KS X ISO IEC 15946-3-2008 Information technology－Security techniques－Cryptographic techniques based on elliptic curves－Part 3：Key establishment《信息技术 安全技术 基于椭圆曲线的密码技术 第3部分 密钥的确定》.pdf

1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS X ISO/IEC 15946 3 3： KS X ISO/IEC 15946 3:2008 2008 11 24 http:/www.kats.go.krKS X ISO/IEC 15946 3:2008 : e- ( ) ( ) () () ( ) : (http:/www.standard.go.kr) ： ： 2003 12 29 ： 2008 11 24 2008-0798 ： e- ： ( 025097262) (http:/www.kats.go.kr). 10 5 , . KS X ISO

2、/IEC 15946 3:2008 i ii iii 1 1 2 1 3 .1 4 .5 5 .5 6 .5 7 6 8 7 9 KS X ISO/IEC 11770 3 12 10 15 11 17 A( ) 19 B( ) .23 26 KS X ISO/IEC 15946 3:2008 .27 KS X ISO/IEC 15946 3:2008 ii e- . KS X ISO/IEC 15946 3： 2008 . A( ) B( ) KS X ISO/IEC 15946 “ ” . 1： 2： 3： 4： KS X ISO/IEC 15946 3:2008 iii 2002 1 IS

3、O/IEC 15946 3, Information technology Security techniques Cryptographic techniques based on elliptic curves Part 3： Key establishment . . . “ ” . . . . ( ) . 1985 V. Miller N. Koblitz . . RSA . , . . KS X ISO/IEC 11770 3 . KS X ISO/IEC 11770 3 . ISO IEC . ISO IEC , . ISO IEC . ISO IEC . ISO/IEC JTC

4、1/SC27 Standing Document 8(SD 8) . SD 8 http:/www.din.de/ni/sc27 . . ISO IEC . KS X ISO/IEC 15946 3:2008 3： Information technology Security techniques Cryptographic techniques based on elliptic curves Part 3： Key establishment 1 KS X ISO/IEC 15946 , . KS X ISO/IEC 15946 4 , . . ( 2 ) . . . . 2 . . (

5、 .) . KS X ISO/IEC 9796 2： 2003, (Integer factorization) KS X ISO/IEC 10118( ), KS X ISO/IEC 11770 1, 1： KS X ISO/IEC 11770 3： 2003, 3： KS X ISO/IEC 14888( ), KS X ISO/IEC 15946 1： 2003, 1： KS X ISO/IEC 15946 2： 2003, 2： 3 KS X ISO/IEC 15946 1 . KS X KS X ISO/IEC 15946 3:2008 2 ISO/IEC 11770 3 . 3.1

6、 (asymmetric cryptographic technique) ( ) ( ) . . 3.2 (asymmetric encipherment system) 3.3 (asymmetric key pair) 3.4 (signature system) 3.5 (cryptographic check function) , . . 3.6 (cryptographic check value) . 3.7 (decipherment) (KS X ISO/IEC 11770 1) 3.8 (digital signature) (KS X ISO/IEC 11770 1)

7、3.9 (distinguishing identifier) (KS X ISO/IEC 11770 1) 3.10 (encipherment) ( ) (KS X ISO/IEC 11770 1). KS X ISO/IEC 15946 3:2008 3 3.11 (entity authentication) (KS X ISO/IEC 11770 1) 3.12 B A (entity authentication of A to B) B A 3.13 A B (explicit key authentication from A to B) A B 3.14 A B (impli

8、cit key authentication from A to B) A B 3.15 (key) ( , , , , ) (KS X ISO/IEC 11770 1) 3.16 (key agreement) 3.17 A B (key confirmation from A to B) A B 3.18 (key control) 3.19 (key establishment) . . 3.20 (key token) 3.21 (key transport) ( ) 3.22 (mutual entity authentication) KS X ISO/IEC 15946 3:20

9、08 4 3.23 (one-way function) 3.24 (private key) 3.25 (public key) 3.26 (secret key) 3.27 (sequence number) (KS X ISO/IEC 11770 1) 3.28 (time stamp) (KS X ISO/IEC 11770 1) KS X ISO/IEC 10118 1 . 3.29 (hash-function) . . . 3.30 A (forward secrecy with respect to A) A 3.31 A B (forward secrecy with res

10、pect to both A and B individually) A B 3.32 (key derivation function) . KS X ISO/IEC 15946 3:2008 5 3.33 (mutual forward secrecy) A B 3.34 (prefix free representation) . 4 EK K f fK(Z) K Z h kdf l MAC MAC(K, Z) K Z MAC parameters Sx X |Text1, |Text2 , Vx X (Q) (Q)mod 2/2 ) 2/2 log2 n 5 8. 9. . . . .

11、 . . . . 10. . . . 3 A . 6 KS X ISO/IEC 15946 3:2008 6 8. 9. 10. . ( , n ) . “ ” . “ ” . . h l 8., 9., 10. . . , , h#E/n l 1 . . , , h #E/n l h 1mod n . 8. 10. KS X ISO/IEC 11770 3 . n 4 q , gcd(n, h) 1 , h 1mod n . . h 1 l 1 . 8. 10. KS X ISO/IEC 11770 3 . ( ) (OE) , . ( ) . ( ) . . . 7 8. 9. . . 2

12、s s . / . KS X ISO/IEC 15946 3:2008 7 . . . 8 A B . KS X ISO/IEC 11770 3 8. . . 8.1 . . p, pm 2m, F(p), F(pm) F(2m) , E, n, G . . . . , kdf 8.2 (KANIDH) A B . 8.2.1 , . X, dX PX PX dXG . KS X ISO/IEC 15946 1 . . . KS X ISO/IEC 15946 1 . 8.2.2 8.2.2.1 (A) KS X ISO/IEC 15946 3:2008 8 A dA B PA KAB (dA

13、 l)(hPB) . 8.2.2.2 (B) B dB A PB KAB (dB l)(hPA) . 8.2.3 . a) ： 0 b) , . . 8.3 (KAEG) A B . 8.3.1 , . B, dB PB PB dBG . KS X ISO/IEC 15946 1 . A B . A B . KS X ISO/IEC 15946 1 . 8.3.2 8.3.2.1 (A) A 1, ., n 1 r , rG , KTA1 rG , B . 8.3.2.2 (A) A KAB (r l)(hPB) . 8.3.2.3 (B) B KTA1 . KS X ISO/IEC 1594

14、6 1 . B KTA1 KAB (dB l) (hKTA1) . KS X ISO/IEC 15946 3:2008 9 8.3.3 . a) ： 1 b) B A B A . c) A . 8.4 A B . 8.4.1 . 8.4.2 8.4.2.1 (A) A 1, ., n 1 rA , rA , KTA1 rAG , B . 8.4.2.2 (B) B 1, ., n 1 rB , rBG , KTB1 rBG , A . 8.4.2.3 (A) A KTB1 . KS X ISO/IEC 15946 1 . A KAB (rA l)(hKTB1) . 8.4.2.4 (B) B

15、KTA1 . KS X ISO/IEC 15946 1 . B KAB (rB l)(hKTA1) . 8.4.3 . a) ： 2 b) . 8.5 (KADH2KP) A B . KS X ISO/IEC 15946 3:2008 10 8.5.1 , . X, dX PX PX dXG . KS X ISO/IEC 15946 1 . . . KS X ISO/IEC 15946 1 . 8.5.2 8.5.2.1 (A) A 1, ., n 1 rA , rAG , KTA1 rAG , B . 8.5.2.2 (B) B 1, ., n 1 rB , rBG , KTB1 rBG , A . 8.5.2.3 (A) A KTB1 . KS X ISO/IEC 15946 1 . A KAB (dA l)(hKTB1)|(rA l)(hPB) . 8.5.2.4 (B) B KTA1 . KS X ISO/IEC 15946 1 . B KAB (rB l)(hPA)|(dB l)(hKTA1) . 8.5.3 . a) ： 2 b) A B . c) . 8.6 (KADH2SKC) A B . 8