KS X ISO IEC 18033-2-2007 Information technology－Security techniques－Encryption algorithms－Part 2：Asymmetric ciphers《信息技术 安全技术 加密算法 第2部分 不对称密码》.pdf

1、 KS X ISO/IEC 180332 KSKSKSKS SKSKSKS KSKSKS SKSKS KSKS SKS KS 2: KS X ISO/IEC 180332 ：2007 (2012 ) 2007 11 30 http:/www.kats.go.krKS X ISO/IEC 180332：2007 : e- ( ) ( ) () () ( ) : () ( ) () () JS ( ) KS X ISO/IEC 180332：2007 : (http:/www.standard.go.kr) ： ：2007 11 30 ：2012 12 31 2012-0848 ： e ： e (

2、 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO/IEC 180332：2007 i . iii iv 1 1 2 1 3 .2 4 .6 5 .7 5.1 .7 5.2 .8 5.3 10 5.4 11 6 .13 6.1 13 6.2 .14 6.3 MAC 15 6.4 15 6.5 16 7 .17 7.1 18 7.2 19 7.3 19 7.4 19 7.5 .20 7.6 20 8 20 8.1 .21 8.2 22 8.3 HC.22 9 .23 9.1 DEM1 .24 9.2 DEM2 .24 9.3 DEM3

3、25 10 ElGamal 26 10.1 .26 10.2 ECIES-KEM 28 10.3 PSEC-KEM .30 KS X ISO/IEC 180332：2007 ii 10.4 ACE-KEM32 11 RSA .33 11.1 RSA .34 11.2 RSA .34 11.3 RSA 34 11.4 RSAES.36 11.5 RSA-KEM.37 12 .38 12.1 HIME .39 12.2 HIME 39 12.3 HIME(R).40 A() ASN.1 .43 B() .54 B.1 MAC 54 B.2 55 B.3 55 B.4 56 B.5 .58 B.6

4、 .59 B.7 HC 60 B.8 .61 B.9 ECIES-KEM .62 B.10 PSEC-KEM 63 B.11 ACE-KEM .64 B.12 RSA 65 B.13 RSAES .65 B.14 RSA-KEM .66 B.15 HIME(R) .66 C() .67 C.1 DEM1 67 C.2 ECIES-KEM 69 C.3 PSEC-KEM .77 C.4 ACE-KEM 87 C.5 RSAES 98 C.6 RSA-KEM 106 C.7 HC .110 C.8 HIME(R) 114 127 .129 KS X ISO/IEC 180332：2007 iii

5、e . KS X ISO/IEC 18033 “ ” . 1： 2： 3： 4： KS X ISO/IEC 180332：2007 . A () ASN.1 B () C () KS X ISO/IEC 180332：2007 iv 2006 1 ISO/IEC 180332, Information technologySecurity techniques Encryption algorithmsPart 2：Asymmetric ciphers . ISO IEC . ISO IEC , . ISO IEC . , ISO IEC . . ISO/IEC JTC 1/SC 27 Sta

6、nding Document 8 (SD 8) “ ” SD 8 http:/www.ni.din.de/sc27 . . ISO IEC . KS X ISO/IEC 180332：2007 (2012 ) 2： Information technologySecurity techniquesEncryption algorithms Part 2：Asymmetric ciphers 1 . ( .) . ( A) (object identifier), (public key), (parameter) ASN.1 . , , , . ISO/IEC 117703 . 7.6 . .

7、 ECIES-HC；PSEC-HC；ACE-HC：ElGamal RSA-HC：RSA RSAES：RSA OAEP HIME(R)： 2 . . ( ) . KS X ISO/IEC 97971：2006, 1： KS X ISO/IEC 97972：2003, 2： KS X ISO/IEC 101182：2005, 2：n KS X ISO/IEC 101183_2001：2006, 3： KS X ISO/IEC 180332：2007 2 KS X ISO/IEC 180333：2006, 3： 3 . . 3.1 (asymmetric cipher) (7. ) KS X ISO

8、/IEC 180331 3.2 (asymmetric cryptographic technique) , (public key) (private key) . . KS X ISO/IEC 117701：2003 3.3 (asymmetric key pair) (7., 8.1 ) KS X ISO/IEC 97981：2003 3.4 (bit) 0 1 (5.2.1 ) 3.5 (bit string) (5.2.1 ) 3.6 (block) KS X ISO/IEC 180331：2006 . 3.7 (block cipher) , (6.4 ) KS X ISO/IEC

9、 180331 / . KS X ISO/IEC 180332：2007 3 3.8 (cipher) , , KS X ISO/IEC 180331 3.9 (cipher text) KS X ISO/IEC 10116：2007 3.10 (concrete group) 8 (decoding) (10.1 ) 3.11 (cryptographic hash function) , . (6.1 ) 3.12 (data encapsulation mechanism) (confidentiality) (integrity) (8.2 ) 3.13 (decryption) KS

10、 X ISO/IEC 117701：2003 3.14 (decryption algorithm) KS X ISO/IEC 180331 3.15 (encryption) . KS X ISO/IEC 97971 3.16 (explicitly given finite field) (prime field) (characteristic) (multiplication table) (5.3 ) KS X ISO/IEC 180332：2007 4 3.17 (encryption algorithm) KS X ISO/IEC 180331 3.18 (encryption

