Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX - PowerPoint PPT Presentation

About This Presentation
Title:

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX

Description:

Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX Dan Brown, Certicom Research November 10, 2004 Purpose of I-D New algorithm identifiers ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 10
Provided by: ietfOrgpr
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX


1
Additional Algorithms and Identifiers for
Elliptic Curve Cryptography in PKIX
  • Dan Brown, Certicom Research
  • November 10, 2004

2
Purpose of I-D
  • New algorithm identifiers for
  • NIST recommended curves (FIPS 186-2)
  • New random curve generation
  • ECDSA with new SHAs
  • ECDH ECMQV with new SHAs
  • Key derivation, wrap confirmation
  • Restricting certificates to certain algorithms

3
Parallel Standardization
  • Revision of ANSI X9.62 (ECDSA)
  • New ECDSA syntax (but no key management)
  • Additional Algs and Ids for RSA in PKIX
  • New SHAs, New Algs (OAEP, PSS)

4
NIST Recommended Curves
  • FIPS 186-2 recommended 15 curves
  • Old curves named in
  • Old X9.62-1998
  • RFC 3279
  • Some old curves have potential security problems
    e.g. defined over GF(2m) with m composite

5
New Random Curve Generation
  • The base point generator G can now be derived
    randomly from a seed
  • Reason mainly as a precautionary measure
  • Requires update to EC domain syntax

6
ECDSA with New SHAs
  • FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and
    SHA-512
  • X9.62 requires hash for message digesting be
    determined from EC key size
  • Except in backwards compatibility mode where
    SHA-1 can be used
  • New syntax is even more flexible

7
New ECDSA Algorithm Identification
  • OID ecdsa-with-Recommended (with no parameters)
    means to use new X9.62 required hash (function of
    key size)
  • OID ecdsa-with-Sha1 for backwards compatible mode
  • OID ecdsa-with-Specified allows for other
    combinations (just for flexibility)

8
ECDH and ECMQV
  • ECDH and ECMQV are used in RFC 3278 (an
    Informational in S/MIME)
  • Old syntax from X9.63 (SHA1 only)
  • New syntax needed for new SHAs
  • Perhaps for new KDFs (NIST Sp 800-56)
  • Perhaps for new key confirmation (800-56)
  • Perhaps for new key wraps

9
Algorithm Restriction
  • Current cert key usage restrictions very general
    (signing, encrypting, etc)
  • Finer algorithm restrictions may be needed
  • Algorithm restrictions with a new Alg. Id. in
    SubjectPublicKeyInfo algorithm for
  • Elliptic curve
  • Set of ECC algorithms
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!