IEEE P1363 and Standards Process William Whyte, NTRU Cryptosytems 2/16/2005

IEEE P1363  Project initiated 1993  IEEE Std issued in 2000 –RSA, DSA, ECDSA, …  IEEE Std 1363a-2004 issued in 2004  IEEE P and P ongoing

What do those numbers mean?  A working group is identified with its main standards document –1363  1363a is an amendment to 1363 –Presented as a list of edits to be made to the same document –See also i, etc…  , are separate documents within the scope of the same working group  All documents go through the same standardization process, starting with a Project Authorization Request (PAR)

1363 to date  1994: First meeting –Intent was to standardize RSA and Discrete Log-based systems  1995: Scope expanded to include ECC  Established division into schemes and primitives –Primitives: the core mathematical operations  RSA: c = me mod n –Schemes: the message processing  RSA-OAEP –Primitives take mathematical objects as inputs –Schemes take octet strings  Types of schemes: Encryption, Key Exchange, Signature with Message Recovery, Signature with Appendix.  Also included mathematical background –EC point operations, curve generation, modular exponentiation, etc.

1363 to date (2)  1997: Decision taken to split standard into 1363 and 1363a to speed up issuance of main standard –1363: techniques that were ready-to-go –1363a: additional techniques  e.g. had no EC/DL Signature with Recovery scheme  1363 issued in 2000  1363a issued in 2004

Ongoing work  : Standard specifications for public key cryptography based on hard problems over lattices  : Standard specifications for password-based public key cryptographic techniques  Both projects approved in December 2000 –PARs recently extended to end 2006

Standardization Process  Find Sponsor  Establish Study Group  Submit PAR  Establish Working Group  Write Document  Working Group Ballot  Sponsor Ballot  Final Review

Sponsor and Study Group  IEEE has different committees which oversee the work of different working groups –1363 sponsor is Microprocessor Standards Committee (MSC), chair Bob Davis  Sponsor can request IEEE NesCom (New Standards Committee) to establish a Study Group  Study Group decides whether or not standardization effort is appropriate and issues PAR if appropriate. –1363 Study Group was established Jan 2005 –Has lifetime of 6 months –At end of 6 months, may issue one or more PARs or disband

PAR  See  Type of document: –Standard (shall) –Recommended Practice (should) –Guide (may)  Title –Change in title requires reauthorization by NesCom.  Lifecyle –Full-use or Trial-use –Trial-use: goes through ballot, then reballot 24 months later  Type of project –New document –Revision/Amendment/Corrigendum

PAR (2)  WG, WG chair, and sponsor information  Type of ballot –This applies to Sponsor ballot –Individual/Entity/Combination –Individual more usual  Projected Completion Date  Scope & Purpose  IP considerations –See later  Other projects with similar scope  Future adoptions by other bodies  Health & Safety considerations

What type of document?  Amendment to main standard – 1363b  New document produced by same working group –  Difference in practice is minimal –If reusing a lot of 1363/1363a, may want to format it as b –Otherwise, may want to issue as separate document

1363 PAR  Scope –Specifications of common public-key cryptographic techniques, including mathematical primitives for secret value (key) derivation, public-key encryption, and digital signatures, and cryptographic schemes based on those primitives. Specifications of related cryptographic parameters, public keys and private keys.  Purpose –The transition from paper to electronic media brings with it the need for electronic privacy and authenticity. Public-key cryptography offers fundamental technology addressing this need. Many alternative public-key techniques have been proposed, each with its own benefits. However, there has been no single, comprehensive reference defining a full range of common public-key techniques covering key agreement, public-key encryption, digital signatures, and identification from several families, such as discrete logarithms, integer factorization, and elliptic curves. It is not the purpose of this project to mandate any particular set of public- key techniques, or particular attributes of public-key techniques such as key sizes. Rather, the purpose is to provide a reference for specifications of a variety of techniques from which applications may select.

