IEEE-1363.2-2008.pdf

IEEE Std 1363.2-2008 IEEE Standard Specifications for Password-Based Public-Key Cryptographic Techniques IEEE 3 Park Avenue New York, NY 10016-5997, USA 29 January 2009 IEEE Computer Society Sponsored by the Microprocessor Standards Committee 1363.2 TM Authorized licensed use limited to: IHS Stephanie Dejesus. Downloaded on February 13, 2009 at 06:41 from IEEE Xplore. Restrictions apply. Copyright The Institute of Electrical and Electronics Engineers, Inc. Provided by IHS under license with IEEELicensee=HP Monitoring/1111111164 Not for Resale, 04/06/2009 02:57:51 MDTNo reproduction or networking permitted without license from IHS -,-,- Authorized licensed use limited to: IHS Stephanie Dejesus. Downloaded on February 13, 2009 at 06:41 from IEEE Xplore. Restrictions apply. Copyright The Institute of Electrical and Electronics Engineers, Inc. Provided by IHS under license with IEEELicensee=HP Monitoring/1111111164 Not for Resale, 04/06/2009 02:57:51 MDTNo reproduction or networking permitted without license from IHS -,-,- IEEE Std 1363.2-2008 IEEE Standard Specification for Password-Based Public-Key Cryptographic Techniques Sponsor Microprocessor Standards Committee of the IEEE Computer Society Approved 26 September 2008 IEEE-SA Standards Board Authorized licensed use limited to: IHS Stephanie Dejesus. Downloaded on February 13, 2009 at 06:41 from IEEE Xplore. Restrictions apply. Copyright The Institute of Electrical and Electronics Engineers, Inc. Provided by IHS under license with IEEELicensee=HP Monitoring/1111111164 Not for Resale, 04/06/2009 02:57:51 MDTNo reproduction or networking permitted without license from IHS -,-,- Abstract: This standard covers specifications of public-key cryptographic techniques for password-based authentication and key establishment, supplemental to the techniques described in IEEE Std 1363-2000 and IEEE Std 1363a-2004. It is intended as a companion standard to IEEE Std 1363-2000 and IEEE Std 1363a-2004. It includes specifications of primitives and schemes designed to utilize passwords and other low-grade secrets as a basis for securing electronic transactions, including schemes for password-authenticated key agreement and password-authenticated key retrieval. Keywords: authentication, key agreement, password, public-key cryptography The Institute of Electrical and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-5997, USA Copyright © 2009 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 29 January 2009. Printed in the United States of America. IEEE is a registered trademark in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use can also be obtained through the Copyright Clearance Center. Authorized licensed use limited to: IHS Stephanie Dejesus. Downloaded on February 13, 2009 at 06:41 from IEEE Xplore. Restrictions apply. Copyright The Institute of Electrical and Electronics Engineers, Inc. Provided by IHS under license with IEEELicensee=HP Monitoring/1111111164 Not for Resale, 04/06/2009 02:57:51 MDTNo reproduction or networking permitted without license from IHS -,-,- iv Copyright © 2009 IEEE. All rights reserved. Introduction This introduction is not part of IEEE Std 1363.2-2008, IEEE Standard Specification for Password-Based Public-Key Cryptographic Techniques. The history of the IEEE P1363.2a project began in late 1996 with a presentation to the IEEE P1363 Working Group of a password-based public-key method for key agreement. Originally submitted as material for potential inclusion in the P1363 document, which later became IEEE Std 1363-2000,b this class of technique was deemed to be sufficiently interesting and yet sufficiently different from the original focus of the IEEE P1363 Working Group as to merit further study to determine how it should be addressed. At that time, the techniques included in the P1363 draft were fairly stable; however, there were also other additional techniques that had been submitted to the Working Group that warranted further study and consideration. The P1363a project became the entry point for newly proposed methods that were similar in function to and in the same mathematical families as methods in the P1363 project, which focused on key exchange, digital signature, and public-key encryption schemes in the integer factorization, discrete logarithm (DL), and elliptic curve (EC) families. Work on P1363a progressed while