additional algorithms and identifiers for elliptic curve cryptography in pkix
DESCRIPTION
Additional Algorithms and Identifiers for Elliptic Curve Cryptography in PKIX. Dan Brown, Certicom Research November 10, 2004. Purpose of I-D. New algorithm identifiers for: NIST recommended curves (FIPS 186-2) New random curve generation ECDSA with new SHAs ECDH & ECMQV with new SHAs - PowerPoint PPT PresentationTRANSCRIPT
Additional Algorithms and Identifiers for Elliptic Curve
Cryptography in PKIX
Dan Brown, Certicom Research
November 10, 2004
November 10, 2004 New-ECC-in-PKIX 2
Purpose of I-D
• New algorithm identifiers for:– NIST recommended curves (FIPS 186-2)– New random curve generation– ECDSA with new SHAs– ECDH & ECMQV with new SHAs– Key derivation, wrap & confirmation– Restricting certificates to certain algorithms
November 10, 2004 New-ECC-in-PKIX 3
Parallel Standardization
• Revision of ANSI X9.62 (ECDSA)– New ECDSA syntax (but no key management)
• Additional Algs and Ids for RSA in PKIX– New SHAs, New Algs (OAEP, PSS)
November 10, 2004 New-ECC-in-PKIX 4
NIST Recommended Curves
• FIPS 186-2 recommended 15 curves
• Old curves named in:– Old X9.62-1998– RFC 3279
• Some old curves have potential security problems: e.g. defined over GF(2m) with m composite
November 10, 2004 New-ECC-in-PKIX 5
New Random Curve Generation
• The base point generator G can now be derived randomly from a seed
• Reason: mainly as a precautionary measure
• Requires update to EC domain syntax
November 10, 2004 New-ECC-in-PKIX 6
ECDSA with New SHAs
• FIPS 180-2 defines SHA-224, SHA-256, SHA-384 and SHA-512
• X9.62 requires hash for message digesting be determined from EC key size
• Except in backwards compatibility mode where SHA-1 can be used
• New syntax is even more flexible
November 10, 2004 New-ECC-in-PKIX 7
New ECDSA Algorithm Identification
• OID ecdsa-with-Recommended (with no parameters) means to use new X9.62 required hash (function of key size)
• OID ecdsa-with-Sha1 for backwards compatible mode
• OID ecdsa-with-Specified allows for other combinations (just for flexibility)
November 10, 2004 New-ECC-in-PKIX 8
ECDH and ECMQV
• ECDH and ECMQV are used in RFC 3278 (an Informational in S/MIME)
• Old syntax from X9.63 (SHA1 only)
• New syntax needed for new SHAs
• Perhaps for new KDFs (NIST Sp 800-56)
• Perhaps for new key confirmation (800-56)
• Perhaps for new key wraps
November 10, 2004 New-ECC-in-PKIX 9
Algorithm Restriction
• Current cert key usage restrictions very general (signing, encrypting, etc)
• Finer algorithm restrictions may be needed
• Algorithm restrictions with a new Alg. Id. in SubjectPublicKeyInfo algorithm for:– Elliptic curve– Set of ECC algorithms