1、INCITS/ISO/IEC 18033-1-2005 (ISO/IEC 18033-1:2005, IDT) Information technology Security techniques Encryption algorithms Part 1: GeneralINCITS/ISO/IEC 18033-1-2005(ISO/IEC 18033-1:2005, IDT)Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo repro
2、duction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 18033-1-2005 ii ITIC 2005 All rights reserved PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typ
3、efaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe
4、Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlik
5、ely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard. Date of ANSI Approval: 11/3/2005Published by American National Standa
6、rds Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2005 by Information Technology Industry Council (ITI). All rights reserved. These materials are subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), Ame
7、rican National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any form, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard sho
8、uld be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 18033-1
9、-2005 ITIC 2005 All rights reserved iii Contents Page Foreword iv Introduction .v 1 Scope 1 2 Terms and definitions 1 3 The nature of encryption 4 3.1 The purpose of encryption .4 3.2 Symmetric and asymmetric ciphers 4 3.3 Key management 5 4 The use and properties of encryption .5 4.1 Asymmetric cip
10、hers .5 4.2 Block ciphers 5 4.2.1 Modes of operation 5 4.2.2 Message Authentication Codes (MACs) 6 4.3 Stream ciphers .6 5 Object identifiers 6 Annex A (informative) Criteria for inclusion of ciphers in ISO/IEC 18033 .7 Bibliography 8 Copyright American National Standards Institute Provided by IHS u
11、nder license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 18033-1-2005 iv ITIC 2005 All rights reserved Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the sp
12、ecialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical
13、 committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Intern
14、ational Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for votin
15、g. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or
16、 all such patent rights. ISO/IEC 18033-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. ISO/IEC 18033 consists of the following parts, under the general title Information technology Security techniques Encryption algorithm
17、s: Part 1: General Part 2: Asymmetric ciphers Part 3: Block ciphers Part 4: Stream ciphers Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 18033-1-2005 ITIC 2005
18、All rights reserved v Introduction ISO/IEC 18033 is a multi-part International Standard that specifies encryption systems (ciphers) for the purpose of data confidentiality. The inclusion of ciphers in ISO/IEC 18033 is intended to promote their use as reflecting the current state of the art in encryp
19、tion techniques. The primary purpose of encryption (or encipherment) techniques is to protect the confidentiality of stored or transmitted data. An encryption algorithm is applied to data (often called plaintext or cleartext) to yield encrypted data (or ciphertext); this process is known as encrypti
20、on. The encryption algorithm should be designed so that the ciphertext yields no information about the plaintext except, perhaps, its length. Associated with every encryption algorithm is a corresponding decryption algorithm, which transforms ciphertext back into its original plaintext. Ciphers work
21、 in association with a key. In a symmetric cipher, the same key is used in both the encryption and decryption algorithms. In an asymmetric cipher, different but related keys are used for encryption and decryption. ISO/IEC 18033-2 is devoted to asymmetric ciphers. ISO/IEC 18033-3 and ISO/IEC 18033-4
22、are devoted to two different classes of symmetric ciphers, known as block ciphers and stream ciphers. Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-Copyright American National
23、 Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-AMERICAN NATIONAL STANDARD INCITS/ISO/IEC 18033-1-2005 ITIC 2005 All rights reserved 1 Information technology Security techniques Encryption algorithms Part
24、 1: General 1 Scope This part of ISO/IEC 18033 is general in nature, and provides definitions that apply in subsequent parts of ISO/IEC 18033. The nature of encryption is introduced, and certain general aspects of its use and properties are described. The criteria used to select the algorithms speci
25、fied in subsequent parts of ISO/IEC 18033 are defined in Annex A. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 asymmetric cipher alternative term for asymmetric encryption system. 2.2 asymmetric cryptographic technique cryptographic techni
26、que that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transforma
27、tion ISO/IEC 11770-1:1996. 2.3 asymmetric encipherment system alternative term for asymmetric encryption system. 2.4 asymmetric encryption system system based on asymmetric cryptographic techniques whose public transformation is used for encryption and whose private transformation is used for decryp
28、tion ISO/IEC 9798-1:1997. 2.5 asymmetric key pair pair of related keys where the private key defines the private transformation and the public key defines the public transformation ISO/IEC 9798-1:1997. 2.6 block string of bits of a defined length. Copyright American National Standards Institute Prov
29、ided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 18033-1-2005 2 ITIC 2005 All rights reserved 2.7 block cipher symmetric encryption system with the property that the encryption algorithm operates on a block of plain
30、text, i.e. a string of bits of a defined length, to yield a block of ciphertext. 2.8 cipher alternative term for encipherment system. 2.9 ciphertext data which has been transformed to hide its information content ISO/IEC 10116:1997. 2.10 cleartext alternative term for plaintext. 2.11 decipherment al
31、ternative term for decryption. 2.12 decipherment algorithm alternative term for decryption algorithm. 2.13 decryption reversal of a corresponding encipherment ISO/IEC 11770-1:1996. 2.14 decryption algorithm process which transforms ciphertext into plaintext. 2.15 encipherment alternative term for en
32、cryption. 2.16 encipherment algorithm alternative term for encryption algorithm. 2.17 encipherment system alternative term for encryption system. 2.18 encryption (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e., to hide the information content of the data
33、ISO/IEC 9797-1. 2.19 encryption algorithm process which transforms plaintext into ciphertext. 2.20 encryption system cryptographic technique used to protect the confidentiality of data, and which consists of three component processes: an encryption algorithm, a decryption algorithm, and a method for
34、 generating keys. Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 18033-1-2005 ITIC 2005 All rights reserved 3 2.21 key sequence of symbols that controls the oper
35、ation of a cryptographic transformation (e.g. encipherment, decipherment) ISO/IEC 11770-1:1996. 2.22 keystream pseudorandom sequence of symbols, intended to be secret, used by the encryption and decryption algorithms of a stream cipher. If a portion of the keystream is known by an attacker, then it
36、shall be computationally infeasible for the attacker to deduce any information about the remainder of the keystream. 2.23 n-bit block cipher block cipher with the property that plaintext blocks and ciphertext blocks are n bits in length ISO/IEC 10116:1997. 2.24 plaintext unencrypted information ISO/
37、IEC 10116:1997. 2.25 private key that key of an entitys asymmetric key pair which should only be used by that entity ISO/IEC 11770-1:1996. NOTE A private key should not normally be disclosed. 2.26 public key that key of an entitys asymmetric key pair which can be made public ISO/IEC 11770-1:1996. 2.
38、27 secret key key used with symmetric cryptographic techniques by a specified set of entities ISO/IEC 11770-3:1999. 2.28 self-synchronous stream cipher stream cipher with the property that the keystream symbols are generated as a function of a secret key and a fixed number of previous ciphertext bit
39、s. 2.29 synchronous stream cipher stream cipher with the property that the keystream symbols are generated as a function of a secret key, and are independent of the plaintext and ciphertext. 2.30 stream cipher symmetric encryption system with the property that the encryption algorithm involves combi
40、ning a sequence of plaintext symbols with a sequence of keystream symbols one symbol at a time, using an invertible function. Two types of stream cipher can be identified: synchronous stream ciphers and self-synchronous stream ciphers, distinguished by the method used to obtain the keystream. 2.31 s
41、ymmetric cipher alternative term for symmetric encryption system. 2.32 symmetric cryptographic technique cryptographic technique that uses the same secret key for both the originators and the recipients transformation. Without knowledge of the secret key, it is computationally infeasible to compute
42、either the originators or the recipients transformation. Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-INCITS/ISO/IEC 18033-1-2005 4 ITIC 2005 All rights reserved NOTE Example
43、s of symmetric cryptographic techniques include symmetric ciphers and Message Authentication Codes (MACs). In a symmetric cipher, the same secret key is used to encrypt and decrypt data. In a MAC scheme, the same secret key is used to generate and verify MACs. 2.33 symmetric encipherment system alte
44、rnative term for symmetric encryption system. 2.34 symmetric encryption system encryption system based on symmetric cryptographic techniques that uses the same secret key for both the encryption and decryption algorithms. 3 The nature of encryption 3.1 The purpose of encryption The primary purpose o
45、f encryption (or encipherment) systems is to protect the confidentiality of stored or transmitted data. Encryption algorithms achieve this by transforming plaintext into ciphertext, from which it is computationally infeasible to find any information about the content of the plaintext unless the decr
46、yption key is also known. However, the length of the plaintext will generally not be concealed by encryption, since the length of the ciphertext will typically be the same as, or a little larger than, the length of the corresponding plaintext. It is important to note that encryption may not always,
47、by itself, protect the integrity or the origin of data. In many cases it is possible, without knowledge of the key, to modify encrypted text with predictable effects on the recovered plaintext. In order to ensure integrity and origin of data it is often necessary to use additional techniques, such a
48、s those described in ISO/IEC 9796, ISO/IEC 9797, ISO/IEC 14888, ISO/IEC 15946-2, ISO/IEC 15946-4 and in the future International Standard ISO/IEC 19772. 3.2 Symmetric and asymmetric ciphers Ciphers work in association with a key. In a symmetric cipher, the same secret key is used in both the encryption and decryption algorithms. Knowledge of this key is required to perform both encryption and decryption, and knowledge of the secret key therefore needs to be restricted to those parties authorised to access the data which the key is used to enc