1、INCITS/ISO/IEC 18033-1-2005 (ISO/IEC 18033-1:2005, IDT) Information technology Security techniques Encryption algorithms Part 1: GeneralINCITS/ISO/IEC 18033-1-2005(ISO/IEC 18033-1:2005, IDT)INCITS/ISO/IEC 18033-1-2005 ii ITIC 2005 All rights reserved PDF disclaimer This PDF file may contain embedded
2、 typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not
3、infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were
4、 optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNational Committee for Informat
5、ion Technology Standards) as an American National Standard. Date of ANSI Approval: 11/3/2005Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2005 by Information Technology Industry Council (ITI). All rights reserved. These materials are subj
6、ect to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any form, in
7、cluding an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America INCITS/ISO/IEC 18033-1-2005 ITIC 2005 All rights reserved iii Co
8、ntents Page Foreword iv Introduction .v 1 Scope 1 2 Terms and definitions 1 3 The nature of encryption 4 3.1 The purpose of encryption .4 3.2 Symmetric and asymmetric ciphers 4 3.3 Key management 5 4 The use and properties of encryption .5 4.1 Asymmetric ciphers .5 4.2 Block ciphers 5 4.2.1 Modes of
9、 operation 5 4.2.2 Message Authentication Codes (MACs) 6 4.3 Stream ciphers .6 5 Object identifiers 6 Annex A (informative) Criteria for inclusion of ciphers in ISO/IEC 18033 .7 Bibliography 8 INCITS/ISO/IEC 18033-1-2005 iv ITIC 2005 All rights reserved Foreword ISO (the International Organization f
10、or Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective o
11、rganization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information tech
12、nology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standar
13、ds adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the sub
14、ject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 18033-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. ISO/IEC 18033 consists of the following parts,
15、under the general title Information technology Security techniques Encryption algorithms: Part 1: General Part 2: Asymmetric ciphers Part 3: Block ciphers Part 4: Stream ciphers INCITS/ISO/IEC 18033-1-2005 ITIC 2005 All rights reserved v Introduction ISO/IEC 18033 is a multi-part International Stand
16、ard that specifies encryption systems (ciphers) for the purpose of data confidentiality. The inclusion of ciphers in ISO/IEC 18033 is intended to promote their use as reflecting the current state of the art in encryption techniques. The primary purpose of encryption (or encipherment) techniques is t
17、o protect the confidentiality of stored or transmitted data. An encryption algorithm is applied to data (often called plaintext or cleartext) to yield encrypted data (or ciphertext); this process is known as encryption. The encryption algorithm should be designed so that the ciphertext yields no inf
18、ormation about the plaintext except, perhaps, its length. Associated with every encryption algorithm is a corresponding decryption algorithm, which transforms ciphertext back into its original plaintext. Ciphers work in association with a key. In a symmetric cipher, the same key is used in both the
19、encryption and decryption algorithms. In an asymmetric cipher, different but related keys are used for encryption and decryption. ISO/IEC 18033-2 is devoted to asymmetric ciphers. ISO/IEC 18033-3 and ISO/IEC 18033-4 are devoted to two different classes of symmetric ciphers, known as block ciphers an
20、d stream ciphers. AMERICAN NATIONAL STANDARD INCITS/ISO/IEC 18033-1-2005 ITIC 2005 All rights reserved 1 Information technology Security techniques Encryption algorithms Part 1: General 1 Scope This part of ISO/IEC 18033 is general in nature, and provides definitions that apply in subsequent parts o
21、f ISO/IEC 18033. The nature of encryption is introduced, and certain general aspects of its use and properties are described. The criteria used to select the algorithms specified in subsequent parts of ISO/IEC 18033 are defined in Annex A. 2 Terms and definitions For the purposes of this document, t
22、he following terms and definitions apply. 2.1 asymmetric cipher alternative term for asymmetric encryption system. 2.2 asymmetric cryptographic technique cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (d
23、efined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation ISO/IEC 11770-1:1996. 2.3 asymmetric encipherment system alternative term for asymmetric encryption system. 2.4 asymmetri
24、c encryption system system based on asymmetric cryptographic techniques whose public transformation is used for encryption and whose private transformation is used for decryption ISO/IEC 9798-1:1997. 2.5 asymmetric key pair pair of related keys where the private key defines the private transformatio
25、n and the public key defines the public transformation ISO/IEC 9798-1:1997. 2.6 block string of bits of a defined length. INCITS/ISO/IEC 18033-1-2005 2 ITIC 2005 All rights reserved 2.7 block cipher symmetric encryption system with the property that the encryption algorithm operates on a block of pl
26、aintext, i.e. a string of bits of a defined length, to yield a block of ciphertext. 2.8 cipher alternative term for encipherment system. 2.9 ciphertext data which has been transformed to hide its information content ISO/IEC 10116:1997. 2.10 cleartext alternative term for plaintext. 2.11 decipherment
27、 alternative term for decryption. 2.12 decipherment algorithm alternative term for decryption algorithm. 2.13 decryption reversal of a corresponding encipherment ISO/IEC 11770-1:1996. 2.14 decryption algorithm process which transforms ciphertext into plaintext. 2.15 encipherment alternative term for
28、 encryption. 2.16 encipherment algorithm alternative term for encryption algorithm. 2.17 encipherment system alternative term for encryption system. 2.18 encryption (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e., to hide the information content of the da
29、ta ISO/IEC 9797-1. 2.19 encryption algorithm process which transforms plaintext into ciphertext. 2.20 encryption system cryptographic technique used to protect the confidentiality of data, and which consists of three component processes: an encryption algorithm, a decryption algorithm, and a method
