GB/T 32918.42016_English: PDF (GBT32918.42016)
Standard ID  Contents [version]  USD  STEP2  [PDF] delivered in  Standard Title (Description)  Related Standard  Status  PDF 
GB/T 32918.42016  English  145 
Add to Cart

03 minutes. Autodelivered.

Information security technology  Public key cryptographic algorithm SM2 based on elliptic curves  Part 4: Public key encryption algorithm

GB/T 32918.42016
 Valid 
GB/T 32918.42016

Standard ID  GB/T 32918.42016 (GB/T32918.42016)  Description (Translated English)  Information security technology  Public key cryptographic algorithm SM2 based on elliptic curves  Part 4: Public key encryption algorithm  Sector / Industry  National Standard (Recommended)  Classification of Chinese Standard  L80  Word Count Estimation  16,162  Date of Issue  20160829  Date of Implementation  20170301  Drafting Organization  Beijing Huada Xinan Technology Co., Ltd., China People's Liberation Army Information Engineering University, Chinese Academy of Sciences data and communication protection research and education center  Administrative Organization  National Information Security Standardization Technical Committee (SAC/TC 260)  Regulation (derived from)  National Standard Announcement 2016 No.14  Proposing organization  National Password Authority  Issuing agency(ies)  General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, China National Standardization Administration Committee 
GB/T 32918.42016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology  Public key
cryptographic algorithm SM2 based on elliptic curves
 Part 4. Public key encryption algorithm
ISSUED ON. AUGUST 29, 2016
IMPLEMENTED ON. MARCH 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration Committee.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 6
2 Normative references ... 6
3 Terms and definitions ... 6
4 Symbols and abbreviations ... 7
5 Algorithm parameters and auxiliary functions... 7
6 Encryption algorithm and process ... 9
7 Decryption algorithm and process ... 12
Annex A (informative) Examples of message encryption and decryption ... 14
Bibliography ... 24
Information security technology  Public key
cryptographic algorithm SM2 based on elliptic curves
 Part 4. Public key encryption algorithm
1 Scope
This Part of GB/T 32918 specifies public key encryption algorithm of public key
cryptographic algorithm SM2 based on elliptic curves. It gives the message
encryption and decryption examples as well as the corresponding process.
This Part applies to message encryption and decryption in commercial
password applications. The sender of the message can encrypt the message
with the receiver’s public key. The receiver decrypts with the corresponding
private key to obtain the message.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 32918.12016, Information security techniques  Elliptic Curve public 
key cryptography  Part 1. General
GB/T 329052016, Information security technology SM3 cryptographic hash
algorithm
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1 secret key
in the cryptosystem, a key that is jointly owned by sender and receiver and not
known to a third party
3.2 message
any finite length of bit string
message.
5.2 Elliptic curve system parameters
The elliptic curve system parameters include the size q of the finite field Fq
(when q = 2m, it also includes the identification of the element representation
and the reduction polynomial), two elements a, b that define the equation
of the elliptic curve E(Fq), the base point G on E(Fq) is (xG, yG )(G≠O), where xG
and yG are two elements in Fq, the order n of G and other options (such as the
residual factor h of n, etc.)
Elliptic curve system parameters and their verification shall meet the
requirements of Clause 5 of GB/T 32918.12016.
5.3 User key pair
User B's key pair includes its private key dB and public key PB=[dB]G.
The generation algorithm of the user key pair and the public key verification
algorithm shall comply with the provisions of Clause 6 of GB/T 32918.12016.
5.4 Auxiliary function
5.4.1 General
The public key encryption algorithm based on elliptic curve specified in this Part
involves three types of auxiliary functions. cryptographic hash algorithm, key
derivation function and random number generator. The strength of these three
types of auxiliary functions directly affects the security of the encryption
algorithm.
5.4.2 Password hash algorithm
This Part specifies the use of password hash algorithms approved by the
National Cryptographic Authority, such as SM3 cryptographic hash algorithm.
5.4.3 Key derivation function
The key derivation function is used to derive key data from a shared secret bit
string. In the key negotiation process, the key derivation function acts on the
shared secret bit string obtained by the key exchange, and generates the
required session key or the key data required for further encryption.
The key derivation function needs to call the password hash algorithm.
Set the password hash algorithm to Hv ( ). Its output is a hash value of exactly
v bits in length.
Key derivation function KDF (Z, klen).
7 Decryption algorithm and process
7.1 Decryption algorithm
Set klen be the bit length of C2 in the ciphertext.
In order to decrypt the ciphertext C=C1  C3  C2, the user B as the decryptor
shall implement the following operation steps.
B1. Take the bit string C1 from C. Convert the data type of C1 to a point on the
elliptic curve according to the method given in 4.2.4 and 4.2.10 of GB/T
32918.12016. Verify whether C1 satisfies the elliptic curve equation. If not,
report an error and exit.
B2. Calculate the elliptic curve point S= [h]C1. If S is infinity, report an error and
exit.
B3. Calculate [dB]C1 = (x2, y2). Convert the data types of coordinates x2 and y2
into bit strings according to the methods given in 4.2.6 and 4.2.5 of GB/T
32918.12016.
B4. Calculate t = KDF (x2  y2, klen). If it is an all 0bit string, then an error is
reported and exited.
B5. Take the bit string C2 from C. Calculate .
B6. Calculate . Take the bit string C3 from C. If u≠C3,
report an error and exit.
B7. Output plaintext M'.
NOTE. See Annex A for an example of the decryption process.
7.2 Decryption algorithm flow
The decryption algorithm flow is shown in Figure 2.
Annex A
(informative)
Examples of message encryption and decryption
A.1 General
This appendix selects the password hash algorithm given in GB/T 329052016.
The input is a message bit string of length less than 264, and the output is a
hash value of 256 bits in length, denoted as H256 ( ).
In this appendix, all numbers in hexadecimal notation, high on the left and low
on the right.
In this appendix, the text is clearly encoded in GB/T 1988.
A.2 Elliptic curve’s message encryption and decryption on Fp
The elliptic curve equation is. y2=x3+ax+b
Example 1. Fp 192
Prime number p. BDB6F4FE 3E8B1D9E 0DA8C0D4 6F4C318C EFE4AFE3
B6B8551F
Coefficient a. BB8E5E8F BC115E13 9FE6A814 FE48AAA6 F0ADA1AA
5DF91985
Coefficient b. 1854BEBD C31B21B7 AEFC80AB 0ECD10D5 B1B3308E
6DBF11C1
Base point G = (xG, yG), whose order is n.
Coordinate xG. 4AD5F704 8DE709AD 51236DE6 5E4D4B48 2C836DC6
E4106640
Coordinate yG. 02BB3A02 D4AAADAC AE24817A 4CA3A1B0 14B52704
32DB27D2
Order n. BDB6F4FE 3E8B1D9E 0DA8C0D4 0FC96219 5DFAE76F 56564677
Message to be encrypted M. encryption standard
Hexadecimal representation of message M. 656E63 72797074 696F6E20
7374616E 64617264
Base point G = (xG, yG), whose order is n.
Coordinate xG. 421DEBD6 1B62EAB6 746434EB C3CC315E 32220B3B
ADD50BDC 4C4E6C14 7FEDD43D
Coordinate yG. 0680512B CBB42C07 D47349D2 153B70C4 E5D7FDFC
BFA36EA1 A85841B9 E46E09A2
Order n. 8542D69E 4C044F18 E8B92435 BF6FF7DD 29772063 0485628D
5AE74EE7 C32E79B7
Message to be encrypted M. encryption standard
Hexadecimal representation of message M. 656E63 72797074 696F6E20
7374616E 64617264
Private key dB. 1649AB77 A00637BD 5E2EFE28 3FBF3535 34AA7F7C
B89463F2 08DDBC29 20BB0DA0
Public key PB = (xB, yB).
Coordinate xB. 435B39CC A8F3B508 C1488AFC 67BE491A 0F7BA07E
581A0E48 49A5CF70 628A7E0A
Coordinate yB. 75DDBA78 F15FEECB 4C7895E2 C1CDF5FE 01DEBB2C
DBADF453 99CCF77B BA076A42
Encrypt the relevant values in each step.
Generate random number k. 4C62EEFD 6ECFC2B9 5B92FD6C 3D957514
8AFA1742 5546D490 18E5388D 49DD7B4F
Calculate the elliptic curve point C1 = [k]G = (x1, y1).
Coordinate x1. 245C26FB 68B1DDDD B12C4B6B F9F2B6D5 FE60A383
B0D18D1C 4144ABF1 7F6252E7
Coordinate y1. 76CB9264 C2A7E88E 52B19903 FDC47378 F605E368
11F5C074 23A24B84 400F01B8
In this C1 chooses uncompressed representation. The point is converted to a
byte string in the form of PC  x1  y1, where PC is a single byte and PC=04,
still recorded as C1.
Calculate the elliptic curve point [k]PB = (x2, y2).
Coordinate x2. 64D20D27 D0632957 F8028C1E 024F6B02 EDF23102
A566C932 AE8BD613 A8E865FE
Plaintext M'. 656E63 72797074 696F6E20 7374616E 64617264, namely.
encryption standard
A.3 Elliptic curve’s message encryption and decryption on
Elliptic curve equation is. y2+xy=x3+ax2+b
Example 3.
Base field’s generator polynomial is. y193+x15+1
Coefficient a. 0
Coefficient b. 00 2FE22037 B624DBEB C4C618E1 3FD998B1 A18E1EE0
D05C46FB
Base point G = (xG, yG), whose order is n.
Coordinate xG. D78D47E8 5C936440 71BC1C21 2CF994E4 D21293AA
D8060A84
Coordinate yG. 615B9E98 A31B7B2F DDEEECB7 6B5D8755 86293725
F9D2FC0C
Order n. 80000000 00000000 00000000 43E9885C 46BF45D8 C5EBF3A1
Message to be encrypted M. encryption standard
Hexadecimal representation of message M. 656E63 72797074 696F6E20
7374616E 64617264
Private key dB. 6C205C15 89087376 C2FE5FEE E153D4AC 875D643E
B8CAF6C5
Public key PB = (xB, yB).
Coordinate xB. 00 E788F191 C5591636 FA992CE6 7CDC8D3B 16E4F4D4
6AF267B8
Coordinate yB. 00 BD6E7E5E 4113D790 20ED5A10 287C14B7 A6767C4D
814ADBFD
Encrypt the relevant values in each step.
Generate random number k. 6E51C537 3D5B4705 DC9B94FA 9BCF30A7
37ED8D69 1E76D9F0
Public key PB = (xB, yB).
Coordinate xB. 00 A67941E6 DE8A6180 5F7BCFF0 985BB3BE D986F1C2
97E4D888 0D82B821 C624EE57
Coordinate yB. 01 93ED5A67 07B59087 81B86084 1085F52E EFA7FE32
9A5C8118 43533A87 4D027271
Encrypt the relevant values in each step.
Generate random number k. 6D3B4971 53E3E925 24E5C122 682DBDC8
705062E2 0B917A5F 8FCDB8EE 4C66663D
Calculate the elliptic curve point C1 = [k]G = (x1, y1).
Coordinate x1. 01 9D236DDB 305009AD 52C51BB9 32709BD5 34D476FB
B7B0DF95 42A8A4D8 90A3F2E1
Coordinate y1. 00 B23B938D C0A94D1D F8F42CF4 5D2D6601 BF638C3D
7DE75A29 F02AFB7E 45E91771
In this C1 chooses uncompressed representation. The point is converted to a
byte string in the form of PC  x1  y1, where PC is a single byte and PC=04,
still recorded as C1.
Calculate the elliptic curve point [k]PB = (x2, y2).
Coordinate x2. 00 83E628CF 701EE314 1E8873FE 55936ADF 24963F5D
C9C64805 66C80F8A 1D8CC51B
Coordinate y2. 01 524C647F 0C0412DE FD468BDA 3AE0E5A8 0FCC8F5C
990FEE11 60292923 2DCD9F36
Length of the message M. klen=152
Calculate t=KDF (x2  y2, klen). 983BCF 106AB2DC C92F8AEA C6C60BF2
98BB0117
Calculate . FD55AC 6213C2A8 A040E4CA B5B26A9C FCDA7373
Calculate C3 = Hash (x2  M  y2).
x2  M  y2.
0083E628 CF701EE3 141E8873 FE55936A DF24963F 5DC9C648 0566C80F
8A1D8CC5 1B656E63 72797074 696F6E20 7374616E 64617264 01524C64
7F0C0412 DEFD468B DA3AE0E5 A80FCC8F 5C990FEE 11602929
232DCD9F 36
