Loading in 5 sec....

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIXPowerPoint Presentation

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Download Presentation

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Loading in 2 Seconds...

- 78 Views
- Uploaded on
- Presentation posted in: General

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Dan Brown, Certicom Research

November 10, 2004

- New algorithm identifiers for:
- NIST recommended curves (FIPS 186-2)
- New random curve generation
- ECDSA with new SHAs
- ECDH & ECMQV with new SHAs
- Key derivation, wrap & confirmation
- Restricting certificates to certain algorithms

New-ECC-in-PKIX

- Revision of ANSI X9.62 (ECDSA)
- New ECDSA syntax (but no key management)

- Additional Algs and Ids for RSA in PKIX
- New SHAs, New Algs (OAEP, PSS)

New-ECC-in-PKIX

- FIPS 186-2 recommended 15 curves
- Old curves named in:
- Old X9.62-1998
- RFC 3279

- Some old curves have potential security problems: e.g. defined over GF(2m) with m composite

New-ECC-in-PKIX

- The base point generator G can now be derived randomly from a seed
- Reason: mainly as a precautionary measure
- Requires update to EC domain syntax

New-ECC-in-PKIX

- FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and SHA-512
- X9.62 requires hash for message digesting be determined from EC key size
- Except in backwards compatibility mode where SHA-1 can be used
- New syntax is even more flexible

New-ECC-in-PKIX

- OID ecdsa-with-Recommended (with no parameters) means to use new X9.62 required hash (function of key size)
- OID ecdsa-with-Sha1 for backwards compatible mode
- OID ecdsa-with-Specified allows for other combinations (just for flexibility)

New-ECC-in-PKIX

- ECDH and ECMQV are used in RFC 3278 (an Informational in S/MIME)
- Old syntax from X9.63 (SHA1 only)
- New syntax needed for new SHAs
- Perhaps for new KDFs (NIST Sp 800-56)
- Perhaps for new key confirmation (800-56)
- Perhaps for new key wraps

New-ECC-in-PKIX

- Current cert key usage restrictions very general (signing, encrypting, etc)
- Finer algorithm restrictions may be needed
- Algorithm restrictions with a new Alg. Id. in SubjectPublicKeyInfo algorithm for:
- Elliptic curve
- Set of ECC algorithms

New-ECC-in-PKIX