PAR Acceptance  NesCom meets four times a year  Work on standard can commence once PAR is approved

Working Group  Appoint Editor –Editor is not an official position; appointed by 1363 WG Principal Editor, Mike Brenner –Editor is supervisory role – overall responsibility for document but does not have to write everything herself  1363a: Editor, Burt Kaliski; OEFs for ECC text mainly submitted by Daniel V. Bailey.  Editor issues calls for submissions  While submissions are being received, works on structure of document  After submissions deadline passes, move to downselection of techniques to be included –May or may not be contentious  As appropriate, move motion to bring document to sponsor ballot

Draft  References v Bibliography –References: Must reference for correct operation  1363 example: SHA-1 –Bibliography: Informative  Structure: Normative body, Informative Annex –1363 Normative: Primitives, Schemes –1363 Informative: Mathematical Background (eg Curve Generation)  Patents and Trademarks –Take care!

Working Group Procedures  Bylaws at  Obtain and maintain voting rights by attending two WG meetings out of four.  Votes need 2/3 majority to pass –Ensure consensus  IP considerations follow

Instructions for the WG Chair  At Each Meeting, the Working Group Chair shall:  Show slides #1 and #2 of this presentation  Advise the WG membership that: –The IEEE’s Patent Policy is consistent with the ANSI patent policy and is described in Clause 6 of the IEEE SA Standards Board Bylaws; –Early disclosure of patents which may be essential for the use of standards under development is encouraged; –Disclosures made of such patents may not be exhaustive of all patents that may be essential for the use of standards under development, and that neither the IEEE, the WG nor the WG Chairman ensure the accuracy or completeness of any disclosure or whether any disclosure is of a patent that in fact may be essential for the use of standards under development.  Instruct the WG Secretary to record in the minutes of the relevant WG meeting: –that the foregoing advice was provided and the two slides were shown; –that an opportunity was provided for WG members to identify or disclose patents that the WG member believes may be essential for the use of that standard; –any responses that were given, specifically the patents and patent applications that were identified (if any) and by whom. (Not necessary to be shown) Approved by IEEE-SA Standards Board – March 2003

6. Patents IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard. This assurance shall be provided without coercion and prior to approval of the standard (or reaffirmation when a patent becomes known after initial approval of the standard). This assurance shall be a letter that is in the form of either a) A general disclaimer to the effect that the patentee will not enforce any of its present or future patent(s) whose use would be required to implement the proposed IEEE standard against any person or entity using the patent(s) to comply with the standard or b) A statement that a license will be made available without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination This assurance shall apply, at a minimum, from the date of the standard's approval to the date of the standard's withdrawal and is irrevocable during that period. IEEE-SA Standards Board Bylaws on Patents in Standards Slide #1 Approved by IEEE-SA Standards Board – March 2003

Inappropriate Topics for IEEE WG Meetings  Don’t discuss licensing terms or conditions  Don’t discuss product pricing, territorial restrictions or market share  Don’t discuss ongoing litigation or threatened litigation  Don’t be silent if inappropriate topics are discussed… do formally object. If you have questions, contact the IEEE Patent Committee Administrator at or visit Slide #2 Approved by IEEE-SA Standards Board – March 2003

Sponsor ballot  Ballot body appointed through IEEE-SA  Standard requires 75% turnout from ballot body, 75% YES  WG must address all comments from negative ballots  If ballot failed, recirculation ballot  If ballot passed, on to RevCom

RevCom  Last step!  Review Committee  Ensures all ballot comments have been addressed and that standard conforms to IEEE guidelines  Then issues!

Timescale  Submissions: WG sets timescale. Should be at least 6 months from PAR approval.  Selection of techniques: Depends on how controversial this is…  Finishing document & WG ballot: 1 year  Sponsor ballot, reballot & RevCom: 1 year  Total: 3 years from 2005/02

Questions?