1、BS ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques BS ISO/IEC 11770-3:2015 Incorporating corrigendum May 2016 BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS ISO/IEC 11770-3:2015 Inform
2、ation technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques Technologies de linformation Techniques de scurit Gestion de cls Partie 3: Mcanismes utilisant des techniques asymtriques INTERNATIONAL STANDARD ISO/IEC 11770-3 Reference number ISO/IEC 11770-3:2015(E)
3、 Third edition 2015-08-01 ISO/IEC 2015 BS ISO/IEC 11770-3:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 11770-3:2015, incorporating corrigendum May 2016. It supersedes BS ISO/IEC 11770-3:2008 which is withdrawn. The start and finish of text introdu
4、ced or altered by corrigendum is indicated in the text by tags. Text altered by ISO/IEC corrigendum May 2016 is indicated in the text by . The UK participation in its preparation was entrusted by Technical Committee IST/33, IT - Security techniques, to Subcommittee IST/33/2, Cryptography and Securit
5、y Mechanisms. A list of organizations represented on this subcommittee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Publ
6、ished by BSI Standards Limited 2016 ISBN 978 0 580 94641 7 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 August 2015. Amendments/corrigenda issu
7、ed since publication Date Text affected 31 July 2016 Implementation of ISO/IEC corrigendum May 2016Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques Technologies de linformation Techniques de scurit Gestion de cls Partie 3: Mcanismes utilisant d
8、es techniques asymtriques INTERNATIONAL STANDARD ISO/IEC 11770-3 Reference number ISO/IEC 11770-3:2015(E) Third edition 2015-08-01 ISO/IEC 2015 BS ISO/IEC 11770-3:2015ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015, Published in Switzerland All rights reserved. Unless o
9、therwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the addre
10、ss below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 11770-3:2015(E) BS ISO/IEC 11770-3:2015ISO/IEC 11770-3:2015(E)Foreword v
11、Introduction vi 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 2 4 Symbols and abbreviations . 7 5 Requirements 9 6 Key derivation functions 9 7 Cofactor multiplication 9 8 Key commitment 10 9 Key c onfirmation .11 10 Framework for key management .12 10.1 General 12 10.2 Key agreeme
12、nt between two parties 12 10.3 Key agreement between three parties.12 10.4 Secret key transport 13 10.5 Public key transport 13 11 Key agreement .14 11.1 Key agreement mechanism 1.14 11.2 Key agreement mechanism 2.15 11.3 Key agreement mechanism 3.16 11.4 Key agreement mechanism 4.18 11.5 Key agreem
13、ent mechanism 5.18 11.6 Key agreement mechanism 6.19 11.7 Key agreement mechanism 7.21 11.8 Key agreement mechanism 8.22 11.9 Key agreement mechanism 9.23 11.10 Key agreement mechanism 10 .24 11.11 Key agreement mechanism 11 .25 11.12 Key agreement mechanism 12 .26 12 Secret key transport .27 12.1 S
14、ecret key transport mechanism 1 .27 12.2 Secret key transport mechanism 2 .28 12.3 Secret key transport mechanism 3 .30 12.4 Secret key transport mechanism 4 .32 12.5 Secret key transport mechanism 5 .33 12.6 Secret key transport mechanism 6 .35 13 Public key transport 36 13.1 Public key transport m
15、echanism 1 .36 13.2 Public key transport mechanism 2 .37 13.3 Public key transport mechanism 3 .38 Annex A (normative) Object identifiers .40 Annex B (informative) Properties of key establishment mechanisms .47 Annex C (informative) Examples of key derivation functions .49 Annex D (informative) Exam
16、ples of key establishment mechanisms .56 Annex E (informative) Examples of elliptic curve based key establishment mechanisms60 ISO/IEC 2015 All rights reserved iii Contents PageBS ISO/IEC 11770-3:2015ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015, Published in Switzerl
17、and All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be reque
18、sted from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 11770-3:2015(E) BS ISO/IEC 11770-3:2015I
19、SO/IEC 11770-3:2015(E)Foreword v Introduction vi 1 Scope . 1 2 Normative references 1 3 T erms and definitions . 2 4 Symbols and abbreviations . 7 5 Requirements 9 6 Key derivation functions 9 7 Cofactor multiplication 9 8 Key commitment 10 9 Key c onfirmation .11 10 Framework for key management .12
20、 10.1 General 12 10.2 Key agreement between two parties 12 10.3 Key agreement between three parties.12 10.4 Secret key transport 13 10.5 Public key transport 13 11 Key agreement .14 11.1 Key agreement mechanism 1.14 11.2 Key agreement mechanism 2.15 11.3 Key agreement mechanism 3.16 11.4 Key agreeme
21、nt mechanism 4.18 11.5 Key agreement mechanism 5.18 11.6 Key agreement mechanism 6.19 11.7 Key agreement mechanism 7.21 11.8 Key agreement mechanism 8.22 11.9 Key agreement mechanism 9.23 11.10 Key agreement mechanism 10 .24 11.11 Key agreement mechanism 11 .25 11.12 Key agreement mechanism 12 .26 1
22、2 Secret key transport .27 12.1 Secret key transport mechanism 1 .27 12.2 Secret key transport mechanism 2 .28 12.3 Secret key transport mechanism 3 .30 12.4 Secret key transport mechanism 4 .32 12.5 Secret key transport mechanism 5 .33 12.6 Secret key transport mechanism 6 .35 13 Public key transpo
