Upload
sai-global-apac
View
215
Download
0
Embed Size (px)
Citation preview
7/31/2019 As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c
1/8
AS/NZS ISO/IEC 18033.2:2008ISO/IEC 18033-2:2006
Australian/New Zealand Standard
Information technologySecuritytechniquesEncryption algorithms
Part 2: Asymmetric ciphers
AS/NZS
I
SO/IEC18033.2:2008
7/31/2019 As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c
2/8
AS/NZS ISO/IEC 18033.2:2008
This Joint Australian/New Zealand Standard was prepared by Joint TechnicalCommittee IT-012, Information Systems, Security and Identification Technology. Itwas approved on behalf of the Council of Standards Australia on 28 May 2008 andon behalf of the Council of Standards New Zealand on 31 May 2008.This Standard was published on 25 June 2008.
The following are represented on Commit tee IT-012:
Attorney General's Office
Australian Association of Permanent Building Societies
Australian Bankers Association
Australian Chamber of Commerce and Industry
Australian Electrical and Electronic Manufacturers AssociationCertification Forum of Australia
Council of Small Business Organisations
Internet Industry Association
NSW Police
New Zealand Defence Force
Reserve Bank of Australia
Keeping Standards up-to-date
Standards are living documents which reflect progress in science, technology andsystems. To maintain their currency, all Standards are periodically reviewed, andnew editions are published. Between editions, amendments may be issued.Standards may also be withdrawn. It is important that readers assure themselvesthey are using a current Standard, which should include any amendments whichmay have been published since the Standard was purchased.
Detailed information about joint Australian/New Zealand Standards can be found byvisiting the Standards Web Shop at www.standards.com.au or Standards NewZealand web site at www.standards.co.nz and looking up the relevant Standard inthe on-line catalogue.
Alternatively, both organizations publish an annual printed Catalogue with fulldetails of all current Standards. For more frequent listings or notification ofrevisions, amendments and withdrawals, Standards Australia and Standards NewZealand offer a number of update options. For information about these services,users should contact their respective national Standards organization.
We also welcome suggestions for improvement in our Standards, and especiallyencourage readers to notify us immediately of any apparent inaccuracies orambiguities. Please address your comments to the Chief Executive of eitherStandards Australia or Standards New Zealand at the address shown on the backcover.
This Standard was issued in draft form for comment as DR 07092.
7/31/2019 As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c
3/8
7/31/2019 As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c
4/8
PREFACE
This Standard was prepared by the Joint Standards Australia/Standards New Zealand Committee
IT-012, Information Systems, Security and Identification Technology.
The objective of this Standard is to provide the Australian information security programming
and development community with clear guidance to the selection and implementation of
appropriate encryption algorithms.
This Standard is identical with, and has been reproduced from ISO/IEC 18033-2:2006,
Information technologySecurity techniquesEncryption algorithmsPart 2: Asymmetric
ciphers.
As this Standard is reproduced from an international standard, the following applies:
(a) Its number appears on the cover and title page while the international standard numberappears only on the cover.
(b) In the source text this part of ISO/IEC 18033 should read this Australian/New ZealandStandard.
(c) A full point substitutes for a comma when referring to a decimal marker.This Standard is Part 2 of AS/NZS 18033, Information technologySecurity techniques
Encryption algorithms, which, when complete, will consist of the following:
Part 1: General
Part 2: Asymmetric ciphers (this Standard)
Part 3: Block ciphers
Part 4: Stream ciphers
References to International Standards should be replaced by references to Australian or
Australian/New Zealand Standards, as follows:
Reference to International Standard Australian/New Zealand Standard
ISO/IEC AS ISO/IEC
10118 Information technologySecurity
techniquesHash-functions
10118 Information technologySecurity
techniquesHash-functions
10118-2 Part 2: Hash-functions using an
n-bit block cipher
10118.2 Part 2: Hash-functions using an n-bit
block cipher
10118-3 Part 3: Dedicated hash-functions 10118.3 Part 3: Dedicated hash-functions
AS/NZS ISO/IEC
18033 Information technologySecurity
techniquesEncryption
algorithms
18033 Information technologySecurity
techniquesEncryption algorithms
18033-3 Part 3: Block ciphers 18033.3 Part 3: Block ciphers
Any international references not listed have not been adopted as Australian or Australian/New
Zealand Standards.
The terms normative and informative are used to define the application of the annex to
which they apply. A normative annex is an integral part of a standard, whereas an informative
annex is only for information and guidance.
7/31/2019 As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c
5/8
CONTENTS
Page
1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Normative references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
3 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
4 Symbols and notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5 Mathematical conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.1 Functions and algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.2 Bit strings and octet strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
5.3 Finite Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.4 Elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.1 Cryptographic hash functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.2 Key derivation functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.3 MAC algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
6.4 Block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
6.5 Symmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
7 Asymmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
7.1 Plaintext length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
7.2 The use of labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
7.3 Ciphertext format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
7.4 Encryption options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217.5 Method of operation of an asymmetric cipher . . . . . . . . . . . . . . . . . . . 22
7.6 Allowable asymmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
8 Generic hybrid ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
8.1 Key encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
8.2 Data encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . 24
8.3 HC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
9 Constructions of data encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . 26
9.1 DEM1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
9.2 DEM2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279.3 DEM3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
10 ElGamal-based key encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . 30
10.1 Concrete groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
10.2 ECIES-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
10.3 PSEC-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
10.4 ACE-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
11 RSA-based asymmetric ciphers and key encapsulation mechanisms . . . . . . . . . . 39
11.1 RSA key generation algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
11.2 RSA Transform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
11.3 RSA encoding mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
11.4 RSAES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
11.5 RSA-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
12 Ciphers based on modular squaring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Cryptographic transformations
7/31/2019 As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c
6/8
12.1 HIME key generation algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . 4512.2 HIME encoding mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4612.3 HIME(R) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Annex A (normative) ASN.1 syntax for object identifiers . . . . . . . . . . . . . . . . . 51
Annex B (informative) Security considerations . . . . . . . . . . . . . . . . . . . . . . . 61B.1 MAC algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61B.2 Block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62B.3 Symmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62B.4 Asymmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63B.5 Key encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . 65B.6 Data encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . 66B.7 Security ofHC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68B.8 Intractability assumptions related to concrete groups . . . . . . . . . . . . . . . 68
B.9 Security ofECIES-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69B.10 Security ofPSEC-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71B.11 Security ofACE-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71B.12 The RSA inversion problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72B.13 Security ofRSAES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73B.14 Security ofRSA-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73B.15 Security ofHIME(R) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Annex C (informative) Test vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75C.1 Test vectors for DEM1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75C.2 Test vectors for ECIES-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
C.3 Test vectors for PSEC-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83C.4 Test vectors for ACE-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91C.5 Test vectors for RSAES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100C.6 Test vectors for RSA-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105C.7 Test vectors for HC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109C.8 Test vectors for HIME(R) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
7/31/2019 As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c
7/8
7/31/2019 As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c
8/8
This is a free preview. Purchase the entire publication at the link below:
Looking for additional Standards? Visit SAI Global Infostore
Subscribe to ourFree Newsletters about Australian Standards in Legislation; ISO, IEC, BSI and more
Do you need to Manage Standards Collections Online?
Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation
Do you want to know when a Standard has changed?
Want to become an SAI Global Standards Sales Affiliate?
Learn about other SAI Global Services:
LOGICOM Military Parts and Supplier DatabaseMetals Infobase Database of Metal Grades, Standards and Manufacturers
Materials Infobase Database of Materials, Standards and Suppliers
Database of European Law, CELEX and Court Decisions
Need to speak with a Customer Service Representative - Contact Us
AS/NZS ISO/IEC 18033.2:2008, Informationtechnology - Security techniques - Encryptionalgorithms Asymmetric ciphers
http://infostore.saiglobal.com/store?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Newsletters/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Collections/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Law/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/StandardsWatch/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Affiliate/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/LOGICOM/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/LOGICOM/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/Metals/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/Materials/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/European-Law/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://infostore.saiglobal.com/store/getpage.aspx?path=/InformationServices/shop/pages/ContactingUs.htm&utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://infostore.saiglobal.com/store/Details.aspx?ProductId=1009502&utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://infostore.saiglobal.com/store/getpage.aspx?path=/InformationServices/shop/pages/ContactingUs.htm&utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/European-Law/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/Materials/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/Metals/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/LOGICOM/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Affiliate/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/StandardsWatch/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Law/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Collections/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Newsletters/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://infostore.saiglobal.com/store?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSites