1
/
of
9
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 32918.4-2016 English PDF (GBT32918.4-2016)
GB/T 32918.4-2016 English PDF (GBT32918.4-2016)
Regular price
$145.00 USD
Regular price
Sale price
$145.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 32918.4-2016
Historical versions: GB/T 32918.4-2016
Preview True-PDF (Reload/Scroll if blank)
GB/T 32918.4-2016: Information security technology -- Public key cryptographic algorithm SM2 based on elliptic curves -- Part 4: Public key encryption algorithm
GB/T 32918.4-2016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Public key
cryptographic algorithm SM2 based on elliptic curves
- Part 4. Public key encryption algorithm
ISSUED ON. AUGUST 29, 2016
IMPLEMENTED ON. MARCH 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration Committee.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 6
2 Normative references ... 6
3 Terms and definitions ... 6
4 Symbols and abbreviations ... 7
5 Algorithm parameters and auxiliary functions... 7
6 Encryption algorithm and process ... 9
7 Decryption algorithm and process ... 12
Annex A (informative) Examples of message encryption and decryption ... 14
Bibliography ... 24
Information security technology - Public key
cryptographic algorithm SM2 based on elliptic curves
- Part 4. Public key encryption algorithm
1 Scope
This Part of GB/T 32918 specifies public key encryption algorithm of public key
cryptographic algorithm SM2 based on elliptic curves. It gives the message
encryption and decryption examples as well as the corresponding process.
This Part applies to message encryption and decryption in commercial
password applications. The sender of the message can encrypt the message
with the receiver’s public key. The receiver decrypts with the corresponding
private key to obtain the message.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 32918.1-2016, Information security techniques - Elliptic Curve public -
key cryptography - Part 1. General
GB/T 32905-2016, Information security technology SM3 cryptographic hash
algorithm
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1 secret key
in the cryptosystem, a key that is jointly owned by sender and receiver and not
known to a third party
3.2 message
any finite length of bit string
message.
5.2 Elliptic curve system parameters
The elliptic curve system parameters include the size q of the finite field Fq
(when q = 2m, it also includes the identification of the element representation
and the reduction polynomial), two elements a, b that define the equation
of the elliptic curve E(Fq), the base point G on E(Fq) is (xG, yG )(G≠O), where xG
and yG are two elements in Fq, the order n of G and other options (such as the
residual factor h of n, etc.)
Elliptic curve system parameters and their verification shall meet the
requirements of Clause 5 of GB/T 32918.1-2016.
5.3 User key pair
User B's key pair includes its private key dB and public key PB=[dB]G.
The generation algorithm of the user key pair and the public key verification
algorithm shall comply with the provisions of Clause 6 of GB/T 32918.1-2016.
5.4 Auxiliary function
5.4.1 General
The public key encryption algorithm based on elliptic curve specified in this Part
involves three types of auxiliary functions. cryptographic hash algorithm, key
derivation function and random number generator. The strength of these three
types of auxiliary functions directly affects the security of the encryption
algorithm.
5.4.2 Password hash algorithm
This Part specifies the use of password hash algorithms approved by the
National Cryptographic Authority, such as SM3 cryptographic hash algorithm.
5.4.3 Key derivation function
The key derivation function is used to derive key data from a shared secret bit
string. In the key negotiation process, the key derivation function acts on the
shared secret bit string obtained by the key exchange, and generates the
required session key or the key data required for further encryption.
The key derivation function needs to call the password hash algorithm.
Set the password hash algorithm to Hv ( ). Its output is a hash value of exactly
v bits in length.
Key derivation function KDF (Z, klen).
7 Decryption algorithm and process
7.1 Decryption algorithm
Set klen be the bit length of C2 in the ciphertext.
In order to decrypt the ciphertext C=C1 || C3 || C2, the user B as the decryptor
shall implement the following operation steps.
B1. Take the bit string C1 from C. Convert the data type of C1 to a point on the
elliptic curve according to the method given in 4.2.4 and 4.2.10 of GB/T
32918.1-2016. Verify whether C1 satisfies the elliptic curve equation. If not,
report an error and exit.
B2. Calculate the elliptic curve point S= [h]C1. If S is infinity, report an error and
exit.
B3. Calculate [dB]C1 = (x2, y2). Convert the data types of coordinates x2 and y2
into bit strings according to the methods given in 4.2.6 and 4.2.5 of GB/T
32918.1-2016.
B4. Calculate t = KDF (x2 || y2, klen). If it is an all 0-bit string, then an error is
reported and exited.
B5. Take the bit string C2 from C. Calculate .
B6. Calculate . Take the bit string C3 from C. If u≠C3,
report an error and exit.
B7. Output plaintext M'.
NOTE. See Annex A for an example of the decryption process.
7.2 Decryption algorithm flow
The decryption algorithm flow is shown in Figure 2.
Annex A
(informative)
Examples of message encryption and decryption
A.1 General
This appendix selects the password hash algorithm given in GB/T 32905-2016.
