1、 IEEE Std 1363.3TM-2013 IEEE Standard for Identity-Based Cryptographic Techniques using Pairings Sponsor Microprocessor Standards Committee of the IEEE Computer Society Approved 22 August 2013 IEEE-SA Standards Board Abstract: Common identity-based public-key cryptographic techniques that use pairin
2、gs, including mathematical primitives for secret value (key) derivation, public-key encryption, and digital signatures, as well as cryptographic schemes based on those primitives are specified in this standard. Also, related cryptographic parameters, public keys and private keys, are specified. The
3、purpose of this standard is to provide a reference for specifications of a variety of techniques from which applications may select. Keywords: encryption, identity-based encryption, IEEE 1363.3TM, pairing-based cryptography, pairing-based encryption, public-key cryptography The Institute of Electric
4、al and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-5997, USA Copyright 2013 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved. Published 15 November 2013. Printed in the United States of America. IEEE is a registered trademark in the U.S. Patent fit
5、ness for a particular purpose; non-infringement; and quality, accuracy, effectiveness, currency, or completeness of material. In addition, IEEE disclaims any and all conditions relating to: results; and workmanlike effort. IEEE standards documents are supplied “AS IS” and “WITH ALL FAULTS.” Use of a
6、n IEEE standard is wholly voluntary. The existence of an IEEE standard does not imply that there are no other ways to produce, test, measure, purchase, market, or provide other goods and services related to the scope of the IEEE standard. Furthermore, the viewpoint expressed at the time a standard i
7、s approved and issued is subject to change brought about through developments in the state of the art and comments received from users of the standard. In publishing and making its standards available, IEEE is not suggesting or rendering professional or other services for, or on behalf of, any perso
8、n or entity nor is IEEE undertaking to perform any duty owed by any other person or entity to another. Any person utilizing any IEEE Standards document, should rely upon his or her own independent judgment in the exercise of reasonable care in any given circumstances or, as appropriate, seek the adv
9、ice of a competent professional in determining the appropriateness of a given IEEE standard. IN NO EVENT SHALL IEEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO: PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, D
10、ATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE PUBLICATION, USE OF, OR RELIANCE UPON ANY STANDARD, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DA
11、MAGE AND REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE. Translations The IEEE consensus development process involves the review of documents in English only. In the event that an IEEE standard is translated, only the English version published by IEEE should be considered the approved IEEE standa
12、rd. Official statements A statement, written or oral, that is not processed in accordance with the IEEE-SA Standards Board Operations Manual shall not be considered or inferred to be the official position of IEEE or any of its committees and shall not be considered to be, or be relied upon as, a for
13、mal position of IEEE. At lectures, symposia, seminars, or educational courses, an individual presenting information on IEEE standards shall make it clear that his or her views should be considered the personal views of that individual rather than the formal position of IEEE. Comments on standards Co
14、mments for revision of IEEE Standards documents are welcome from any interested party, regardless of membership affiliation with IEEE. However, IEEE does not provide consulting information or advice pertaining to IEEE Standards documents. Suggestions for changes in documents should be in the form of
15、 a proposed change of text, together with appropriate supporting comments. Since IEEE standards represent a consensus of concerned interests, it is important that any responses to comments and questions also receive the concurrence of a balance of interests. For this reason, IEEE and the members of
16、its societies and Standards Coordinating Committees are not able to provide an instant response to comments or questions except in those cases where the matter has previously been addressed. For the same reason, IEEE does not respond to interpretation requests. Any person who would like to participa
17、te in revisions to an IEEE standard is welcome to join the relevant IEEE working group. Comments on standards should be submitted to the following address: Secretary, IEEE-SA Standards Board 445 Hoes Lane Piscataway, NJ 08854 USA Laws and regulations Users of IEEE Standards documents should consult
