Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998.

Published byMyles Simmons Modified over 8 years ago

Similar presentations

Presentation on theme: "RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998."— Presentation transcript:

1 RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998

2 © RSA 1998 Introduction Elliptic curve cryptography is emerging as a new public-key technique Some standardization underway: –ANSI X9.62,.63, IEEE P1363, ISO work PKCS #13: a profile of existing work –status: in preparation, this is a proposal

3 © RSA 1998 ECC: Primary Choices Underlying finite field Cryptographic schemes Point representation

4 © RSA 1998 Finite Field Odd characteristic: GF(p), p odd –also GF(p m ), e.g., for p = 3 Even characteristic: GF(2 m ) –which field representations? Even generally faster (esp. in hardware), odd leverages existing modular arithmetic implementations

5 © RSA 1998 Key Agreement Schemes Diffie-Hellman “Unified” Diffie-Hellman MQV DH basic, “unified” more flexible, MQV more efficient for joint static/ephemeral –P1363, X9.63 draft have all three

6 © RSA 1998 Signature Schemes DSA Nyberg-Rueppel Schnorr DSA “standard,” NR allows message recovery, Schnorr more “provable” –P1363 has first two, X9.62 has DSA

7 © RSA 1998 Encryption Schemes Elgamal (= DH + multiplication) S/MIME approach Zheng-Seberry, Bellare-Rogaway schemes Elgamal basic, S/MIME enhanced, ZS and BR “provable”, more flexible –ZS, BR submitted to P1363a –BR in X9.63 draft

8 © RSA 1998 Point Representation Uncompressed: (x,y) y-compressed: only one bit of y x-compacted: one less bit of x x only (with algorithm changes) Size, processing tradeoffs –P1363 supports uncompressed, y- compressed

9 © RSA 1998 Proposed Profile GF(p) and GF(2 m ), with rationale ECDH, ECDSA, P1363a ECES Uncompressed, with P1363 format Domain parameter and key generation, validation later

10 © RSA 1998 IP Considerations ECC in general is not patented, but specific choices may be, e.g.: –MQV key agreement –point compression (app.) –key validation (app.) Proposed profile is intended to be unencumbered, though some implementation techniques may be patented

11 © RSA 1998 Discussion Are the choices appropriate? Is the profile too general? –e.g., would fewer choices be better? Is it necessary? –maybe IEEE P1363 Profile for PKCS Applications would be a better title? Work plan and schedule

Download ppt "RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998."

Similar presentations

Revised 08/16/1999 IEEE P1363: Standard Specifications for Public-Key Cryptography Burt Kaliski Chair, IEEE P1363 August 17, 1999.

Revised 08/16/1999 IEEE P1363: Standard Specifications for Public-Key Cryptography Burt Kaliski Chair, IEEE P1363 August 17, 1999.
Key Establishment Schemes Workshop Document October 2001.

Key Establishment Schemes Workshop Document October 2001.
Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02

Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02
Cryptography and Security: The Narrow Road from Theory to Practice Burt Kaliski, RSA Security ISPEC 2006, Hangzhou, China April 13, 2006.

Cryptography and Security: The Narrow Road from Theory to Practice Burt Kaliski, RSA Security ISPEC 2006, Hangzhou, China April 13, 2006.
Some New RSA Mechanisms for PKCS #11 Burt Kaliski, RSA Laboratories PKCS Workshop April 14, 2003.

Some New RSA Mechanisms for PKCS #11 Burt Kaliski, RSA Laboratories PKCS Workshop April 14, 2003.
Cryptography and Network Security

Cryptography and Network Security
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.

Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.

Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.
CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
IEEE P1363: Standard Specifications for Public-Key Cryptography

IEEE P1363: Standard Specifications for Public-Key Cryptography
1 An Elliptic Curve Processor Suitable for RFID-Tags L. Batina 1, J. Guajardo 2, T. Kerins 2, N. Mentens 1, P. Tuyls 2 and I. Verbauwhede 1 Katholieke.

1 An Elliptic Curve Processor Suitable for RFID-Tags L. Batina 1, J. Guajardo 2, T. Kerins 2, N. Mentens 1, P. Tuyls 2 and I. Verbauwhede 1 Katholieke.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Cryptography and Network Security Chapter 13

Cryptography and Network Security Chapter 13
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall 2011 1.

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Similar presentations

Ads by Google