ANSI-X9.42-2003.pdf
《ANSI-X9.42-2003.pdf》由会员分享,可在线阅读,更多相关《ANSI-X9.42-2003.pdf(136页珍藏版)》请在三一文库上搜索。
1、 ASC X9, Inc. 2003 All rights reserved American National Standard for Financial Services X9.422003 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography Accredited Standards Committee X9, Incorporated Financial Industry Standar
2、ds Date Approved: November 19, 2003 American National Standards Institute Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:02:33 MDTNo reproduction or networking permitted wi
3、thout license from IHS -,-,- ASC X9, Inc. 2003 All rights reserved Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:02:33 MDTNo reproduction or networking permitted without l
4、icense from IHS -,-,- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:02:33 MDTNo reproduction or networking permitted without license from IHS -,-,- ANS X9.422003 ii ASC X9
5、, Inc. 2003 All rights reserved Contents 1 SCOPE.1 2 NORMATIVE REFERENCES.1 3 DEFINITIONS.2 4. SYMBOLS AND ABBREVIATIONS7 4.1 SYMBOLS7 4.2 ABBREVIATIONS9 5. ORGANIZATION 9 6. APPLICATION.10 7. BASIC ALGORITHMS, FUNCTIONS, AND CONVERSION RULES.11 7.1 DOMAIN PARAMETER GENERATION11 7.2 DOMAIN PARAMETER
6、 VALIDATION.12 7.3 PRIVATE/PUBLIC KEY GENERATION12 7.4 PUBLIC KEY VALIDATION13 7.5 CALCULATION OF SHARED SECRET ELEMENTS14 7.5.1 Diffie-Hellman Algorithm14 7.5.2 MQV Algorithm.15 7.6 DATA CONVERSION RULES18 7.6.1 Integer-to-Bit-String Conversion18 7.6.2 Bit-String-to-Integer Conversion18 7.6.3 Integ
7、er-to-Octet-String Conversion.18 7.6.4 Octet-String-to-Integer Conversion.19 7.7 KEY DERIVATION FROM A SHARED SECRET VALUE19 7.7.1 Key Derivation Function Based on ASN.120 7.7.2 Key Derivation Function Based on Concatenation.21 7.8 MAC COMPUTATION23 7.9 ANS X9.42 IMPLEMENTATION VALIDATION.23 8 KEY A
8、GREEMENT SCHEMES .24 8.1 KEY AGREEMENT USING THE DIFFIE-HELLMAN ALGORITHM.24 8.1.1 dhStatic.24 8.1.2 dhEphem.26 8.1.3 dhOneFlow.28 8.1.4 dhHybrid1.29 8.1.5 dhHybrid2.32 8.1.6 dhHybridOneFlow34 8.2 KEY AGREEMENT USING THE MQV ALGORITHM.36 8.2.1 MQV2 Interactive Form of the MQV Algorithm36 8.2.2 MQV1
9、Store and Forward Form of the MQV Algorithm38 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:02:33 MDTNo reproduction or networking permitted without license from IHS -,-,-
10、 ANS X9.422003 ASC X9, Inc. 2003 All rights reserved iii ANNEX A (NORMATIVE) PARAMETER SYNTAX AND ENCODING RULES .41 A.1 FINITE FIELD SYNTAX41 A.2 PARAMETER SYNTAX.42 A.2.1 Domain Parameters43 A.2.2 Scheme Parameters.44 A.3 PUBLIC KEY SYNTAX45 A.4 SCHEME SYNTAX.47 A.4.1 dhStatic.48 A.4.2 dhEphem.48
11、A.4.3 dhOneFlow.49 A.4.4 dhHybrid1.49 A.4.5 dhHybrid2.49 A.4.6 dhHybridOneFlow49 A.4.7 MQV250 A.4.8 MQV150 A.4.9 Key Agreement Object Sets .50 A.5 KEY DERIVATION SYNTAX51 A.6 MAC FOR ANS X9.42 IMPLEMENTATION VALIDATION52 A.7 ASN.1 MODULE52 ANNEX B (NORMATIVE) DOMAIN PARAMETER GENERATION.60 B.1 GENER
12、ATION OF PRIME MODULI60 B.1.1 Probabilistic Primality Test60 B.1.2 Generation of Primes .62 B.1.3 Validation of Primes.64 B.2 SELECTION OF A GENERATOR FOR Q-ORDER SUBGROUP66 B.3 JACOBI SYMBOL ALGORITHM (REVISED)66 ANNEX C (NORMATIVE) PSEUDO-RANDOM NUMBER GENERATOR.69 C.1 PSEUDO-RANDOM NUMBER GENERAT
13、OR BASED ON G(T, C).69 C.2 PSEUDO-RANDOM NUMBER GENERATOR USING THE TDEA.70 ANNEX D (INFORMATIVE) CALCULATION EXAMPLES72 D.1 GENERATION OF DOMAIN PARAMETERS.72 D.1.1 Static-Key Domain Parameters (1024-bit prime)72 D.1.2 Ephemeral-Key Domain Parameters (1024-bit prime)73 D.2 GENERATION OF PRIVATE/PUB
