ISO/IEC 29192-4-2013 pdf free download

ISO/IEC 29192-4-2013 pdf free download.Information technology – Security techniques一Lightweight cryptography Part 4: Mechanisms using asymmetric techniques.
5 Unilateral authentication mechanism based on discrete logarithms on elliptic
curves
5.1 General
This mechanism, cryptoGPS — also called GPS in the earlier cryptographic literature —, is due to Girault, Poupard, and Stern1). The revised name is now used so as to avoid confusion with the physical location service GPS. cryptoGPS is a zero-knowledge identification scheme that provides unilateral entity authentication. Several variants of cryptoGPS are specified in ISO/IEC 9798-5 21) and the version most suitable to constrained devices, along with some optimisations, is presented below.
5.2 Security requirements for the environment
The cryptoGPS mechanism enables a verifier to check that a claimant knows the elliptic curve discrete logarithm of a claimed public point with respect to a base point. A general framework for cryptographic techniques based on elliptic curves is given in ISO/IEC 15946-1.
NOTE 1 This mechanism implements the elliptic curve variant of the cryptoGPS (6) scheme due to Girault, Poupard and Stern. It allows use of the so-called LHW (Low Hamming Weight) variant 14] particularly suitable for environments where the resources of the claimant are very low.
Within a given domain, the following requirements shall be satisfied.
a) Domain parameters that govern the operation of the mechanism shall be selected. The selected parameters shall be made available in a reliable manner to all entities within the domain.
b) Every claimant shall be equipped with the same elliptic curve E and a set of parameters, namely the field size q, a base point P over E. and tithe order of point P. The curve and the set of parameters are either domain parameters or claimant parameters.
C) Each point P used as the base for elliptic curve discrete logarithms shall be such that, for any arbitrary point J of the curve, finding an integer k in 10, n — 1J (if one exists) such that J = [kIP is computationally infeasible, where feasibility is defined by the context of use of the mechanism.
d) Every claimant shall be equipped with a private key.
e) Every verifier shall obtain an authentic copy of the public key corresponding to the claimants private key.
NOTE 2 The exact means by w1iich the verifier obtains a trusted copy of the public point specific to the daimant is beyond the scope of this part of ISO/IEC 29192. This may, for example, be achieved by the use of public-key certificates or by some other environment-dependent means.
f) Every verifier shall have the means to produce fresh strings of random bits. When coupons are not used, every claimant shall also have the means to produce fresh strings of random bits.
g) If the mechanism makes use of a hash-function, then all entities within the domain shall agree on a hash- function, e.g. one of the functions specified in ISOIIEC 101 18-3.
5.3 Key production
For claimant A, a fresh string shall be uniformly selected at random from the set {2, 3, …, n — 2). The string repesents the private key. denoted 0.
The number a = n gives the number of bits to be used to represent private keys.ISO/IEC 29192-4 pdf download.