《ISO-15946-4-2004.pdf》由会员分享,可在线阅读,更多相关《ISO-15946-4-2004.pdf(54页珍藏版)》请在三一文库上搜索。
1、 Reference number ISO/IEC 15946-4:2004(E) ISO/IEC 2004 INTERNATIONAL STANDARD ISO/IEC 15946-4 First edition 2004-10-01 Information technology Security techniques Cryptographic techniques based on elliptic curves Part 4: Digital signatures giving message recovery Technologies de linformation Techniqu
2、es de scurit Techniques cryptographiques bases sur les courbes elliptiques Partie 4: Signatures digitales offrant un message de recouvrement Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=NASA Technical Standards 1/9972545001 Not for Resale,
3、04/07/2007 01:33:15 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 15946-4:2004(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefac
4、es which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Syst
5、ems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely
6、event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 2004 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including pho
7、tocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Sw
8、itzerland ii ISO/IEC 2004 All rights reserved Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=NASA Technical Standards 1/9972545001 Not for Resale, 04/07/2007 01:33:15 MDTNo reproduction or networking permitted without license from IHS -,-,- I
9、SO/IEC 15946-4:2004(E) ISO/IEC 2004 All rights reserved iii Contents Page Forewordiv Introduction v 1 Scope 1 2 Normative references . 1 3 Terms and definitions. 2 4 Symbols and abbreviated terms 3 4.1 Symbols and notation. 3 4.2 Coding convention, length and field size. 4 4.3 Legend for figures. 4
10、5 Processes 5 5.1 Parameter Generation Process . 5 5.2 Signature Generation Process 6 5.3 Signature Verification Process 6 6 General Model for Digital Signatures giving message recovery . 7 6.1 Requirements 7 6.2 Summary of Functions and Procedures. 8 6.3 Signature generation process . 10 6.4 Signat
11、ure verification process 12 7 ECNR (Elliptic Curve Nyberg-Rueppel message recovery signature). 14 7.1 Domain and User Parameters 14 7.2 Signature Generation Process 15 7.3 Signature Verification Process 15 8 ECMR (Elliptic Curve Miyaji message Recovery signature). 16 8.1 Domain and User Parameters 1
12、6 8.2 Signature Generation Process 16 8.3 Signature Verification Process 17 9 ECAO (Elliptic Curve Abe-Okamoto message recovery signature). 17 9.1 Domain and User Parameters 18 9.2 Signature Generation Process 18 9.3 Signature Verification Process 19 10 ECPV (Elliptic Curve Pintsov-Vanstone message
13、recovery signature) 20 10.1 Domain and User Parameters 20 10.2 Signature Generation Process 20 10.3 Signature Verification Process 21 11 ECKNR (Elliptic Curve KCDSA/Nyberg-Rueppel message recovery signature) 22 11.1 Domain and User Parameters 22 11.2 Signature Generation Process 22 11.3 Signature Ve
14、rification Process 23 Annex A (informative) Numerical examples. 24 Annex B (informative) Summary of properties of mechanisms. 44 Annex C (informative) Information about patents. 46 Bibliography . 47 Copyright International Organization for Standardization Provided by IHS under license with ISO Licen
15、see=NASA Technical Standards 1/9972545001 Not for Resale, 04/07/2007 01:33:15 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 15946-4:2004(E) iv ISO/IEC 2004 All rights reserved Foreword ISO (the International Organization for Standardization) and IEC (the Internati
16、onal Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields
17、 of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joi
18、nt technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committe
19、e are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. ISO/IEC 15946-4 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniqu
20、es. ISO/IEC 15946 consists of the following parts, under the general title Information technology Security techniques Cryptographic techniques based on elliptic curves: Part 1: General Part 2: Digital signatures Part 3: Key establishment Part 4: Digital signatures giving message recovery Copyright I
21、nternational Organization for Standardization Provided by IHS under license with ISO Licensee=NASA Technical Standards 1/9972545001 Not for Resale, 04/07/2007 01:33:15 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 15946-4:2004(E) ISO/IEC 2004 All rights reserved v
22、 Introduction A potentially useful class of public-key cryptosystems consists of those schemes based on elliptic curves defined over finite fields. Elliptic curve based public-key cryptosystems make use of the following two observations: Every elliptic curve is endowed with a binary operation “+“ un
23、der which it forms a finite abelian group. The group law on elliptic curves extends in a natural way to a “discrete exponentiation“ on the point group of the elliptic curve. Based on the discrete exponentiation on an elliptic curve one can easily derive elliptic curve analogues of the well-known pub
24、lic-key schemes of Diffie-Hellman and ElGamal type. The security of such a public-key system depends on the difficulty of determining discrete logarithms in the group of points of an elliptic curve. For similar parameter sizes, this problem is - with current knowledge - much harder than the factoriz
25、ation of integers or the computation of discrete logarithms in a finite field. Indeed, since V. Miller and N. Koblitz in 1985 independently suggested the use of elliptic curves for public-key cryptographic systems, no substantial progress in tackling the elliptic curve discrete logarithm problem has
26、 been reported. In general, only algorithms that take exponential time are known to determine elliptic curve discrete logarithms. Thus, it is possible for elliptic curve based public-key systems to use much shorter parameters than the RSA system or the classical discrete logarithm based systems that
27、 make use of the multiplicative group of some finite field. This yields significantly shorter digital signatures and system parameters and allows for computations using smaller integers. In order to meet the increasing interest in elliptic curve based public key technology, this part of ISO/IEC 1594
