additional algorithms and identifiers for elliptic curve cryptography in pkix
Download
Skip this Video
Download Presentation
Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Loading in 2 Seconds...

play fullscreen
1 / 9

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX - PowerPoint PPT Presentation


  • 89 Views
  • Uploaded on

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX. Dan Brown, Certicom Research November 10, 2004. Purpose of I-D. New algorithm identifiers for: NIST recommended curves (FIPS 186-2) New random curve generation ECDSA with new SHAs ECDH & ECMQV with new SHAs

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX' - felton


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
additional algorithms and identifiers for elliptic curve cryptography in pkix

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Dan Brown, Certicom Research

November 10, 2004

purpose of i d
Purpose of I-D
  • New algorithm identifiers for:
    • NIST recommended curves (FIPS 186-2)
    • New random curve generation
    • ECDSA with new SHAs
    • ECDH & ECMQV with new SHAs
    • Key derivation, wrap & confirmation
    • Restricting certificates to certain algorithms

New-ECC-in-PKIX

parallel standardization
Parallel Standardization
  • Revision of ANSI X9.62 (ECDSA)
    • New ECDSA syntax (but no key management)
  • Additional Algs and Ids for RSA in PKIX
    • New SHAs, New Algs (OAEP, PSS)

New-ECC-in-PKIX

nist recommended curves
NIST Recommended Curves
  • FIPS 186-2 recommended 15 curves
  • Old curves named in:
    • Old X9.62-1998
    • RFC 3279
  • Some old curves have potential security problems: e.g. defined over GF(2m) with m composite

New-ECC-in-PKIX

new random curve generation
New Random Curve Generation
  • The base point generator G can now be derived randomly from a seed
  • Reason: mainly as a precautionary measure
  • Requires update to EC domain syntax

New-ECC-in-PKIX

ecdsa with new shas
ECDSA with New SHAs
  • FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and SHA-512
  • X9.62 requires hash for message digesting be determined from EC key size
  • Except in backwards compatibility mode where SHA-1 can be used
  • New syntax is even more flexible

New-ECC-in-PKIX

new ecdsa algorithm identification
New ECDSA Algorithm Identification
  • OID ecdsa-with-Recommended (with no parameters) means to use new X9.62 required hash (function of key size)
  • OID ecdsa-with-Sha1 for backwards compatible mode
  • OID ecdsa-with-Specified allows for other combinations (just for flexibility)

New-ECC-in-PKIX

ecdh and ecmqv
ECDH and ECMQV
  • ECDH and ECMQV are used in RFC 3278 (an Informational in S/MIME)
  • Old syntax from X9.63 (SHA1 only)
  • New syntax needed for new SHAs
  • Perhaps for new KDFs (NIST Sp 800-56)
  • Perhaps for new key confirmation (800-56)
  • Perhaps for new key wraps

New-ECC-in-PKIX

algorithm restriction
Algorithm Restriction
  • Current cert key usage restrictions very general (signing, encrypting, etc)
  • Finer algorithm restrictions may be needed
  • Algorithm restrictions with a new Alg. Id. in SubjectPublicKeyInfo algorithm for:
    • Elliptic curve
    • Set of ECC algorithms

New-ECC-in-PKIX

ad