23、rt 36 13.1 Public key transport mechanism 1 .36 13.2 Public key transport mechanism 2 .37 13.3 Public key transport mechanism 3 .38 Annex A (normative) Object identifiers .40 Annex B (informative) Properties of key establishment mechanisms .47 Annex C (informative) Examples of key derivation functio
24、ns .49 Annex D (informative) Examples of key establishment mechanisms .56 Annex E (informative) Examples of elliptic curve based key establishment mechanisms60 ISO/IEC 2015 All rights reserved iii Contents Page 10 13BS ISO/IEC 11770-3:2015ISO/IEC 11770-3:2015(E)Annex F (informative) Example of bilin
25、ear pairing based key establishment mechanisms .68 Annex G (informative) Secret key transport 71 Annex H (informative) Patent information .76 Bibliography .80 iv ISO/IEC 2015 All rights reserved BS ISO/IEC 11770-3:2015ISO/IEC 11770-3:2015(E) Foreword ISO (the International Organization for Standardi
26、zation) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization
27、to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO
28、and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document s
29、hould be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held respons
30、ible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given f
31、or the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following U
32、RL: Foreword - Supplementary information The committee responsible for this document is ISO/IEC JTC 1, Information technology, SC 27, Security techniques. This third edition cancels and replaces the second edition (ISO/IEC 11770-3:2008 with ISO/IEC 11770-3/Cor1:2009), which has been technically revi
33、sed. ISO/IEC 11770 consists of the following parts, under the general title Information technology Security techniques Key management: Part 1: Framework Part 2: Mechanisms using symmetric techniques Part 3: Mechanisms using asymmetric techniques Part 4: Mechanisms based on weak secrets Part 5: Group
34、 key management Part 6: Key derivation Further parts may follow. ISO/IEC 2015 All rights reserved vBS ISO/IEC 11770-3:2015ISO/IEC 11770-3:2015(E)Annex F (informative) Example of bilinear pairing based key establishment mechanisms .68 Annex G (informative) Secret key transport 71 Annex H (informative
35、) Patent information .76 Bibliography .80 iv ISO/IEC 2015 All rights reserved BS ISO/IEC 11770-3:2015ISO/IEC 11770-3:2015(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardiza
36、tion. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutua
37、l interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and
38、 those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (s
39、ee www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of
40、 the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific
41、 terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/IEC JTC 1, Information te
42、chnology, SC 27, Security techniques. This third edition cancels and replaces the second edition (ISO/IEC 11770-3:2008 with ISO/IEC 11770-3/Cor1:2009), which has been technically revised. ISO/IEC 11770 consists of the following parts, under the general title Information technology Security technique
43、s Key management: Part 1: Framework Part 2: Mechanisms using symmetric techniques Part 3: Mechanisms using asymmetric techniques Part 4: Mechanisms based on weak secrets Part 5: Group key management Part 6: Key derivation Further parts may follow. ISO/IEC 2015 All rights reserved vBS ISO/IEC 11770-3
44、:2015ISO/IEC 11770-3:2015(E) Introduction This part of ISO/IEC 11770 describes schemes that can be used for key agreement and schemes that can be used for key transport. Public key cryptosystems were first proposed in the seminal paper by Diffie and Hellman in 1976. The security of many such cryptos
45、ystems is based on the presumed intractability of solving the discrete logarithm problem over certain finite fields. Other public key cryptosystems such as RSA are based on the difficulty of the integer factorization problem. A third class of public key cryptosystems is based on elliptic curves. The
46、 security of such a public key system depends on the difficulty of determining discrete logarithms in the group of points of an elliptic curve. When based on a carefully chosen elliptic curve, this problem is, with current knowledge, much harder than the factorization of integers or the computation
47、of discrete logarithms in a finite field of comparable size. All known general purpose algorithms for determining elliptic curve discrete logarithms take exponential time. Thus, it is possible for elliptic curve based public key systems to use much shorter parameters than the RSA system or the class
48、ical discrete logarithm based systems that make use of the multiplicative group of some finite field. This yields significantly shorter digital signatures, as well as system parameters, and allows for computations using smaller integers. This part of ISO/IEC 11770 includes mechanisms based on the fo
49、llowing: finite fields; elliptic curves; bilinear pairings. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) draw attention to the fact that it is claimed that compliance with this International Standard may involve the use of patents. ISO and IEC take no position concerning the evidence, validity and scope of these patent rights. The holders of these patent rights hav
