GM/T 0044.3-2016 English PDF (GMT0044.3-2016)
GM/T 0044.3-2016 English PDF (GMT0044.3-2016)
Regular price
$150.00 USD
Regular price
Sale price
$150.00 USD
Unit price
/
per
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0044.3-2016
Historical versions: GM/T 0044.3-2016
Preview True-PDF (Reload/Scroll if blank)
GM/T 0044.3-2016: Identity-based cryptographic algorithms SM9 - Part 3: Key exchange protocol
GM/T 0044.3-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 55615-2016
Identity-based cryptographic algorithms SM9 -
Part 3. Key exchange protocol
ISSUED ON. MARCH 28, 2016
IMPLEMENTED ON. MARCH 28, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Symbols ... 7
5 Algorithm parameters and auxiliary functions ... 9
5.1 General ... 9
5.2 System parameter group ... 9
5.3 Generation of system encryption master key and user encryption key ... 9
5.4 Auxiliary functions ... 10
6 Key exchange protocol and flow .. 13
6.1 Key exchange protocol ... 13
6.2 Key exchange protocol flow ... 14
Foreword
GM/T 0044 “Identity-based cryptographic algorithms SM9” consists of five parts.
- Part 1. General;
- Part 2. Digital signature algorithm;
- Part 3. Key exchange protocol;
- Part 4. Key encapsulation mechanism and public key encryption algorithm;
- Part 5. Parameter definition.
This Part is Part 3 of GM/T 0044.
This Part was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Part was proposed by and shall be under the jurisdiction of Code Industry
Standardization Technical Committee.
Main drafting organizations of this Part. National Information Security
Engineering Center, Shenzhen Olym Information Security Technology Co., Ltd.,
Wuhan University, Shanghai Jiao Tong University, Institute of Information
Engineering of Chinese Academy of Sciences, North Institute of Information
Technology.
Main drafters of this Part. Chen Xiao, Cheng Zhaohui, Ye Dingfeng, Hu Lei,
Chen Jianhua, Lu Beike, Ji Qinguang, Cao Zhenfu, Yuan Wengong, Liu Ping,
Ma Ning, Yuan Feng, Li Zengxin, Wang Xuejin, Yang Hengliang, Zhang Qingpo,
Ma Yanli, Pu Yusan, Tang Ying, Sun Yisheng, An Xuan.
Identity-based cryptographic algorithms SM9 -
Part 3. Key exchange protocol
1 Scope
This Part of GM/T 0044 specifies the identity-based key exchange protocol
implemented using elliptic curve pairing and provides the corresponding flow.
This protocol enables both communication parties to obtain a shared secret key
jointly decided by both parties by calculation through the identity of the other
party and its own private key and through two or alternatively three information
transmission processes. This secret key may be used as the session key for
the symmetric cryptographic algorithm. Options in the protocol enable key
confirmation.
This Part is applicable to key management and agreement.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the dated edition cited applies. For
undated references, the latest edition of the referenced document (including all
amendments) applies.
GM/T 0004-2012 SM3 cryptographic hash algorithm
GM/T 0044.1-2016 Identity-based cryptographic algorithms SM9 - Part 1.
General
GM/T 0044.2-2016 Identity-based cryptographic algorithms SM9 - Part 2.
Digital signature algorithm
3 Terms and definitions
For the purpose of this document, the following terms and definitions apply.
3.1
key exchange
A scheme of exchanging keys securely between communicating entities, which
encryption master private key in combination with system parameters.
3.8
identity
Information that uniquely identifies an entity. The identity shall be composed of
information that the entity cannot deny, such as identifiable name, e-mail
address, ID number, phone number, street address, etc. of the entity.
3.9
key generation center; KGC
In this Part, a trusted authority responsible for selecting system parameters,
generating encryption master key and generating user encryption private key.
4 Symbols
For the purpose of this document, the following symbols apply.
A, B. two users using public key cryptographic system.
cf. remaining factor of elliptic curve order relative to N.
cid. identifier of curves represented by one byte, where 0x10 represents the
constant curve (i.e. non-super singular curve) on Fp (prime p > 2191), 0x11
represents the super singular curve on Fp and 0x12 represents the constant
curve on Fp and its twist curve.
deA. user A’s encryption private key.
deB. user B’s encryption private key.
e. bilinear pairing from G1 × G2 to GT.
eid. identifier of bilinear pairing e represented by one byte, where 0x01
represents the Tate pairing, 0x02 represents the Weil pairing, 0x03 represents
the Ate pairing and 0x04 represents the R-ate pairing.
GT. multiplication cyclic group with order of prime N.
G1. addition cyclic group with order of prime N.
G2. addition cyclic group with order of prime N.
gu. u subtasks of element g in multiplicative group GT, i.e. ݃௨ ൌ ݃ ∙ ݃ ∙ . ∙ ݃ᇣᇧᇧᇤᇧᇧᇥ
, u
5 Algorithm parameters and auxiliary functions
5.1 General
This Part specifies an identity-based key exchange protocol implemented using
elliptic curve pairing. The initiator user A and the responder user B who
participate in the key exchange each holds an identity and a corresponding
encryption private key, which is generated by the key generation center by
combining the encryption private key and the user's identity. User A and user B,
through interactive information transfer, use the identity and their respective
encryption private keys to agree on a secret key that only they know, and both
parties may have key conformation through options. The shared secret key is
usually used in a symmetric cryptographic algorithm. This key exchange
protocol can be used for key management and agreement.
5.2 System parameter group
The system parameter group consists of curve identifier cid; parameters of
elliptic curve base field Fq; parameters a and b of elliptic curve equation;
parameter β of twist curve (if the lower 4 bits of cid are 2); prime factor N of
curve order and remaining factor cf relative to N; number of embedding times
of curve E (Fq) relative to N; generator P1 of N order cyclic subgroup G1 of E
(Fqd1) (d1 divides k); generator P2 of N order cyclic subgroup G2 of E (Fqd2) (d2
divides k); identifier eid of bilinear pairing e; homomorphism map ψ of (options)
G2 to G1.
The range of the bilinear pairing e is N order multiplicative cyclic group GT.
For a detailed description of system parameters and their verification, see
Clause 7 of GM/T 0044.1-2016.
5.3 Generation of system encryption master key and user encryption key
KGC generates a random signature ke ∈ [1, N - 1] as the encryption master
private key. Calculate the element Ppub-e = [ke] P1 in G1 as the encryption master
public key. The encryption master key pairing is (ke, Ppub-e). KGC secretly saves
ke and publishes Ppub-s.
KGC selects and publishes the encryption private key generation function
identifier hid that is expressed by one byte.
The identity of user A and user B are IDA and IDB respectively. To generate the
encryption private key deA of user A, KGC first calculates t1 = H1 (IDA II hid, N)
+ ke on the finite field FN. If t1 = 0, it shall generate encryption private key,
calculate and public encryption master...
Get QUOTATION in 1-minute: Click GM/T 0044.3-2016
Historical versions: GM/T 0044.3-2016
Preview True-PDF (Reload/Scroll if blank)
GM/T 0044.3-2016: Identity-based cryptographic algorithms SM9 - Part 3: Key exchange protocol
GM/T 0044.3-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 55615-2016
Identity-based cryptographic algorithms SM9 -
Part 3. Key exchange protocol
ISSUED ON. MARCH 28, 2016
IMPLEMENTED ON. MARCH 28, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Symbols ... 7
5 Algorithm parameters and auxiliary functions ... 9
5.1 General ... 9
5.2 System parameter group ... 9
5.3 Generation of system encryption master key and user encryption key ... 9
5.4 Auxiliary functions ... 10
6 Key exchange protocol and flow .. 13
6.1 Key exchange protocol ... 13
6.2 Key exchange protocol flow ... 14
Foreword
GM/T 0044 “Identity-based cryptographic algorithms SM9” consists of five parts.
- Part 1. General;
- Part 2. Digital signature algorithm;
- Part 3. Key exchange protocol;
- Part 4. Key encapsulation mechanism and public key encryption algorithm;
- Part 5. Parameter definition.
This Part is Part 3 of GM/T 0044.
This Part was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Part was proposed by and shall be under the jurisdiction of Code Industry
Standardization Technical Committee.
Main drafting organizations of this Part. National Information Security
Engineering Center, Shenzhen Olym Information Security Technology Co., Ltd.,
Wuhan University, Shanghai Jiao Tong University, Institute of Information
Engineering of Chinese Academy of Sciences, North Institute of Information
Technology.
Main drafters of this Part. Chen Xiao, Cheng Zhaohui, Ye Dingfeng, Hu Lei,
Chen Jianhua, Lu Beike, Ji Qinguang, Cao Zhenfu, Yuan Wengong, Liu Ping,
Ma Ning, Yuan Feng, Li Zengxin, Wang Xuejin, Yang Hengliang, Zhang Qingpo,
Ma Yanli, Pu Yusan, Tang Ying, Sun Yisheng, An Xuan.
