Internet Engineering Task Force (IETF) D. Fu
Request for Comments: 5903 J. Solinas
Obsoletes: 4753 NSA
Category: Informational June 2010
ISSN: 2070-1721
Internet Engineering Task Force (IETF) D. Fu
Request for Comments: 5903 J. Solinas
Obsoletes: 4753 NSA
Category: Informational June 2010
ISSN: 2070-1721
Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2
IKE和IKEv2的模a素的椭圆曲线群(ECP群)
Abstract
摘要
This document describes three Elliptic Curve Cryptography (ECC) groups for use in the Internet Key Exchange (IKE) and Internet Key Exchange version 2 (IKEv2) protocols in addition to previously defined groups. These groups are based on modular arithmetic rather than binary arithmetic. These groups are defined to align IKE and IKEv2 with other ECC implementations and standards, particularly NIST standards. In addition, the curves defined here can provide more efficient implementation than previously defined ECC groups. This document obsoletes RFC 4753.
本文档描述了三个椭圆曲线密码(ECC)组,除先前定义的组外,还用于Internet密钥交换(IKE)和Internet密钥交换版本2(IKEv2)协议。这些组基于模运算而不是二进制运算。这些组的定义是使IKE和IKEv2与其他ECC实施和标准,特别是NIST标准保持一致。此外,此处定义的曲线可以提供比以前定义的ECC组更有效的实现。本文件废除了RFC 4753。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5903.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc5903.
Copyright Notice
版权公告
Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2010 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................3
2. Requirements Terminology ........................................4
3. Additional ECC Groups ...........................................4
3.1. 256-Bit Random ECP Group ...................................4
3.2. 384-Bit Random ECP Group ...................................5
3.3. 521-Bit Random ECP Group ...................................6
4. Security Considerations .........................................7
5. Alignment with Other Standards ..................................7
6. IANA Considerations .............................................7
7. ECP Key Exchange Data Formats ...................................8
8. Test Vectors ....................................................9
8.1. 256-Bit Random ECP Group ...................................9
8.2. 384-Bit Random ECP Group ..................................10
8.3. 521-Bit Random ECP Group ..................................11
9. Changes from RFC 4753 ..........................................13
10. References ....................................................13
10.1. Normative References .....................................13
10.2. Informative References ...................................14
1. Introduction ....................................................3
2. Requirements Terminology ........................................4
3. Additional ECC Groups ...........................................4
3.1. 256-Bit Random ECP Group ...................................4
3.2. 384-Bit Random ECP Group ...................................5
3.3. 521-Bit Random ECP Group ...................................6
4. Security Considerations .........................................7
5. Alignment with Other Standards ..................................7
6. IANA Considerations .............................................7
7. ECP Key Exchange Data Formats ...................................8
8. Test Vectors ....................................................9
8.1. 256-Bit Random ECP Group ...................................9
8.2. 384-Bit Random ECP Group ..................................10
8.3. 521-Bit Random ECP Group ..................................11
9. Changes from RFC 4753 ..........................................13
10. References ....................................................13
10.1. Normative References .....................................13
10.2. Informative References ...................................14
This document describes default Diffie-Hellman groups for use in IKE and IKEv2 in addition to the Oakley Groups included in [IKE] and the additional groups defined since [IANA-IKE]. This document assumes that the reader is familiar with the IKE protocol and the concept of Oakley Groups, as defined in RFC 2409 [IKE].
除了[IKE]中包含的Oakley组和自[IANA-IKE]以来定义的其他组之外,本文档还描述了在IKE和IKEv2中使用的默认Diffie-Hellman组。本文档假设读者熟悉RFC 2409[IKE]中定义的IKE协议和Oakley组的概念。
RFC 2409 [IKE] defines five standard Oakley Groups: three modular exponentiation groups and two elliptic curve groups over GF[2^N]. One modular exponentiation group (768 bits - Oakley Group 1) is mandatory for all implementations to support, while the other four are optional. Nineteen additional groups subsequently have been defined and assigned values by IANA. All of these additional groups are optional.
RFC 2409[IKE]定义了五个标准Oakley群:GF[2^N]上的三个模幂群和两个椭圆曲线群。所有实现都必须支持一个模块化求幂组(768位-Oakley组1),而其他四个是可选的。IANA随后定义了另外19个组并为其赋值。所有这些附加组都是可选的。
The purpose of this document is to expand the options available to implementers of elliptic curve groups by adding three ECP groups (elliptic curve groups modulo a prime). The reasons for adding such groups include the following.
本文档的目的是通过添加三个ECP组(模素数的椭圆曲线组),扩展椭圆曲线组实现者可用的选项。添加此类组的原因包括以下几点。
- The groups proposed afford efficiency advantages in software applications since the underlying arithmetic is integer arithmetic modulo a prime rather than binary field arithmetic. (Additional computational advantages for these groups are presented in [GMN].)
- 由于底层算法是模素数的整数算法,而不是二进制字段算法,因此所提出的组在软件应用中具有效率优势。(这些组的其他计算优势见[GMN]。)
- The groups proposed encourage alignment with other elliptic curve standards. The proposed groups are among those standardized by NIST, the Standards for Efficient Cryptography Group (SECG), ISO, and ANSI. (See Section 5 for details.)
- 提议的团体鼓励与其他椭圆曲线标准保持一致。提议的组是由NIST、高效密码标准组(SECG)、ISO和ANSI标准化的组之一。(详见第5节。)
- The groups proposed are capable of providing security consistent with the Advanced Encryption Standard [AES].
- 建议的组能够提供与高级加密标准[AES]一致的安全性。
In summary, due to the performance advantages of elliptic curve groups in IKE implementations and the need for further alignment with other standards, this document defines three elliptic curve groups based on modular arithmetic.
