IEEE 1363.3 2013
$86.67
IEEE Standard for Identity-Based Cryptographic Techniques using Pairings
| Published By | Publication Date | Number of Pages |
| IEEE | 2013 | 151 |
New IEEE Standard – Active. Common identity-based public-key cryptographic techniques that use pairings, including mathematical primitives for secret value (key) derivation, public-key encryption, and digital signatures, as well as cryptographic schemes based on those primitives are specified in this standard. Also, related cryptographic parameters, public keys and private keys, are specified. The purpose of this standard is to provide a reference for specifications of a variety of techniques from which applications may select.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 1 | IEEE Std 1363.3-2013 Front Cover |
| 3 | Title Page |
| 4 | Abstract/Keywords |
| 5 | Important Notices and Disclaimers Concerning IEEE Standards Documents |
| 8 | Participants |
| 10 | Introduction |
| 11 | Contents |
| 13 | IMPORTANT NOTICE 1. Overview 1.1 Scope 1.2 Purpose |
| 14 | 1.3 Organization of the document 1.3.1 Structure of the main document 1.3.2 Structure of the annexes |
| 15 | 2. Normative references 3. Definitions |
| 19 | 4. Types of cryptographic techniques 4.1 General model |
| 20 | 4.2 Primitives |
| 21 | 4.3 Schemes |
| 22 | 4.4 Table summary |
| 23 | 5. Mathematical conventions 5.1 Mathematical notation |
| 25 | 5.2 Bit strings and octet strings 5.3 Finite fields |
| 26 | 5.3.1 Prime finite fields 5.3.2 Odd characteristic extension fields 5.3.3 Binary finite fields |
| 27 | 5.3.4 Ternary finite fields 5.3.5 Unitary extension fields |
| 28 | 5.4 Elliptic curves and points 5.5 Pairings 5.6 Data type conversion |
| 29 | 5.6.1 Converting between integers and bit strings: I2BSP and BS2IP 5.6.2 Converting between bit strings and octet strings: BS2OSP and OS2BSP 5.6.3 Converting between integers and octet strings: I2OSP and OS2IP |
| 30 | 5.6.4 Converting between finite field elements and octet strings: FE2OSP and OS2FEP 5.6.5 Converting between finite field elements and integers: FE2IP and I2FEP |
| 31 | 5.6.6 Converting between elliptic curve points and octet strings 5.6.6.1 Compressed elliptic curve points 5.6.6.1.1 LSB compressed form 5.6.6.1.2 SORT compressed form |
| 32 | 5.6.6.2 Two-coordinate point representations |
| 33 | 5.6.6.2.1 Uncompressed representation: EC2OSPXY and OS2ECPXY 5.6.6.2.2 LSB compressed representation: EC2OSPXL and OS2ECPXL 5.6.6.2.3 SORT compressed representation: EC2OSPXS and OS2ECPXS 5.6.6.2.4 LSB hybrid representation: EC2OSPXYL and OS2ECPXYL |
| 34 | 5.6.6.2.5 SORT hybrid representation: EC2OSPXYS and OS2ECPXYS 5.6.6.3 X-coordinate-only representation: EC2OSPX and OS2ECPX 5.6.6.4 Summary of representations |
| 35 | 6. Hashing primitives 6.1 Hashing to an integer 6.1.1 The function of IHF1 |
| 36 | 6.2 Hashing to a string 6.2.1 Function of SHF1 |
| 37 | 6.3 Hashing to a point in a subgroup 6.3.1 General 6.3.2 Function of PHF-SS |
| 38 | 6.3.3 Function of PHF-GFP |
| 39 | 6.3.4 Function of PHF-GF2 |
| 40 | 6.3.5 Function of PHF-GF3 |
| 41 | 6.4 Hashing to an element of a finite field 6.4.1 Hashing to an element of a finite field: Function of BS2FQE |
| 42 | 7. Pairing-based primitives 7.1 General 7.2 SK primitives |
| 43 | 7.2.1 SK: Generation (P-SK-G) 7.2.2 SK: Verification (P-SK-V) |
| 44 | 7.2.3 SK: Encryption (P-SK-E) 7.2.4 SK: Decryption (P-SK-D) |
| 45 | 7.3 BB1 primitives 7.3.1 General 7.3.2 BB1: Generation (P-BB1-G) |
| 46 | 7.3.3 BB1: Verification (P-BB1-V) 7.3.4 BB1: Encryption (P-BB1-E) |
| 47 | 7.3.5 BB1: Decryption (P-BB1-D) |
| 48 | 7.4 BF primitives 7.4.1 General 7.4.2 BF: Generation (P-BF-G) |
| 49 | 7.4.3 BF: Verification (P-BF-V) 7.4.4 BF: Encryption (P-BF-E) |
| 50 | 7.4.5 BF: Decryption (P-BF-D) 7.5 SCC key agreement primitives 7.5.1 Pairing-based SCC key agreement: Derive secret value (P-SCC-D1) |
| 51 | 8. Identity-based encryption schemes |
| 52 | 8.1 SK KEM scheme |
| 53 | 8.1.1 SK KEM: Setup (SK-KEM-S) 8.1.2 SK KEM: Extract (SK-KEM-EX) 8.1.3 SK KEM: Encapsulate (SK-KEM-EN) |
| 54 | 8.1.4 SK KEM: Decapsulate (SK-KEM-DE) 8.2 BB1 KEM scheme 8.2.1 BB1 KEM: Setup (BB1-KEM-S) |
| 55 | 8.2.2 BB1 KEM: Extract (BB1-KEM-EX) 8.2.3 BB1 KEM: Encapsulate (BB1-KEM-EN) 8.2.4 BB1 KEM: Decapsulate (BB1-KEM-DE) |
| 56 | 8.3 BB1 IBE scheme 8.3.1 BB1 IBE: Setup (BB1-IBE-S) |
| 57 | 8.3.2 BB1 IBE: Extract (BB1-IBE-EX) 8.3.3 BB1 IBE: Encrypt (BB1-IBE-EN) 8.3.4 BB1 IBE: Decrypt (BB1-IBE-DE) |
| 58 | 8.4 BF IBE scheme 8.4.1 BF IBE: Setup (BF-IBE-S) |
| 59 | 8.4.2 BF IBE: Extract (BF-IBE-EX) 8.4.3 BF IBE: Encrypt (BF-IBE-EN) 8.4.4 BF IBE: Decrypt (BF-IBE-DE) |
| 60 | 9. Identity-based signature schemes 9.1 BLMQ signature scheme 9.1.1 General 9.1.2 BLMQ signature: Setup (BLMQ-SIG-S) |
| 61 | 9.1.3 BLMQ signature: Extract (BLMQ-SIG-EX) 9.1.4 BLMQ signature: Create signature (BLMQ-SIG-SI) |
| 62 | 9.1.5 BLMQ signature: Verify signature (BLMQ-SIG-VE) 10. Identity-based signcryption schemes 10.1 BLMQ signcryption scheme |
| 63 | 10.1.1 BLMQ signcryption: Setup (BLMQ-SC-S) 10.1.2 BLMQ signcryption: Extract (BLMQ-SC-EX) 10.1.3 BLMQ signcryption: Sign and encrypt (BLMQ-SC-SE) |
| 64 | 10.1.4 BLMQ signcryption: Decrypt and verify (BLMQ-SC-DV) |
| 65 | 11. Identity-based key agreement schemes |
| 66 | 11.1 Wang key agreement scheme 11.1.1 Wang key agreement: Derive public key (WKA-KA-D1) |
| 67 | 11.1.2 Wang key agreement: Derive private key (WKA-KA-D2) 11.1.3 Wang key agreement: Verification (WKA-KA-V) |
| 68 | 11.1.4 Wang key agreement: Derive secret value (WKA-KA-D3) |
| 69 | 11.1.5 Wang key agreement: Generate shared secrets (WKA-KA-G) 11.2 SCC key agreement scheme |
| 70 | 11.2.1 SCC key agreement: Generate shared secrets (SCC-KA-G) |
| 71 | Annex A (informative) Number-theoretic background A.1 Integer and modular arithmetic: Overview A.1.1 Modular arithmetic A.1.1.1 Modular reduction |
