Information Technology Reference
In-Depth Information
F
2
m
,where
m
is a positive integer number, then the equation of the elliptic curve is:
On the other hand, if the finite field is a binary field, i.e.
F
=
y
2
+
xy
=
x
3
+
ax
2
+
b.
(3)
Typical applications in security are key exchange, digital signatures and data
encryption. For those three applications, there are lots of standards, some of
them implemented through ECC. The best known ECC schemes and protocols
are the Elliptic Curve Die Hellman (ECDH), a key agreement protocol [3,4];
the Elliptic Curve Digital Signature Algorithm (ECDSA), equivalent to the DSA
algorithm [13]; and the Elliptic Curve Integrated Encryption Scheme, the most
extended ECC encryption scheme, defined in ANSI X9.63 [14], IEEE 1363a [15],
and ISO/IEC 18033-2 [16].
As its name properly indicates, ECIES is an integrated encryption scheme
which uses the following functions:
-
Key Agreement (KA): Function used for the generation of a shared secret
by two parties.
-
Key Derivation Function (KDF): Mechanism that produces a set of keys
from keying material and some optional parameters.
-
Encryption (ENC): Symmetric encryption algorithm.
-
Message Authentication Code (MAC): The output of the MAC function is
the data used to authenticate a message.
-
Hash (HASH): Digest function, used within the KDF and the MAC function.
3 ECIES Support in Java Card
Java Card is a framework for programming and executing applications in smart
cards developed by Sun and several smart card providers. Java Card version 2.1
already presented some cryptographic capabilities (e.g. DES, RSA, SHA-1, etc.),
but the support for ECC was not included until version 2.2.
Even though ECDH and ECDSA are available in several versions of Java
Card, and thus a programmer can use both ECC schemes by calling the proper
methods of the Java Card API, this is not the case for ECIES. In fact, not only
ECIES is not directly implemented as a single primitive in Java Card, but some
of the functionality needed (e.g. the KDF and some MAC functions) must be
developed by the programmer. To our knowledge, no ECIES implementation has
been developed in Java Card prior to ours.
Java Card 2.2.1 implements the following functionality related to ECIES:
-
KA function: Both Die-Hellman (DH) and the related Die-Hellman with
cofactor (DHC), with the peculiarity that, instead of the product of the
sender's ephemeral private key and the recipient's public key, both functions
provide the SHA-1 output of that result.
-
ENC function: AES with key length 128, 192, and 256 bits in modes CBC
and ECB (in both cases without padding).
Search WWH ::
Custom Search