Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2
RFC 5903
Document | Type |
RFC - Informational
(June 2010; Errata)
Obsoletes RFC 4753
Was draft-solinas-rfc4753bis (individual in sec area)
|
|
---|---|---|---|
Authors | Jerome Solinas , David Fu | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5903 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
Send notices to | (None) |
Internet Engineering Task Force (IETF) D. Fu Request for Comments: 5903 J. Solinas Obsoletes: 4753 NSA Category: Informational June 2010 ISSN: 2070-1721 Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2 Abstract This document describes three Elliptic Curve Cryptography (ECC) groups for use in the Internet Key Exchange (IKE) and Internet Key Exchange version 2 (IKEv2) protocols in addition to previously defined groups. These groups are based on modular arithmetic rather than binary arithmetic. These groups are defined to align IKE and IKEv2 with other ECC implementations and standards, particularly NIST standards. In addition, the curves defined here can provide more efficient implementation than previously defined ECC groups. This document obsoletes RFC 4753. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5903. Fu & Solinas Informational [Page 1] RFC 5903 ECP Groups for IKE and IKEv2 June 2010 Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction ....................................................3 2. Requirements Terminology ........................................4 3. Additional ECC Groups ...........................................4 3.1. 256-Bit Random ECP Group ...................................4 3.2. 384-Bit Random ECP Group ...................................5 3.3. 521-Bit Random ECP Group ...................................6 4. Security Considerations .........................................7 5. Alignment with Other Standards ..................................7 6. IANA Considerations .............................................7 7. ECP Key Exchange Data Formats ...................................8 8. Test Vectors ....................................................9 8.1. 256-Bit Random ECP Group ...................................9 8.2. 384-Bit Random ECP Group ..................................10 8.3. 521-Bit Random ECP Group ..................................11 9. Changes from RFC 4753 ..........................................13 10. References ....................................................13 10.1. Normative References .....................................13 10.2. Informative References ...................................14 Fu & Solinas Informational [Page 2] RFC 5903 ECP Groups for IKE and IKEv2 June 2010 1. Introduction This document describes default Diffie-Hellman groups for use in IKE and IKEv2 in addition to the Oakley Groups included in [IKE] and the additional groups defined since [IANA-IKE]. This document assumes that the reader is familiar with the IKE protocol and the concept of Oakley Groups, as defined in RFC 2409 [IKE]. RFC 2409 [IKE] defines five standard Oakley Groups: three modular exponentiation groups and two elliptic curve groups over GF[2^N]. One modular exponentiation group (768 bits - Oakley Group 1) is mandatory for all implementations to support, while the other four are optional. Nineteen additional groups subsequently have been defined and assigned values by IANA. All of these additional groups are optional. The purpose of this document is to expand the options available to implementers of elliptic curve groups by adding three ECP groups (elliptic curve groups modulo a prime). The reasons for adding suchShow full document text