Sakai-Kasahara Key Encryption (SAKKE)
RFC 6508
| Document | Type |
RFC - Informational
(February 2012; No errata)
Was draft-groves-sakke (individual in sec area)
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 6508 (Informational) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Sean Turner | ||
| IESG note | Tim Polk (tim.polk@nist.gov) is the shepherd. | ||
| Send notices to | tim.polk@nist.gov | ||
Internet Engineering Task Force (IETF) M. Groves
Request for Comments: 6508 CESG
Category: Informational February 2012
ISSN: 2070-1721
Sakai-Kasahara Key Encryption (SAKKE)
Abstract
In this document, the Sakai-Kasahara Key Encryption (SAKKE) algorithm
is described. This uses Identity-Based Encryption to exchange a
shared secret from a Sender to a Receiver.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It has been approved for publication by the Internet
Engineering Steering Group (IESG). Not all documents approved by the
IESG are a candidate for any level of Internet Standard; see Section
2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6508.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Groves Informational [Page 1]
RFC 6508 SAKKE February 2012
Table of Contents
1. Introduction ....................................................2
1.1. Requirements Terminology ...................................3
2. Notation and Definitions ........................................3
2.1. Notation ...................................................3
2.2. Definitions ................................................5
2.3. Parameters to Be Defined or Negotiated .....................6
3. Elliptic Curves and Pairings ....................................7
3.1. E(F_p^2) and the Distortion Map ............................7
3.2. The Tate-Lichtenbaum Pairing ...............................7
4. Representation of Values ........................................9
5. Supporting Algorithms ..........................................10
5.1. Hashing to an Integer Range ...............................10
6. The SAKKE Cryptosystem .........................................11
6.1. Setup .....................................................11
6.1.1. Secret Key Extraction ..............................11
6.1.2. User Provisioning ..................................11
6.2. Key Exchange ..............................................12
6.2.1. Sender .............................................12
6.2.2. Receiver ...........................................12
6.3. Group Communications ......................................13
7. Security Considerations ........................................13
8. References .....................................................15
8.1. Normative References ......................................15
8.2. Informative References ....................................15
Appendix A. Test Data..............................................17
1. Introduction
This document defines an efficient use of Identity-Based Encryption
(IBE) based on bilinear pairings. The Sakai-Kasahara IBE
cryptosystem [S-K] is described for establishment of a shared secret
value. This document adds to the IBE options available in [RFC5091],
providing an efficient primitive and an additional family of curves.
This document is restricted to a particular family of curves (see
Section 2.1) that have the benefit of a simple and efficient method
of calculating the pairing on which the Sakai-Kasahara IBE
cryptosystem is based.
IBE schemes allow public and private keys to be derived from
Identifiers. In fact, the Identifier can itself be viewed as
corresponding to a public key or certificate in a traditional public
key system. However, in IBE, the Identifier can be formed by both
Sender and Receiver, which obviates the necessity of providing public
keys through a third party or of transmitting certified public keys
Groves Informational [Page 2]
RFC 6508 SAKKE February 2012
during each session establishment. Furthermore, in an IBE system,
Show full document text