1Cryptographic standardsECE 646 - Lecture 15Secret-key cryptography standardsNISTANSIX3.92 DESX3.106 DES modes of operationX9.52 Modes of operationof Triple DESFederalstandardsBankingstandardsInternationalstandardsISOISO 8732 Modes of operationof a 64-bit cipherISO 10116 Modes ofoperationof an n-bitcipherFIPS 46-1 DESFIPS 46-2 DESFIPS 81 Modes ofoperationFIPS 46-3 TripleDESFIPS 197 AES2NIST FIPSNational Institute of Standards and TechnologyFederal Information Processing StandardsAmerican Federal StandardsRequired in the government institutionsOriginal algorithms developed in cooperation with the National Security Agency (NSA)Public-Key Cryptography StandardsIEEEANSINISTISORSA LabsPKCSindustrystandardsbankstandardsfederal standardsinternationalstandardsunofficialindustrystandardsP1363ANSI X9FIPSPKCSISO3PKCSPublic-Key Cryptography StandardsInformal Industry Standardsdeveloped by RSA Laboratoriesin cooperation withApple, Digital, Lotus, Microsoft, MIT, NorthernTelecom, Novell, SunFirst, except PGP, formal specification of RSA and formats of messages. IEEE P1363Working group of IEEE including representativesof major cryptographic companiesand university centers from USA, Canadaand other countriesPart of the Microprocessors Standards CommitteeQuarterly meetings + multiple teleconferences ++ discussion list + very informative web page with the draft versions of standardsModern, open style4Combined standard including the majority ofmodern public key cryptographySeveral algorithms for implementationof the same functionTool for constructing other, more specific standardsSpecific applications or implementations may determine a profile (subset) of the standardIEEE P1363ANSI X9American National Standards InstituteWork in the subcommittee X9Fdeveloping standards for financial institutionsANSI represents U.S.A. in ISOStandards for the wholesale(e.g., interbank) and retail transactions(np. bank machines, smart card readers)5ISO International Organization for StandardizationInternational standardsCommon standards with IEC -International Electrotechnical CommissionISO/IEC JTC1 SC 27Joint Technical Committee 1, Subcommitte 27Australia, Belgium, Brazil, Canada, China, Denmark, Finland,France, Germany, Italy, Japan , Korea., Holland , Norway ,Poland, Russia , Spain, Sweden, Switzerland , UK,USAFull members ( 21):ISO: International Organization for StandardizationLong and laborious process of the standard developmentStudy periodNP - New ProposalWD - Working DraftCD - Committee DraftDIS - Draft International StandardIS - International StandardMinimum3 yearsReview of the standard after 5 years = ratification, corrections orrevocation6Public-key Cryptography StandardsIEEEANSINISTISORSA LabsPKCSindustrystandardsbankstandardsfederal standardsinternationalstandardsunofficialindustrystandardsP1363ANSI X9FIPSPKCSISOPKCSIEEEISOANSINISTFIPS 186(DSS)FIPS 180(SHA-0)FIPS 180-1(SHA-1)1991 1992 1993FIPS-186-1(DSA&RSA)1994 1995 1996 1997 1998 1999P1363P1363aPKCS #1-10PKCS #13,15PKCS #7,11PKCS #1 v2.0X9.30 (DSA)X9.31 (RSA, R-W)X9.62(EC-DSA)14888(DSA) 9796-4(NR)979610118-1,210118-3,411770-3(DH)7IEEE P1363factorizationdiscretelogarithmencryptionsignaturekeyagreementRSA with OAEPRSA & R-Wwith ISO-14888 or ISO 9796DSA,NR with ISO 9796EC-DSA,EC-NR with ISO 9796DH1DH2 and MQVEC-DH1,EC-DH2and EC-MQVellipticcurve discretelogarithmEC-DSA,EC-NR with ISO 9796IEEE P1363afactorizationdiscretelogarithmencryptionsignatureRSA with OAEPRSA & R-Wwith ISO-14888or ISO 9796DSA,NR with ISO-9796DH1DH2 & MQVEC-DH1EC-DH2& EC-MQVelliptic curve discrete logarithmnew schemenew schemenew schemekeyagreement8ANSI X9 StandardsX9.44RSAX9.31(RSA & R-W)X9.30DSAX9.62EC-DSAX9.42DH1, DH2, MQVX9.63EC-DH1, 2EC-MQVfactorizationdiscretelogarithmelliptic curve discrete logarithmencryptionsignaturekeyagreementIndustry standards - PKCSPKCS #1RSAPKCS #1(RSA i R-W)PKCS #13EC-DSAPKCS #2DHPKCS #13EC-DH1, 2EC-MQVPKCS #13new schemefactorizationdiscretelogarithmelliptic curve discrete logarithmencryptionsignaturekeyagreement9NIST - FIPSFIPS 186DSAFIPS 186-1RSAfactorizationdiscretelogarithmelliptic curve discrete logarithmencryptionsignaturekeyagreementFIPS 186-2EC-DSAInternational standards ISOISO-11770-3ISO-14888-3ISO 9796-4ISO-14888-3ISO 9796-4ISO-11770-3ISO 9796-1ISO 9796-2factorizationdiscretelogarithmelliptic curve discrete logarithmencryptionsignaturekeyagreement10Secure key sizesfactorizationdiscretelogarithmelliptic curve discretelogarithmPKCSIEEE P1363ANSI X9NIST FIPSISO512 ≤≤≤≤ L≤≤≤≤1024≥≥≥≥ 160≥≥≥≥ 1024≥≥≥≥ 1024Padding schemesencryptionsignatureswithappendixsignatureswith messagerecoveryPKCSIEEE P1363ANSI X9NIST FIPSISOOAEPPKCS #1PKCS #1OAEPISO 14888ISO 9796ISO 14888ISO 9796OAEPISO 14888ISO 979611Hash functionsdedicatedbasedon block ciphersbased onmodular arithmeticPKCSIEEE P1363ANSI X9NIST FIPSISOSHA-1RIPEMD-160MDC-2SHA-1, SHA-256 SHA-384, SHA-512SHA-1RIPEMD-160MD5MD2MASH-1MASH-2SHA-1, RIPEMD-128, 160Notes for users of cryptographicproducts (1)Agreement with a standard does not guarantee the security of a cryptographic product!Security = secure algorithms (guaranteed by standards)• proper choice of parameters• secure implementation• proper use12Agreement with the same standard doesnot guarantee the compatibilityof two cryptographic products !compatibility =• the same algorithm (guaranteed by standards)• the same protocol• the same subset of algorithms• the same range of parametersNotes for users of cryptographicproducts
View Full Document
Unlocking...