GM/T 00802020 (GM/T00802020, GMT 00802020, GMT00802020) & related versions
Standard ID  Contents [version]  USD  STEP2  [PDF] delivered in  Standard Title (Description)  See Detail  Status  Similar PDF 
GM/T 00802020  English  295 
Add to Cart

09 seconds. Auto delivery.

SM9 cryptographic algorithm application specification

GM/T 00802020
 Valid 
GMT 00802020

Preview PDF: GM/T 00802020
GM/T 00802020: PDF in English (GMT 00802020) GM/T 00802020 GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 38.040 CCS L 80 SM9 Cryptographic Algorithm Application Specification ISSUED ON: DECEMBER 28, 2020 IMPLEMENTED ON: JULY 01, 2021 Issued by: State Cryptography Administration Table of Contents Foreword ... 4 Introduction ... 5 1 Scope ... 6 2 Normative References ... 6 3 Terms and Definitions ... 6 4 Abbreviations ... 7 5 SM9 Key Pair ... 8 5.1 Generator ... 8 5.2 SM9 master private key... 8 5.3 SM9 master public key ... 8 5.4 SM9 user private key ... 9 5.5 SM9 user public key ... 9 6 Data Format ... 9 6.1 Key data structure ... 9 6.2 Signature data structure ... 11 6.3 Encryption data structure ... 11 6.4 Key encapsulation data format ... 12 7 Preprocessing ... 12 7.1 Preprocessing hash function H1 ... 12 7.2 Proprocessing hash function H2 ... 12 7.3 Preprocessing pair calculation e ... 13 7.4 Preprocessing user’s signature verification QD ... 13 7.5 Preprocessing user’s encryption QE ... 14 8 Calculation Process ... 14 8.1 Key generation ... 14 8.2 Digital signature ... 16 8.3 Signature verification ... 16 8.4 Key encapsulation ... 17 8.5 Key unsealing ... 17 8.6 Encryption ... 18 8.7 Decryption ... 18 8.8 Key agreement ... 19 SM9 Cryptographic Algorithm Application Specification 1 Scope This Document defines the application method of SM9 cryptographic algorithm, as well as data formats such as keys, encryption, and signatures, etc. This Document is applicable to the application of SM9 cryptographic algorithm, and the development and testing of equipment and systems that support SM9 cryptographic algorithm. 2 Normative References The following documents are essential to the application of this Document. For the dated documents, only the versions with the dates indicated are applicable to this Document; for the undated documents, only the latest version (including all the amendments) is applicable to this Document. GB/T 32905 Information Security Technology  SM3 Cryptographic Hash Algorithm GB/T 32907 Information Security Techno1ogy  SM4 Block Cipher Algorithm GB/T 32918 (all parts) Information Security Technology  Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves GB/T 38635.12020 Information Security Technology  IdentityBased Cryptographic Algorithms SM9  Part 1: General GB/T 38635.22020 Information Security Technology  IdentityBased Cryptographic Algorithms SM9  Part 2: Algorithm 3 Terms and Definitions For the purpose of this Document, the following terms and definitions apply. 3.1 Algorithm identifier Digitized information that is used to indicate algorithmic mechanisms. 3.2 SM9 algorithm PPS: Public Parameter Service. 5 SM9 Key Pair 5.1 Generator The Generator P1 point on G1 is marked as (xp1, yP1); and the ASN.1 of the data format is defined as SM9P1::=BIT STRING; the type is BIT STRING; and its content is: 04‖X1‖Y1, where X1 and Y1 respectively identify the x component and y component of the point; and each component has a length of 256 bits. The Generator P2 point on G2 is marked as (xp2, yP2); and the ASN.1 of the data format is defined as SM9P2::=BIT STRING; the type is BIT STRING; and its content is: 04‖X1‖X2‖Y1‖Y2, where X1, X2 and Y1, Y2 respectively identify the x component and y component of the public key; and each component has a length of 256 bits, or 03‖X1‖X2, where X1 and X2 respectively identify each x component of the public key; and each component has a length of 256 bits. Select the value whose rightmost bit is 1 in the decompressed Y root value (Y1‖Y2). After the restoration, the rightmost bit of the Y root value shall be 1; otherwise, Y1=base field q  root Y1, Y2=base field q  root Y2. or 02‖X1‖X2, where X1 and X2 respectively identify the 2 x components of the public key; and each component has a length of 256 bits. Select the option value whose rightmost bit is 0 in the decompressed Y root value (Y1‖Y2). After the restoration, the Y root value takes the option value whose rightmost bit is 0, otherwise Y1=base field q  root Y1, Y2=base field q  root Y2. 5.2 SM9 master private key It includes the SM9 signature master private key and the encryption master private key; both are an integer greater than or equal to 1 and less than N1 (N is the order of the cyclic group G1, G2, and GT, and its value is shown in Appendix A.1 of GB/T 38635.2 2020), abbreviated as s, with the length of 256 bits. 5.3 SM9 master public key It includes SM9 signature master public key Ppub2 and encryption master public key Ppub1. They are points on G2 and G1; and the coordinates are expressed as (xSPub, ySPub) and (xEPub, yEPub). Thereof, the x and y coordinates of the signature master public key also contain two components, namely x1 component and x2 component, y1 component and y2 component, and the length of each component is 256 bits. The length of the x and y coordinates of the encryption master public key are both 256 bits. 5.4 SM9 user private key It includes SM9 user signature private key and user encryption private key, which are points on G1 and G2 respectively; and the coordinates are expressed as (xSPri, ySPri) and (xEPri, yEPri). The length of the x and y coordinates of the user signature key are both 256 bits. The x and y coordinates of the user's encryption private key also contain two components, namely x1 component and x2 component, y1 component and y2 component, and the length of each component is 256 bits. 5.5 SM9 user public key In IBC technology, the user identification ID can uniquely determine the user's public key, which represents the public key in applications. The representation of ID coordinates based on bilinear pairing can be divided into user signature public key coordinates and user encryption public key coordinates. The user signature public key and the signature master public key are of the same coordinate structure; and there are two respective components on the x and y coordinates, which are marked as QS; and user encryption public key and the encryption master public key are of the same coordinate structure, which is marked as QE. NOTE: Here is how to generate the user's public key coordinates. Input: Algorithm function H, userID, hid, master public key Ppubi, generator Pi i=1,2. Output: User public key QA. Calculation method: , signature public key coordinates are used for signature/verification of signature. , encryption public key coordinates are used for key encapsulation, encryption/decryption. 6 Data Format 6.1 Key data structure The key is divided into signature/encryption master key, and signature/encryption user key: a) The ASN.1 of data format of SM9 algorithm signature master private key is defined as: ......
Standard ID  GM/T 00802020 (GM/T00802020)  Description (Translated English)  SM9 cryptographic algorithm application specification  Sector / Industry  Chinese Industry Standard (Recommended)  Classification of Chinese Standard  L80  Word Count Estimation  14,145  Date of Issue  20201228  Date of Implementation  20210701  Regulation (derived from)  National Cryptography Administration Announcement No. 41  Issuing agency(ies)  National Cryptography Administration 
