GB/T 38635.2-2020 English PDFUS$779.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 38635.2-2020: Information security technology - Identity-based cryptographic algorithms SM9 - Part 2: Algorithms Status: Valid
Basic dataStandard ID: GB/T 38635.2-2020 (GB/T38635.2-2020)Description (Translated English): Information security technology - Identity-based cryptographic algorithms SM9 - Part 2: Algorithms Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 42,437 Date of Issue: 2020-04-28 Date of Implementation: 2020-11-01 Quoted Standard: GB/T 17964; GB/T 32905; GB/T 32907; GB/T 32915; GB/T 38635.1-2020 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration Summary: This standard specifies the digital signature algorithm, key exchange protocol, key encapsulation mechanism and encryption algorithm in the SM9 identification cryptographic algorithm. This standard applies to the realization of SM9 identification cryptographic algorithm engineering, and guides the development and testing of SM9 identification cryptographic algorithms related products. GB/T 38635.2-2020: Information security technology - Identity-based cryptographic algorithms SM9 - Part 2: Algorithms---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology--Identity-based cryptographic algorithms SM9--Part 2.Algorithms ICS 35.040 L80 National Standards of People's Republic of China Information security technology SM9 logo password algorithm Part 2.Algorithm Part 2.Algorithms 2020-04-28 release 2020-11-01 implementation State Administration of Market Supervision and Administration Issued by the National Standardization Management Committee ContentsForeword Ⅲ Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Symbol 2 5 Algorithm parameters and auxiliary functions 3 5.1 Overview 3 5.2 System parameter group 4 5.3 Auxiliary function 4 6 Digital signature generation and verification algorithms and processes 6 6.1 Generation of system signature master key and user signature key 6 6.2 Digital signature generation algorithm 6 6.3 Digital signature generation algorithm process 7 6.4 Digital signature verification algorithm 7 6.5 Digital signature verification algorithm process 8 7 Key Exchange Protocol and Process 9 7.1 Generation of system encryption master key and user encryption key 9 7.2 Key Exchange Protocol 9 7.3 Key Exchange Protocol Process 10 8 Key encapsulation mechanism and process 11 8.1 Generation of system encryption master key and user encryption key 11 8.2 Key encapsulation algorithm 11 8.3 Key Encapsulation Algorithm Process 11 8.4 Decapsulation algorithm 12 8.5 Decapsulation algorithm flow 12 9 Encryption algorithm and process 13 9.1 Generation of system encryption master key and user encryption key 13 9.2 Encryption algorithm 13 9.3 Encryption algorithm process 14 9.4 Decryption algorithm 15 9.5 Decryption algorithm process 16 Appendix A (Informative Appendix) Algorithm Example 17ForewordGB/T 38635 "Information Security Technology SM9 Logo Password Algorithm" is divided into two parts. ---Part 1.General Provisions; ---Part 2.Algorithms. This part is Part 2 of GB/T 38635. This section was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some content of this document may involve patents. The issuer of this document does not assume responsibility for identifying these patents. This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This section was drafted by. National Information Security Engineering Technology Research Center, Beijing Guomai Xinan Technology Co., Ltd., Shenzhen Aolian Information Security All-Tech Co., Ltd., Institute of Software, Chinese Academy of Sciences, Wuhan University, Institute of Information Engineering, Chinese Academy of Sciences. The main drafters of this section. Chen Xiao, Cheng Zhaohui, Zhang Zhenfeng, Ye Dingfeng, Hu Lei, Chen Jianhua, Ji Qingguang, Yuan Wengong, Liu Ping, Ma Ning, Yuan Feng, Li Zengxin, Wang Xuejin, Yang Hengliang, Zhang Qingpo, Ma Yanli, Pu Yusan, Tang Ying, Sun Yisheng, An Xuan, Feng Weiduan, Zhang Liyuan.IntroductionA. Shamir proposed the concept of identity-based cryptography in 1984. The user's private key is calculated by the key generation center (KGC) based on the master key and the user ID, and the user's public key is uniquely determined by the user ID. The identity manager shall ensure the authenticity of the identity. Compared with the certificate-based public key cryptosystem, the key management link in the identification cryptosystem Can be simplified appropriately. In.1999, K. Ohgishi, R. Sakai and M. Kasahara proposed the use of elliptic curve pairing to construct logo-based Key sharing scheme; in.2001, D. Boneh and M. Franklin, as well as R. Sakai, K. Ohgishi and M. Kasahara independently proposed An elliptic curve pair construction identification public key encryption algorithm is presented. These works have triggered new developments in logo ciphers, and a number of The identification cryptographic algorithm implemented by wire pair includes digital signature algorithm, key exchange protocol, key encapsulation mechanism and public key encryption algorithm. The pair of elliptic curves has a bilinear property. It