Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Download Presentation

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Loading in 2 Seconds...

- 70 Views
- Uploaded on
- Presentation posted in: General

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Dan Brown, Certicom Research

November 10, 2004

- New algorithm identifiers for:
- NIST recommended curves (FIPS 186-2)
- New random curve generation
- ECDSA with new SHAs
- ECDH & ECMQV with new SHAs
- Key derivation, wrap & confirmation
- Restricting certificates to certain algorithms

New-ECC-in-PKIX

- Revision of ANSI X9.62 (ECDSA)
- New ECDSA syntax (but no key management)

- Additional Algs and Ids for RSA in PKIX
- New SHAs, New Algs (OAEP, PSS)

New-ECC-in-PKIX

- FIPS 186-2 recommended 15 curves
- Old curves named in:
- Old X9.62-1998
- RFC 3279

- Some old curves have potential security problems: e.g. defined over GF(2m) with m composite

New-ECC-in-PKIX

- The base point generator G can now be derived randomly from a seed
- Reason: mainly as a precautionary measure
- Requires update to EC domain syntax

New-ECC-in-PKIX

- FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and SHA-512
- X9.62 requires hash for message digesting be determined from EC key size
- Except in backwards compatibility mode where SHA-1 can be used
- New syntax is even more flexible

New-ECC-in-PKIX

- OID ecdsa-with-Recommended (with no parameters) means to use new X9.62 required hash (function of key size)
- OID ecdsa-with-Sha1 for backwards compatible mode
- OID ecdsa-with-Specified allows for other combinations (just for flexibility)

New-ECC-in-PKIX

- ECDH and ECMQV are used in RFC 3278 (an Informational in S/MIME)
- Old syntax from X9.63 (SHA1 only)
- New syntax needed for new SHAs
- Perhaps for new KDFs (NIST Sp 800-56)
- Perhaps for new key confirmation (800-56)
- Perhaps for new key wraps

New-ECC-in-PKIX

- Current cert key usage restrictions very general (signing, encrypting, etc)
- Finer algorithm restrictions may be needed
- Algorithm restrictions with a new Alg. Id. in SubjectPublicKeyInfo algorithm for:
- Elliptic curve
- Set of ECC algorithms

New-ECC-in-PKIX