18、all applicable laws and regulations. Compliance with the provisions of any IEEE Standards document does not imply compliance to any applicable regulatory requirements. Implementers of the standard are responsible for observing or referring to the applicable regulatory requirements. IEEE does not, by
19、 the publication of its standards, intend to urge action that is not in compliance with applicable laws, and these documents may not be construed as doing so. Copyrights IEEE draft and approved standards are copyrighted by IEEE under U.S. and international copyright laws. They are made available by
20、IEEE and are adopted for a wide variety of both public and private uses. These include both use, by reference, in laws and regulations, and use in private self-regulation, standardization, and the promotion of engineering practices and methods. By making these documents available for use and adoptio
21、n by public authorities and private users, IEEE does not waive any rights in copyright to the documents. Photocopies Subject to payment of the appropriate fee, IEEE will grant users a limited, non-exclusive license to photocopy portions of any individual standard for company or organizational intern
22、al use or individual, non-commercial use only. To arrange for payment of licensing fees, please contact Copyright Clearance Center, Customer Service, 222 Rosewood Drive, Danvers, MA 01923 USA; +1 978 750 8400. Permission to photocopy portions of any individual standard for educational classroom use
23、can also be obtained through the Copyright Clearance Center. Updating of IEEE Standards documents Users of IEEE Standards documents should be aware that these documents may be superseded at any time by the issuance of new editions or may be amended from time to time through the issuance of amendment
24、s, corrigenda, or errata. An official IEEE document at any point in time consists of the current edition of the document together with any amendments, corrigenda, or errata then in effect. Every IEEE standard is subjected to review at least every ten years. When a document is more than ten years old
25、 and has not undergone a revision process, it is reasonable to conclude that its contents, although still of some value, do not wholly reflect the present state of the art. Users are cautioned to check to determine that they have the latest edition of any IEEE standard. In order to determine whether
26、 a given document is the current edition and whether it has been amended through the issuance of amendments, corrigenda, or errata, visit the IEEE-SA Website at http:/ieeexplore.ieee.org/xpl/standards.jsp or contact IEEE at the address listed previously. For more information about the IEEE SA or IEE
27、Es standards development process, visit the IEEE-SA Website at http:/standards.ieee.org. Errata Errata, if any, for all IEEE standards can be accessed on the IEEE-SA Website at the following URL: http:/standards.ieee.org/findstds/errata/index.html. Users are encouraged to check this URL for errata p
28、eriodically. Patents Attention is called to the possibility that implementation of this standard may require use of subject matter covered by patent rights. By publication of this standard, no position is taken by the IEEE with respect to the existence or validity of any patent rights in connection
29、therewith. If a patent holder or patent applicant has filed a statement of assurance via an Accepted Letter of Assurance, then the statement is listed on the IEEE-SA Website at http:/standards.ieee.org/about/sasb/patcom/patents.html. Letters of Assurance may indicate whether the Submitter is willing
30、 or unwilling to grant licenses under patent rights without compensation or under reasonable rates, with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicants desiring to obtain such licenses. Essential Patent Claims may exist for which a Letter of Ass
31、urance has not been received. The IEEE is not responsible for identifying Essential Patent Claims for which a license may be required, for conducting inquiries into the legal validity or scope of Patents Claims, or determining whether any licensing terms or conditions provided in connection with sub
32、mission of a Letter of Assurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. Furt
33、her information may be obtained from the IEEE Standards Association. Copyright 2013 IEEE. All rights reserved. viParticipants At the time this standard was completed, the P1363 Working Group had the following membership: William Whyte, Chair Don Johnson, Vice Chair Kendall Ananyi Matt Ball Xavier Bo
34、yen Mike Brenner Daniel Brown Mark Chimley Andy Dancer Mike Geipel David Jablon Satoru Kanno Tetsutaro Kobayashi David Kravitz Phil MacKenzie Michael Markowitz Luther Martin Marc Provencher Jim Randall Roger Schlafly Mike Scott Hovav Shacham Ari Singer Terence Spies Yongge Wang Tom Wu Go Yamamoto Th