| 72 | A.1.1.2 Integers modulo m A.1.1.3 Modular exponentiation A.1.1.4 GCDs and LCMs |
| 73 | A.1.1.5 Modular division A.1.2 Prime finite fields A.1.2.1 Field GF(p) A.1.2.2 Orders A.1.2.3 Generators A.1.2.4 Exponentiation and discrete logarithms |
| 74 | A.1.3 Modular square roots A.1.3.1 Legendre symbol A.1.3.2 Square roots modulo a prime A.2 Integer and modular arithmetic: Algorithms A.2.1 Modular exponentiation |
| 75 | A.2.2 Extended Euclidean algorithm A.2.3 Evaluating Legendre symbols |
| 76 | A.2.4 Generating Lucas sequences A.2.5 Finding square roots modulo a prime |
| 77 | A.2.6 Finding square roots modulo a power of 2 |
| 78 | A.2.7 Computing the order of a given integer modulo a prime A.2.8 Constructing an integer of a given order modulo a prime A.3 Extension fields: Overview A.3.1 Finite fields |
| 79 | A.3.2 Polynomials over finite fields A.3.2.1 Polynomial congruences |
| 80 | A.3.3 Extension fields A.3.3.1 Addition A.3.3.2 Multiplication A.3.4 Polynomial basis representations |
| 81 | A.3.5 Extension fields (continued) A.3.5.1 Exponentiation A.3.5.2 Division A.3.5.3 Orders A.3.5.4 Generators A.3.5.5 Exponentiation and discrete logarithms |
| 82 | A.3.5.6 Field extensions A.4 Extension fields: Algorithms A.4.1 Exponentiation A.4.2 Division |
| 83 | A.4.3 Squares A.4.4 Square roots A.4.5 Trace in binary field extension |
| 84 | A.4.6 Half-trace in binary fields A.4.7 Solving quadratic equations over GF(2m) |
| 85 | A.4.8 Trace in ternary field extensions A.4.9 The 1/3-trace in ternary fields |
| 86 | A.4.10 Solving cubic equations over GF(3m) A.5 Polynomials over a finite field A.5.1 Exponentiation modulo a polynomial A.5.2 GCDs over a finite field |
| 87 | A.5.3 Factoring polynomials over GF(p) (special case) A.5.4 Factoring polynomials over GF(2) (special case) |
| 88 | A.5.5 Checking polynomials over GF(2r) for irreducibility A.5.6 Finding a root in GF(2m) of an irreducible binary polynomial A.5.7 Embedding in an extension field |
| 89 | A.6 Elliptic curves: Overview A.6.1 Introduction A.6.1.1 The Weierstrass equation |
| 90 | A.6.1.2 Orders |
| 91 | A.6.1.3 Pairings A.6.1.4 Twists |
| 92 | A.6.2 Operations on elliptic curves A.6.2.1 The point at infinity |
| 93 | A.6.2.2 Full addition A.6.2.3 Scalar multiplication A.6.3 Curve orders A.6.3.1 Basic facts |
| 94 | A.6.3.2 Near primality A.6.4 Representation of points A.6.4.1 Affine coordinates A.6.4.2 Coordinate compression A.6.4.3 Projective coordinates |
| 95 | A.7 Elliptic curves: General algorithms A.7.1 Full addition and subtraction (prime case) |
| 96 | A.7.2 Full addition and subtraction (binary case) A.7.3 Full addition and subtraction (supersingular curves in characteristic 2) |
| 97 | A.7.4 Elliptic scalar multiplication A.7.5 Projective elliptic doubling (prime case) |
| 98 | A.7.6 Projective elliptic addition (prime case) |
| 100 | A.7.7 Projective elliptic doubling (binary case) |
| 101 | A.7.8 Projective elliptic addition (binary case) |
