As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c

7/31/2019 As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c

1/8

AS/NZS ISO/IEC 18033.2:2008ISO/IEC 18033-2:2006

Australian/New Zealand Standard

Information technologySecuritytechniquesEncryption algorithms

Part 2: Asymmetric ciphers

AS/NZS

I

SO/IEC18033.2:2008


2/8

AS/NZS ISO/IEC 18033.2:2008

This Joint Australian/New Zealand Standard was prepared by Joint TechnicalCommittee IT-012, Information Systems, Security and Identification Technology. Itwas approved on behalf of the Council of Standards Australia on 28 May 2008 andon behalf of the Council of Standards New Zealand on 31 May 2008.This Standard was published on 25 June 2008.

The following are represented on Commit tee IT-012:

Attorney General's Office

Australian Association of Permanent Building Societies

Australian Bankers Association

Australian Chamber of Commerce and Industry

Australian Electrical and Electronic Manufacturers AssociationCertification Forum of Australia

Council of Small Business Organisations

Internet Industry Association

NSW Police

New Zealand Defence Force

Reserve Bank of Australia

Keeping Standards up-to-date

Standards are living documents which reflect progress in science, technology andsystems. To maintain their currency, all Standards are periodically reviewed, andnew editions are published. Between editions, amendments may be issued.Standards may also be withdrawn. It is important that readers assure themselvesthey are using a current Standard, which should include any amendments whichmay have been published since the Standard was purchased.

Detailed information about joint Australian/New Zealand Standards can be found byvisiting the Standards Web Shop at www.standards.com.au or Standards NewZealand web site at www.standards.co.nz and looking up the relevant Standard inthe on-line catalogue.

Alternatively, both organizations publish an annual printed Catalogue with fulldetails of all current Standards. For more frequent listings or notification ofrevisions, amendments and withdrawals, Standards Australia and Standards NewZealand offer a number of update options. For information about these services,users should contact their respective national Standards organization.

We also welcome suggestions for improvement in our Standards, and especiallyencourage readers to notify us immediately of any apparent inaccuracies orambiguities. Please address your comments to the Chief Executive of eitherStandards Australia or Standards New Zealand at the address shown on the backcover.

This Standard was issued in draft form for comment as DR 07092.


3/8


4/8

PREFACE

This Standard was prepared by the Joint Standards Australia/Standards New Zealand Committee

IT-012, Information Systems, Security and Identification Technology.

The objective of this Standard is to provide the Australian information security programming

and development community with clear guidance to the selection and implementation of

appropriate encryption algorithms.

This Standard is identical with, and has been reproduced from ISO/IEC 18033-2:2006,

Information technologySecurity techniquesEncryption algorithmsPart 2: Asymmetric

ciphers.

As this Standard is reproduced from an international standard, the following applies:

(a) Its number appears on the cover and title page while the international standard numberappears only on the cover.

(b) In the source text this part of ISO/IEC 18033 should read this Australian/New ZealandStandard.

(c) A full point substitutes for a comma when referring to a decimal marker.This Standard is Part 2 of AS/NZS 18033, Information technologySecurity techniques

Encryption algorithms, which, when complete, will consist of the following:

Part 1: General

Part 2: Asymmetric ciphers (this Standard)

Part 3: Block ciphers

Part 4: Stream ciphers

References to International Standards should be replaced by references to Australian or

Australian/New Zealand Standards, as follows:

Reference to International Standard Australian/New Zealand Standard

ISO/IEC AS ISO/IEC

10118 Information technologySecurity

techniquesHash-functions


techniquesHash-functions

10118-2 Part 2: Hash-functions using an

n-bit block cipher

10118.2 Part 2: Hash-functions using an n-bit

block cipher

10118-3 Part 3: Dedicated hash-functions 10118.3 Part 3: Dedicated hash-functions

AS/NZS ISO/IEC


techniquesEncryption

algorithms


techniquesEncryption algorithms

18033-3 Part 3: Block ciphers 18033.3 Part 3: Block ciphers

Any international references not listed have not been adopted as Australian or Australian/New

Zealand Standards.

The terms normative and informative are used to define the application of the annex to

which they apply. A normative annex is an integral part of a standard, whereas an informative

annex is only for information and guidance.


