GB/T 15843.5-2005 PDF English
Search result: GB/T 15843.5-2005
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
| GB/T 15843.5-2005 | English | 270 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Information technology -- Security technique -- Entity authentication -- Part 5: Mechanisms using zero knowledge techniques
| Valid |
PDF Preview: GB/T 15843.5-2005
GB/T 15843.5-2005: PDF in English (GBT 15843.5-2005) GB/T 15843.5-2005
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 15843.5-2005 / ISO/IEC 9798-9:1999
Information Technology – Security Techniques –
Entity Authentication – Part 5: Mechanisms Using
Zero Knowledge Techniques
(ISO/IEC 9798-5:1999, IDT)
ISSUED ON: APRIL 19, 2005
IMPLEMENTED ON: OCTOBER 01, 2005
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration of PRC.
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative Reference ... 5
3 Terms and Definitions ... 6
4 Symbols and Notation ... 8
5 Mechanism Based on Identities ... 11
5.1 Specific requirements ... 11
5.2 Parameter selection ... 11
5.3 Identity selection ... 12
5.4 Accreditation generation ... 13
5.5 Authentication exchange... 13
6 Certificate-Based Mechanism Using Discrete Logarithms ... 16
6.1 Specific requirements ... 16
6.2 Key selection ... 17
6.3 Authentication exchange... 17
7 Certificate-Based Mechanism Using an Asymmetric Encipherment System
... 19
7.1 Specific requirements ... 20
7.2 Authentication exchange... 20
Annex A (Normative) Principles of Zero Knowledge Mechanisms ... 23
A.1 Introduction ... 23
A.2 The need for zero-knowledge mechanisms ... 23
A.3 The definition ... 24
A.4 An example ... 25
A.5 Basic design principles ... 27
Annex B (Informative) Guidance on Parameter Choice ... 28
B.1 Parameter choice for the identity-based mechanism ... 28
B.2 Parameter choice for the certificate-based mechanism using discrete logarithms
... 29
Annex C (Informative) Examples ... 30
C.1 Mechanism based on identities ... 30
C.1.1 Example with public exponent 2 ... 30
C.1.2 Example with public exponent 3 ... 34
C.1.3 Example with public exponent 216 + 1 ... 39
C.2 Mechanism based on discrete logarithms ... 40
C.2.1 Example using 768-bit p, 128-bit q and RIPEMD-128 ... 40
C.2.2 Example using 1024-bit p, 160-bit q and SHA-1 ... 42
C.3 Mechanism based on a trusted public transformation ... 44
C.3.1 Example using 767-bit RSA and RIPEMD-160 ... 44
C.3.2 Example using 1024-bit RSA and SHA-1 ... 46
Annex D (Informative) Comparison of the Mechanism ... 48
D.1 Measures for comparing the mechanisms ... 48
D.2 Mechanism based on identities ... 49
D.2.1 The case where v is large (e.g. the Guillou-Quisquater scheme) ... 49
D.2.2 Fiat-Shamir scheme ... 51
D.3 Certificate-based mechanism using discrete logarithms ... 52
D.3.1 Computational complexity ... 52
D.3.2 Communication complexity ... 53
D.3.3 Size of the claimant's accreditations ... 53
D.3.4 Degree of security ... 53
D.4 Certificate-based mechanism using an asymmetric encipherment system ... 53
D.4.1 Computational complexity ... 53
D.4.2 Communication complexity ... 54
D.4.3 Size of the claimant's accreditations ... 54
D.4.4 Degree of security ... 54
D.5 Comparison of the mechanisms ... 54
Annex E (Informative) Information about Patents ... 56
Annex F (Informative) Bibliography ... 57
Foreword
GB/T 15843 consists of the following parts, under the general title Information
Technology – Security Techniques – Entity Authentication:
--- Part 1: General;
--- Part 2: Mechanisms Using Symmetric Encipherment Algorithms;
--- Part 3: Mechanisms Using Digital Signature Techniques;
--- Part 4: Mechanisms Using a Cryptographic Check Function;
--- Part 5: Mechanisms Using Zero-Knowledge Techniques.
This Part is Part 5 of GB/T 15843. It equivalently adopts the international standard
ISO/IEC 9798-5:1999 Information Technology – Security Techniques – Entity
Authentication – Part 5: Mechanisms Using Zero-Knowledge Techniques (English
Version).
Annexes A, B, C, D, E, F of this Part are informative.
This Part was proposed by Ministry of Information Industry of the RPC.
This Part shall be under the jurisdiction of National Technical Committee for
Standardization of Information Security.
Drafting organizations of this Part: China Electronics Standardization Institute; and
State Key Laboratory of Information Security.
Chief drafting staffs of this Part: Chen Xing, Luo Fengying, Hu Lei, Ye Dingfeng, Zhang
Zhenfeng, and Huang Jiaying.
Information Technology – Security Techniques –
Entity Authentication – Part 5: Mechanisms Using
Zero Knowledge Techniques
1 Scope
This Part of GB/T 15843 specifies three entity authentication mechanisms using zero
knowledge techniques. All the mechanisms specified in this Part of GB/T 15843
provide unilateral authentication. These mechanisms are constructed using the
principles of zero knowledge, but they will not be zero knowledge according to the strict
definition sketched in Annex A for all choices of parameters.
The first mechanism is said to be based on identities. A trusted accreditation authority
provides each claimant with private accreditation information, computed as a function
of the claimant's identification data and the accreditation authority's private key.
The second mechanism is said to be certificate-based using discrete logarithms. Every
claimant possesses a public key, private key pair for use in this mechanism. Every
verifier of a claimant's identity must possess a trusted copy of the claimant 's public
verification key; the means by which this is achieved is beyond the scope of this
Standard, but it may be achieved through the distribution of certificates signed by a
Trusted Third Party.
The third mechanism is said to be certificate-based using an asymmetric encipherment
system. Every claimant possesses a public key, private key pair for an asymmetric
cryptosystem. Every verifier of a claimant's identity must possess a trusted copy of the
claimant 's public key; the means by which this is achieved is beyond the scope of this
Standard, but it may be achieved through the distribution of certificates signed by a
Trusted Third Party.
2 Normative Reference
The provisions in following documents become the provisions of this Part through
reference in this Part of GB/T 15843. For dated references, the subsequent
amendments (excluding corrigendum) or revisions do not apply to this Part, however,
parties who reach an agreement based on this Standard are encouraged to study if
the latest versions of these documents are applicable. For undated references, the
latest edition of the referenced document applies.
GB 15851-1995 Information Technology - Security Techniques - Digital Signature
Scheme Giving Message Recovery (idt ISO/IEC 9796:1991)
GB/T 15843.1-1999 Information Technology - Security Techniques - Entity
Authentication - Part 1: General (idt ISO/IEC 9798-1:1997)
GB/T 18238 (all parts) Information Technology - Security Techniques - Hash-
Function (idt ISO/IEC 10118)
3 Terms and Definitions
For the purpose of this Part of GB/T 15843, the terms and definitions given in GB/T
15843.1-1999 and the following apply.
3.1 Asymmetric cryptographic technique
3.2 Asymmetric encipherment system
3.3 Asymmetric key pair
3.4 Challenge
3.5 Claimant
3.6 Decipherment
3.7 Distinguishing identifier
3.8 Encipherment
3.9 Entity authentication
3.10 Private key
3.11 Public key
3.12 Public verification key
3.13 Random number
3.14 Token
3.15 Trusted third party
3.16 Unilateral authentication
3.17 Verifier
......
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|