| 103 | A.7.9 Projective full addition and subtraction |
| 104 | A.7.10 Projective elliptic scalar multiplication A.7.11 Decompression of y coordinates (prime case) |
| 105 | A.7.12 Decompression of y coordinates (binary case) A.7.13 Decompression of y coordinates (ternary case) A.7.14 Finding a random point on an elliptic curve (prime case) |
| 106 | A.7.15 Finding a random point on an elliptic curve (binary case) A.7.16 Finding a random point on an elliptic curve (ternary case) |
| 107 | A.7.17 Finding a point of large prime order A.7.18 Curve orders over small binary fields A.7.19 Curve orders over extension fields |
| 108 | A.7.20 Curve orders via subfields A.8 Class group calculations A.8.1 Overview |
| 109 | A.8.2 Class group and class number |
| 110 | A.8.3 Reduced class polynomials |
| 112 | A.9 Complex multiplication A.9.1 Overview |
| 113 | A.9.2 Finding a nearly prime order over GF(p) A.9.2.1 Congruence conditions |
| 114 | A.9.2.2 Testing for CM discriminants (prime case) |
| 115 | A.9.2.3 Finding a nearly prime order (prime case) |
| 116 | A.9.3 Constructing a curve and point (prime case) A.9.3.1 Constructing a curve with prescribed CM (prime case) |
| 118 | A.9.3.2 Choosing the curve and point (prime case) A.10 Pairings for cryptography |
| 119 | A.10.1 Pairing-friendly elliptic curves A.10.2 Curve families A.10.2.1 Type 1 (E supersingular) |
| 120 | A.10.2.2 Type 2 (E ordinary) A.10.2.3 Type 3 (E ordinary) A.10.3 The Miller loop |
| 121 | A.10.4 Pairing calculations A.10.5 Pairings A.10.5.1 Tate A.10.5.2 Eta |
| 122 | A.10.5.3 Ate A.10.5.4 R-Ate A.11 Elliptic curves for pairing-based cryptography A.11.1 Super-singular curves A.11.1.1 Super-singular curves with embedding degree 2 |
| 133 | Annex B (normative) Conformance B.1 General model |
| 134 | B.2 Conformance requirements |
| 136 | B.3 Examples B.3.1 BF IBE |
| 137 | B.3.2 BB1 KEM |
| 138 | Annex C (informative) Rationale C.1 General C.1.1 Why are so many cryptographic techniques defined in this document? C.1.2 How were the decisions made regarding the inclusion of individual schemes? C.1.3 What is the basis for believing that the schemes defined in this document are secure? |
| 139 | Annex D (informative) Security considerations D.1 Introduction D.2 Cryptographic security D.3 Server secret protection |
| 140 | Annex E (informative) Formats E.1 Overview E.2 Representing basic data types as octet strings |
| 141 | E.2.1 Integers (I2OSP and OS2IP) E.2.2 Finite field elements (FE2OSP and OS2FEP) E.2.3 Elliptic curve points (EC2OSP and OS2ECP) E.2.4 Polynomials over GF(p), p ( 2 (PN2OSP and OS2PNP) |
| 143 | Annex F (informative) Bibliography |
Related products
-
IEEE 1363.3-2013
IEEE Standard for Identity-Based Cryptographic Techniques using Pairings Published By Publication Date Number of Pages…
-
IEEE 1363.3-2013
IEEE Standard for Identity-Based Cryptographic Techniques using Pairings Published By Publication Date Number of Pages…