综上所述,由于椭圆曲线组在IKE实现中的性能优势以及需要进一步与其他标准保持一致,本文基于模运算定义了三个椭圆曲线组。
These groups were originally proposed in [RFC4753]. This document changes the format of the shared key produced by a Diffie-Hellman exchange using these groups. The shared key format used in this specification appeared earlier as an erratum to RFC 4753 [Err9], but some implementors of RFC 4753 were unaware of the erratum and did not implement the correction. Implementations of RFC 4753 that incorporate the correction are interoperable with implementations of this specification. However, there is a potential for interoperability problems between implementations of this
这些组最初在[RFC4753]中提出。本文档使用这些组更改Diffie-Hellman交换生成的共享密钥的格式。本规范中使用的共享密钥格式在早些时候作为RFC 4753的勘误表[Err9]出现,但RFC 4753的一些实现者不知道勘误表,并且没有实现更正。包含修正的RFC 4753的实现可与本规范的实现互操作。然而,在该应用程序的实现之间可能存在互操作性问题
specification and implementations of RFC 4753 that did not implement the correction from the erratum. These problems could be difficult to detect and analyze since both use the same code point but the secret value (which is probably not available to the trouble desk) is computed differently. Where peers are not interoperable, the initiator will never receive a response and eventually times out.
未实施勘误表修正的RFC 4753规范和实施。这些问题可能很难检测和分析,因为两者都使用相同的代码点,但秘密值(故障处理人员可能无法使用)的计算方式不同。当对等点不可互操作时,启动器将永远不会收到响应,并最终超时。
Section 9 provides more details of the changes from [RFC4753]. This document obsoletes RFC 4753 and addresses the erratum.
第9节提供了[RFC4753]变更的更多细节。本文件废除了RFC 4753,并对勘误表进行了说明。
The key words "MUST" and "SHOULD" that appear in this document are to be interpreted as described in [RFC2119].
本文件中出现的关键词“必须”和“应该”应按照[RFC2119]中所述进行解释。
The notation adopted in RFC 2409 [IKE] is used below to describe the groups proposed.
下文使用RFC 2409[IKE]中采用的符号来描述提议的组。
IKE and IKEv2 implementations SHOULD support an ECP group with the following characteristics. The curve is based on the integers modulo the generalized Mersenne prime p given by:
IKE和IKEv2实现应支持具有以下特征的ECP组。该曲线基于广义梅森素数p模的整数,由下式给出:
p = 2^(256)-2^(224)+2^(192)+2^(96)-1
p = 2^(256)-2^(224)+2^(192)+2^(96)-1
The equation for the elliptic curve is:
椭圆曲线的方程为:
y^2 = x^3 - 3 x + b
y^2 = x^3 - 3 x + b
Field Size: 256
字段大小:256
Group Prime/Irreducible Polynomial: FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFF
群素数/不可约多项式:FFFFFF00000001 00000000 00000000 FFFFFFFFFFFFFFFFFF
Group Curve b: 5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604B
组别曲线b:5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BE3C3E 27D2604B
Group Order: FFFFFFFF 00000000 FFFFFFFF FFFFFFFF BCE6FAAD A7179E84 F3B9CAC2 FC632551
集团订单:FFFFFFFF00000000 FFFFFFFFFFFFFFFFBCE6FAAD A7179E84 F3B9CAC2 FC632551
The group was chosen verifiably at random using SHA-1 as specified in [IEEE-1363] from the seed:
使用[IEEE-1363]中规定的SHA-1从种子中随机选择该组:
C49D3608 86E70493 6A6678E1 139D26B7 819F7E90
C49D3608 86E70493 6A6678E1 139D26B7 819F7E90
The generator for this group is given by g=(gx,gy) where:
该组的生成器由g=(gx,gy)给出,其中:
gx: 6B17D1F2 E12C4247 F8BCE6E5 63A440F2 77037D81 2DEB33A0 F4A13945 D898C296
gx:6B17D1F2 E12C4247 F8BCE6E5 63A440F2 77037D81 2DEB33A0 F4A13945 D898C296
gy: 4FE342E2 FE1A7F9B 8EE7EB4A 7C0F9E16 2BCE3357 6B315ECE CBB64068 37BF51F5
gy:4FE342E2 FE1A7F9B 8EE7EB4A 7C0F9E16 2BCE3357 6B315ECE CBB64068 37BF51F5
IKE and IKEv2 implementations SHOULD support an ECP group with the following characteristics. The curve is based on the integers modulo the generalized Mersenne prime p given by:
IKE和IKEv2实现应支持具有以下特征的ECP组。该曲线基于广义梅森素数p模的整数,由下式给出:
p = 2^(384)-2^(128)-2^(96)+2^(32)-1
p = 2^(384)-2^(128)-2^(96)+2^(32)-1
The equation for the elliptic curve is:
椭圆曲线的方程为:
y^2 = x^3 - 3 x + b
y^2 = x^3 - 3 x + b
Field Size: 384
字段大小:384
Group Prime/Irreducible Polynomial: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFFFF 00000000 00000000 FFFFFFFF
群素数/不可约多项式:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Group Curve b: B3312FA7 E23EE7E4 988E056B E3F82D19 181D9C6E FE814112 0314088F 5013875A C656398D 8A2ED19D 2A85C8ED D3EC2AEF
组曲线b:B3312FA7 E23EE7E4 988E056B E3F82D19 181D9C6E FE814112 0314088F 5013875A C656398D 8A2ED19D 2A85C8ED D3EC2AEF
Group Order: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF C7634D81 F4372DDF 581A0DB2 48B0A77A ECEC196A CCC52973
组顺序:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81 F4372DDF 581A0DB2 48B0A77A ECEC196A CCC52973
