BS ISO IEC 15946-5 pdf download – Information technology — Security techniques — Crytographic technique based on elliptic curves Part 5: Elliptic curve generation

BS ISO IEC 15946-5 pdf download – Information technology — Security techniques — Crytographic technique based on elliptic curves Part 5: Elliptic curve generation
1Scope
ISO/IEC 15946 specifies public-key cryptographic techniques based on elliptic curves.
This part of lSO/IEC 15946 defines elliptic curve generation techniques useful for implementing the ellipticcurve based mechanisms defined in IsoiEc 9796-3,ISO/EC 11770-3,ISO/IEC 14888-3 andISO/IEC 18033-2.
The scope of this part of lSOIEC 15946 is restricted to cryptographic techniques based on elliptic curvesdefined over finite fields of prime power order (including the special cases of prime order and characteristictwo).The representation of elements of the underlying finite field (i.e. which basis is used) is outside the scopeof this part of ISO/IEC 15946.
ISO/IEC 15946 does not specity the implementation of the techniques it defines. Interoperability of productscomplying with ISO/IEC 15946 will not be guaranteed.
Normative reference(s)
The following referenced documents are indispensable for the application of this document.For datedreferences,only the edition cited applies. For undated references,the latest edition of the referenceddocument (including any amendments) applies.
ISO/IEC 15946-1，Information technology-Security techniques — Cryptographic techniques based onelliptic curves- Part 1: General
3Terms and definitions
For the purposes of this document, the following terms and definitions apply.3.1
definition field of an elliptic curve
field that includes all the coefficients of the equation describing an elliptic curve
3.2
elliptic curve
cubic curve without a singular point
NOTE 1A definition of a cubic curve is given in [29].
NOTE2 The set of points of E under a certain addition law forms an abelian group. In this part of lSOIEC 15946, weonly deal with finite fields F as the definition tield.When we describe the definition fleld F of an eliptic curve E explicitly, wedenote the curve as E’F.
NOTE3 A detailed definition of an elliptic curve is given in Clause 4.[ISO/IEC 15946-1-2008]
3.3
finite field
field containing a finite number of elementsNOTE 1 A detinition of field is given in [29].
NOTE2 For any positive integer m and a prime p, there exists a finite field containing exacly pmelements. This field isunique up to isomorphism and is denoted by F(p), where p is called the characteristic of F(prm).
[ISOIEC 15946-1-2008]
3.4
hash-function
function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties:
for a given output, it is computationally infeasible to find an input which maps to this output;
– for a given input,it is computationally infeasible to find a second input which maps to the same output.[ISO/IEC10118-1]
NOTE 1 Computational feasibility depends on the specific security requirements and environment.
NOTE2 For the purposes of this document, the recommended hash-functions are those defined in lSOIEC 10118-2and lSO/EC 10118-3.
3.5
nearly prime number
positive integer n = m-r,where m is a large prime number and r is a small smooth integer
NOTE The meaning of the terms large and small prime numbers is dependent on the application, and is based onbounds determined by the designer.
3.6
order of an elliptic curve E(F
number of points on an elliptic curve E defined over a finite field F
3.7
smooth integer
integer r whose prime factors are all small (i.e. less than some defined bound)
4Notation and conversion functions
4.1Notation
ln this part of lSO/IEC 15946, the following notation is used to describe public-key systems based on ellipticcurve technology.
B An embedding degree, the smallest B such that #E(F(q))lqB-1.
E An elliptic curve, given by an equation of the form Y2-+ax + b over the field F(p”) forp>3, by an equation of the form Y2 +xY=×3+aX2+ b over the field F(2m), or by anequation of the form Y2=3+ aX2+ b over the field F(3m) , together with an extra pointoE
referred to as the point at infinity. The elliptic curve is denoted by E/F(pm)，E/F(2m),or E/F(3m),respectively.
NOTE 1 ln applications not based on a pairing,E/F(p) or E/F(2m) is preferable from an efficiencypoint of view. In applications that use a pairing,EF(p) orE/F(3m) is preferable from an efficiency pointof view.
#E(F(q))
The order (or cardinality) of E(F(q)).
n prime divisor of #E(F(q)).
N The number of points on an elliptic curve E over F(q),#E(F(q)).The cofactor, that is #E(F(q)) = rn.
4.2Conversion functions
For the purposes of this part of lISO/IEC 15946,the following conversion functions,defined iniSO/IEC 15946-1:2008, are used.