establishes a connection between the cyclic subgroup of the elliptic curve and the multiplicative cyclic subgroup of the extended domain. Became the problems of bilinear DH, bilinear inverse DH, decisive bilinear inverse DH, τ-bilinear inverse DH and τ-Gap-bilinear inverse DH, etc., When the elliptic curve discrete logarithm problem and the extended domain discrete logarithm problem are difficult to solve, the safety and real An identification password that takes into account both efficiency and efficiency. Information security technology SM9 logo password algorithm Part 2.Algorithm1 ScopeThis part of GB/T 38635 specifies the digital signature algorithm, key exchange protocol, and key encapsulation mechanism in the SM9 identification cryptographic algorithm And encryption algorithms. This part is applicable to the engineering realization of SM9 logo cipher algorithm and guides the development and testing of SM9 logo cipher algorithm related products.2 Normative referencesThe following documents are essential for the application of this document. For dated references, only the dated version applies to this article Pieces. For the cited documents without date, the latest version (including all amendments) applies to this document. GB/T 17964 information security technology block cipher algorithm working mode GB/T 32905 information security technology SM3 password hash algorithm GB/T 32907 Information Security Technology SM4 Block Cipher Algorithm GB/T 32915 Information security technology binary sequence randomness detection specification GB/T 38635.1-2020 Information Security Technology SM9 Logo Cipher Algorithm Part 1.General3 Terms and definitionsThe terms and definitions defined in GB/T 38635.1-2020 and the following apply to this document. For ease of use, the following list is repeated Some terms and definitions in GB/T 38635.1-2020. 3.1 Encryption master key The key at the top of the identification password key hierarchy, which contains the encryption master private key and encryption master public key, of which the encryption master public key public On, the encrypted master private key is kept secret by the Key Generation Center (KGC). KGC uses encryption master private key and user's logo to generate user's encryption Private key. In the identification password, the encrypted master private key is generally generated by KGC through a random number generator, and the encrypted master public key is combined by the encrypted master private key System parameters are generated. 3.2 Identity Consists of information that the entity cannot deny, such as the entity's identifiable name, email address, ID number, phone number, street address, etc. Uniquely determine the identity of an entity. [GB/T 38635.1-2020, definition 3.1] 3.3 Initiator The user who sends the first round of exchange information during the operation of a protocol. 3.4 Initialization vector/value initializationvector/initializationvalue; IV In cipher conversion, the initial data used for data conversion introduced to increase security or synchronize cipher devices. 3.5 Key confirmation from AtoB from A to B The user B is assured that the user A has the guarantee of a specific secret key. 3.6 Signed message A set of data elements consisting of a message and the digital signature part of the message. 3.7 Signature key In the process of digital signature generation, the secret data element dedicated to the signer is the signer's private key. 3.8 Signature master key The signature root key of the system is the signature master private key and signature master public key, where the signature master public key is public, and the signature master private key is provided by KGC Keep it secret. KGC uses the signature master private key and the user's logo to generate the user's signature private key. In the identification password, the signature master private key is generally composed of KGC is generated by a random number generator, and the signature master public key is generated by the signature master private key combined with system parameters. 3.9 Key exchange A scheme for safely exchanging keys between communication entities can enable both parties to the communication to securely transmit information on non-secure communication lines Exchange keys. 3.10 Key agreement The process of establishing a shared secret key among multiple users, no one of them can determine the value of the key in advance. 3.11 Key derivation function By acting on the shared secret and other parameters known to both parties, one or more functions of the shared secret key are generated. 3.12 Responder It is not the user who sent the first round of exchange information during the operation of a protocol. 3.13 Secret key In the cryptosystem, a key that is shared by both parties and not known by the third party. 