5/8

CONTENTS

Page

1 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

2 Normative references . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

3 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

4 Symbols and notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

5 Mathematical conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

5.1 Functions and algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

5.2 Bit strings and octet strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

5.3 Finite Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

5.4 Elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

6.1 Cryptographic hash functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

6.2 Key derivation functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

6.3 MAC algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

6.4 Block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

6.5 Symmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

7 Asymmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

7.1 Plaintext length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

7.2 The use of labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

7.3 Ciphertext format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

7.4 Encryption options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217.5 Method of operation of an asymmetric cipher . . . . . . . . . . . . . . . . . . . 22

7.6 Allowable asymmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

8 Generic hybrid ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

8.1 Key encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

8.2 Data encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . 24

8.3 HC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

9 Constructions of data encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . 26

9.1 DEM1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

9.2 DEM2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279.3 DEM3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

10 ElGamal-based key encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . 30

10.1 Concrete groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

10.2 ECIES-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

10.3 PSEC-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

10.4 ACE-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

11 RSA-based asymmetric ciphers and key encapsulation mechanisms . . . . . . . . . . 39

11.1 RSA key generation algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

11.2 RSA Transform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

11.3 RSA encoding mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

11.4 RSAES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

11.5 RSA-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

12 Ciphers based on modular squaring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Cryptographic transformations


6/8

12.1 HIME key generation algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . 4512.2 HIME encoding mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4612.3 HIME(R) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Annex A (normative) ASN.1 syntax for object identifiers . . . . . . . . . . . . . . . . . 51

Annex B (informative) Security considerations . . . . . . . . . . . . . . . . . . . . . . . 61B.1 MAC algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61B.2 Block ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62B.3 Symmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62B.4 Asymmetric ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63B.5 Key encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . 65B.6 Data encapsulation mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . 66B.7 Security ofHC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68B.8 Intractability assumptions related to concrete groups . . . . . . . . . . . . . . . 68

B.9 Security ofECIES-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69B.10 Security ofPSEC-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71B.11 Security ofACE-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71B.12 The RSA inversion problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72B.13 Security ofRSAES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73B.14 Security ofRSA-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73B.15 Security ofHIME(R) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Annex C (informative) Test vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75C.1 Test vectors for DEM1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75C.2 Test vectors for ECIES-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

C.3 Test vectors for PSEC-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83C.4 Test vectors for ACE-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91C.5 Test vectors for RSAES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100C.6 Test vectors for RSA-KEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105C.7 Test vectors for HC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109C.8 Test vectors for HIME(R) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123


7/8


8/8

This is a free preview. Purchase the entire publication at the link below:

Looking for additional Standards? Visit SAI Global Infostore

Subscribe to ourFree Newsletters about Australian Standards in Legislation; ISO, IEC, BSI and more

Do you need to Manage Standards Collections Online?

Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation

Do you want to know when a Standard has changed?

Want to become an SAI Global Standards Sales Affiliate?

Learn about other SAI Global Services:

LOGICOM Military Parts and Supplier DatabaseMetals Infobase Database of Metal Grades, Standards and Manufacturers

Materials Infobase Database of Materials, Standards and Suppliers

Database of European Law, CELEX and Court Decisions

Need to speak with a Customer Service Representative - Contact Us

AS/NZS ISO/IEC 18033.2:2008, Informationtechnology - Security techniques - Encryptionalgorithms Asymmetric ciphers
http://infostore.saiglobal.com/store?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Newsletters/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Collections/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Law/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/StandardsWatch/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Affiliate/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/LOGICOM/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/LOGICOM/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/Metals/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/Materials/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/European-Law/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://infostore.saiglobal.com/store/getpage.aspx?path=/InformationServices/shop/pages/ContactingUs.htm&utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://infostore.saiglobal.com/store/Details.aspx?ProductId=1009502&utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://infostore.saiglobal.com/store/getpage.aspx?path=/InformationServices/shop/pages/ContactingUs.htm&utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/European-Law/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/Materials/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/Metals/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Databases/LOGICOM/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Affiliate/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/StandardsWatch/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Law/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Collections/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://www.saiglobal.com/Information/Standards/Newsletters/?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSiteshttp://infostore.saiglobal.com/store?utm_source=PDF&utm_medium=Website_Infostore&utm_campaign=DocSharingSites

Documents

As NZS ISO IEC 18033.2-2008 Information Technology - Security Techniques - Encryption Algorithms Asymmetric c