IEEE P1363
Encyclopedia
IEEE P1363 is an Institute of Electrical and Electronics Engineers
(IEEE) standardization project for public-key cryptography
. It includes specifications for:
The chair of the working group as of October 2008 is William Whyte of NTRU Cryptosystems, Inc.
, who has served since August 2001. Former chairs were Ari Singer, also of NTRU (1999-2001), and Burt Kaliski
of RSA Security
(1994-1999).
schemes using several mathematical approaches: integer factorization
,
discrete logarithm
, and elliptic curve discrete logarithm
.
of password-authenticated key agreement
schemes,
and a password-authenticated key retrieval scheme.
Institute of Electrical and Electronics Engineers
The Institute of Electrical and Electronics Engineers is a non-profit professional association headquartered in New York City that is dedicated to advancing technological innovation and excellence...
(IEEE) standardization project for public-key cryptography
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
. It includes specifications for:
- Traditional public-key cryptography (IEEE Std 1363-2000 and 1363a-2004)
- Lattice-based public-key cryptography (P1363.1)
- Password-based public-key cryptography (P1363.2)
- Identity-based public-key cryptography using pairings (P1363.3)
The chair of the working group as of October 2008 is William Whyte of NTRU Cryptosystems, Inc.
NTRU Cryptosystems, Inc.
Ntru Cryptosystems, Inc. is a provider of embedded security solutions. It was founded in 1996 by Joseph H. Silverman, Jeffrey Hoffstein, Jill Pipher and Daniel Lieman, four mathematicians at Brown University...
, who has served since August 2001. Former chairs were Ari Singer, also of NTRU (1999-2001), and Burt Kaliski
Burt Kaliski
Burton S. "Burt" Kaliski, Jr. is a cryptographer, director of the EMC Innovation Network at EMC Corporation since its 2006 acquisition of RSA Security...
of RSA Security
RSA Security
RSA, the security division of EMC Corporation, is headquartered in Bedford, Massachusetts, United States, and maintains offices in Australia, Ireland, Israel, the United Kingdom, Singapore, India, China, Hong Kong and Japan....
(1994-1999).
Traditional public-key cryptography (IEEE Std 1363-2000 and 1363a-2004)
This specification includes key agreement, signature, and encryptionschemes using several mathematical approaches: integer factorization
Integer factorization
In number theory, integer factorization or prime factorization is the decomposition of a composite number into smaller non-trivial divisors, which when multiplied together equal the original integer....
,
discrete logarithm
Discrete logarithm
In mathematics, specifically in abstract algebra and its applications, discrete logarithms are group-theoretic analogues of ordinary logarithms. In particular, an ordinary logarithm loga is a solution of the equation ax = b over the real or complex numbers...
, and elliptic curve discrete logarithm
Elliptic curve cryptography
Elliptic curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S...
.
Key agreement schemes
- DL/ECKAS-DH1 and DL/ECKAS-DH2 (Discrete Logarithm/Elliptic Curve Key Agreement Scheme, Diffie-Hellman version): This includes both traditional Diffie-Hellman and Elliptic Curve Diffie-HellmanElliptic Curve Diffie-HellmanElliptic curve Diffie–Hellman is a key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or better yet, to derive another key which can then be...
.
- DL/ECKAS-MQV (Discrete Logarithm/Elliptic Curve Key Agreement Scheme, Menezes-Qu-VanstoneMQVMQV is an authenticated protocol for key agreement based on the Diffie–Hellman scheme. Like other authenticated Diffie-Hellman schemes, MQV provides protection against an active attacker...
version)
Signature schemes
- DL/ECSSA (Discrete Logarithm/Elliptic Curve Signature Scheme with Appendix): Includes four main variants: DSADigital Signature AlgorithmThe Digital Signature Algorithm is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology in August 1991 for use in their Digital Signature Standard , specified in FIPS 186, adopted in 1993. A minor...
, ECDSAElliptic Curve DSAThe Elliptic Curve Digital Signature Algorithm is a variant of the Digital Signature Algorithm which uses Elliptic curve cryptography.-Key and signature size comparison to DSA:...
, Nyberg-Rueppel, and Elliptic Curve Nyberg-Rueppel.
- IFSSA (Integer Factorization Signature Scheme with Appendix): Includes two variants of RSA, Rabin-Williams, and ESIGN, with several message encoding methods. "RSA1 with EMSA3" is essentially PKCS#1 v1.5 RSA signature; "RSA1 with EMSA4 encoding" is essentially RSA-PSS; "RSA1 with EMSA2 encoding" is essentially ANSI X9.31 RSA signature.
- DL/ECSSR (Discrete Logarithm/Elliptic Curve Signature Scheme with Recovery)
- DL/ECSSR-PV (Discrete Logarithm/Elliptic Curve Signature Scheme with Recovery, Pintsov-Vanstone version)
- IFSSR (Integer Factorization Signature Scheme with Recovery)
Encryption schemes
- IFES (Integer Factorization Encryption Scheme): Essentially RSA encryption with Optimal Asymmetric Encryption PaddingOptimal Asymmetric Encryption PaddingIn cryptography, Optimal Asymmetric Encryption Padding is a padding scheme often used together with RSA encryption. OAEP was introduced by Bellare and Rogaway....
(OAEP).
- DL/ECIES (Discrete Logarithm/Elliptic Curve Integrated Encryption Scheme): Essentially the "DHAES" variant of ElGamal encryptionElGamal encryptionIn cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie–Hellman key exchange. It was described by Taher Elgamal in 1984. ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of...
.
- IFES-EPOC (Integer Factorization Encryption Scheme, EPOC version)
Password-based public-key cryptography (P1363.2)
This document includes a numberof password-authenticated key agreement
Password-authenticated key agreement
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
schemes,
and a password-authenticated key retrieval scheme.
- BPKAS-PAK (Balanced Password-Authenticated Key Agreement Scheme, version PAK)
- BPKAS-PPK (version PPK)
- BPKAS-SPEKE (version SPEKESPEKE (cryptography)SPEKE is a cryptographic method for password-authenticated key agreement.-Description:The protocol consists of little more than a Diffie-Hellman key exchange where the Diffie-Hellman generator g is created from a hash of the password.Here is one simple form of SPEKE:# Alice and Bob agree to use an...
) - APKAS-AMP (Augmented Password-Authenticated Key Agreement Scheme, version AMP)
- APKAS-BSPEKE2 (version BSPEKE2)
- APKAS-PAKZ (version PAKZ)
- APKAS-SRP3 and SRP6 (version Secure Remote PasswordSecure remote password protocolThe Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
(SRP) 3 and 6) - APKAS-SRP5 (version Secure Remote PasswordSecure remote password protocolThe Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
(SRP) 5) - APKAS-WSPEKE (version WSPEKE)
- PKRS-1 (Password Authenticated Key Retrieval Scheme, version 1)