3.14 Message authentication code messageauthenticationcode; MAC An authentication algorithm acts on a codeword derived from a specific key and message bit string to identify the source of the data and verify it Data integrity. The function for obtaining the message authentication code is called the message authentication code function.4 SymbolThe following symbols apply to this document. A, B. Two users using an identification password system. cf. Cofactor of elliptic curve order relative to N. cid. the identifier of the curve expressed in one byte, where 0x10 represents the constant curve (that is, non-super singular curve) on Fp (prime number p >2191) Line), 0x11 represents the hypersingular curve on Fp, and 0x12 represents the constant curve on Fp and its twisted line. dsA. User A's signature private key. e. Bilinear pair from G1×G2 to GT. eid. the identifier of the bilinear pair e expressed in one byte, where 0x01 indicates a Tate pair, 0x02 indicates a Weil pair, and 0x03 table Show Ate pair, 0x04 means R-Ate pair. GT. Multiplicative cyclic group of order N. G1.Additive cyclic group of order N. G2.Additive cyclic group of order N. gu. the power u of the element g in the multiplication group GT, that is, gu=g·g··g , u is a positive integer. Hv(). Password hash function. H1(), H2(). cryptographic functions derived from cryptographic hash functions. hid. The signature private key generation function identifier represented by one byte, selected and published by KGC. (h,S). The signature sent. (h',S'). The signature received. IDA. User A's identification, which can uniquely determine user A's public key. ks. Sign the master private key. M. Message to be signed. M'. Message to be verified. modn. Modulo n operation. Example 1.23mod7=2. N. the order of cyclic groups G1, G2 and GT, which is a prime number greater than 2191. Ppub-s. Sign the master public key. P1.generator of group G1. P2.generator of group G2. \u003cP\u003e. Cyclic group generated by element P. [u]P. u times the element P in addition groups G1 and G2. x. top function, the smallest integer not less than x. Example 2.7 = 7, 8.3 = 9. x. base function, the largest integer not greater than x. Example 3.7 = 7, 8.3 = 8. x ‖y. The concatenation of x and y, where x and y are bit strings or byte strings. [x,y]. A set of integers not smaller than x and not larger than y. β. Twisted line parameters.5 Algorithm parameters and auxiliary functions5.1 Overview Chapter 6 specifies an identification-based digital signature algorithm implemented with elliptic curve pairs. The signer of the algorithm holds an identification And a corresponding signature private key, the signature private key is generated by the key generation center through the combination of the signature master private key and the signer's logo. signature The author uses the signature private key to generate a digital signature on the data, and the verifier uses the signer's logo to verify the reliability of the signature. Before the signature generation and verification process, a cryptographic hash function is used to perform hash calculation on the message M to be signed and the message M'to be verified. Chapter 7 specifies an identity-based key exchange protocol implemented with elliptic curve pairs. Initiator user A participating in the key exchange And the responding user B each hold an identifier and a corresponding encrypted private key. The encrypted private key is encrypted by the key generation center through the master private The key is combined with the user's logo. Users A and B communicate with each other through an interactive message, using the logo and their respective encrypted private keys to agree on a With the secret key they know, both users can confirm the key through the option. This shared secret key is usually used in a Symmetric cryptographic algorithm. The key exchange protocol can be used for key management and negotiation. In modern cryptosystems, the key is an important parameter that controls the conversion of the password, and the security of the password greatly depends on the security of the key Full protection. The key encapsulation mechanism allows the encapsulator to generate and encrypt a secret key to the target user, and only the target user can decrypt Encapsulate the secret key and use it as a further session key. Chapter 8 specifies an identification-based key encapsulation mechanism implemented with elliptic curve pairs. The decapsulated user holds an identity and a A corresponding encrypted private key is generated by the key generation center through the combination of the encrypted master private key and the unpackaged user's logo. Package The user uses the decapsulation user's logo to generate and encrypt a secret key to the other party. Secret key. Chapter 9 specifies an identification-based public key encryption algorithm implemented with elliptic curve pairs. The public key encryption algorithm is the above key seal The combination of the installation mechanism and the message encapsulation mechanism. The message encapsulation mechanism includes the serial password based on the key derivation function and the combined key derivation function There are two types of block cipher algorithms, which can provide the confidentiality of messages. In the identification-based encryption algorithm, the decrypted user holds a A logo and a corresponding encrypted private key, which is generated by the key generation center through the encryption of the master private key and the decrypted user's logo. Health. The encrypted user uses the decrypted user's logo to encrypt the data, and the decrypted user uses the encrypted private key to decrypt the data. Appendix A gives examples of digital signature algorithms, key exchange protocols, key encapsulation mechanisms, and public key encryption algorithms. 