The input is a message bit string of length less than 264, and the output is a
hash value of 256 bits in length, denoted as H256 ( ).
In this appendix, all numbers in hexadecimal notation, high on the left and low
on the right.
In this appendix, the text is clearly encoded in GB/T 1988.
A.2 Elliptic curve’s message encryption and decryption on Fp
The elliptic curve equation is. y2=x3+ax+b
Example 1. Fp -192
Prime number p. BDB6F4FE 3E8B1D9E 0DA8C0D4 6F4C318C EFE4AFE3
B6B8551F
Coefficient a. BB8E5E8F BC115E13 9FE6A814 FE48AAA6 F0ADA1AA
5DF91985
Coefficient b. 1854BEBD C31B21B7 AEFC80AB 0ECD10D5 B1B3308E
6DBF11C1
Base point G = (xG, yG), whose order is n.
Coordinate xG. 4AD5F704 8DE709AD 51236DE6 5E4D4B48 2C836DC6
E4106640
Coordinate yG. 02BB3A02 D4AAADAC AE24817A 4CA3A1B0 14B52704
32DB27D2
Order n. BDB6F4FE 3E8B1D9E 0DA8C0D4 0FC96219 5DFAE76F 56564677
Message to be encrypted M. encryption standard
Hexadecimal representation of message M. 656E63 72797074 696F6E20
7374616E 64617264
Base point G = (xG, yG), whose order is n.
Coordinate xG. 421DEBD6 1B62EAB6 746434EB C3CC315E 32220B3B
ADD50BDC 4C4E6C14 7FEDD43D
Coordinate yG. 0680512B CBB42C07 D47349D2 153B70C4 E5D7FDFC
BFA36EA1 A85841B9 E46E09A2
Order n. 8542D69E 4C044F18 E8B92435 BF6FF7DD 29772063 0485628D
5AE74EE7 C32E79B7
Message to be encrypted M. encryption standard
Hexadecimal representation of message M. 656E63 72797074 696F6E20
7374616E 64617264
Private key dB. 1649AB77 A00637BD 5E2EFE28 3FBF3535 34AA7F7C
B89463F2 08DDBC29 20BB0DA0
Public key PB = (xB, yB).
Coordinate xB. 435B39CC A8F3B508 C1488AFC 67BE491A 0F7BA07E
581A0E48 49A5CF70 628A7E0A
Coordinate yB. 75DDBA78 F15FEECB 4C7895E2 C1CDF5FE 01DEBB2C
DBADF453 99CCF77B BA076A42
Encrypt the relevant values in each step.
Generate random number k. 4C62EEFD 6ECFC2B9 5B92FD6C 3D95...
Get QUOTATION in 1-minute: Click GB/T 32918.4-2016
Historical versions: GB/T 32918.4-2016
Preview True-PDF (Reload/Scroll if blank)
GB/T 32918.4-2016: Information security technology -- Public key cryptographic algorithm SM2 based on elliptic curves -- Part 4: Public key encryption algorithm
GB/T 32918.4-2016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Public key
cryptographic algorithm SM2 based on elliptic curves
- Part 4. Public key encryption algorithm
ISSUED ON. AUGUST 29, 2016
IMPLEMENTED ON. MARCH 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration Committee.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 6
2 Normative references ... 6
3 Terms and definitions ... 6
4 Symbols and abbreviations ... 7
5 Algorithm parameters and auxiliary functions... 7
6 Encryption algorithm and process ... 9
7 Decryption algorithm and process ... 12
Annex A (informative) Examples of message encryption and decryption ... 14
Bibliography ... 24
Information security technology - Public key
cryptographic algorithm SM2 based on elliptic curves
- Part 4. Public key encryption algorithm
1 Scope
This Part of GB/T 32918 specifies public key encryption algorithm of public key
cryptographic algorithm SM2 based on elliptic curves. It gives the message
encryption and decryption examples as well as the corresponding process.
This Part applies to message encryption and decryption in commercial
password applications. The sender of the message can encrypt the message
with the receiver’s public key. The receiver decrypts with the corresponding
private key to obtain the message.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 32918.1-2016, Information security techniques - Elliptic Curve public -
key cryptography - Part 1. General
GB/T 32905-2016, Information security technology SM3 cryptographic hash
algorithm
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1 secret key
in the cryptosystem, a key that is jointly owned by sender and receiver and not
known to a third party
3.2 message
any finite length of bit string
message.
5.2 Elliptic curve system parameters
The elliptic curve system parameters include the size q of the finite field Fq
(when q = 2m, it also includes the identification of the element representation
and the reduction polynomial), two elements a, b that define the equation
of the elliptic curve E(Fq), the base point G on E(Fq) is (xG, yG )(G≠O), where xG
and yG are two elements in Fq, the order n of G and other options (such as the
residual factor h of n, etc.)
Elliptic curve system parameters and their verification shall meet the
requirements of Clause 5 of GB/T 32918.1-2016.
5.3 User key pair
User B's key pair includes its private key dB and public key PB=[dB]G.
