GB/T 32918.3-2016 PDF EnglishUS$145.00 · In stock · Download in 9 seconds
GB/T 32918.3-2016: Information security technology - Public key cryptographic algorithm SM2 based on elliptic curves - Part 3: Key exchange protocol Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Valid
Similar standardsGB/T 32918.3-2016: Information security technology - Public key cryptographic algorithm SM2 based on elliptic curves - Part 3: Key exchange protocol---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT32918.3-2016 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Public key cryptographic algorithm SM2 based on elliptic curves - Part 3. Key exchange protocol Issued on: AUGUST 29, 2016 Implemented on: MARCH 1, 2017 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the PRC; Standardization Administration of the PRC. Table of ContentsForeword ... 3 Introduction ... 4 1 Scope ... 6 2 Normative references ... 6 3 Terms and definitions ... 6 4 Symbols and abbreviations ... 7 5 Algorithm parameters and auxiliary function ... 8 5.1 Overview ... 8 5.2 Elliptic curve’s system parameters ... 9 5.3 User key pair ... 9 5.4 Auxiliary function ... 9 5.5 Other information of user ... 10 6 Key exchange protocol and process ... 11 6.1 Key exchange protocol ... 11 6.2 Key exchange protocol process ... 13 Appendix A (Informative) Example of key exchange and verification ... 15 A.1 Overview ... 15 A.2 Elliptic curve’s key exchange protocol on Fp ... 15 A.3 Elliptic curve’s key exchange protocol on F2m ... 19 References ... 23IntroductionIn 1985, N.Koblitz and V.Miller independently proposed the application of elliptic curves to public key cryptosystems. The nature of the curve on which the elliptic curve’s public key cryptography is based is as follows. - The elliptic curve on the finite field forms a finite exchange group under the point addition operation, its order is similar to the base field size; - Similar to the power operation in the finite field multiplication group, the elliptic curve’s multiple-point-multiplication operation constitutes a one-way function. In the multiple-point-multiplication operation, the multiple-point-multiplication and the base point are known, the problem of solving the multiplication is called the elliptic curve’s discrete logarithm problem. For the discrete logarithm problem of general elliptic curves, there is only a solution method for exponential computational complexity. Compared with the large number decomposition problem and the discrete logarithm problem on the finite field, the elliptic curve’s discrete logarithm problem is much more difficult to solve. Therefore, under the same level of security, the elliptic curve cryptography is much smaller than the key size required for other public key cryptographies. SM2 is an elliptic curve’s cryptographic algorithm standard which is developed and proposed by the National Cryptography Authority. The main objectives of GB/T 32918 are as follows. - GB/T 32918.1 defines and describes the related concepts and mathematical basics of the SM2 elliptic curve cryptographic algorithm, and outlines the relationship between this part and other parts. - GB/T 32918.2 describes a signature algorithm based on elliptic curve, that is, the SM2 signature algorithm. - GB/T 32918.3 describes a key exchange protocol based on elliptic curve, that is, the SM2 key exchange protocol. - GB/T 32918.4 describes a public key encryption algorithm based on elliptic curve, that is, the SM2 encryption algorithm, which uses the SM3 cryptographic hash algorithm as defined in GB/T 32905-2016. - GB/T 32918.5 gives the elliptic curve parameters used by the SM2 Information security technology - Public key cryptographic algorithm SM2 based on elliptic curves - Part 3. Key exchange protocol1 ScopeThis Part of GB/T 32918 specifies the key exchange protocol of public key cryptographic algorithm SM2 based on elliptic curves, and gives examples of key exchange and verification and their corresponding processes. This Part is applicable to the key exchange in commercial cryptographic application. It can satisfy twice or optional three-times information transfer process of the communication parties; and calculate and obtain a shared secret key (session key) jointly determined by both parties.2 Normative referencesThe following documents are indispensable for the application of this document. For the dated references, only the versions with the dates indicated are applicable to this document. For the undated references, the latest version (including all the amendments) are applicable to this document. GB/T 32918.1-2016 Information security technology - Public key cryptographic algorithm SM2 based on elliptic curves - Part 1. General GB/T 32905-2016 Information security techniques - SM3 cryptographic hash algorithm3 Terms and definitionsThe following terms and definitions are applicable to this document. 3.1 Key confirmation from A to B A guarantee which makes user B be convinced that user A has a specific secret key. 3.2 Key derivation function The function of one or more shared secret keys generated by acting on the shared key and other parameters known to both parties. 3.3 Initiator The user who sends the first round of exchange information during the operation of a protocol. 3.4 Responder The user who does not send the first round of information exchange during the operation of a protocol. 3.5 Distinguishing identifier Information which can distinguish an entity’s identity without ambiguity.4 Symbols and abbreviationsThe following symbols apply to this document. A, B - Two users using the public key cryptosystem. dA - User A’s private key. dB - User B’s private key. E(Fq) - A set of all rational points (including the point at infinity O) of the elliptic curve E on Fq. Fq - A finite field which contains q elements. G - A base point of elliptic curve, of which the order is prime number. Hash( ) - Cryptographic hash algorithm. Hv( ) - A cryptographic hash algorithm with a message digest length of v bits. h - The cofactor, h=#E(Fq)/n, where n is the order of the base point G. IDA, IDB - Distinguishing identifiers of user A and user B. K, KA, KB - The shared secret keys agreed upon by the key exchange protocol. KDF( ) - Key derivation function. modn - Modulo n operation. For example, 23 mod 7=2. n - The order of the base point G [n is the prime factor of #E(Fq)]. protocol can be used for key management and negotiation. 5.2 Elliptic curve’s system parameters Elliptic curve’s system parameters include the size q of the finite field Fq (When q=2m, it also includes the identification of element representation notation and the reduced polynomial). Two elements a, b which define the equation of the elliptic curve E(Fq) shall ∈Fq. The base point G on E(Fq) shall = (xG, yG) (G≠O), where xG and yG are two elements in Fq; the order n of G and other alternatives (such as the cofactor h of n, etc.). Elliptic curve’s system parameters and their verification shall comply with the provisions of Clause 5 of GB/T 32918.1-2016. 5.3 User’s key pair User A’s key pair includes its private key dA and public key PA=[dA]G= (xA, yA). User B’s key pair includes its private key dB and public key PB=[dB]G= (xB, yB). The generation algorithm of user’s key pair and the public key verification algorithm shall be in accordance with the provisions of Clause 6 of GB/T 32918.1-2016. 5.4 Auxiliary function 5.4.1 Overview In the elliptic curve’s key exchange protocol specified in this Part, three types of auxiliary functions are involved. cryptographic hash algorithm, key derivation function, and random number generator. The strength of these three types of auxiliary functions directly affects the security of key exchange protocol. 5.4.2 Cryptographic hash algorithm This Part specifies the use of cryptographic hash algorithms approved by the State Cryptography Administration, such as the SM3 cryptographic hash algorithm. 5.4.3 Key derivation function The key derivation function is used to derive key data from a shared secret bit string. In the key negotiation process, the key derivation function acts on the shared secret bit string obtained by key exchange, from which the required session key or the key data required for further encryption is generated. The key derivation function needs to call the cryptographic hash algorithm. B7. CALCULATE KB=KDF(xV ǁ yV ǁ ZA ǁ ZB, klen); B8. (option) According to the methods given by 4.2.6 and 4.2.5 in GB/T 32918.1-2016, CONVERT the data type of the coordinates x1, y1 of RA and of the coordinates x2, y2 of RB into bit string; CALCULATE SB=Hash(0x02 ǁ yV ǁ Hash(xV ǁ ZA ǁ ZB ǁ x1 ǁ y1 ǁ x2 ǁ y2)); B9. SEND RB, (option SB) to user A; User A. A4. TAKE the field element x1 out from RA; according to the method given by 4.2.8 in GB/T 32918.1-2016, CONVERT the data type of x1 into integer; CALCULATE x1ഥ =2w+(x1&(2w-1)); A5. CALCULATE tA= (dA+x1ഥ · rA) modn; A6. VERIFY whether RB meets the elliptic curve equation, and if not, the negotiation fails. Otherwise, TAKE the field element x2 out from RB; according to the method given by 4.2.8 in GB/T 32918.1-2016, CONVERT the data type of x2 into integer; CALCULATE x2ഥ =2w+(x2&(2w-1)); A7. CALCULATE the elliptic curve point U= [h · tA] (PB+[x2ഥ ]RB) = (xU, yU). If U is point at infinity, then A negotiation fails. Otherwise, according to the methods given by 4.2.6 and 4.2.5 in GB/T 32918.1-2016, CONVERT the data type of xU, yU into bit string; A8. CALCULATE KA=KDF(xU ǁ yU ǁ ZA ǁ ZB, klen); A9. (option) According to the methods given by 4.2.6 and 4.2.5 in GB/T 32918.1-2016, CONVERT the data type of the coordinates x1, y1 of RA and of the coordinates x2, y2 of RB into bit string; CALCULATE S1=Hash(0x02 ǁ yU ǁ Hash(xU ǁ ZA ǁ ZB ǁ x1 ǁ y1 ǁ x2 ǁ y2)); and CHECK whether S1=SB is established. If the equation is not established, the key confirmation from B to A fails; A10. (option) CALCULATE SA=Hash(0x03 ǁ yU ǁ Hash(xU ǁ ZA ǁ ZB ǁ x1 ǁ y1 ǁ x2 ǁ y2)); and SEND SA to user B. User B. B10. (option) CALCULATE S2=Hash(0x03 ǁ yV ǁ Hash(xV ǁ ZA ǁ ZB ǁ x1 ǁ y1 ǁ x2 ǁ y2)); and CHECK whether S2=SA is established. If the equation is not established, the key confirmation from A to B fails. Note. If ZA and ZB are not the hash values corresponding to users A and B, then the sameAppendix A(Informative) Example of key exchange and verification A.1 Overview This appendix selects the cryptographic hash algorithm given in GB/T 32905- 2016. The input is a message bit string of length less than 264. The output is a hash value of 256 bits in length, which is recorded as H256(). In this appendix, all numbers expressed in hexadecimal form are high on the left and low on the right. Assume that user A’s identity is. ALICE123@YAHOO.COM. USE the code in GB/T 1988 to record IDA. 414C 49434531 32334059 41484F4F 2E434F4D. ENTLA=0090. Assume that user B’s identity is. BILL456@YAHOO.COM. USE the code in GB/T 1988 to record IDB. 42 494C4C34 35364059 41484F4F 2E434F4D. ENTLB=0088. A.2 Elliptic curve’s key exchange protocol on Fp The elliptic curve equation is. y2=x3+ax+b Example 1. Fp-256 Cofactor h. 1 Base point G= (xG, yG). Its order is recorded as n. User A’s public key PA= (xA, yA). Prime number p Factor a Factor b Coordinate xG Coordinate yG Order n User A’s private key dA ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of English version of GB/T 32918.3-2016 be delivered?Answer: The full copy PDF of English version of GB/T 32918.3-2016 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.Question 2: Can I share the purchased PDF of GB/T 32918.3-2016_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 32918.3-2016_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 32918.3-2016 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.How to buy and download a true PDF of English version of GB/T 32918.3-2016?A step-by-step guide to download PDF of GB/T 32918.3-2016_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).Step 2: Search keyword "GB/T 32918.3-2016". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |
