Standards about Elliptic Curve Crypto-systems
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S. Miller in 1985.
The generation of domain parameters is not usually done by each participant since this involves counting the number of points on a curve which is time-consuming and troublesome to implement. As a result several standard bodies published domain parameters of elliptic curves for several common field sizes.
Key sizes
In cryptography, key size or key length is the size (usually measured in bits or bytes) of the key used in a cryptographic algorithm (such as a cipher). An algorithm’s key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits. The security of an algorithm cannot exceed its key length (since any algorithm can be cracked by brute force), but it can be smaller.
PKI (Public Key Infrastructure)
Public Key Infrastructure (PKI) is a system that validates a user’s digital identity over a public or private network. It does so by associating a pair of public and private keys with the individual’s identity credentials. These keys are created with a cryptographic algorithm and shared by a certificate authority (CA) that links them to the user’s unique identity. The CA stores this information in a database and issues digital certificates, which include the public key or information about the public keys, in order to verify the user’s identity.
PKI solutions use public and private keys and their certificates correspond with software applications, encryption technologies, processes and services that enable secure communication and business transactions. In PKI systems, the private key is maintained by the end user. The public key is available as part of a digital certificate within a directory that can be freely accessed. The private key remains secure and is not transmitted over the network. It is used to:
- Authenticate – for certificate-based authentication, the private key is used to generate a digital certificate that is sent to an authentication server. When it is received, the certificate is decrypted with the user’s public key to validate the login credentials.
- Encrypt – a message or document can be encrypted with the intended recipient’s public key that is obtained and sent from a public directory. Only the intended recipient can decrypt the information with his or her matching private key.
- Digitally sign – a digital signature for a message, document or transaction is created with the user’s private key, encrypted and attached to the signed contents. When the contents are received, the signature is decrypted along with the user’s public key to validate the sender’s identity.
- This technology offers a range of security features for the enterprise, including authentication, confidentiality and non-repudiation. PKI applications for end-users also provide network and workstation login, secure remote access, single sign-on, email encryption, secure data storage, digital signatures and secure online transactions.
What is a certificate authority?
Note: A CA can also be a server that is used to issue digital certificates (either onto user’s smart cards, or as soft certificates like the Web server SSL certificates).
Efficient cryptographic implementations
Implementing crypto algorithms require to perform arithmetic/algebraic operations efficiently. RSA, typically, requires modular arithmetics over large numbers which cannot run efficiently on an 8-bit CPU. Elliptic curve operations on points also requires slow arithmetic operations. Efficient implementations techniques provide, in these contexts and many others, fast and optimized algorithms for increased performance.
PKCS Standards
The Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. First published in 1991 as a result of meetings with a small group of early adopters of public-key technology, the PKCS documents have become widely referenced and implemented. Contributions from the PKCS series have become part of many formal and de facto standards, including ANSI X9 documents, PKIX, SET, S/MIME, and SSL.
White-box cryptography
In traditional cryptography, a black-box attack describes the situation where the attacker tries to obtain the cryptographic key by knowing the algorithm and monitoring the inputs and outputs, but without the execution being visible. White-box cryptography addresses the much more severe threat model where the attacker can observe everything, can access all aspects of the target system/application, and may have the black-box knowledge of the crypto algorithm.
mPBOC 3.0 specification
This specification was announced by China Union Pay(CUP) in June 2013. it is upgrade version of mPBOC 2.0, published in 2012, and based on PBOC 3.0 specification.
This specification describes the technical requirements for finical application in mobile payment. The Application include: PBOC flow in mobile payment, mobile PIN, Script commands and mobile payment related tags. This specification does not include wallet application part.
PBOC 3.0 JR/T 0025.3-2013 replace JR/T 0025.2-2010
This specification is announced by PBOC (The People’s Bank of China) in 15th Jan 2013. It describes the technical requirements for finical application issued by banks in China, both for contact interface and contactless interface and based on EMV core.
The PBOC specification also involves Chinese local arithmetic SM1/SM2/SM3/SM4 for application.