1 / 14

PSEC-KEM

PSEC-KEM. NTT Tetsutaro Kobayashi. Policy. Elliptic curve cryptsystem IND-CCA2. Key Types. Secret key SK = ( s ) Public key PK = ( E , W , MGF , hLen ) E: Elliptic curve parameter W: Base point of E , W = sP MGF: Choice of MGF hLen: Bit length of MGF output. Specification.

alicia
Download Presentation

PSEC-KEM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PSEC-KEM NTT Tetsutaro Kobayashi

  2. Policy • Elliptic curve cryptsystem • IND-CCA2 CRYPTREC 2001 <PSEC-KEM>

  3. Key Types • Secret key SK = ( s ) • Public key PK = ( E , W , MGF , hLen ) E: Elliptic curve parameterW: Base point of E , W = sP MGF: Choice of MGF hLen: Bit length of MGF output CRYPTREC 2001 <PSEC-KEM>

  4. Specification Key encapsulation mechanisms • ES-PSEC-KEM • KGP-PSEC • EP-PSEC • DP-PSEC • EME-PSEC-KEM-A • EME-PSEC-KEM-B • EME-PSEC-KEM-C • EME-PSEC-KEM-D Cryptograhic primitives Encoding methods CRYPTREC 2001 <PSEC-KEM>

  5. Cryptographic Primitives • EP-PSEC [Encryption] Q = WC1 = P • DP-PSEC [Decryption] Q = sC1 CRYPTREC 2001 <PSEC-KEM>

  6. Encoding Methods • EME-PSEC-A hLen bit 32 bit 0000…0000 Random r MGF t k keyLen bit pLen + 128 bit • EME-PSEC-B (= t mod p ) P W 32 bit qmLen bit qmLen bit 0000…0001 C1 Q MGF r c2 hLen bit hLen bit hLen bit C0 = C1 || c2 CRYPTREC 2001 <PSEC-KEM>

  7. Elliptic Curve DH Problem • Solve abP form given P , aP , bP on elliptic curve  ECDHP is difficult CRYPTREC 2001 <PSEC-KEM>

  8. Comparison of Security  CRYPTREC 2001 <PSEC-KEM>

  9. Key length ( | p | ) Diffie-Hellman 1024 bit EC Diffie-Hellman 160 bit Advantage of Ellptic curve CRYPTREC 2001 <PSEC-KEM>

  10. Comparison of Efficiency * Group checking operation CRYPTREC 2001 <PSEC-KEM>

  11. Parameters • Recommended conditions • Parameters • pLen = 160 • hLen = 160 • keyLen = 256 • Hash function • MGF: MGF1-SHA1 • R: Compressed • Necessary conditions • Parameters • pLen 160 • hLen  128 • Hash function • Any CRYPTREC 2001 <PSEC-KEM>

  12. Evaluation by Implement • Environment • CPU: Pentium‐III 600MHz (FSB 100MHz) • RAM: 128MB • OS: Windows2000 5.0 (Build 2195) SP2 • Compiler: Visual Studio 6 Enterprise SP5 • Language: C • Parameters • Same as recommended conditions • Prime field CRYPTREC 2001 <PSEC-KEM>

  13. Result CRYPTREC 2001 <PSEC-KEM>

  14. Status of Publicity • Essential patent of PSEC • Announcement of royalty-free licenses [Apr 17, 2001] • ISO JTC1 SC27 WG2 draft CRYPTREC 2001 <PSEC-KEM>

More Related