HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (8 Dec 2024)

GM/T 0003.3-2012 PDF in English


GM/T 0003.3-2012 (GM/T0003.3-2012, GMT 0003.3-2012, GMT0003.3-2012)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0003.3-2012English145 Add to Cart 0-9 seconds. Auto-delivery. Public key cryptographic algorithm SM2 based on elliptic curves - Part 3: Key exchange protocol Valid
Standards related to (historical): GM/T 0003.3-2012
PDF Preview

GM/T 0003.3-2012: PDF in English (GMT 0003.3-2012)

GM/T 0003.3-2012 GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 File No.. 36828-2012 Public key cryptographic algorithm SM2 based on elliptic curves – Part 3. Key exchange protocol ISSUED ON. MARCH 21, 2012 IMPLEMENTED ON. MARCH 21, 2012 Issued by. State Cryptography Administration Table of Contents Foreword ... 3  1 Scope ... 4  2 Normative references ... 4  3 Terms and definitions ... 4  4 Symbols ... 5  5 Algorithm parameters and auxiliary functions... 7  5.1 General rules ... 7  5.2 System parameters of elliptic curve ... 7  5.3 User key pair ... 7  5.4 Auxiliary functions... 7  5.4.1 General ... 7  5.4.2 Cryptographic hash functions ... 7  5.4.3 Key derivation functions ... 8  5.4.4 Random number generator ... 8  5.5 Users’ other information ... 8  6 Key exchange protocol and process ... 9  6.1 Key exchange protocol ... 9  6.2 Process of key exchange protocol ... 11  Annex A (Informative) Example of key exchange and verification ... 12  A.1 General requirements ... 12  A.2 Key exchange protocol of elliptic curve on Fp ... 12  A.3 Key exchange protocol of elliptic curve on F2m ... 16  Public key cryptographic algorithm SM2 based on elliptic curves - Part 3. Key exchange protocol 1 Scope This Part of GM/T 0003 specifies the key exchange protocol of public key cryptographic algorithm SM2 based on elliptic curves and gives the examples and their processes of key exchange. This Part applies to the key exchange in commercial cryptography applications, which can satisfy both sides of communication to use two or optional three message passing processes to compute and obtain one shared secret key (session key) decided by both sides. Meanwhile, this Part can also provide standard positionings and standardization references of products and technologies for security product manufacturers to improve the credibility and interoperability of security products. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition dated applies to this document. For undated references, the latest edition of the referenced documents (including all amendments) applies to this document. GM/T 0003.1-2012, Public key cryptographic algorithm SM2 based on elliptic curves – Part 1. General 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 key confirmation from A to B guarantee which convinces user B that user A has a certain secret key 3.2 key derivation function K, KA, KB. a shared secret key agreed upon in the key exchange protocol. KDF(). the key derivation function. modn. the modulo n operation. E.g.. 23 mod 7 = 2. n. the order of base point G (n is the prime factor of #E(Fq)). O. one special point on the elliptic curve, called the point at infinity or null point, which is the identity element of the additive group of the elliptic curve. PA. the public key of user A. PB. the public key of user B. q. the number of elements in the finite field Fq. rA. the value of a temporary key generated by user A in a key exchange. rB. the value of a temporary key generated by user B in a key exchange. . the concatenation of x and y, where x and y can be a bit string or byte string. ZA. the hash value in regard to distinguishing identifiers of user A, some system parameters of elliptic curve and public keys of user A. ZB. the hash value in regard to distinguishing identifiers of user B, some system parameters of elliptic curve and public keys of user B. #E(Fq). the number of points on E(Fq), called the order of elliptic curve E(Fq). [k]P. the k point-multiplication of point P on elliptic curve, i.e. , where k is a positive integer. [x, y]. the set of integers which is greater than or equal to x, and less than or equal to y. . the ceiling function, which is the minimum integer greater than or equal to x. E.g.. . the bottom function, which is the maximum integer less than or equal to x. E.g.. Number k 5.4.3 Key derivation functions The role of key derivation functions is to derive key data from a shared secret bit string. During the process of key agreement, the key derivation function acts on the shared secret bit string obtained from the key exchange to generate the session key required or the key data required for further encryption. The key derivation function needs to call the cryptographic hash function. Let the cryptographic hash function be Hv (), whose output length is exactly a hash value of v bits. The key derivation function KDF (Z, klen). Input. the bit string Z, integer klen (indicating the bit length of key data to be obtained, where the values is required to be less than (232 - 1)v). Output. the key data bit string K with the length of klen. a) initialize a counter of 32 bits ; b) perform for i from 1 to . b.1) compute ; b.2) ; c) if klen/v is an integer, let , Or else, let be the left-most bit of ; d) let . 5.4.4 Random number generator This Part specifies the use of the random number generator approved by the State Cryptography Administration. 5.5 Users’ other information User A has the distinguishing identifier IDA with the length of entlenA bits, notating ENTLA as two bytes converted from the integer entlenA; and user B has the distinguishing identifier IDB with the length of entlenB, notating ENTLB as two bytes converted from the integer entlenB. In the elliptic curve key exchange protocol specified in this Part, both sides A and B in the key agreement need to use the cryptographic hash functions to obtain the hash value ZA of user A and the hash value ZB of user B. B6. compute the elliptic curve point . If V is a point at infinity, then B agreement fails. Or else, convert the data type of xV and yV into a bit string according to the methods given in 4.2.6 and 4.2.5 of GM/T 0003.1-2012; B7. compute ; B8. (optional) convert the data types of the coordinates of RA, x1 and y1, and the coordinates of RB, x2 and y2, into a bit string according to the methods given in 4.2.6 and 4.2.5 of GM/T 0003.1-2012, and compute B9. send RB (and SB, optional) to user A; User A. A4. take field element x1 from RA, convert the data type of x1 into an integer according to the method given in 4.2.8 of GM/T 0003.1-2012, and compute A5. compute ; A6. verify whether RB satisfies the elliptic curve equation. If it does not satisfy, then the agreement fails. Or else, take field element x2 from RB, convert the data type of x2 into an integer according to the method given in 4.2.8 of GM/T 0003.1-2012, and compute A7. compute the elliptic curve point . If U is a point at infinity, then A agreement fails. Or else, convert the data type of xU and yU into a bit string according to the methods given in 4.2.6 and 4.2.5 of GM/T 0003.1-2012; A8. compute ; A9. (optional) convert the data types of the coordinates of RA, x1 and y1, and the coordinates of RB, x2 and y2, into a bit string according to the methods given in 4.2.6 and 4.2.5 of GM/T 0003.1-2012, compute , and check whether S1 = SB is true. If it is not true, then the key from B to A is confirmed a failure; A10. (optional) compute , and send SA to user B. User B. B10. (optional) compute , and check whether S2 = SA is true. If it is not true, then the key from A to B is confirmed a failure. ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.