The group was chosen verifiably at random using SHA-1 as specified in [IEEE-1363] from the seed:
使用[IEEE-1363]中规定的SHA-1从种子中随机选择该组:
A335926A A319A27A 1D00896A 6773A482 7ACDAC73 The generator for this group is given by g=(gx,gy) where:
A335926A A319A27A 1D00896A 6773A482 7ACDAC73此组的发电机由g=(gx,gy)给出,其中:
gx: AA87CA22 BE8B0537 8EB1C71E F320AD74 6E1D3B62 8BA79B98 59F741E0 82542A38 5502F25D BF55296C 3A545E38 72760AB7
gx:AA87CA22 BE8B0537 8EB1C71E F320AD74 6E1D3B62 8BA79B98 59F741E0 82542A38 5502F25D BF55296C 3A545E38 72760AB7
gy: 3617DE4A 96262C6F 5D9E98BF 9292DC29 F8F41DBD 289A147C E9DA3113 B5F0B8C0 0A60B1CE 1D7E819D 7A431D7C 90EA0E5F
gy:3617DE4A 96262C6F 5D9E98BF 9292DC29 F8F41DBD 289A147C E9DA3113 B5F0B8C0 0A60B1CE 1D7E819D 7A431D7C 90EA0E5F
IKE and IKEv2 implementations SHOULD support an ECP group with the following characteristics. The curve is based on the integers modulo the Mersenne prime p given by:
IKE和IKEv2实现应支持具有以下特征的ECP组。该曲线基于以下公式给出的梅森素数p的整数模:
p = 2^(521)-1
p=2^(521)-1
The equation for the elliptic curve is:
椭圆曲线的方程为:
y^2 = x^3 - 3 x + b
y^2 = x^3 - 3 x + b
Field Size: 521
字段大小:521
Group Prime/Irreducible Polynomial: 01FFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFF
群素数/不可约多项式:01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Group Curve b: 0051953E B9618E1C 9A1F929A 21A0B685 40EEA2DA 725B99B3 15F3B8B4 89918EF1 09E15619 3951EC7E 937B1652 C0BD3BB1 BF073573 DF883D2C 34F1EF45 1FD46B50 3F00
组曲线b:0051953E B9618E1C 9A1F929A 21A0B685 40EEA2DA 725B99B3 15F3B8B4 89918EF1 09E15619 3951EC7E 937B1652 C0BD3BB1 BF073573 DF883D2C 34F1EF45 1FD46B50 3F00
Group Order: 01FFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFA5186 8783BF2F 966B7FCC 0148F709 A5D03BB5 C9B8899C 47AEBB6F B71E9138 6409
集团订单:01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA5186 8783BF2F 966B7FCC 0148F709 A5D03BB5 C9B8899C 47AEBB6F B71E9138 6409
The group was chosen verifiably at random using SHA-1 as specified in [IEEE-1363] from the seed:
使用[IEEE-1363]中规定的SHA-1从种子中随机选择该组:
D09E8800 291CB853 96CC6717 393284AA A0DA64BA
D09E8800 291CB853 96CC6717 393284AA A0DA64BA
The generator for this group is given by g=(gx,gy) where:
该组的生成器由g=(gx,gy)给出,其中:
gx: 00C6858E 06B70404 E9CD9E3E CB662395 B4429C64 8139053F B521F828 AF606B4D 3DBAA14B 5E77EFE7 5928FE1D C127A2FF A8DE3348 B3C1856A 429BF97E 7E31C2E5 BD66
gx:00C6858E 06B70404 E9CD9E3E CB662395 B4429C64 8139053F B521F828 AF606B4D 3DBAA14B 5E77EFE7 5928FE1D C127A2FF A8DE3348 B3C1856A 429BF97E 7E31C2E5 BD66
gy: 01183929 6A789A3B C0045C8A 5FB42C7D 1BD998F5 4449579B 446817AF BD17273E 662C97EE 72995EF4 2640C550 B9013FAD 0761353C 7086A272 C24088BE 94769FD1 6650
gy:01183929 6A789A3B C0045C8A 5FB42C7D 1BD998F5 4449579B 446817AF BD17273E 662C97EE 72995EF4 2640C550 B9013FAD 0761353C 7086A272 C24088BE 94769FD1 6650
Since this document proposes groups for use within IKE and IKEv2, many of the security considerations contained within [IKE] and [IKEv2] apply here as well.
由于本文档建议在IKE和IKEv2中使用组,[IKE]和[IKEv2]中包含的许多安全注意事项也适用于此处。
The groups proposed in this document correspond to the symmetric key sizes 128 bits, 192 bits, and 256 bits. This allows the IKE key exchange to offer security comparable with the AES algorithms [AES].
本文档中建议的组对应于对称密钥大小128位、192位和256位。这允许IKE密钥交换提供与AES算法[AES]相当的安全性。
The following table summarizes the appearance of these three elliptic curve groups in other standards.
下表总结了这三个椭圆曲线组在其他标准中的外观。
256-Bit 384-Bit 521-Bit
Random Random Random
Standard ECP Group ECP Group ECP Group
----------- ------------ ------------ ------------
256-Bit 384-Bit 521-Bit
Random Random Random
Standard ECP Group ECP Group ECP Group
----------- ------------ ------------ ------------
NIST [DSS] P-256 P-384 P-521
NIST[DSS]P-256 P-384 P-521
ISO/IEC [ISO-15946-1] P-256
ISO/IEC[ISO-15946-1]P-256
ISO/IEC [ISO-18031] P-256 P-384 P-521
ISO/IEC[ISO-18031]P-256 P-384 P-521
ANSI [X9.62-1998] Sect. J.5.3, Example 1 ANSI [X9.62-2005] Sect. L.6.4.3 Sect. L.6.5.2 Sect. L.6.6.2
ANSI[X9.62-1998]第节。J.5.3,示例1 ANSI[X9.62-2005]第节。L.6.4.3节。L.6.5.2第节。L.6.6.2
ANSI [X9.63] Sect. J.5.4, Sect. J.5.5 Sect. J.5.6 Example 2
ANSI[X9.63]第节。J.5.4,第三节。J.5.5节。J.5.6示例2
SECG [SEC2] secp256r1 secp384r1 secp521r1
SECG[SEC2]secp256r1 secp384r1 secp521r1
See also [NIST], [ISO-14888-3], [ISO-15946-2], [ISO-15946-3], and [ISO-15946-4].
另见[NIST]、[ISO-14888-3]、[ISO-15946-2]、[ISO-15946-3]和[ISO-15946-4]。
IANA has updated its registries of Diffie-Hellman groups for IKE in [IANA-IKE] and for IKEv2 in [IANA-IKEv2] to include the groups defined above.
IANA已更新了[IANA-IKE]中IKE和[IANA-IKEv2]中IKEv2的Diffie-Hellman组的注册表,以包括上述定义的组。
In [IANA-IKE], the groups appear as entries in the list of Diffie-Hellman groups given by Group Description (attribute class 4).
在[IANA-IKE]中,组作为条目出现在由组描述(属性类4)给出的Diffie-Hellman组列表中。
The descriptions are "256-bit random ECP group", "384-bit random ECP group", and "521-bit random ECP group". In each case, the group type (attribute class 5) has the value 2 (ECP, elliptic curve group over GF[P]).
描述为“256位随机ECP组”、“384位随机ECP组”和“521位随机ECP组”。在每种情况下,组类型(属性类5)的值为2(ECP,GF[P]上的椭圆曲线组)。
In [IANA-IKEv2], the groups appear as entries in the list of IKEv2 transform type values for Transform Type 4 (Diffie-Hellman groups).
在[IANA-IKEv2]中,组作为条目出现在变换类型4(Diffie-Hellman组)的IKEv2变换类型值列表中。
These entries in both [IANA-IKE] and [IANA-IKEv2] have been updated. The update consisted of changing the reference from [RFC4753] to this document.
[IANA-IKE]和[IANA-IKEv2]中的这些条目都已更新。更新包括将参考文献从[RFC4753]更改为本文件。
In an ECP key exchange, the Diffie-Hellman public value passed in a KE payload consists of two components, x and y, corresponding to the coordinates of an elliptic curve point. Each component MUST have bit length as given in the following table.
在ECP密钥交换中,在KE有效载荷中传递的Diffie-Hellman公共值由两个分量组成,x和y,对应于椭圆曲线点的坐标。每个组件必须具有下表中给出的位长度。
Diffie-Hellman group component bit length
------------------------ --------------------
Diffie-Hellman group component bit length
------------------------ --------------------
256-bit Random ECP Group 256 384-bit Random ECP Group 384 521-bit Random ECP Group 528
256位随机ECP组256 384位随机ECP组384 521位随机ECP组528
This length is enforced, if necessary, by prepending the value with zeros.
如有必要,可通过在值前面加零来强制执行此长度。
The Diffie-Hellman public value is obtained by concatenating the x and y values.
Diffie-Hellman公共值是通过连接x和y值获得的。
The Diffie-Hellman shared secret value consists of the x value of the Diffie-Hellman common value.
Diffie-Hellman共享秘密值由Diffie-Hellman公共值的x值组成。
These formats should be regarded as specific to ECP curves and may not be applicable to EC2N (elliptic curve group over GF[2^N]) curves.
这些格式应视为特定于ECP曲线,可能不适用于EC2N(GF[2^N]上的椭圆曲线群)曲线。
The following are examples of the IKEv2 key exchange payload for each of the three groups specified in this document.
以下是本文档中指定的三个组的IKEv2密钥交换有效负载示例。
We denote by g^n the scalar multiple of the point g by the integer n; it is another point on the curve. In the literature, the scalar multiple is typically denoted ng; the notation g^n is used in order to conform to the notation used in [IKE] and [IKEv2].
我们用g^n表示点g的整数n的标量倍数;这是曲线上的另一点。在文献中,标量倍数通常表示为ng;使用符号g^n是为了符合[IKE]和[IKEv2]中使用的符号。
IANA assigned the ID value 19 to this Diffie-Hellman group.
IANA将ID值19分配给这个Diffie-Hellman组。
We suppose that the initiator's Diffie-Hellman private key is:
我们假设发起人的Diffie Hellman私钥为:
i: C88F01F5 10D9AC3F 70A292DA A2316DE5 44E9AAB8 AFE84049 C62A9C57 862D1433
i:C88F01F5 10D9AC3F 70A292DA A2316DE5 44E9AAB8 AFE84049 C62A9C57 862D1433
Then the public key is given by g^i=(gix,giy) where:
然后公钥由g^i=(gix,giy)给出,其中:
gix: DAD0B653 94221CF9 B051E1FE CA5787D0 98DFE637 FC90B9EF 945D0C37 72581180
gix:DAD0B653 94221CF9 B051E1FE CA5787D0 98DFE637 FC90B9EF 945D0C37 72581180
giy: 5271A046 1CDB8252 D61F1C45 6FA3E59A B1F45B33 ACCF5F58 389E0577 B8990BB3
giy:5271A046 1CDB8252 D61F1C45 6FA3E59A B1F45B33 ACCF58 389E0577 B8990BB3
The KEi payload is as follows.
KEi有效载荷如下所示。
00000048 00130000 DAD0B653 94221CF9 B051E1FE CA5787D0 98DFE637 FC90B9EF 945D0C37 72581180 5271A046 1CDB8252 D61F1C45 6FA3E59A B1F45B33 ACCF5F58 389E0577 B8990BB3
000000 48 00130000 DAD0B653 94221CF9 B051E1FE CA5787D0 98DFE637 FC90B9EF 945D0C37 72581180 5271A046 1CDB8252 D61F1F1C45 6FA3E59A B1F45B33 ACCF58 389E0577 B8990BB3
We suppose that the response Diffie-Hellman private key is:
我们假设Diffie Hellman私钥的响应为:
r: C6EF9C5D 78AE012A 011164AC B397CE20 88685D8F 06BF9BE0 B283AB46 476BEE53
r:C6EF9C5D 78AE012A 011164AC B397CE20 88685D8F 06BF9BE0 B283AB46 476BEE53
Then the public key is given by g^r=(grx,gry) where:
然后公钥由g^r=(grx,gry)给出,其中:
grx: D12DFB52 89C8D4F8 1208B702 70398C34 2296970A 0BCCB74C 736FC755 4494BF63
grx:D12DFB52 89C8D4F8 1208B702 70398C34 22969970A 0BCCB74C 736FC755 4494BF63
gry: 56FBF3CA 366CC23E 8157854C 13C58D6A AC23F046 ADA30F83 53E74F33 039872AB
gry:56FBF3CA 366CC23E 8157854C 13C58D6A AC23F046 ADA30F83 53E74F33 039872AB
The KEr payload is as follows.
KEr有效载荷如下所示。
00000048 00130000 D12DFB52 89C8D4F8 1208B702 70398C34 2296970A 0BCCB74C 736FC755 4494BF63 56FBF3CA 366CC23E 8157854C 13C58D6A AC23F046 ADA30F83 53E74F33 039872AB
000000 48 00130000 D12DFB52 89C8D4F8 1208B702 70398C34 22969970A 0BCCB74C 736FC755 4494BF63 56FBF3CA 366CC23E 8157854C 13C58D6A AC23F046 ADA30F83 53E74F33 039872AB
The Diffie-Hellman common value (girx,giry) is:
Diffie-Hellman公共值(girx,giry)为:
girx: D6840F6B 42F6EDAF D13116E0 E1256520 2FEF8E9E CE7DCE03 812464D0 4B9442DE
girx:D6840F6B 42F6EDAF D13116E0 E1256520 2FEF8E9E CE7DCE03 812464D0 4B9442DE
giry: 522BDE0A F0D8585B 8DEF9C18 3B5AE38F 50235206 A8674ECB 5D98EDB2 0EB153A2
giry:522BDE0A F0D8585B 8DEF9C18 3B5AE38F 50235206 A8674ECB 5D98EDB2 0EB153A2
The Diffie-Hellman shared secret value is girx.
Diffie-Hellman共享的秘密值是girx。
IANA assigned the ID value 20 to this Diffie-Hellman group.
IANA将ID值20分配给这个Diffie-Hellman组。
We suppose that the initiator's Diffie-Hellman private key is:
我们假设发起人的Diffie Hellman私钥为:
i: 099F3C70 34D4A2C6 99884D73 A375A67F 7624EF7C 6B3C0F16 0647B674 14DCE655 E35B5380 41E649EE 3FAEF896 783AB194
i:099F3C70 34D4A2C6 99884D73 A375A67F 7624EF7C 6B3C0F16 0647B674 14DCE655 E35B5380 41E649EE 3FAEF896 783AB194
Then the public key is given by g^i=(gix,giy) where:
然后公钥由g^i=(gix,giy)给出,其中:
gix: 667842D7 D180AC2C DE6F74F3 7551F557 55C7645C 20EF73E3 1634FE72 B4C55EE6 DE3AC808 ACB4BDB4 C88732AE E95F41AA
gix:667842D7 D180AC2C DE6F74F37551F5575C7645C 20EF73E3 1634FE72 B4C55EE6 DE3AC808 ACB4BDB4 C88732AE E95F41AA
giy: 9482ED1F C0EEB9CA FC498462 5CCFC23F 65032149 E0E144AD A0241815 35A0F38E EB9FCFF3 C2C947DA E69B4C63 4573A81C
giy:9482ED1F C0EEB9CA FC498462 5CFC23F 65032149 E0E144AD A0241815 35A0F38E EB9FCFF3 C2C947DA E69B4C63 4573A81C
The KEi payload is as follows.
KEi有效载荷如下所示。
00000068 00140000 667842D7 D180AC2C DE6F74F3 7551F557 55C7645C 20EF73E3 1634FE72 B4C55EE6 DE3AC808 ACB4BDB4 C88732AE E95F41AA 9482ED1F C0EEB9CA FC498462 5CCFC23F 65032149 E0E144AD A0241815 35A0F38E EB9FCFF3 C2C947DA E69B4C63 4573A81C
000000 68 00140000 667842D7 D180AC2C DE6F74F3 7551F55C7645C 20EF73E3 1634FE72 B4C55EE6 DE3AC808 ACB4BDBB4 C88732AE E95F41AA 9482ED1F C0EEB9CA FC498462 5CFC23F 65032149 E0E144AD A0241815 35A0F38E EB9FCFF3 C2C947DA E69B4C63 4573A81C
We suppose that the response Diffie-Hellman private key is:
我们假设Diffie Hellman私钥的响应为:
r: 41CB0779 B4BDB85D 47846725 FBEC3C94 30FAB46C C8DC5060 855CC9BD A0AA2942 E0308312 916B8ED2 960E4BD5 5A7448FC
r:41CB0779 B4BDB85D 47846725 FBEC3C94 30FAB46C C8DC5060 855CC9BD A0AA2942 E0308312 916B8ED2 960E4BD5 5A7448FC
Then the public key is given by g^r=(grx,gry) where:
然后公钥由g^r=(grx,gry)给出,其中:
grx: E558DBEF 53EECDE3 D3FCCFC1 AEA08A89 A987475D 12FD950D 83CFA417 32BC509D 0D1AC43A 0336DEF9 6FDA41D0 774A3571
grx:E558DBEF 53EECDE3 D3FCCFC1 AEA08A89 A987475D 12FD950D 83CFA417 32BC509D 0D1AC43A 0336DEF9 6FDA41D0 774A3571
gry: DCFBEC7A ACF31964 72169E83 8430367F 66EEBE3C 6E70C416 DD5F0C68 759DD1FF F83FA401 42209DFF 5EAAD96D B9E6386C
gry:DCFBEC7A ACF31964 72169E83 8430367F 66EEBE3C 6E70C416 DD5F0C68 759DD1F F83FA401 42209DFF 5EAAD96D B9E6386C
The KEr payload is as follows.