14、LIC KEYS.74 D.2.1 Ephemeral Private keys for U and V.74 D.2.2 Static Private and Public Keys for U and V.74 D.3 SHARED SECRET VALUE CALCULATION USING DIFFIE-HELLMAN ALGORITHM.75 D.3.1 dhStatic.75 D.3.2 dhEphem.76 D.3.3 dhOneFlow.77 D.3.4 dhHybrid1.78 D.3.5 dhHybrid2.79 D.3.6 dhHybridOneFlow81 D.4 SH
15、ARED SECRET VALUE CALCULATIONS USING MQV ALGORITHM82 D.4.1 MQV2 Interactive Form .82 D.4.2 MQV1 Store and Forward Form.87 D.5 KEY DERIVATION FUNCTION.90 D.5.1 Examples of the Key Derivation function Based on Concatenation.90 Copyright American National Standards Institute Provided by IHS under licen
16、se with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:02:33 MDTNo reproduction or networking permitted without license from IHS -,-,- ANS X9.422003 iv ASC X9, Inc. 2003 All rights reserved D.5.2 Example of the Derivation Function Based on ASN.1 - Single
17、Invocation Where Keys are Generated for One Purpose 95 D.6 MAC COMPUTATION97 ANNEX E (INFORMATIVE) SECURITY CONSIDERATIONS .100 E.1 SECURITY OF THE DISCRETE LOGARITHM PROBLEM IN GF(P)*100 E.1.1 Discrete Logarithm Problem and Key Agreement.100 E.1.2 Complexity of the Discrete Logarithm Problem.100 E.
18、1.3 Expense of Solving the Discrete Logarithm Problem101 E.1.4 Relative Security Strength and Appropriate Key Lengths.102 E.2 SECURITY OF KEY AGREEMENT SCHEMES104 E.2.1 Man-in-the-Middle-Attack104 E.2.2 Small Subgroup Attacks on Invalid Public Keys.105 E.2.3 Security Attributes of the Schemes in thi
19、s Standard.105 E.3 GUIDELINES ON SELECTING AN ANS X9.42 KEY AGREEMENT SCHEME.108 E.4 GENERAL SECURITY CONSIDERATIONS.111 E.4.1 Setup Negotiation.111 E.4.2 Private/Public Key Management.111 E.4.3 Parameter Management112 E.4.4 Generation of Public and Private Keys112 ANNEX F (INFORMATIVE) SUMMARY OF C
20、HANGES FROM ANS X9.422001114 F.1 TECHNICAL ISSUES114 F.1.1 Range of bases in Miller-Rabin test114 F.1.2 Perfect squares in Lucas test114 F.1.3 Discriminants with Jacobi symbol 0 in Lucas test.114 F.1.4 Errors in the Jacobi symbol algorithm.114 F.2 EDITORIAL ISSUES.115 F.2.1 Lucas-Lehmer vs. Lucas115
21、 F.2.2 Reference for combining Miller-Rabin and Lucas tests115 F.2.3 Binary expansion115 F.2.4 Inconsistent notation in the Lucas test.115 F.2.5 Modular division in Lucas test.115 ANNEX G (INFORMATIVE) REFERENCES116 Copyright American National Standards Institute Provided by IHS under license with A
22、NSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:02:33 MDTNo reproduction or networking permitted without license from IHS -,-,- ANS X9.422003 ASC X9, Inc. 2003 All rights reserved v Tables Table 1 Key Agreement Scheme dhStatic25 Table 2 Key Agreement Scheme
23、 dhEphem.27 Table 3 Key Agreement Scheme dhOneFlow.29 Table 4 Key Agreement Scheme dhHybrid131 Table 5 Key Agreement Scheme dhHybrid233 Table 6 Key Agreement Scheme dhHybridOneFlow.35 Table 7 Key Agreement Scheme MQV238 Table 8 Key Agreement Scheme MQV140 Table E.1 Complexity of Attacks on Cryptogra
24、phic Algorithms.103 Table E.2 Approximate Equivalence of Keys In Bits To Known Best General Attacks.104 Table E.3 Attributes Provided by Key Agreement Schemes107 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, M
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ANSI X9 42 2003
链接地址:https://www.31doc.com/p-3729385.html