Additional algorithms and identifiers for elliptic curve cryptography in pkix
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX PowerPoint PPT Presentation


  • 58 Views
  • Uploaded on
  • Presentation posted in: General

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX. Dan Brown, Certicom Research November 10, 2004. Purpose of I-D. New algorithm identifiers for: NIST recommended curves (FIPS 186-2) New random curve generation ECDSA with new SHAs ECDH & ECMQV with new SHAs

Download Presentation

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Additional algorithms and identifiers for elliptic curve cryptography in pkix

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Dan Brown, Certicom Research

November 10, 2004


Purpose of i d

Purpose of I-D

  • New algorithm identifiers for:

    • NIST recommended curves (FIPS 186-2)

    • New random curve generation

    • ECDSA with new SHAs

    • ECDH & ECMQV with new SHAs

    • Key derivation, wrap & confirmation

    • Restricting certificates to certain algorithms

New-ECC-in-PKIX


Parallel standardization

Parallel Standardization

  • Revision of ANSI X9.62 (ECDSA)

    • New ECDSA syntax (but no key management)

  • Additional Algs and Ids for RSA in PKIX

    • New SHAs, New Algs (OAEP, PSS)

New-ECC-in-PKIX


Nist recommended curves

NIST Recommended Curves

  • FIPS 186-2 recommended 15 curves

  • Old curves named in:

    • Old X9.62-1998

    • RFC 3279

  • Some old curves have potential security problems: e.g. defined over GF(2m) with m composite

New-ECC-in-PKIX


New random curve generation

New Random Curve Generation

  • The base point generator G can now be derived randomly from a seed

  • Reason: mainly as a precautionary measure

  • Requires update to EC domain syntax

New-ECC-in-PKIX


Ecdsa with new shas

ECDSA with New SHAs

  • FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and SHA-512

  • X9.62 requires hash for message digesting be determined from EC key size

  • Except in backwards compatibility mode where SHA-1 can be used

  • New syntax is even more flexible

New-ECC-in-PKIX


New ecdsa algorithm identification

New ECDSA Algorithm Identification

  • OID ecdsa-with-Recommended (with no parameters) means to use new X9.62 required hash (function of key size)

  • OID ecdsa-with-Sha1 for backwards compatible mode

  • OID ecdsa-with-Specified allows for other combinations (just for flexibility)

New-ECC-in-PKIX


Ecdh and ecmqv

ECDH and ECMQV

  • ECDH and ECMQV are used in RFC 3278 (an Informational in S/MIME)

  • Old syntax from X9.63 (SHA1 only)

  • New syntax needed for new SHAs

  • Perhaps for new KDFs (NIST Sp 800-56)

  • Perhaps for new key confirmation (800-56)

  • Perhaps for new key wraps

New-ECC-in-PKIX


Algorithm restriction

Algorithm Restriction

  • Current cert key usage restrictions very general (signing, encrypting, etc)

  • Finer algorithm restrictions may be needed

  • Algorithm restrictions with a new Alg. Id. in SubjectPublicKeyInfo algorithm for:

    • Elliptic curve

    • Set of ECC algorithms

New-ECC-in-PKIX


  • Login