5.2 System parameter group The system parameter group includes the curve identifier cid; the parameters of the base field Fq of the elliptic curve; the parameters a and b of the elliptic curve equation; The number β (if the lower 4 bits of cid are 2); the prime factor N of the curve order and the co-factor cf relative to N; the embedding of the curve E(Fq) relative to N The degree k; the generator P1 of the N-order cyclic subgroup G1 of E(Fqd1)(d1 divisible k); the N-order cyclic subgroup G2 of E(Fqd2)(d2 divisible k) Generator P2; the identifier eid of the bilinear pair e; (option) the homomorphic mapping y of G2 to G1. The range of the bilinear pair e is N-order multiplicative cyclic group GT. For a detailed description of system parameters, see Appendix A in GB/T 38635.1-2020. 5.3 Helper functions 5.3.1 Overview This section specifies that auxiliary functions are involved in the calculation of cryptographic algorithms based on identification. 5.3.2 Password hash function 5.3.2.1 Password hash function Hv() The output of the cryptographic hash function Hv() is a hash value of exactly v bits in length. This part stipulates the use of the national password management department for approval For the password hash function, see GB/T 32905. 5.3.2.2 Cryptographic function H1() The input of the cryptographic function H1(Z,n) is a bit string Z and an integer n, and the output is an integer h1∈[1,n-1]. H1(Z,n) required Call the password hash function Hv(). Regarding the cryptographic hash function Hv(), it shall comply with the provisions of 5.3.2.1. Cryptographic function H1(Z,n). Input. bit string Z, integer n. Output. integer h1∈[1,n-1]. The calculation steps are. a) Initialize a 32-bit counter ct=0x00000001. b) Calculate hlen=8× (5×(log2n))/32. c) For i from 1 to hlen/v. 1) Calculate Hai=Hv(0x01‖Z‖ct); 2) ct. d) If hlen/v is an integer, let Ha hlen/v = Hahlen/v, Otherwise, let Hahlen/v be the leftmost (hlen-(v×hlen/v)) bit of Hahlen/v. The details given in 7.2.3 convert Ha's data type to an integer. f) Calculate h1=(Hamod(n-1)) 1. 5.3.2.3 Cryptographic function H2() The input of the cryptographic function H2(Z,n) is a bit string Z and an integer n, and the output is an integer h2∈[1,n-1]. H2(Z,n) needs To call the password hash function Hv(). Regarding the cryptographic hash function Hv(), it shall comply with the provisions of 5.3.2.1. Cryptographic function H2(Z,n). Input. bit string Z, integer n. Output. integer h2∈[1,n-1]. The calculation steps are. a) Initialize a 32-bit counter ct=0x00000001. b) Calculate hlen=8× (5×(log2n))/32. c) For i from 1 to hlen/v. 1) Calculate Hai=Hv(0x02‖Z‖ct); 2) ct. d) If hlen/v is an integer, let Hahlen/v = Hahlen/v, Otherwise, let Hahlen/v be the leftmost (hlen-(v×hlen/v)) bit of Hahlen/v. The details given in 7.2.3 convert Ha's data type to an integer. f) Calculate h2=(Hamod(n-1)) 1. 5.3.3 Random number generator A random number generator in accordance with GB/T 32915 should be used. 5.3.4 Block cipher algorithm Block cipher algorithms include encryption algorithm Enc (K1, m) and decryption algorithm Dec (K1, c). Enc(K1,m) means use the key K1 Encrypt the plaintext m, and the output is the ciphertext bit string c; Dec(K1,c) means use the key K1 to decrypt the ciphertext c, and the output is Plaintext bit string m or "error". The bit length of the key K1 is recorded as K1_len. Should use the block cipher algorithm approved by the national password management department. 5.3.5 Message authentication code function The function of the message authentication code function MAC (K2, Z) is to prevent the message data Z from being illegally tampered. It is under the control of the key K2. The authentication code of the raw message data bit string Z, the bit length of the key K2 is recorded as K2_len. In this part of the identification-based encryption algorithm In the message authentication code function, the key generated by the key derivation function is used to obtain the message authentication code for the ciphertext bit string, so that the decryptor can authenticate The source of other messages and the integrity of the verification data. The message authentication code function needs to call the password hash function. Let the cryptographic hash function be Hv(), and its output is a hash value of length exactly v bits. Message authentication code function MAC (K2, Z), where. Input. bit string K2 (a key with a bit length of K2_len), bit string Z (a message......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 38635.2-2020_English be delivered?Answer: Upon your order, we will start to translate GB/T 38635.2-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 38635.2-2020_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 38635.2-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
