RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998.

Slides:



Advertisements
Similar presentations
Revised 08/16/1999 IEEE P1363: Standard Specifications for Public-Key Cryptography Burt Kaliski Chair, IEEE P1363 August 17, 1999.
Advertisements

Key Establishment Schemes Workshop Document October 2001.
Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02
Cryptography and Security: The Narrow Road from Theory to Practice Burt Kaliski, RSA Security ISPEC 2006, Hangzhou, China April 13, 2006.
Some New RSA Mechanisms for PKCS #11 Burt Kaliski, RSA Laboratories PKCS Workshop April 14, 2003.
Cryptography and Network Security
Advanced Information Security 4 Field Arithmetic
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.
CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
IEEE P1363: Standard Specifications for Public-Key Cryptography
1 An Elliptic Curve Processor Suitable for RFID-Tags L. Batina 1, J. Guajardo 2, T. Kerins 2, N. Mentens 1, P. Tuyls 2 and I. Verbauwhede 1 Katholieke.
ASYMMETRIC CIPHERS.
Cryptography and Network Security Chapter 13
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.
Bob can sign a message using a digital signature generation algorithm
By Abhijith Chandrashekar and Dushyant Maheshwary.
Ipsita Sahoo 10IT61B05 School of Information Technology IIT Kharagpur October 29, 2011 E LLIPTIC C URVES IN C RYPTOGRAPHY.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Elliptic Curve Cryptography
1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz
Digital Signatures: Mathematics Zdeněk Říha. Data authentication Data integrity + data origin Digital signature Asymmetric cryptography public and private.
1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.
NSA’s Elliptic Curve Licensing Agreement Mr. John Stasak Cryptography Office Information Assurance Research National Security Agency Mr. John Stasak Cryptography.
CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
RSA Data Security, Inc. PKCS #1 : RSA Cryptography Standard Jessica Staddon RSA Laboratories PKCS Workshop October 7, 1998.
On OAEP, PSS, and S/MIME John Linn RSA Laboratories S/MIME WG, San Diego IETF, 13 December 2000.
Scott CH Huang COM5336 Cryptography Lecture 10 Elliptic Curve Cryptography Scott CH Huang COM 5336 Cryptography Lecture 10.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Elliptic Curve Cryptography-based Authorization & Key Agreement for IEEE m IEEE Presentation Submission Template (Rev. 9) Document Number:
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Basic Elliptic Curve Cryptography 1Lt Peter Hefley 90 OSS Instructor Fall ‘06.
Some Perspectives on Smart Card Cryptography
Understanding Cryptography by Christof Paar and Jan Pelzl These slides were prepared by Christof Paar and Jan Pelzl Chapter 8 –
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
May 30 th – 31 st, 2006 Sheraton Ottawa. Implementing Advanced Cryptography - Suite-B William Billings, CISSP Chief Security Advisor Microsoft US Federal.
Elliptic curve cryptography ECC is an asymmetric cryptosystem based on the elliptic curve discrete log problem. The ECDLP arises in Abelian groups defined.
Understanding Cryptography by Christof Paar and Jan Pelzl These slides were prepared by Tim Güneysu, Christof Paar and Jan Pelzl.
Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security
Elliptic Curve Cryptography
Cryptography and Network Security
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Faster Implementation of Modular Exponentiation in JavaScript
Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.
PKCS #5: Password-Based Cryptography Standard
Course web page: ECE 646 Cryptography and Computer Network Security ECE web page  Courses  Course web pages  ECE 646.
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-ECDSA Title: Discussion on introducing ECDSA to d for group management Date Submitted: July.
Lecture 9 Elliptic Curves. In 1984, Hendrik Lenstra described an ingenious algorithm for factoring integers that relies on properties of elliptic curves.
ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002.
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
Elliptic Curve Cryptography-based Authorization & Key Agreement for IEEE m IEEE Presentation Submission Template (Rev. 9) Document Number:
COM 5336 Lecture 8 Digital Signatures
1 Cryptanalysis Lab Elliptic Curves. Cryptanalysis Lab Elliptic Curves 2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p) [3] Properties.
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
IEEE P1363 and Standards Process William Whyte, NTRU Cryptosytems 2/16/2005.
S/MIME Working Group Status Russ Housley November 2002 PLEASE SIGN THE BLUE SHEET.
Efficient Montgomery Modular Multiplication Algorithm Using Complement and Partition Techniques Speaker: Te-Jen Chang.
RSA Data Security, Inc. Emerging Standards for Public-Key Cryptography Burt Kaliski Chief Scientist, RSA Laboratories BRICS Summer School in Cryptology.
Cryptography and Network Security Chapter 13
RSA Laboratories’ PKCS Series - a Tutorial
D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK
Dan Brown, Certicom Research November 10, 2004
The Application of Elliptic Curves Cryptography in Embedded Systems
Introduction to Elliptic Curve Cryptography
Presentation transcript:

RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998

© RSA 1998 Introduction Elliptic curve cryptography is emerging as a new public-key technique Some standardization underway: –ANSI X9.62,.63, IEEE P1363, ISO work PKCS #13: a profile of existing work –status: in preparation, this is a proposal

© RSA 1998 ECC: Primary Choices Underlying finite field Cryptographic schemes Point representation

© RSA 1998 Finite Field Odd characteristic: GF(p), p odd –also GF(p m ), e.g., for p = 3 Even characteristic: GF(2 m ) –which field representations? Even generally faster (esp. in hardware), odd leverages existing modular arithmetic implementations

© RSA 1998 Key Agreement Schemes Diffie-Hellman “Unified” Diffie-Hellman MQV DH basic, “unified” more flexible, MQV more efficient for joint static/ephemeral –P1363, X9.63 draft have all three

© RSA 1998 Signature Schemes DSA Nyberg-Rueppel Schnorr DSA “standard,” NR allows message recovery, Schnorr more “provable” –P1363 has first two, X9.62 has DSA

© RSA 1998 Encryption Schemes Elgamal (= DH + multiplication) S/MIME approach Zheng-Seberry, Bellare-Rogaway schemes Elgamal basic, S/MIME enhanced, ZS and BR “provable”, more flexible –ZS, BR submitted to P1363a –BR in X9.63 draft

© RSA 1998 Point Representation Uncompressed: (x,y) y-compressed: only one bit of y x-compacted: one less bit of x x only (with algorithm changes) Size, processing tradeoffs –P1363 supports uncompressed, y- compressed

© RSA 1998 Proposed Profile GF(p) and GF(2 m ), with rationale ECDH, ECDSA, P1363a ECES Uncompressed, with P1363 format Domain parameter and key generation, validation later

© RSA 1998 IP Considerations ECC in general is not patented, but specific choices may be, e.g.: –MQV key agreement –point compression (app.) –key validation (app.) Proposed profile is intended to be unencumbered, though some implementation techniques may be patented

© RSA 1998 Discussion Are the choices appropriate? Is the profile too general? –e.g., would fewer choices be better? Is it necessary? –maybe IEEE P1363 Profile for PKCS Applications would be a better title? Work plan and schedule

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.