KEr有效载荷如下所示。
00000068 00140000 E558DBEF 53EECDE3 D3FCCFC1 AEA08A89 A987475D 12FD950D 83CFA417 32BC509D 0D1AC43A 0336DEF9 6FDA41D0 774A3571 DCFBEC7A ACF31964 72169E83 8430367F 66EEBE3C 6E70C416 DD5F0C68 759DD1FF F83FA401 42209DFF 5EAAD96D B9E6386C
000000 68 00140000 E558DBEF 53EECDE3 D3FCCFC1 AEA08A89 A987475D 12FD950D 83CFA417 32BC509D 0D1AC43A 0336DEF9 6FDA41D0 774A3571 DCFBEC7A ACF31964 72169E83 8430367F 66EEBE3C 6E70C416 DD5F0C68 759DD1F F83FA401 42209DFF 5EAAD96D B9E6386C
The Diffie-Hellman common value (girx,giry) is:
Diffie-Hellman公共值(girx,giry)为:
girx: 11187331 C279962D 93D60424 3FD592CB 9D0A926F 422E4718 7521287E 7156C5C4 D6031355 69B9E9D0 9CF5D4A2 70F59746
girx:11187331 C279962D 93D60424 3FD592CB 9D0A926F 422E4718 7521287E 7156C5C4 D6031355 69B9E9D0 9CF5D4A2 70F59746
giry: A2A9F38E F5CAFBE2 347CF7EC 24BDD5E6 24BC93BF A82771F4 0D1B65D0 6256A852 C983135D 4669F879 2F2C1D55 718AFBB4
giry:A2A9F38E F5CAFBE2347CF7EC 24BDD5E6 24BC93BF A82771F4 0D1B65D0 6256A852 C983135D 4669F879 2F2C1D55 718AFBB4
The Diffie-Hellman shared secret value is girx.
Diffie-Hellman共享的秘密值是girx。
IANA assigned the ID value 21 to this Diffie-Hellman group.
IANA将ID值21分配给这个Diffie-Hellman组。
We suppose that the initiator's Diffie-Hellman private key is:
我们假设发起人的Diffie Hellman私钥为:
i: 0037ADE9 319A89F4 DABDB3EF 411AACCC A5123C61 ACAB57B5 393DCE47 608172A0 95AA85A3 0FE1C295 2C6771D9 37BA9777 F5957B26 39BAB072 462F68C2 7A57382D 4A52
i:0037ADE9 319A89F4 DABDB3EF 411ACCC A5123C61 ACAB57B5 393DCE47 608172A0 95AA85A3 0FE1C295 2C6771D9 37BA9777 F5957B26 39BAB072 462F68C2 7A57382D 4A52
Then the public key is given by g^i=(gix,giy) where:
然后公钥由g^i=(gix,giy)给出,其中:
gix: 0015417E 84DBF28C 0AD3C278 713349DC 7DF153C8 97A1891B D98BAB43 57C9ECBE E1E3BF42 E00B8E38 0AEAE57C 2D107564 94188594 2AF5A7F4 601723C4 195D176C ED3E
gix:0015417E 84DBF28C 0AD3C278 713349DC 7DF153C8 97A1891B D98BAB43 57C9ECBE E1E3BF42 E00B8E38 0AEAE57C 2D107564 94188594 2AF5A7F4 601723C4 195D176C ED3E
giy: 017CAE20 B6641D2E EB695786 D8C94614 6239D099 E18E1D5A 514C739D 7CB4A10A D8A78801 5AC405D7 799DC75E 7B7D5B6C F2261A6A 7F150743 8BF01BEB 6CA3926F 9582
giy:017CAE20 B6641D2E EB695786 D8C94614 6239D099 E18E1D5A 514C739D 7CB4A10A D8A78801 5AC405D7 799DC75E 7B7D5B6C F2261A6A 7F150743 8BF01BEB 6CA3926F 9582
The KEi payload is as follows.
KEi有效载荷如下所示。
0000008C 00150000 0015417E 84DBF28C 0AD3C278 713349DC 7DF153C8 97A1891B D98BAB43 57C9ECBE E1E3BF42 E00B8E38 0AEAE57C 2D107564 94188594 2AF5A7F4 601723C4 195D176C ED3E017C AE20B664 1D2EEB69 5786D8C9 46146239 D099E18E 1D5A514C 739D7CB4 A10AD8A7 88015AC4 05D7799D C75E7B7D 5B6CF226 1A6A7F15 07438BF0 1BEB6CA3 926F9582
000000 8C 00150000 0015417E 84DBF28C 0AD3C278 713349DC 7DF153C8 97A1891B D98BAB43 57C9ECBE E1E3BF42 E00B8E38 0AEAE57C 2D107564 94188594 2AF5A7F4 601723C4 195D176C ED3E017C AE20B664 1DEB69 5786D8C9 46146239 D099E18E 1D5A514C 739D7CB4 A10AD8A7 88015AC4 05D7799D C75E7B7B7D 5CF226 1A07438BF926
We suppose that the response Diffie-Hellman private key is:
我们假设Diffie Hellman私钥的响应为:
r: 0145BA99 A847AF43 793FDD0E 872E7CDF A16BE30F DC780F97 BCCC3F07 8380201E 9C677D60 0B343757 A3BDBF2A 3163E4C2 F869CCA7 458AA4A4 EFFC311F 5CB15168 5EB9
r:0145BA99 A847AF43 793FDD0E 872E7CDF A16BE30F DC780F97 BCCC3F07 8380201E 9C677D60 0B343757 A3BDBF2A 3163E4C2 F869CCA7 458AA4A4有效C311F 5CB15168 5EB9
Then the public key is given by g^r=(grx,gry) where:
然后公钥由g^r=(grx,gry)给出,其中:
grx: 00D0B397 5AC4B799 F5BEA16D 5E13E9AF 971D5E9B 984C9F39 728B5E57 39735A21 9B97C356 436ADC6E 95BB0352 F6BE64A6 C2912D4E F2D0433C ED2B6171 640012D9 460F
grx:00D0B397 5AC4B799 F5BEA16D 5E13E9AF 971D5E9B 984C9F39 728B5E57 39735A21 9B97C356 436ADC6E 95BB0352 F6BE64A6 C2912D4E F2D0433C ED2B6171 640012D9 460F
gry: 015C6822 6383956E 3BD066E7 97B623C2 7CE0EAC2 F551A10C 2C724D98 52077B87 220B6536 C5C408A1 D2AEBB8E 86D678AE 49CB5709 1F473229 6579AB44 FCD17F0F C56A
gry:015C6826383956E 3BD066E7 97B623C2 7CE0EAC2 F551A0C 2C724D98 52077B87 220B6536 C5C408A1 D2AEBB8E 86D678AE 49CB5709 1F473229 6579AB44 FCD17F0F C56A
The KEr payload is as follows.
KEr有效载荷如下所示。
0000008c 00150000 00D0B397 5AC4B799 F5BEA16D 5E13E9AF 971D5E9B 984C9F39 728B5E57 39735A21 9B97C356 436ADC6E 95BB0352 F6BE64A6 C2912D4E F2D0433C ED2B6171 640012D9 460F015C 68226383 956E3BD0 66E797B6 23C27CE0 EAC2F551 A10C2C72 4D985207 7B87220B 6536C5C4 08A1D2AE BB8E86D6 78AE49CB 57091F47 32296579 AB44FCD1 7F0FC56A
000000 8C 00150000 00D0B397 5AC4B799 F5BEA16D 5E13E9AF 971D5E9B 984C9F39 728B5E57 39735A21 9B97C356 436ADC6E 95BB0352 F6BE64A6 C2912D4E F2D0433C ED2B6171 640012D9 460F015C 68226383 956E3BD0 66E797B6 23C27CE0 EAC22F551 A10C2C72 4D985207 7B87220B 6536C508A1D2AE BBE86D6 78AECB 570915F477FC447A
The Diffie-Hellman common value (girx,giry) is:
Diffie-Hellman公共值(girx,giry)为:
girx: 01144C7D 79AE6956 BC8EDB8E 7C787C45 21CB086F A64407F9 7894E5E6 B2D79B04 D1427E73 CA4BAA24 0A347868 59810C06 B3C715A3 A8CC3151 F2BEE417 996D19F3 DDEA
girx:01144C7D 79AE6956 BC8EDB8E 7C787C45 21CB086F A64407F9 7894E5E6 B2D79B04 D1427E73 CA4BAA24 0A347868 59810C06 B3C715A3 A8CC3151 F2417 996D19F3 DDEA
giry: 01B901E6 B17DB294 7AC017D8 53EF1C16 74E5CFE5 9CDA18D0 78E05D1B 5242ADAA 9FFC3C63 EA05EDB1 E13CE5B3 A8E50C3E B622E8DA 1B38E0BD D1F88569 D6C99BAF FA43
giry:01B901E6 B17DB294 7AC017D8 53EF1C16 74E5CFE5 9CDA18D0 78E05D1B 5242ADA 9FFC3C63 EA05EDB1 E13CE5B3 A8E50C3E B622E8DA 1B38E0BD D1F88569 D6C99BAF FA43
The Diffie-Hellman shared secret value is girx.
Diffie-Hellman共享的秘密值是girx。
Section 7 (ECP Key Exchange Data Formats) of [RFC4753] states that
[RFC4753]第7节(ECP密钥交换数据格式)规定:
The Diffie-Hellman public value is obtained by concatenating the x and y values.
Diffie-Hellman公共值是通过连接x和y值获得的。
The format of the Diffie-Hellman shared secret value is the same as that of the Diffie-Hellman public value.
Diffie-Hellman共享秘密值的格式与Diffie-Hellman公共值的格式相同。
This document replaces the second of these two paragraphs with the following:
本文件将这两段中的第二段替换为以下内容:
The Diffie-Hellman shared secret value consists of the x value of the Diffie-Hellman common value.
Diffie-Hellman共享秘密值由Diffie-Hellman公共值的x值组成。
This change aligns the ECP key exchange format with that used in other standards.
此更改使ECP密钥交换格式与其他标准中使用的格式保持一致。
This change appeared earlier as an erratum to RFC 4753 [Err9]. This document obsoletes RFC 4753 and addresses the erratum.
这一变化早些时候作为RFC 4753的勘误表出现[Err9]。本文件废除了RFC 4753,并对勘误表进行了说明。
Section 8 (Test Vectors) of [RFC4753] provides three examples of Diffie-Hellman key agreement using the ECP groups. This document changes the last paragraph of each subsection of Section 8 to reflect the new format.
[RFC4753]第8节(测试向量)提供了使用ECP组的Diffie-Hellman密钥协议的三个示例。本文件更改了第8节各小节的最后一段,以反映新的格式。
[IANA-IKE] Internet Assigned Numbers Authority, "Internet Key Exchange (IKE) Attributes", <http://www.iana.org>.
[IANA-IKE]互联网分配号码管理局,“互联网密钥交换(IKE)属性”<http://www.iana.org>.
[IANA-IKEv2] Internet Assigned Numbers Authority, "Internet Key Exchange Version 2 (IKEv2) Parameters", <http://www.iana.org>.
[IANA-IKEv2]互联网分配号码管理局,“互联网密钥交换版本2(IKEv2)参数”<http://www.iana.org>.
[IKE] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998.
[IKE]Harkins,D.和D.Carrel,“互联网密钥交换(IKE)”,RFC 2409,1998年11月。
[IKEv2] Kaufman, C., Ed., "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005.
[IKEv2]考夫曼,C.,编辑,“因特网密钥交换(IKEv2)协议”,RFC4306,2005年12月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC4753] Fu, D. and J. Solinas, "ECP Groups For IKE and IKEv2", RFC 4753, January 2007.
