To Certicom
Press Releases
Events
In The News
Corporate Info
Partners
Job Ops
Products
ECC Info
Services
Downloads
Tech Support
Standards Updates
Contact Us




ECC in Standards

Elliptic curve cryptosystems have been the subject of intensive scrutiny in the mathematical community for over thirteen years and in standards organizations for several; mathematicians have been studying elliptic curves for over 100 years. Cryptographers, developers, and engineers have all studied both the mathematical basis of elliptic curve cryptography (ECC) and its importance in developing practical and efficient public-key systems.

Several international and domestic bodies have contributed to the development of information security standards. ECC is currently included in numerous standards and its incorporation into many more is in process. These standards activities are summarized in this report. Some standards organizations that address information security issues include:

    • Institute of Electrical and Electronics Engineers (IEEE)
    • American National Standards Institute (ANSI)
    • International Standards Organization (ISO)
    • International Electrotechnical Commission (IEC)
    • National Institute of Standards and Technology (NIST)
    • Internet Engineering Task Force (IETF)

General Cryptographic Standards

IEEE P1363 – ECC is included in the draft IEEE P1363 standard, “Standard Specifications for Public-Key Cryptography,” includes comprehensive coverage of the three types of well known, widely marketed public-key cryptosystems (ECC, DL, and RSA). For each of the cryptosystems, Release 1 of the document provides the mathematical basis and mechanisms for providing the following security objectives: privacy (encryption schemes); data integrity and nonrepudiation (digital signature schemes); and key establishment (key agreement schemes). ECC digital signatures and ECC key agreement schemes are documented in P1363. (ECC encryption and ECC key transport schemes will be specified in P1363a.) Supporting, underlying mathematics for ECC is also included. Elliptic curves can be defined either over arithmetic modulo p or over modulo 2m for conformance with the standard. P1363 Release 1 is scheduled to be released for public review in August 1998 and go to ballot by the IEEE Microcomputers committee in September1998. The latest draft is available at http://grouper.ieee.org/groups/1363/index.html.

ANSI X9 – ECC is being incorporated into two American National Standards Institute (ANSI) Accredited Standards Committee (ASC ) X9 (Financial Services) drafts.

The ANSI X9.62 draft standard focuses on the Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA is an analog of the National Institute for Standards and Technology’s (NIST’s) Digital Signature Algorithm (DSA) using elliptic curves. The foreword of this document presents a business case for the use of the ECDSA, stating the advantages of ECC in general for financial services. X9.62 will meet the unusually stringent security requirements of the financial services industry. The appendices provide a tutorial on the underlying mathematics for ECC with many examples. X9.62 has completed an ANSI X9.F1 workgroup ballot and publication is expected before the end of 1998, following a 60-day public comment period. Please refer to ANSI X9.62, “Public-key cryptography for the financial services industry - the Elliptic Curve Digital Signature Algorithm (ECDSA),” draft, 1998.

The ANSI X9.63 draft standard focuses on elliptic curve key agreement and key transport methods. Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement schemes, which are ECC analogs of methods in the existing draft standard X9.42, are specified. Please refer to ANSI X9.63, “Public-key cryptography for the financial services industry - Elliptic Curve Key Agreement and Key Transport Algorithms,” draft, 1998.

ANSI TG-17 – The “Technical Guideline on Mathematical Background for Elliptic Curve Cryptosystems” will contain extensive information on elliptic curve arithmetic, including an algorithm for counting the number of points on an elliptic curve.

NIST has stated that it expects to extend the specification of its Digital Signature Standard (DSS) to include ECC by incorporating content from X9.62. NIST is also including specifications for ECC in its Minimum Interoperability Specification (MISPC).

ANSI X12 and UN/EDIFACT – ECC is currently at the initial stage of incorporation into Electronic Data Interchange (EDI) standards. The group is considering adding ECC to two data elements in X12. The request will be voted on during the X12 October 1998 meeting.

