Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2
RFC 5903
Document Type RFC - Informational (June 2010; Errata)
Obsoletes RFC 4753
Was draft-solinas-rfc4753bis (individual in sec area)
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Reviews
SECDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5903 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Tim Polk
Send notices to (None)
Email authors IPR 3 References Referenced by Nits 
Internet Engineering Task Force (IETF)                             D. Fu
Request for Comments: 5903                                    J. Solinas
Obsoletes: 4753                                                      NSA
Category: Informational                                        June 2010
ISSN: 2070-1721

  Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2

Abstract

   This document describes three Elliptic Curve Cryptography (ECC)
   groups for use in the Internet Key Exchange (IKE) and Internet Key
   Exchange version 2 (IKEv2) protocols in addition to previously
   defined groups.  These groups are based on modular arithmetic rather
   than binary arithmetic.  These groups are defined to align IKE and
   IKEv2 with other ECC implementations and standards, particularly NIST
   standards.  In addition, the curves defined here can provide more
   efficient implementation than previously defined ECC groups.  This
   document obsoletes RFC 4753.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc5903.

Fu & Solinas                  Informational                     [Page 1]
RFC 5903              ECP Groups for IKE and IKEv2             June 2010

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction ....................................................3
   2. Requirements Terminology ........................................4
   3. Additional ECC Groups ...........................................4
      3.1. 256-Bit Random ECP Group ...................................4
      3.2. 384-Bit Random ECP Group ...................................5
      3.3. 521-Bit Random ECP Group ...................................6
   4. Security Considerations .........................................7
   5. Alignment with Other Standards ..................................7
   6. IANA Considerations .............................................7
   7. ECP Key Exchange Data Formats ...................................8
   8. Test Vectors ....................................................9
      8.1. 256-Bit Random ECP Group ...................................9
      8.2. 384-Bit Random ECP Group ..................................10
      8.3. 521-Bit Random ECP Group ..................................11
   9. Changes from RFC 4753 ..........................................13
   10. References ....................................................13
      10.1. Normative References .....................................13
      10.2. Informative References ...................................14

Fu & Solinas                  Informational                     [Page 2]
RFC 5903              ECP Groups for IKE and IKEv2             June 2010

1.  Introduction

   This document describes default Diffie-Hellman groups for use in IKE
   and IKEv2 in addition to the Oakley Groups included in [IKE] and the
   additional groups defined since [IANA-IKE].  This document assumes
   that the reader is familiar with the IKE protocol and the concept of
   Oakley Groups, as defined in RFC 2409 [IKE].

   RFC 2409 [IKE] defines five standard Oakley Groups: three modular
   exponentiation groups and two elliptic curve groups over GF[2^N].
   One modular exponentiation group (768 bits - Oakley Group 1) is
   mandatory for all implementations to support, while the other four
   are optional.  Nineteen additional groups subsequently have been
   defined and assigned values by IANA.  All of these additional groups
   are optional.

   The purpose of this document is to expand the options available to
   implementers of elliptic curve groups by adding three ECP groups
   (elliptic curve groups modulo a prime).  The reasons for adding such
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools