Powered by Google www.ChineseStandard.net Database: 189759 (26 May 2024)

GB/T 15843.5-2005 related PDF English

GB/T 15843.5-2005 (GB/T15843.5-2005, GBT 15843.5-2005, GBT15843.5-2005) & related versions
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)See DetailStatusSimilar PDF
GB/T 15843.5-2005English270 Add to Cart 0-9 seconds. Auto delivery. Information technology -- Security technique -- Entity authentication -- Part 5: Mechanisms using zero knowledge techniques GB/T 15843.5-2005 Valid GBT 15843.5-2005



Preview PDF: GB/T 15843.5-2005

GB/T 15843.5-2005: PDF in English (GBT 15843.5-2005)
GB/T 15843.5-2005
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
GB/T 15843.5-2005 / ISO/IEC 9798-9:1999
Information Technology – Security Techniques –
Entity Authentication – Part 5: Mechanisms Using
Zero Knowledge Techniques
(ISO/IEC 9798-5:1999, IDT)
ISSUED ON: APRIL 19, 2005
IMPLEMENTED ON: OCTOBER 01, 2005
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration of PRC.
Table of Contents
Foreword ... 4
1 Scope ... 5
2 Normative Reference ... 5
3 Terms and Definitions ... 6
4 Symbols and Notation ... 8
5 Mechanism Based on Identities ... 11
5.1 Specific requirements ... 11
5.2 Parameter selection ... 11
5.3 Identity selection ... 12
5.4 Accreditation generation ... 13
5.5 Authentication exchange... 13
6 Certificate-Based Mechanism Using Discrete Logarithms ... 16
6.1 Specific requirements ... 16
6.2 Key selection ... 17
6.3 Authentication exchange... 17
7 Certificate-Based Mechanism Using an Asymmetric Encipherment System
... 19
7.1 Specific requirements ... 20
7.2 Authentication exchange... 20
Annex A (Normative) Principles of Zero Knowledge Mechanisms ... 23
A.1 Introduction ... 23
A.2 The need for zero-knowledge mechanisms ... 23
A.3 The definition ... 24
A.4 An example ... 25
A.5 Basic design principles ... 27
Annex B (Informative) Guidance on Parameter Choice ... 28
B.1 Parameter choice for the identity-based mechanism ... 28
B.2 Parameter choice for the certificate-based mechanism using discrete logarithms
... 29
Annex C (Informative) Examples ... 30
C.1 Mechanism based on identities ... 30
C.1.1 Example with public exponent 2 ... 30
C.1.2 Example with public exponent 3 ... 34
C.1.3 Example with public exponent 216 + 1 ... 39
C.2 Mechanism based on discrete logarithms ... 40
C.2.1 Example using 768-bit p, 128-bit q and RIPEMD-128 ... 40
C.2.2 Example using 1024-bit p, 160-bit q and SHA-1 ... 42
C.3 Mechanism based on a trusted public transformation ... 44
C.3.1 Example using 767-bit RSA and RIPEMD-160 ... 44
C.3.2 Example using 1024-bit RSA and SHA-1 ... 46
Annex D (Informative) Comparison of the Mechanism ... 48
D.1 Measures for comparing the mechanisms ... 48
D.2 Mechanism based on identities ... 49
D.2.1 The case where v is large (e.g. the Guillou-Quisquater scheme) ... 49
D.2.2 Fiat-Shamir scheme ... 51
D.3 Certificate-based mechanism using discrete logarithms ... 52
D.3.1 Computational complexity ... 52
D.3.2 Communication complexity ... 53
D.3.3 Size of the claimant's accreditations ... 53
D.3.4 Degree of security ... 53
D.4 Certificate-based mechanism using an asymmetric encipherment system ... 53
D.4.1 Computational complexity ... 53
D.4.2 Communication complexity ... 54
D.4.3 Size of the claimant's accreditations ... 54
D.4.4 Degree of security ... 54
D.5 Comparison of the mechanisms ... 54
Annex E (Informative) Information about Patents ... 56
Annex F (Informative) Bibliography ... 57
Foreword
GB/T 15843 consists of the following parts, under the general title Information
Technology – Security Techniques – Entity Authentication:
--- Part 1: General;
--- Part 2: Mechanisms Using Symmetric Encipherment Algorithms;
--- Part 3: Mechanisms Using Digital Signature Techniques;
--- Part 4: Mechanisms Using a Cryptographic Check Function;
--- Part 5: Mechanisms Using Zero-Knowledge Techniques.
This Part is Part 5 of GB/T 15843. It equivalently adopts the international standard
ISO/IEC 9798-5:1999 Information Technology – Security Techniques – Entity
Authentication – Part 5: Mechanisms Using Zero-Knowledge Techniques (English
Version).
Annexes A, B, C, D, E, F of this Part are informative.
This Part was proposed by Ministry of Information Industry of the RPC.
This Part shall be under the jurisdiction of National Technical Committee for
Standardization of Information Security.
Drafting organizations of this Part: China Electronics Standardization Institute; and
State Key Laboratory of Information Security.
Chief drafting staffs of this Part: Chen Xing, Luo Fengying, Hu Lei, Ye Dingfeng, Zhang
Zhenfeng, and Huang Jiaying.
Information Technology – Security Techniques –
Entity Authentication – Part 5: Mechanisms Using
Zero Knowledge Techniques
1 Scope
This Part of GB/T 15843 specifies three entity authentication mechanisms using zero
knowledge techniques. All the mechanisms specified in this Part of GB/T 15843
provide unilateral authentication. These mechanisms are constructed using the
principles of zero knowledge, but they will not be zero knowledge according to the strict
definition sketched in Annex A for all choices of parameters.
The first mechanism is said to be based on identities. A trusted accreditation authority
provides each claimant with private accreditation information, computed as a function
of the claimant's identification data and the accreditation authority's private key.
The second mechanism is said to be certificate-based using discrete logarithms. Every
claimant possesses a public key, private key pair for use in this mechanism. Every
verifier of a claimant's identity must possess a trusted copy of the claimant 's public
verification key; the means by which this is achieved is beyond the scope of this
Standard, but it may be achieved through the distribution of certificates signed by a
Trusted Third Party.
The third mechanism is said to be certificate-based using an asymmetric encipherment
system. Every claimant possesses a public key, private key pair for an asymmetric
cryptosystem. Every verifier of a claimant's identity must possess a trusted copy of the
claimant 's public key; the means by which this is achieved is beyond the scope of this
Standard, but it may be achieved through the distribution of certificates signed by a
Trusted Third Party.
2 Normative Reference
The provisions in following documents become the provisions of this Part through
reference in this Part of GB/T 15843. For dated references, the subsequent
amendments (excluding corrigendum) or revisions do not apply to this Part, however,
parties who reach an agreement based on this Standard are encouraged to study if
the latest versions of these documents are applicable. For undated references, the
latest edition of the referenced document applies.
GB 15851-1995 Information Technology - Security Techniques - Digital Signature
Scheme Giving Message Recovery (idt ISO/IEC 9796:1991)
GB/T 15843.1-1999 Information Technology - Security Techniques - Entity
Authentication - Part 1: General (idt ISO/IEC 9798-1:1997)
GB/T 18238 (all parts) Information Technology - Security Techniques - Hash-
Function (idt ISO/IEC 10118)
3 Terms and Definitions
For the purpose of this Part of GB/T 15843, the terms and definitions given in GB/T
15843.1-1999 and the following apply.
3.1 Asymmetric cryptographic technique
3.2 Asymmetric encipherment system
3.3 Asymmetric key pair
3.4 Challenge
3.5 Claimant
3.6 Decipherment
3.7 Distinguishing identifier
3.8 Encipherment
3.9 Entity authentication
3.10 Private key
3.11 Public key
3.12 Public verification key
3.13 Random number
3.14 Token
3.15 Trusted third party
3.16 Unilateral authentication
3.17 Verifier
......

BASIC DATA
Standard ID GB/T 15843.5-2005 (GB/T15843.5-2005)
Description (Translated English) Information technology. Security technique. Entity authentication. Part 5: Mechanisms using zero knowledge techniques
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 41,478
Date of Issue 2005-04-19
Date of Implementation 2005-10-01
Adopted Standard ISO/IEC 9798-5-1999, IDT
Drafting Organization China Electronics Standardization Institute
Administrative Organization Standardization Technical Committee of the National Information Security
Regulation (derived from) Announcement of Newly Approved National Standards No. 6, 2005 (No. 80 overall)
Proposing organization Ministry of Information Industry of the People Republic of China
Issuing agency(ies) General Administration of Quality Supervision, Inspection and Quarantine of the People Republic of China, China National Standardization Administration Committee
Summary This standard specifies two kinds of zero- knowledge techniques used to buy body authentication mechanism. All in GB/T 15843 of this standard describes mechanisms offer one-way identification. These mechanisms apply the principle of zero-knowledge structure, but according to the strict definition in Appendix A, for all parameter selection, these mechanisms themselves are not zero-knowledge. The first mechanism is called identity-based mechanisms. Credible AIs for each approved claim proprietary information provided by the private information is recognized as claiming the identity of the data and the authorized institutions of the private key functions calculated. The second mechanism is called the discrete logarithm based on the use certificate-based mechanism. Every one who claimed to have one pair of this mechanism for public key and private key pair. Each claim must verify the identity of the person that owns the claims credible public verification key copy, their access methods is beyond the scope of this standard, but it can be a certificate signed by a trusted third party to obtain the distribution. The third mechanism is called asymmetric encryption system based on the use certificate-based mechanism. Every one who claimed to have one pair of asymmetric encryption system for public key and private key pair. Each claim must verify the identity of the person that owns the claims credible public verification key copy, their access methods is beyond the scope of this standard, but can be a certificate signed by a trusted third party to obtain the distribution.