax needed for new SHAs • Perhaps for new KDFs (NIST Sp 800-56) • Perhaps for new key confirmation (800-56) • Perhaps for new key wraps New-ECC-in-PKIX

  9. Algorithm Restriction • Current cert key usage restrictions very general (signing, encrypting, etc) • Finer algorithm restrictions may be needed • Algorithm restrictions with a new Alg. Id. in SubjectPublicKeyInfo algorithm for: • Elliptic curve • Set of ECC algorithms New-ECC-in-PKIX

More Related