The generation algorithm of the user key pair and the public key verification
algorithm shall comply with the provisions of Clause 6 of GB/T 32918.1-2016.
5.4 Auxiliary function
5.4.1 General
The public key encryption algorithm based on elliptic curve specified in this Part
involves three types of auxiliary functions. cryptographic hash algorithm, key
derivation function and random number generator. The strength of these three
types of auxiliary functions directly affects the security of the encryption
algorithm.
5.4.2 Password hash algorithm
This Part specifies the use of password hash algorithms approved by the
National Cryptographic Authority, such as SM3 cryptographic hash algorithm.
5.4.3 Key derivation function
The key derivation function is used to derive key data from a shared secret bit
string. In the key negotiation process, the key derivation function acts on the
shared secret bit string obtained by the key exchange, and generates the
required session key or the key data required for further encryption.
The key derivation function needs to call the password hash algorithm.
Set the password hash algorithm to Hv ( ). Its output is a hash value of exactly
v bits in length.
Key derivation function KDF (Z, klen).
7 Decryption algorithm and process
7.1 Decryption algorithm
Set klen be the bit length of C2 in the ciphertext.
In order to decrypt the ciphertext C=C1 || C3 || C2, the user B as the decryptor
shall implement the following operation steps.
B1. Take the bit string C1 from C. Convert the data type of C1 to a point on the
elliptic curve according to the method given in 4.2.4 and 4.2.10 of GB/T
32918.1-2016. Verify whether C1 satisfies the elliptic curve equation. If not,
report an error and exit.
B2. Calculate the elliptic curve point S= [h]C1. If S is infinity, report an error and
exit.
B3. Calculate [dB]C1 = (x2, y2). Convert the data types of coordinates x2 and y2
into bit strings according to the methods given in 4.2.6 and 4.2.5 of GB/T
32918.1-2016.
B4. Calculate t = KDF (x2 || y2, klen). If it is an all 0-bit string, then an error is
reported and exited.
B5. Take the bit string C2 from C. Calculate .
B6. Calculate . Take the bit string C3 from C. If u≠C3,
report an error and exit.
B7. Output plaintext M'.
NOTE. See Annex A for an example of the decryption process.
7.2 Decryption algorithm flow
The decryption algorithm flow is shown in Figure 2.
Annex A
(informative)
Examples of message encryption and decryption
A.1 General
This appendix selects the password hash algorithm given in GB/T 32905-2016.
The input is a message bit string of length less than 264, and the output is a
hash value of 256 bits in length, denoted as H256 ( ).
In this appendix, all numbers in hexadecimal notation, high on the left and low
on the right.
In this appendix, the text is clearly encoded in GB/T 1988.
A.2 Elliptic curve’s message encryption and decryption on Fp
The elliptic curve equation is. y2=x3+ax+b
Example 1. Fp -192
Prime number p. BDB6F4FE 3E8B1D9E 0DA8C0D4 6F4C318C EFE4AFE3
B6B8551F
Coefficient a. BB8E5E8F BC115E13 9FE6A814 FE48AAA6 F0ADA1AA
5DF91985
Coefficient b. 1854BEBD C31B21B7 AEFC80AB 0ECD10D5 B1B3308E
6DBF11C1
Base point G = (xG, yG), whose order is n.
Coordinate xG. 4AD5F704 8DE709AD 51236DE6 5E4D4B48 2C836DC6
E4106640
Coordinate yG. 02BB3A02 D4AAADAC AE24817A 4CA3A1B0 14B52704
32DB27D2
Order n. BDB6F4FE 3E8B1D9E 0DA8C0D4 0FC96219 5DFAE76F 56564677
Message to be encrypted M. encryption standard
Hexadecimal representation of message M. 656E63 72797074 696F6E20
7374616E 64617264
Base point G = (xG, yG), whose order is n.
Coordinate xG. 421DEBD6 1B62EAB6 746434EB C3CC315E 32220B3B
ADD50BDC 4C4E6C14 7FEDD43D
Coordinate yG. 0680512B CBB42C07 D47349D2 153B70C4 E5D7FDFC
BFA36EA1 A85841B9 E46E09A2
Order n. 8542D69E 4C044F18 E8B92435 BF6FF7DD 29772063 0485628D
5AE74EE7 C32E79B7
Message to be encrypted M. encryption standard
Hexadecimal representation of message M. 656E63 72797074 696F6E20
7374616E 64617264
Private key dB. 1649AB77 A00637BD 5E2EFE28 3FBF3535 34AA7F7C
B89463F2 08DDBC29 20BB0DA0
Public key PB = (xB, yB).
Coordinate xB. 435B39CC A8F3B508 C1488AFC 67BE491A 0F7BA07E
581A0E48 49A5CF70 628A7E0A
Coordinate yB. 75DDBA78 F15FEECB 4C7895E2 C1CDF5FE 01DEBB2C
DBADF453 99CCF77B BA076A42
Encrypt the relevant values in each step.
Generate random number k. 4C62EEFD 6ECFC2B9 5B92FD6C 3D95...
Share
