Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-lamps-cms-shakes-hash-00 (was draft-dang-lamps-cms-shakes-hash-00) Q. Dang, P. Kampanakis National Institute of Standards and Technology.

Published by Modified over 5 years ago

Similar presentations

Presentation on theme: "Draft-lamps-cms-shakes-hash-00 (was draft-dang-lamps-cms-shakes-hash-00) Q. Dang, P. Kampanakis National Institute of Standards and Technology."— Presentation transcript:

1 draft-lamps-cms-shakes-hash-00 (was draft-dang-lamps-cms-shakes-hash-00)
Q. Dang, P. Kampanakis National Institute of Standards and Technology (NIST) Cisco Systems

2 Adding SHAKE128/SHAKE256 to CMS
Defines the OIDs for digital signatures and MAC (KMAC) so that SHAKEs can be used in CMS. Changes from draft-dang-lamps-cms-shakes-hash-00 Various updates to title and section names. Replaced RSASSA PKCS#1 v1.5 with RSASSA-PSS Content changes, filling in text and references.

3 SHAKEs’ OIDs id-shake128-len OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 17 } id-shake256-len OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) nistalgorithm(4) hashalgs(2) 18 } ShakeOutputLen ::= INTEGER -- Output length in octets ShakeOutputLen MUST be present and >= 32 for id-shake128-len or >= 64 for id- shake128-len

4 Mask Generation Function (MGF)
[RFC8017] id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } To use SHAKE as MGF, the id-mgf1 MUST have a hashAlgorithm value of id-shake128-len or id-shake256-len

5 RSASSA-PSS [RFC4055] OIDs id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } RSASSA-PSS-params ::= SEQUENCE { hashAlgorithm HashAlgorithm, maskGenAlgorithm MaskGenAlgorithm, saltLength INTEGER, trailerField INTEGER } When the SHAKE128 or SHAKE256 OIDs is used as the hashAlgorithm, it MUST also be used as the maskGenAlgorithm. When used as hashAlgorithm the ShakeOutputLen parameter MUST be present and equal to 32 or 64. When used as maskGenAlgorithm the ShakeOutputLen parameter must be (n - 264)/8 or (n - 520)/8 respectively, where n is the RSA modulus in bits. saltLength MUST be 32 or 64 bytes respectively Public Key rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1} [RFC3279] or id-RSASSA-PSS [RFC4055]

6 ECDSA OIDs id-ecdsa-with-SHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 3 x } id-ecdsa-with-SHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 3 y } x and y will be specified by NIST. The ShakeOutputLen parameter of SHAKE128 or SHAKE256 MUST be 32 or 64 bytes respectively when it is used in ECDSA Public key [RFC5480] id-ecPublicKey OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER -- implicitCurve NULL -- specifiedCurve SpecifiedECDomain }

7 Message Authentication Codes with SHAKEs
OIDs id-KmacWithSHAKE128 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 2 z } id-KmacWithSHAKE256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 2 w } z and w will be specified by NIST. When the id-KmacWithSHAKE128 or id-KmacWithSHAKE256 algorithm identifier is used, the parameters field MUST be absent; not NULL but absent. When calculating the KMAC output, the variable N is 0xD2B282C2, S is an empty string, and L, the integer representing the requested output length in bits, is 256 or 512 for KmacWithSHAKE128 or KmacWithSHAKE256 respectively in this specification.

8 Comments/questions ?

Download ppt "Draft-lamps-cms-shakes-hash-00 (was draft-dang-lamps-cms-shakes-hash-00) Q. Dang, P. Kampanakis National Institute of Standards and Technology."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Web security: SSL and TLS

Web security: SSL and TLS
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:

1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:
Cryptography in.Net CS 795. Goals Confidentiality---no one else can intercept a message as it passes from A to B---Encryption is the answer Integrity---message.

Cryptography in.Net CS 795. Goals Confidentiality---no one else can intercept a message as it passes from A to B---Encryption is the answer Integrity---message.
1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.

1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.
1 Workshop on algorithms and parameters for Electronic Signatures November 25, 2004. Brussels.

1 Workshop on algorithms and parameters for Electronic Signatures November 25, Brussels.
CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.

CMS Interoperability Matrix Jim Schaad Soaring Hawk Security.
Digital Signatures: Mathematics Zdeněk Říha. Data authentication Data integrity + data origin Digital signature Asymmetric cryptography public and private.

Digital Signatures: Mathematics Zdeněk Říha. Data authentication Data integrity + data origin Digital signature Asymmetric cryptography public and private.
1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.

1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.
Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.

Hash and MAC Algorithms Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther Aldwairi.
S. Muftic Computer Networks Security 1 Lecture 4: Message Confidentiality and Message Integrity Prof. Sead Muftic.

S. Muftic Computer Networks Security 1 Lecture 4: Message Confidentiality and Message Integrity Prof. Sead Muftic.
RSA Data Security, Inc. PKCS #1 : RSA Cryptography Standard Jessica Staddon RSA Laboratories PKCS Workshop October 7, 1998.

RSA Data Security, Inc. PKCS #1 : RSA Cryptography Standard Jessica Staddon RSA Laboratories PKCS Workshop October 7, 1998.
COSE Overview Jim Schaad August Cellars. Willing Changes No crypto compatibility Use of CBOR idioms Partial change of naming schemes.

COSE Overview Jim Schaad August Cellars. Willing Changes No crypto compatibility Use of CBOR idioms Partial change of naming schemes.
Comments on draft-ietf-pkix-scvp-19.txt IETF Meeting Paris - August 2005 Denis Pinkas

Comments on draft-ietf-pkix-scvp-19.txt IETF Meeting Paris - August 2005 Denis Pinkas
Certificate Requests to HIP Jani Pellikka 80 th IETF Mar 27 th – Apr 1 st 2011 Prague, Czech Republic.

Certificate Requests to HIP Jani Pellikka 80 th IETF Mar 27 th – Apr 1 st 2011 Prague, Czech Republic.
PKCS #5: Password-Based Cryptography Standard

PKCS #5: Password-Based Cryptography Standard
IEEE 802.21 MEDIA INDEPENDENT HANDOVER DCN: 21-13-00xx-ECDSA Title: Discussion on introducing ECDSA to 802.21d for group management Date Submitted: July.

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-ECDSA Title: Discussion on introducing ECDSA to d for group management Date Submitted: July.

Similar presentations

Ads by Google