Additional algorithms and identifiers for elliptic curve cryptography in pkix
Sponsored Links
This presentation is the property of its rightful owner.
1 / 9

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX PowerPoint PPT Presentation


  • 66 Views
  • Uploaded on
  • Presentation posted in: General

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX. Dan Brown, Certicom Research November 10, 2004. Purpose of I-D. New algorithm identifiers for: NIST recommended curves (FIPS 186-2) New random curve generation ECDSA with new SHAs ECDH & ECMQV with new SHAs

Download Presentation

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Dan Brown, Certicom Research

November 10, 2004


Purpose of I-D

  • New algorithm identifiers for:

    • NIST recommended curves (FIPS 186-2)

    • New random curve generation

    • ECDSA with new SHAs

    • ECDH & ECMQV with new SHAs

    • Key derivation, wrap & confirmation

    • Restricting certificates to certain algorithms

New-ECC-in-PKIX


Parallel Standardization

  • Revision of ANSI X9.62 (ECDSA)

    • New ECDSA syntax (but no key management)

  • Additional Algs and Ids for RSA in PKIX

    • New SHAs, New Algs (OAEP, PSS)

New-ECC-in-PKIX


NIST Recommended Curves

  • FIPS 186-2 recommended 15 curves

  • Old curves named in:

    • Old X9.62-1998

    • RFC 3279

  • Some old curves have potential security problems: e.g. defined over GF(2m) with m composite

New-ECC-in-PKIX


New Random Curve Generation

  • The base point generator G can now be derived randomly from a seed

  • Reason: mainly as a precautionary measure

  • Requires update to EC domain syntax

New-ECC-in-PKIX


ECDSA with New SHAs

  • FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and SHA-512

  • X9.62 requires hash for message digesting be determined from EC key size

  • Except in backwards compatibility mode where SHA-1 can be used

  • New syntax is even more flexible

New-ECC-in-PKIX


New ECDSA Algorithm Identification

  • OID ecdsa-with-Recommended (with no parameters) means to use new X9.62 required hash (function of key size)

  • OID ecdsa-with-Sha1 for backwards compatible mode

  • OID ecdsa-with-Specified allows for other combinations (just for flexibility)

New-ECC-in-PKIX


ECDH and ECMQV

  • ECDH and ECMQV are used in RFC 3278 (an Informational in S/MIME)

  • Old syntax from X9.63 (SHA1 only)

  • New syntax needed for new SHAs

  • Perhaps for new KDFs (NIST Sp 800-56)

  • Perhaps for new key confirmation (800-56)

  • Perhaps for new key wraps

New-ECC-in-PKIX


Algorithm Restriction

  • Current cert key usage restrictions very general (signing, encrypting, etc)

  • Finer algorithm restrictions may be needed

  • Algorithm restrictions with a new Alg. Id. in SubjectPublicKeyInfo algorithm for:

    • Elliptic curve

    • Set of ECC algorithms

New-ECC-in-PKIX


  • Login