30、for generating keys. INCITS/ISO/IEC 18033-1-2005 ITIC 2005 All rights reserved 3 2.21 key sequence of symbols that controls the operation of a cryptographic transformation (e.g. encipherment, decipherment) ISO/IEC 11770-1:1996. 2.22 keystream pseudorandom sequence of symbols, intended to be secret,
31、used by the encryption and decryption algorithms of a stream cipher. If a portion of the keystream is known by an attacker, then it shall be computationally infeasible for the attacker to deduce any information about the remainder of the keystream. 2.23 n-bit block cipher block cipher with the prope
32、rty that plaintext blocks and ciphertext blocks are n bits in length ISO/IEC 10116:1997. 2.24 plaintext unencrypted information ISO/IEC 10116:1997. 2.25 private key that key of an entitys asymmetric key pair which should only be used by that entity ISO/IEC 11770-1:1996. NOTE A private key should not
33、 normally be disclosed. 2.26 public key that key of an entitys asymmetric key pair which can be made public ISO/IEC 11770-1:1996. 2.27 secret key key used with symmetric cryptographic techniques by a specified set of entities ISO/IEC 11770-3:1999. 2.28 self-synchronous stream cipher stream cipher wi
34、th the property that the keystream symbols are generated as a function of a secret key and a fixed number of previous ciphertext bits. 2.29 synchronous stream cipher stream cipher with the property that the keystream symbols are generated as a function of a secret key, and are independent of the pla
35、intext and ciphertext. 2.30 stream cipher symmetric encryption system with the property that the encryption algorithm involves combining a sequence of plaintext symbols with a sequence of keystream symbols one symbol at a time, using an invertible function. Two types of stream cipher can be identifi
36、ed: synchronous stream ciphers and self-synchronous stream ciphers, distinguished by the method used to obtain the keystream. 2.31 symmetric cipher alternative term for symmetric encryption system. 2.32 symmetric cryptographic technique cryptographic technique that uses the same secret key for both
37、the originators and the recipients transformation. Without knowledge of the secret key, it is computationally infeasible to compute either the originators or the recipients transformation. INCITS/ISO/IEC 18033-1-2005 4 ITIC 2005 All rights reserved NOTE Examples of symmetric cryptographic techniques
38、 include symmetric ciphers and Message Authentication Codes (MACs). In a symmetric cipher, the same secret key is used to encrypt and decrypt data. In a MAC scheme, the same secret key is used to generate and verify MACs. 2.33 symmetric encipherment system alternative term for symmetric encryption s
39、ystem. 2.34 symmetric encryption system encryption system based on symmetric cryptographic techniques that uses the same secret key for both the encryption and decryption algorithms. 3 The nature of encryption 3.1 The purpose of encryption The primary purpose of encryption (or encipherment) systems
40、is to protect the confidentiality of stored or transmitted data. Encryption algorithms achieve this by transforming plaintext into ciphertext, from which it is computationally infeasible to find any information about the content of the plaintext unless the decryption key is also known. However, the
41、length of the plaintext will generally not be concealed by encryption, since the length of the ciphertext will typically be the same as, or a little larger than, the length of the corresponding plaintext. It is important to note that encryption may not always, by itself, protect the integrity or the
42、 origin of data. In many cases it is possible, without knowledge of the key, to modify encrypted text with predictable effects on the recovered plaintext. In order to ensure integrity and origin of data it is often necessary to use additional techniques, such as those described in ISO/IEC 9796, ISO/
43、IEC 9797, ISO/IEC 14888, ISO/IEC 15946-2, ISO/IEC 15946-4 and in the future International Standard ISO/IEC 19772. 3.2 Symmetric and asymmetric ciphers Ciphers work in association with a key. In a symmetric cipher, the same secret key is used in both the encryption and decryption algorithms. Knowledg
44、e of this key is required to perform both encryption and decryption, and knowledge of the secret key therefore needs to be restricted to those parties authorised to access the data which the key is used to encrypt. In an asymmetric cipher, different but related keys are used for encryption and decry
45、ption. Hence keys are generated in matching key pairs, where one key is the encryption key and the other is the decryption key. Even with knowledge of the encryption key it is assumed to be computationally infeasible to find any information about the content of a plaintext from its corresponding cip
46、hertext. In many situations it is possible to make the encryption key public, and hence this key is often referred to as the public key, whilst the corresponding decryption key typically has only one owner and remains confidential (hence it is referred to as the private key). Anyone who knows the pu
47、blic encryption key will be able to encrypt data intended for the holder of the corresponding private key, whilst only the private decryption key holder will be able to decrypt it. NOTE The traditional notion of an asymmetric cipher involves much more computationally complex operations than for a sy
48、mmetric cipher, and typically such ciphers were not used for encrypting large volumes of data; instead they were typically used only for encrypting secret session keys (that were then used with symmetric ciphers). However, some of the asymmetric ciphers specified in ISO/IEC 18033-2 are designed in a
49、 way that makes them suitable for encrypting large volumes of data. ISO/IEC 18033-2 is devoted to asymmetric ciphers. ISO/IEC 18033-3 and ISO/IEC 18033-4 are devoted to two different classes of symmetric ciphers, known as block ciphers and stream ciphers. INCITS/ISO/IEC 18033-1-2005 ITIC 2005 All rights reserved 5 3.3 Key management The use of all types of cryptography relies on the management of cryptographic keys. All ciphers, both symmetric and asymmetric, require all the parties using the ciphe