IEEE Std 1363-2000 was solidified and prepared for the IEEE balloting process. In time, the Working Group similarly chose to close P1363a to additional techniques and prepare it for ballot, leaving standardization of additional techniques to future standards. P1363a resulted in the IEEE Std 1363a-2004 amendment. Throughout the process of creating these standards, the Working Group continued to receive numerous submissions of creative, useful, and well-designed public-key cryptographic techniques, including password-based techniques. To address the number of submitted techniques that fell outside the functional or familial scope of both IEEE Std 1363-2000 and IEEE Std 1363a-2004, the Microprocessor Standards Committee (MSC) commissioned a study group, in which many of the IEEE P1363 Working Group members participated, to explore the possibility of creating additional standards related to public-key cryptography. In late 2000, the Working Group began work on P1363.2 (password-based public-key cryptographic techniques) and P1363.1 (public-key cryptographic techniques based on hard problems over lattices). The Working Group has also begun work on P1363.3 (identity-based cryptographic techniques using pairings) and has discussed other potential projects to continue the work from IEEE Std 1363a-2004. The IEEE P1363 Working Group continues to be an excellent forum for experts to discuss technical and standardization issues associated with public-key cryptography. It has provided a focal point for the presentation of new developments in public-key cryptography and remains a source for up-to-date information on the topic. For the duration of its existence, the Working Group intends to maintain a Web site that will support all of the IEEE 1363 standards and current projects.c The IEEE P1363 Working Group would once again like to thank all of the participants and outside experts that have contributed to this standard, to the development of public-key technology and to the P1363 process. a The P indicates an IEEE authorized standards project that was not approved by the IEEE-SA Standards Board at the time the Working Group was formed. b Information on references can be found in Clause 2. c Information can be found at: http:/grouper.ieee.org/groups/1363/index.html. Authorized licensed use limited to: IHS Stephanie Dejesus. Downloaded on February 13, 2009 at 06:41 from IEEE Xplore. Restrictions apply. Copyright The Institute of Electrical and Electronics Engineers, Inc. Provided by IHS under license with IEEELicensee=HP Monitoring/1111111164 Not for Resale, 04/06/2009 02:57:51 MDTNo reproduction or networking permitted without license from IHS -,-,- v Copyright © 2009 IEEE. All rights reserved. Notice to users Laws and regulations Users of these documents should consult all applicable laws and regulations. Compliance with the provisions of this standard does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements. IEEE does not, by the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights This document is copyrighted by the IEEE. It is made available for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self- regulation, standardization, and the promotion of engineering practices and methods. By making this document available for use and adoption by public authorities and private users, the IEEE does not waive any rights in copyright to this document. Updating of IEEE documents Users of IEEE standards should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of amendments, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. In order to determine whether a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE Standards Association Web site at http:/ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously. For more information about the IEEE Standards Association or the IEEE standards development process, visit the IEEE-SA Web site at http:/standards.ieee.org. Errata Errata, if any, for this and all other standards can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/updates/errata/index.html. Users are encouraged to check this URL for errata periodically. Interpretations Current interpretations can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/interp/ index.html. Authorized licensed use limited to: IHS Stephanie Dejesus. Downloaded on February 13, 2009 at 06:41 from IEEE Xplore. Restrictions apply. Copyright The Institute of Electrical and Electronics Engineers, Inc. Provided by IHS under license with IEEELicensee=HP Monitoring/1111111164 Not for Resale, 04/06/2009 02:57:51 MDTNo reproduction or networking permitted without license from IHS -,-,- vi Copyright © 2009 IEEE. All rights reserved. Patents Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection therewith. A patent holder or patent applicant has filed a statement of assurance that it will grant licenses under these rights without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses. Other Essential Patent Claims may exist for which a statement of assurance has not been received. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms or conditions provided in connection with submission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non- discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Further information may be obtained from the IEEE Standards Association. Participants At the time this standard was submitted to the IEEE-SA Standards Board for approval, the IEEE P1363 Working Group had the following membership: William Whyte, Chair Don B. Johnson, Vice Chair Mike Brenner, Primary Editor David Jablon, 1363.2 Project Editor Guido Appenzeller Xavier Boyen Daniel Brown Mark Chimley Andy Dancer Luther Martin Roger Schlafly Hovav Shacham Ari Singer Jerry Solinas Terence Spies Yongge Wang In addition, the Working Group would like to thank the following people for their contributions to the standard: Wole Akpose Kendall Ananyi Mihir Bellare Liqun Chen Wei Dai Warwick Ford Eric Fung Craig Gentry Jim Hughes Bill Jennings Burt Kaliski Pieter Kasselman Jonathan Katz David Kravitz Hugo Krawczyk Taekyoung Kwon Philip D. MacKenzie James H Manger Chris Mitchell Rafail Ostrovsky Zulfikar Ramzan Phil Rogaway Victor Shoup Ram Swaminathan Michael Wiener Tom Wu Kim-Ee Yeoh Moti Yung The Working Group apologizes for any inadvertent omissions from the preceding lists. Please note that inclusion of a person's name does not imply that the person agrees with all the materials in the standard. Authorized licensed use limited to: IHS Stephanie Dejesus. Downloaded on February 13, 2009 at 06:41 from IEEE Xplore. Restrictions apply. Copyright The Institute of Electrical and Electronics Engineers, Inc. Provided by IHS under license with IEEELicensee=HP Monitoring/1111111164 Not for Resale, 04/06/2009 02:57:51 MDTNo reproduction or networking permitted without license from IHS -,-,- vii Copyright © 2009 IEEE. All rights reserved. The following members of the individual balloting committee voted on this standard. Balloters may have voted for approval, disapproval, or abstention. Matthew Ball Mike Brenner Juan Carreon Weijen Chen Keith Chow Tommy Cooper Andy Dancer James Davis Yaacov Fenster Michael Geipel Randall Groves Werner Hoelzl Atsushi Ito David Jablon Raj Jain Piotr Karocki William Lumpkins G. Luri Philip D. MacKenzie Michael Markowitz Edward McCall Earl Meiers Gary Michel Apurva Mody Michael S. Newman Nick S. A. Nikjoo Vikram Punj Robert Robinson Fernando Lucas Rodriguez Michael Rush Suman Sharma Gil Shultz Steven Smith Thomas Starai Rene Struik Gerald Stueve Mark-Rene Uchida William Whyte Oren Yuen Janusz Zalewski When the IEEE-SA Standards Board approved this standard on 26 September 2008, it had the following membership: Robert M. Grow, Chair Thomas Prevost, Vice Chair Steve M. Mills, Past Chair Judith Gorman, Secretary Victor Berman Richard DeBlasio Andy Drozd Mark Epstein Alexander Gelman William R. Goldbach Arnold M. Greenspan Kenneth S. Hanus Jim Hughes Richard H. Hulett Young Kyun Kim Joseph L. Koepfinger* John Kulick David J. Law Glenn Parsons Ronald C. Petersen Chuck Powers Narayanan Ramachandran Jon Walter Rosdahl Anne-Marie Sahazizian Malcolm V. Thaden Howard L. Wolfman Don Wright *Member Emeritus Also included are the following nonvoting IEEE-SA Standards Board liaisons: Satish K. Aggarwal, NRC Representative Michael Janezic, NIST Representative Lorraine Patsco IEEE Standards Program Manager, Document Development Malia Zaman IEEE Standards Program Manager, Technical Program Development Authorized licensed use limited to: IHS Stephanie Dejesus. Downloaded on February 13, 2009 at 06:41 from IEEE Xplore. Restrictions apply. Copyright The Institute of Electrical and Electronics Engineers, Inc. Provided by IHS under license with IEEELicensee=HP Monitoring/111111