ECP Groups For IKE and IKEv2
RFC 4753
Document | Type |
RFC - Informational
(January 2007; Errata)
Obsoleted by RFC 5903
Was draft-ietf-ipsec-ike-ecp-groups (individual in sec area)
|
|
---|---|---|---|
Authors | David Fu , Jerome Solinas | ||
Last updated | 2020-01-21 | ||
Stream | Internet Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4753 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group D. Fu Request for Comments: 4753 J. Solinas Category: Informational NSA January 2007 ECP Groups for IKE and IKEv2 Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document describes new Elliptic Curve Cryptography (ECC) groups for use in the Internet Key Exchange (IKE) and Internet Key Exchange version 2 (IKEv2) protocols in addition to previously defined groups. Specifically, the new curve groups are based on modular arithmetic rather than binary arithmetic. These new groups are defined to align IKE and IKEv2 with other ECC implementations and standards, particularly NIST standards. In addition, the curves defined here can provide more efficient implementation than previously defined ECC groups. Table of Contents 1. Introduction ....................................................2 2. Requirements Terminology ........................................3 3. Additional ECC Groups ...........................................3 3.1. 256-bit Random ECP Group ...................................3 3.2. 384-bit Random ECP Group ...................................4 3.3. 521-bit Random ECP Group ...................................5 4. Security Considerations .........................................6 5. Alignment with Other Standards ..................................6 6. IANA Considerations .............................................6 7. ECP Key Exchange Data Formats ...................................7 8. Test Vectors ....................................................7 8.1. 256-bit Random ECP Group ...................................8 8.2. 384-bit Random ECP Group ...................................9 8.3. 521-bit Random ECP Group ..................................10 9. References .....................................................12 Fu & Solinas Informational [Page 1] RFC 4753 ECP Groups for IKE and IKEv2 January 2007 1. Introduction This document describes default Diffie-Hellman groups for use in IKE and IKEv2 in addition to the Oakley groups included in [IKE] and the additional groups defined since [IANA-IKE]. This document assumes that the reader is familiar with the IKE protocol and the concept of Oakley Groups, as defined in RFC 2409 [IKE]. RFC 2409 [IKE] defines five standard Oakley Groups: three modular exponentiation groups and two elliptic curve groups over GF[2^N]. One modular exponentiation group (768 bits - Oakley Group 1) is mandatory for all implementations to support, while the other four are optional. Thirteen additional groups subsequently have been defined and assigned values by IANA. All of these additional groups are optional. Of the eighteen groups defined so far, eight are MODP groups (exponentiation groups modulo a prime), and ten are EC2N groups (elliptic curve groups over GF[2^N]). See [RFC3526] for more information on MODP groups. The purpose of this document is to expand the options available to implementers of elliptic curve groups by adding three ECP groups (elliptic curve groups modulo a prime). The reasons for adding such groups include the following. - The groups proposed afford efficiency advantages in software applications since the underlying arithmetic is integer arithmetic modulo a prime rather than binary field arithmetic. (Additional computational advantages for these groups are presented in [GMN].) - The groups proposed encourage alignment with other elliptic curve standards. The proposed groups are among those standardized by NIST, the Standards for Efficient Cryptography Group (SECG), ISO, and ANSI. (See Section 5 for details.) - The groups proposed are capable of providing security consistent with the new Advanced Encryption Standard. These groups could also be defined using the New Group Mode, but including them in this RFC will encourage interoperability of IKE implementations based upon elliptic curve groups. In addition, the availability of standardized groups will result in optimizations for a particular curve and field size and allow precomputation that could result in faster implementations. In summary, due to the performance advantages of elliptic curve groups in IKE implementations and the need for further alignment with other standards, this document defines three elliptic curve groups based on modular arithmetic.Show full document text