GM/T 0080-2020 PDF English
Search result: GM/T 0080-2020_English: PDF (GM/T0080-2020)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GM/T 0080-2020 | English | 295 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
SM9 cryptographic algorithm application specification
| Valid |
BUY with any currencies (Euro, JPY, GBP, KRW etc.): GM/T 0080-2020 Related standards: GM/T 0080-2020
PDF Preview: GM/T 0080-2020
GM/T 0080-2020: PDF in English (GMT 0080-2020) GM/T 0080-2020
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 38.040
CCS L 80
SM9 Cryptographic Algorithm Application Specification
ISSUED ON: DECEMBER 28, 2020
IMPLEMENTED ON: JULY 01, 2021
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 4
Introduction ... 5
1 Scope ... 6
2 Normative References ... 6
3 Terms and Definitions ... 6
4 Abbreviations ... 7
5 SM9 Key Pair ... 8
5.1 Generator ... 8
5.2 SM9 master private key... 8
5.3 SM9 master public key ... 8
5.4 SM9 user private key ... 9
5.5 SM9 user public key ... 9
6 Data Format ... 9
6.1 Key data structure ... 9
6.2 Signature data structure ... 11
6.3 Encryption data structure ... 11
6.4 Key encapsulation data format ... 12
7 Pre-processing ... 12
7.1 Pre-processing hash function H1 ... 12
7.2 Pro-processing hash function H2 ... 12
7.3 Pre-processing pair calculation e ... 13
7.4 Pre-processing user’s signature verification QD ... 13
7.5 Pre-processing user’s encryption QE ... 14
8 Calculation Process ... 14
8.1 Key generation ... 14
8.2 Digital signature ... 16
8.3 Signature verification ... 16
8.4 Key encapsulation ... 17
8.5 Key unsealing ... 17
8.6 Encryption ... 18
8.7 Decryption ... 18
8.8 Key agreement ... 19
SM9 Cryptographic Algorithm Application Specification
1 Scope
This Document defines the application method of SM9 cryptographic algorithm, as well
as data formats such as keys, encryption, and signatures, etc.
This Document is applicable to the application of SM9 cryptographic algorithm, and
the development and testing of equipment and systems that support SM9
cryptographic algorithm.
2 Normative References
The following documents are essential to the application of this Document. For the
dated documents, only the versions with the dates indicated are applicable to this
Document; for the undated documents, only the latest version (including all the
amendments) is applicable to this Document.
GB/T 32905 Information Security Technology - SM3 Cryptographic Hash
Algorithm
GB/T 32907 Information Security Techno1ogy - SM4 Block Cipher Algorithm
GB/T 32918 (all parts) Information Security Technology - Public Key
Cryptographic Algorithm SM2 Based on Elliptic Curves
GB/T 38635.1-2020 Information Security Technology - Identity-Based
Cryptographic Algorithms SM9 - Part 1: General
GB/T 38635.2-2020 Information Security Technology - Identity-Based
Cryptographic Algorithms SM9 - Part 2: Algorithm
3 Terms and Definitions
For the purpose of this Document, the following terms and definitions apply.
3.1 Algorithm identifier
Digitized information that is used to indicate algorithmic mechanisms.
3.2 SM9 algorithm
PPS: Public Parameter Service.
5 SM9 Key Pair
5.1 Generator
The Generator P1 point on G1 is marked as (xp1, yP1); and the ASN.1 of the data format
is defined as SM9P1::=BIT STRING; the type is BIT STRING; and its content is:
04‖X1‖Y1, where X1 and Y1 respectively identify the x component and y component
of the point; and each component has a length of 256 bits.
The Generator P2 point on G2 is marked as (xp2, yP2); and the ASN.1 of the data format
is defined as SM9P2::=BIT STRING; the type is BIT STRING; and its content is:
04‖X1‖X2‖Y1‖Y2, where X1, X2 and Y1, Y2 respectively identify the x component
and y component of the public key; and each component has a length of 256 bits, or
03‖X1‖X2, where X1 and X2 respectively identify each x component of the public key;
and each component has a length of 256 bits. Select the value whose rightmost bit is
1 in the decompressed Y root value (Y1‖Y2). After the restoration, the rightmost bit of
the Y root value shall be 1; otherwise, Y1=base field q - root Y1, Y2=base field q - root
Y2. or
02‖X1‖X2, where X1 and X2 respectively identify the 2 x components of the public
key; and each component has a length of 256 bits. Select the option value whose
rightmost bit is 0 in the decompressed Y root value (Y1‖Y2). After the restoration, the
Y root value takes the option value whose rightmost bit is 0, otherwise Y1=base field q
- root Y1, Y2=base field q - root Y2.
5.2 SM9 master private key
It includes the SM9 signature master private key and the encryption master private key;
both are an integer greater than or equal to 1 and less than N-1 (N is the order of the
cyclic group G1, G2, and GT, and its value is shown in Appendix A.1 of GB/T 38635.2-
2020), abbreviated as s, with the length of 256 bits.
5.3 SM9 master public key
It includes SM9 signature master public key Ppub2 and encryption master public key
Ppub1. They are points on G2 and G1; and the coordinates are expressed as (xSPub,
ySPub) and (xEPub, yEPub). Thereof, the x and y coordinates of the signature master public
key also contain two components, namely x1 component and x2 component, y1
component and y2 component, and the length of each component is 256 bits. The
length of the x and y coordinates of the encryption master public key are both 256 bits.
5.4 SM9 user private key
It includes SM9 user signature private key and user encryption private key, which are
points on G1 and G2 respectively; and the coordinates are expressed as (xSPri, ySPri)
and (xEPri, yEPri). The length of the x and y coordinates of the user signature key are
both 256 bits. The x and y coordinates of the user's encryption private key also contain
two components, namely x1 component and x2 component, y1 component and y2
component, and the length of each component is 256 bits.
5.5 SM9 user public key
In IBC technology, the user identification ID can uniquely determine the user's public
key, which represents the public key in applications. The representation of ID
coordinates based on bilinear pairing can be divided into user signature public key
coordinates and user encryption public key coordinates. The user signature public key
and the signature master public key are of the same coordinate structure; and there
are two respective components on the x and y coordinates, which are marked as QS;
and user encryption public key and the encryption master public key are of the same
coordinate structure, which is marked as QE.
NOTE: Here is how to generate the user's public key coordinates.
Input: Algorithm function H, userID, hid, master public key Ppubi, generator Pi i=1,2.
Output: User public key QA.
Calculation method:
, signature public key coordinates are
used for signature/verification of signature.
, encryption public key coordinates are
used for key encapsulation, encryption/decryption.
6 Data Format
6.1 Key data structure
The key is divided into signature/encryption master key, and signature/encryption user
key:
a) The ASN.1 of data format of SM9 algorithm signature master private key is
defined as:
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|