35、e following members of the individual balloting committee voted on this standard. Balloters may have voted for approval, disapproval, or abstention. Ed Addario Mike Brenner Keith Chow Andy Dancer James Davis Thomas Dineen Andrew Fieldsend Randall C. Groves Werner Hoelzl Atsushi Ito Mark Jaeger Piotr
36、 Karocki Thomas Kurihara Susan Land William Lumpkins Greg Luri Michael S. Newman Nick S.A. Nikjoo Randall Safier Bartien Sayogo Gil Shultz Kapil Sood Thomas Starai Rene Struik Walter Struppler Joseph Tardo Srinivasa Vemuru John Vergis Karl Weber William Whyte Oren Yuen Janusz Zalewski When the IEEE-
37、SA Standards Board approved this standard on 22 August 2013, it had the following membership: Richard H. Hulett, Chair John Kulick, Vice Chair Robert Grow, Past Chair Judith Gorman, Secretary Satish Aggarwal Masayuki Ariyoshi Peter Balma William Bartley Ted Burse Clint Chaplin Wael Diab Jean-Philipp
38、e Faure Alexander Gelman Paul Houz Jim Hughes Young Kyun Kim Joseph L. Koepfinger* David J. Law Thomas Lee Hung Ling Oleg Logvinov Ted Olsen Gary Robinson Jon Walter Rosdahl Mike Seavey Yatin Trivedi Phil Winston Yu Yuan *Member Emeritus Copyright 2013 IEEE. All rights reserved. viiAlso included are
39、 the following nonvoting IEEE-SA Standards Board liaisons: Richard DeBlasio, DOE Representative Michael Janezic, NIST Representative Don Messina IEEE Standards Program Manager, Document Development Joan Woolery IEEE Client Services Manager, Professional Services Copyright 2013 IEEE. All rights reser
40、ved. viiiIntroduction This introduction is not part of IEEE Std 1363.3-2013, IEEE Standard for Identity-Based Cryptographic Techniques using Pairings. This standard describes eight identity-based cryptographic schemes that use pairings in their implementation. The schemes include approaches to encry
41、ption, digital signatures, signcryption, and key exchanges. These schemes may be used to encrypt both stored data as well as data in transit. An underlying mathematical operation called a “pairing” is a common element of these schemes, and the standard describes algorithms for calculating pairings a
42、nd gives parameters suitable for implementing the specified schemes at industry-standard security levels (NIST SP 800-57 B125).aaThe numbers in brackets correspond to those of the bibliography in Annex F. Copyright 2013 IEEE. All rights reserved. ixContents 1. Overview 1 1.1 Scope . 1 1.2 Purpose 1
43、1.3 Organization of the document 2 2. Normative references 3 3. Definitions 3 4. Types of cryptographic techniques . 7 4.1 General model 7 4.2 Primitives . 8 4.3 Schemes . 9 4.4 Table summary 10 5. Mathematical conventions 11 5.1 Mathematical notation . 11 5.2 Bit strings and octet strings 13 5.3 Fi
44、nite fields 13 5.4 Elliptic curves and points . 16 5.5 Pairings 16 5.6 Data type conversion . 16 6. Hashing primitives 23 6.1 Hashing to an integer . 23 6.2 Hashing to a string . 24 6.3 Hashing to a point in a subgroup . 25 6.4 Hashing to an element of a finite field . 29 7. Pairing-based primitives
45、 . 30 7.1 General 30 7.2 SK primitives . 30 7.3 BB1primitives . 33 7.4 BF primitives . 36 7.5 SCC key agreement primitives 38 8. Identity-based encryption schemes . 39 8.1 SK KEM scheme . 40 8.2 BB1KEM scheme 42 8.3 BB1IBE scheme 44 8.4 BF IBE scheme 46 9. Identity-based signature schemes . 48 9.1 B
46、LMQ signature scheme . 48 10. Identity-based signcryption schemes 50 10.1 BLMQ signcryption scheme 50 11. Identity-based key agreement schemes 53 11.1 Wang key agreement scheme 54 11.2 SCC key agreement scheme 57 Copyright 2013 IEEE. All rights reserved. xAnnex A (informative) Number-theoretic backg
47、round 59 Annex B (normative) Conformance 121 Annex C (informative) Rationale 126 Annex D (informative) Security considerations 127 Annex E (informative) Formats .128 Annex F (informative) Bibliography .131 Copyright 2013 IEEE. All rights reserved. 1IEEE Standard for Identity-Based Cryptographic Tech
48、niques using Pairings IMPORTANT NOTICE: IEEE Standards documents are not intended to ensure safety, security, health, or environmental protection, or ensure against interference with or from other devices or networks. Implementers of IEEE Standards documents are responsible for determining and compl
49、ying with all appropriate safety, security, environmental, health, and interference protection practices and all applicable laws and regulations. This IEEE document is made available for use subject to important notices and legal disclaimers. These notices and disclaimers appear in all publications containing this document and may be found under the heading “Important Notice” or “Important Notices and Disclaimers Concerning IEEE Documents.” They can also be obta