[RFC4753]Fu,D.和J.Solinas,“IKE和IKEv2的ECP组”,RFC 4753,2007年1月。
[AES] U.S. Department of Commerce/National Institute of Standards and Technology, Advanced Encryption Standard (AES), FIPS PUB 197, November 2001, <http://csrc.nist.gov/publications/fips/index.html>.
[AES]美国商务部/国家标准与技术研究所,高级加密标准(AES),FIPS PUB 197,2001年11月<http://csrc.nist.gov/publications/fips/index.html>.
[DSS] U.S. Department of Commerce/National Institute of Standards and Technology, Digital Signature Standard (DSS), FIPS PUB 186-2, January 2000. <http://csrc.nist.gov/publications/fips/index.html>.
[DSS]美国商务部/国家标准与技术研究所,数字签名标准(DSS),FIPS PUB 186-22000年1月<http://csrc.nist.gov/publications/fips/index.html>.
[Err9] RFC Errata, Errata ID 9, RFC 4753, <http://www.rfc-editor.org>.
[Err9]RFC勘误表,勘误表ID 9,RFC 4753<http://www.rfc-editor.org>.
[GMN] J. Solinas, Generalized Mersenne Numbers, Combinatorics and Optimization Research Report 99-39, 1999, <http://www.cacr.math.uwaterloo.ca/>.
[GMN]J.Solinas,广义梅森数,组合学和优化研究报告99-391999<http://www.cacr.math.uwaterloo.ca/>.
[IEEE-1363] Institute of Electrical and Electronics Engineers. IEEE 1363-2000, Standard for Public Key Cryptography, <http://grouper.ieee.org/groups/1363/index.html>.
[IEEE-1363]电气和电子工程师协会。IEEE 1363-2000,公钥密码标准<http://grouper.ieee.org/groups/1363/index.html>.
[ISO-14888-3] International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 14888-3:2006, Information Technology: Security Techniques: Digital Signatures with Appendix: Part 3 - Discrete Logarithm Based Mechanisms.
[ISO-14888-3]国际标准化组织和国际电工委员会,ISO/IEC 14888-3:2006,信息技术:安全技术:带附录的数字签名:第3部分-基于离散对数的机制。
[ISO-15946-1] International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 15946-1: 2002-12-01, Information Technology: Security Techniques: Cryptographic Techniques based on Elliptic Curves: Part 1 - General.
[ISO-15946-1]国际标准化组织和国际电工委员会,ISO/IEC 15946-1:2002-12-01,信息技术:安全技术:基于椭圆曲线的加密技术:第1部分-概述。
[ISO-15946-2] International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 15946-2: 2002-12-01, Information Technology: Security Techniques: Cryptographic Techniques based on Elliptic Curves: Part 2 - Digital Signatures.
[ISO-15946-2]国际标准化组织和国际电工委员会,ISO/IEC 15946-2:2002-12-01,信息技术:安全技术:基于椭圆曲线的加密技术:第2部分-数字签名。
[ISO-15946-3] International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 15946-3: 2002-12-01, Information Technology: Security Techniques: Cryptographic Techniques based on Elliptic Curves: Part 3 - Key Establishment.
[ISO-15946-3]国际标准化组织和国际电工委员会,ISO/IEC 15946-3:2002-12-01,信息技术:安全技术:基于椭圆曲线的加密技术:第3部分-密钥建立。
[ISO-15946-4] International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 15946-4: 2004-10-01, Information Technology: Security Techniques: Cryptographic Techniques based on Elliptic Curves: Part 4 - Digital Signatures giving Message Recovery.
[ISO-15946-4]国际标准化组织和国际电工委员会,ISO/IEC 15946-4:2004-10-01,信息技术:安全技术:基于椭圆曲线的加密技术:第4部分-提供消息恢复的数字签名。
[ISO-18031] International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 18031:2005, Information Technology: Security Techniques: Random Bit Generation.
[ISO-18031]国际标准化组织和国际电工委员会,ISO/IEC 18031:2005,信息技术:安全技术:随机位生成。
[NIST] U.S. Department of Commerce/National Institute of Standards and Technology. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, NIST Special Publication 800-56A, March 2006, <http://csrc.nist.gov/CryptoToolkit/KeyMgmt.html>.
[NIST]美国商务部/国家标准与技术研究所。使用离散对数加密的成对密钥建立方案建议,NIST特别出版物800-56A,2006年3月<http://csrc.nist.gov/CryptoToolkit/KeyMgmt.html>.
[SEC2] Standards for Efficient Cryptography Group. SEC 2 - Recommended Elliptic Curve Domain Parameters, v. 1.0, 2000, <http://www.secg.org>.
[SEC2]高效加密组标准。第2节-建议的椭圆曲线域参数,v。1.0, 2000, <http://www.secg.org>.
[X9.62-1998] American National Standards Institute, X9.62-1998: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm. January 1999.
[X9.62-1998]美国国家标准协会,X9.62-1998:金融服务业的公钥加密:椭圆曲线数字签名算法。1999年1月。
[X9.62-2005] American National Standards Institute, X9.62:2005: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA).
[X9.62-2005]美国国家标准协会,X9.62:2005:金融服务业的公钥加密:椭圆曲线数字签名算法(ECDSA)。
[X9.63] American National Standards Institute. X9.63-2001, Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport using Elliptic Curve Cryptography. November 2001.
[X9.63]美国国家标准协会。X9.63-2001,金融服务业的公钥加密:使用椭圆曲线加密的密钥协议和密钥传输。2001年11月。
Authors' Addresses
作者地址
David E. Fu National Information Assurance Research Laboratory National Security Agency
国家安全局国家信息保障研究实验室
EMail: defu@orion.ncsc.mil
EMail: defu@orion.ncsc.mil
Jerome A. Solinas National Information Assurance Research Laboratory National Security Agency
Jerome A.Solinas国家信息保障研究实验室国家安全局
EMail: jasolin@orion.ncsc.mil
EMail: jasolin@orion.ncsc.mil