28、6 defines methods for implementing elliptic curve digital signature techniques that give message recovery. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) draw attention to the fact that it is claimed that compliance with this Internationa
29、l Standard may involve the use of patents. The ISO and IEC take no position concerning the evidence, validity and scope of this patent right. The holder of this patent right has assured the ISO and IEC that he is willing to negotiate licences under reasonable and non-discriminatory terms and conditi
30、ons with applicants throughout the world. In this respect, the statement of the holder of this patent right is registered with the ISO and IEC. Information may be obtained from: ISO/IEC JTC 1/SC 27 Standing Document 8 (SD8) “Patent Information“ Standing Document 8 (SD8) is publicly available at: htt
31、p:/www.ni.din.de/sc27 Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of patent rights other than those identified above. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Copyright International
32、 Organization for Standardization Provided by IHS under license with ISO Licensee=NASA Technical Standards 1/9972545001 Not for Resale, 04/07/2007 01:33:15 MDTNo reproduction or networking permitted without license from IHS -,-,- Copyright International Organization for Standardization Provided by I
33、HS under license with ISO Licensee=NASA Technical Standards 1/9972545001 Not for Resale, 04/07/2007 01:33:15 MDTNo reproduction or networking permitted without license from IHS -,-,- INTERNATIONAL STANDARD ISO/IEC 15946-4:2004(E) ISO/IEC 2004 All rights reserved 1 Information technology Security tec
34、hniques Cryptographic techniques based on elliptic curves Part 4: Digital signatures giving message recovery 1 Scope ISO/IEC 15946 specifies public-key cryptographic techniques based on elliptic curves. These techniques include methods for the establishment of keys for symmetric cryptographic techni
35、ques, and digital signature mechanisms. The scope of this part of ISO/IEC 15946 is restricted to cryptographic techniques based on elliptic curves defined over finite fields (including the special cases of prime order and characteristic two). The representation of elements of the underlying finite f
36、ield (i.e. which basis is used) is outside the scope of this part of ISO/IEC 15946. This part of ISO/IEC 15946 specifies five different mechanisms for digital signatures giving message recovery. The mathematical background and general techniques necessary for implementing the mechanisms are describe
37、d in ISO/IEC 15946-1. Digital signature mechanisms can be divided into the following two categories. ? When the whole message has to be stored and/or transmitted with the signature, the mechanism is named a signature mechanism with appendix. ? When the whole message, or part of it, can be recovered
38、from the signature, the mechanism is named a signature mechanism giving message recovery. The mechanisms specified in this part of ISO/IEC 15946 fall into the second category, i.e. they give either total or partial message recovery. For elliptic curve based digital signature schemes with appendix, s
39、ee ISO/IEC 15946-2. NOTE In applications where a combination of algorithms is used to provide security services or when an algorithm is parameterised by the choice of a combination of other algorithms such a combination may be specified as a sequence of object identifiers assigned to these algorithm
40、s or by including the object identifiers of lower layer algorithms in the parameters field of the algorithm identifier structure specifying higher layer algorithms (for example by specifying the object identifier of a hash function as a parameter in the algorithm identifier structure of a signature
41、scheme). The algorithm identifier structure is defined in ISO/IEC 9594-8. NOTE The encoding of object identifiers is application dependent. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited a
42、pplies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 9796-3, Information technology Security techniques Digital signature schemes giving message recovery Part 3: Discrete logarithm based mechanisms Copyright International Organizat
43、ion for Standardization Provided by IHS under license with ISO Licensee=NASA Technical Standards 1/9972545001 Not for Resale, 04/07/2007 01:33:15 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 15946-4:2004(E) 2 ISO/IEC 2004 All rights reserved ISO/IEC 10118 (all pa
44、rts), Information technology Security techniques Hash-functions ISO/IEC 14888-1, Information technology Security techniques Digital signatures with appendix Part 1: General ISO/IEC 15946-1:2002, Information technology Security techniques Cryptographic techniques based on elliptic curves Part 1: Gene
45、ral 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/IEC 15946-1 and the following apply. 3.1 collision-resistant hash-function ISO/IEC 10118-1 A hash-function satisfying the following property: it is computationally infeasible to find any two distinc
46、t inputs which map to the same output. NOTE Computational feasibility depends on the specific security requirements and environment. 3.2 data input A data item which depends on the entire message or a portion of the message and which forms a part of the input to the signature generation process. 3.3
47、 domain parameter ISO/IEC14888-1 A data item which is common to and known by or accessible to all entities within the domain. NOTE The set of domain parameters may contain data items such as hash-function identifier, length of the hash- token, length of the recoverable part of the message, finite fi
48、eld parameters, elliptic curve parameters, or other parameters specifying the security policy in the domain. 3.4 hash-code ISO/IEC 10118-1 The string of bits which is the output of a hash-function. 3.5 hash-function ISO/IEC 10118-1 A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties: for a given output, it is computationally infeasible to find an input which maps to this output; and for a given input, it is comp