Identity-based cryptographic algorithms SM9 -
Part 3. Key exchange protocol
1 Scope
This Part of GM/T 0044 specifies the identity-based key exchange protocol
implemented using elliptic curve pairing and provides the corresponding flow.
This protocol enables both communication parties to obtain a shared secret key
jointly decided by both parties by calculation through the identity of the other
party and its own private key and through two or alternatively three information
transmission processes. This secret key may be used as the session key for
the symmetric cryptographic algorithm. Options in the protocol enable key
confirmation.
This Part is applicable to key management and agreement.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the dated edition cited applies. For
undated references, the latest edition of the referenced document (including all
amendments) applies.
GM/T 0004-2012 SM3 cryptographic hash algorithm
GM/T 0044.1-2016 Identity-based cryptographic algorithms SM9 - Part 1.
General
GM/T 0044.2-2016 Identity-based cryptographic algorithms SM9 - Part 2.
Digital signature algorithm
3 Terms and definitions
For the purpose of this document, the following terms and definitions apply.
3.1
key exchange
A scheme of exchanging keys securely between communicating entities, which
encryption master private key in combination with system parameters.
3.8
identity
Information that uniquely identifies an entity. The identity shall be composed of
information that the entity cannot deny, such as identifiable name, e-mail
address, ID number, phone number, street address, etc. of the entity.
3.9
key generation center; KGC
In this Part, a trusted authority responsible for selecting system parameters,
generating encryption master key and generating user encryption private key.
4 Symbols
For the purpose of this document, the following symbols apply.
A, B. two users using public key cryptographic system.
cf. remaining factor of elliptic curve order relative to N.
cid. identifier of curves represented by one byte, where 0x10 represents the
constant curve (i.e. non-super singular curve) on Fp (prime p > 2191), 0x11
represents the super singular curve on Fp and 0x12 represents the constant
curve on Fp and its twist curve.
deA. user A’s encryption private key.
deB. user B’s encryption private key.
e. bilinear pairing from G1 × G2 to GT.
eid. identifier of bilinear pairing e represented by one byte, where 0x01
represents the Tate pairing, 0x02 represents the Weil pairing, 0x03 represents
the Ate pairing and 0x04 represents the R-ate pairing.
GT. multiplication cyclic group with order of prime N.
G1. addition cyclic group with order of prime N.
G2. addition cyclic group with order of prime N.
gu. u subtasks of element g in multiplicative group GT, i.e. ݃௨ ൌ ݃ ∙ ݃ ∙ . ∙ ݃ᇣᇧᇧᇤᇧᇧᇥ
, u
5 Algorithm parameters and auxiliary functions
5.1 General
This Part specifies an identity-based key exchange protocol implemented using
elliptic curve pairing. The initiator user A and the responder user B who
participate in the key exchange each holds an identity and a corresponding
encryption private key, which is generated by the key generation center by
combining the encryption private key and the user's identity. User A and user B,
through interactive information transfer, use the identity and their respective
encryption private keys to agree on a secret key that only they know, and both
parties may have key conformation through options. The shared secret key is
usually used in a symmetric cryptographic algorithm. This key exchange
protocol can be used for key management and agreement.
5.2 System parameter group
The system parameter group consists of curve identifier cid; parameters of
elliptic curve base field Fq; parameters a and b of elliptic curve equation;
parameter β of twist curve (if the lower 4 bits of cid are 2); prime factor N of
curve order and remaining factor cf relative to N; number of embedding times
of curve E (Fq) relative to N; generator P1 of N order cyclic subgroup G1 of E
(Fqd1) (d1 divides k); generator P2 of N order cyclic subgroup G2 of E (Fqd2) (d2
divides k); identifier eid of bilinear pairing e; homomorphism map ψ of (options)
G2 to G1.
The range of the bilinear pairing e is N order multiplicative cyclic group GT.
For a detailed description of system parameters and their verification, see
Clause 7 of GM/T 0044.1-2016.
5.3 Generation of system encryption master key and user encryption key
KGC generates a random signature ke ∈ [1, N - 1] as the encryption master
private key. Calculate the element Ppub-e = [ke] P1 in G1 as the encryption master
public key. The encryption master key pairing is (ke, Ppub-e). KGC secretly saves
ke and publishes Ppub-s.
KGC selects and publishes the encryption private key generation function
identifier hid that is expressed by one byte.
The identity of user A and user B are IDA and IDB respectively. To generate the
encryption private key deA of user A, KGC first calculates t1 = H1 (IDA II hid, N)
+ ke on the finite field FN. If t1 = 0, it shall generate encryption private key,
calculate and public encryption master...