ISO/IEC – ECC is being incorporated into several ISO/IEC drafts.

ISO/IEC 14888: “Digital signature with appendix Part 3: Certificate-based mechanisms,” provides an overview of various digital signature mechanisms. The ECDSA is specified as an ECC analog of NIST’s DSA. This document is written for cross industries so its specification for ECDSA is more general than that of X9.62. The two documents (ANSI X9.62 and ISO/IEC 14888) have been coordinated to ensure consistency and compatibility, so that what conforms to X9.62 will also conform to 14888-3. DIS 14888-3 should become an ISO standard in the near future. Please refer to ISO/IEC 14888, “Digital signature with appendix - Part 3: Certificate-based mechanisms,” draft, 1998.

ISO/IEC 9796-4: “Digital Signature with message recovery, Discrete logarithm-based mechanisms,” describes the Nyberg-Rueppel signature scheme in its message recovery form.

ISO/IEC 14946: “Cryptographic techniques based on elliptic curves,” a new work item on elliptic curves, consists of three parts:

Part 1: EC arithmetic and common routines

Part 2: EC signature methods

Part 3: EC encryption (including key transport) and key agreement methods

Vertical Market Standards

In addition to the initiatives underway to develop standards for cryptographic algorithms, numerous initiatives are underway to develop protocols that use public-key certificates and other types of public-key management systems. Most of these protocols are being written so that they are algorithm-independent, so they allow any commonly used public-key algorithm to be implemented. This allows methods such as ECC to be used in environments where other types of public-key systems would be impractical, especially as key size requirements increase. ECC is being considered for integration into the following standards, some of which are still in development:

Telecommunications

ATM Forum – Asynchronous Transport Mode (ATM) is a network protocol for high-speed data and voice. The ATM Forum Technical Committee initiated the document, “Phase I Security Specification,” which intends to provide security standards for all ATM networks; both symmetric-key and public-key mechanisms (including ECC) are specified. The Phase I Security Specification is targeted for publication in 1998.

WAP (Wireless Application Protocol) – Version 1.0 (released May 1998) provides secure Internet access and other advanced services to digital cellular phones and wireless terminals. The specification introduces a layered architecture that enables applications to scale across a variety of transport options and device types. ECC is incorporated into the WAP security layer (Wireless Transport Layer Security¾WTLS) specification. The WAP specification is available at http://www.wapforum.org.

Electronic Commerce

FSTC (Financial Services Technology Consortium) is concerned with electronic payment systems and other financial services. This innovative, all-electronic payment and deposit gathering instrument can be initiated from a variety of devices such as personal computers, screen phones, ATMs, or accounting systems. E-Check provides rapid and secure settlement of financial accounts between trading partners over open public or proprietary networks without pre-arrangement by interconnection with the existing bank clearing and settlement systems infrastructure. ECC is used to encrypt email messages that transport electronic checks.

OTP 0.9 (Open Trading Protocol) is a framework for encapsulating payment protocols. OTP seeks to provide a secure digital replication of the traditional paper-based methods of trading, buying, and selling. The specification provides a unifying framework within which SET, EMV, E-check and other electronic commerce implementations can successfully interoperate. ECDSA is supported for digital signatures in OTP.

The Secure Electronic Transactions (SET") standard has been developed for Internet credit card transactions. ECC is being considered as a proposed enhancement to the SET standard for secure Internet commerce. The benefits ECC brings to this important application are currently being evaluated.

The Internet: IETF

The Internet Engineering Task Force has numerous working groups. Please refer to http://www.ietf.org.

Internet Protocol Security Protocol (IPSec) – The OAKLEY Key Determination Protocol of IETF describes key agreement schemes based on elliptic curves that are variants of the Diffie-Hellman technique. The document is a published RFC, which is how standardization is documented within the IETF. The latest drafts are available at http://www.ietf.cnri.reston.va.us/.

 

Copyright © Certicom Corp., 1997-2000. All rights reserved.
Information subject to change. http://www.certicom.com