11、option) (7., 8.1 ) 3.19 (field) 3.20 (finite abelian group) , 3.21 (finite field) 3.22 (group) 3.23 (hybrid cipher) 3.24 (key) (, , ) KS X ISO/IEC 117701：2003 3.25 (key derivation function) , , . (6.2 ). 3.26 (key encapsulation mechanism) , , (8.1 ) KS X ISO/IEC 180332：2007 5 3.27 (key generation al

12、gorithm) (7., 8.1 ) 3.28 (label) . (non-malleable) (7., 8.2 ) 3.29 (length) . , a) (5.2.1 ) b) (5.2.2 ) c) n . , d log 2 (n1)(5.2.4 ) d) n 256 (digit) . , d log 256 (n1)(5.2.4 ) 3.30 (MAC) MAC (6.3 ) KS X ISO/IEC 97971 MAC . 3.31 MAC (MAC algorithm) , . , , i i1 , (6.3 ). KS X ISO/IEC 97971 MAC . 3.

13、32 (octet) 8 (5.2.2 ) 3.33 (octet string) (5.2.2 ) . KS X ISO/IEC 180332：2007 6 3.34 (plaintext) KS X ISO/IEC 10116：2007 3.35 (prefix free set) x y (prefix) x y S / S 3.36 (primitive) 3.37 (private key) , (7., 8.1 ) KS X ISO/IEC 117701：2003 3.38 (public key) (7., 8.1 ) KS X ISO/IEC 117701：2003 3.39

14、secret key) ISO/IEC 117703：1999 3.40 (symmetric cipher) KS X ISO/IEC 180331 3.41 (system parameters) 4 . . x x 6 3 . 5 , 5 3 . 5 , 5 5 x x 6 3 . 5 , 6 3 . 5 , 5 5 ab a b a b KS X ISO/IEC 180332：2007 7 ab() a b a b | X | X , X , X / , X , X , X /, X / (5.2.1, 5.2.2 ) x y x y /, (bit-wise exclusive-o

15、r)(5.2.1, 5.2.2 ) x 1 , ., x l /, / x 1 , ., x l l /(5.2.1, 5.2.2 ) xy x y , (concatenation)(5.2.1, 5.2.2 ) gcd(a, b) a b , a b . , a b ( a = b = 0 0 ). a | b a b , b = ac c a b a b (mod n) 0 n , a b n , n | (ab) a b a mod n a n , r a (mod n) r 0n() a 1mod n gcd(a, n) =1 a n , ab 1 (mod n) b 0n() F*

16、 F , F (unit) (multiplicative group) 0 F F , F (0 ) 1 F F , F BS2IP (5.2.5 ) EC2OSP (5.4.3 ) FE2OSP (5.3.1 ) FE2IP (5.3.1 ) I2BSP (5.2.5 ) I2OSP (5.2.5 ) OS2ECP (5.4.3 ) OS2FEP (5.3.1 ) OS2IP (5.2.5 ) Oct(m) m (5.2.4 ) (n) n (5.2.5 ) 5 . 5.1 (probabilistic function； ) . . , ( KS X ISO/IEC 18031 ). K

17、S X ISO/IEC 180332：2007 8 . “(fail)” . , . “(failing)” “ (throwing an exception)” . , , . . . , (error code) . . 5.2 5.2.1 0 1 . . x 1 , ., x l , x 1 , ., x l l . x = | x | x l , l 0, x 1 x (first) , x l x (last) . x y xy x y . , x = y = , xy = . x y x y x y bit-wise exclusive-or (XOR) . 0 (null) .

18、 , x , x i x . 5.2.2 8 . . x 1 , ., x l x 1 , ., x l l . x = | x | x l , l 0, x 1 x (first) , x l x (last) . x y xy x y . , x = y = , xy =. KS X ISO/IEC 180332：2007 9 x y x y x y . 0 (null) . 1 . , x , x i x . 2 8 x y , xy 16 , 1 , = 2 . 5.2.3 / OS2BSP BS2OSP . OS2BSP(x) x = y = x 1 .x l . BS2OSP(y

19、) 8 y y = OS2BSP(x) x . 5.2.4 / BS2IP I2BSP . BS2IP(x) x x . x 0 , ., x l1 x = , x . 1 0 2 i x l i i x I2BSP(m, l) m l BS2IP(x) = m x , l x . . n . , ) 1 ( log 2 n Oct(m) Oct(m) = I2BSP(m, 8) . I2BSP(m, l) m l . 5.2.5 / OS2IP I2OSP . OS2IP(x) BS2IP(OS2BSP(x) . I2OSP(m, l) m l OS2IP(x)=m x , l x . .

20、n 256 (digit) . , ) 1 ( log 256 n . (n) . KS X ISO/IEC 180332：2007 10 I2OSP(m, l) m l . 5.3 . (explicitly given finite field) (explicit data) . p e 1 q =p e F , F T ij 0p() e- T =(T ij) 1 i,j e p e . F 0p() e-(e-tuple) . T F . F (Addition) (element-wise) . a =(a 1 , ., a e ) F b =(b 1 , ., b e ) F, ab = c.