Archived NIST Technical Series Publication The attached publication has been archived (withdrawn), and is provided solely for historical purposes. It may have been superseded by another publication (indicated below). Archived Publication Series/Number: NIST Special Publication 800-56B Title: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography Publication Date(s): August 2009 Withdrawal Date: September 30, 2014 Withdrawal Note: SP 800-56B is superseded in its entirety by the publication of SP 800-56B Revision 1 (September 2014). Superseding Publication(s) The attached publication has been superseded by the following publication(s): Series/Number: NIST Special Publication 800-56B Revision 1 Title: Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography Author(s): Elaine Barker, Lily Chen, Dustin Moody Publication Date(s): September 2014 URL/DOI: http://dx.doi.org/10.6028/NIST.SP.800-56Br1 Additional Information (if applicable) Contact: Computer Security Division (Information Technology Lab) Latest revision of the SP 800-56B Revision 1 (as of July 15, 2015) attached publication: Related information: http://csrc.nist.gov/groups/ST/toolkit/key_management.html Withdrawal N/A announcement (link): Date updated: JuůLJϭϱ, 2015 NIST Special Publication 800-56B Recommendation for Pair-Wise August 2009 Key Establishment Schemes Using Integer Factorization Cryptography Elaine Barker, Lily Chen, Andrew Regenscheid, and Miles Smid C O M P U T E R S E C U R I T Y NIST SP 800-56B: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography August 2009 Abstract This Recommendation specifies key establishment schemes using integer factorization cryptography, based on ANS X9.44, Key Establishment using Integer Factorization Cryptography [12], which was developed by the Accredited Standards Committee (ASC) X9, Inc. KEY WORDS: assurances; integer factorization cryptography; key agreement; key confirmation; key derivation; key establishment; key management; key recovery; key transport. 2 NIST SP 800-56B: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography August 2009 Acknowledgements The National Institute of Standards and Technology (NIST) gratefully acknowledges and appreciates contributions by Rich Davis from the National Security Agency concerning the many security issues associated with this Recommendation. NIST also thanks the many contributions by the public and private sectors whose thoughtful and constructive comments improved the quality and usefulness of this publication. 3 NIST SP 800-56B: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography August 2009 Authority This document has been developed by the National Institute of Standards and Technology (NIST) in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets, but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III. This Recommendation has been prepared for use by federal agencies. It may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright. (Attribution would be appreciated by NIST.) Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. Conformance testing for implementations of key establishment schemes, as specified in this Recommendation, will be conducted within the framework of the Cryptographic Module Validation Program (CMVP), a joint effort of NIST and the Communications Security Establishment Canada. An implementation of a key establishment scheme must adhere to the requirements in this Recommendation in order to be validated under the CMVP. The requirements of this Recommendation are indicated by the word “shall.” 4 NIST SP 800-56B: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography August 2009 Table of Contents 1 Introduction.........................................................................................................10 2 Scope and Purpose ..............................................................................................10 3 Definitions, Symbols and Abbreviations............................................................11 3.1 Definitions...................................................................................................................... 11 3.2 Symbols and Abbreviations ........................................................................................... 18 4 Key Establishment Schemes Overview..............................................................24 4.1 Key Establishment Preparations by an Owner............................................................... 24 4.2 Key Agreement Process................................................................................................. 26 4.3 IFC-based Key Transport Process ................................................................................. 27 5 Cryptographic Elements .....................................................................................29 5.1 Cryptographic Hash Functions ...................................................................................... 29 5.2 Message Authentication Code (MAC) Algorithm......................................................... 29 5.2.1 MacTag Computation ........................................................................................ 29 5.2.2 MacTag Checking.............................................................................................. 30 5.2.3 Implementation Validation Message ................................................................. 30 5.3 Random Bit Generation ................................................................................................. 30 5.4 Prime Number Generators ............................................................................................. 30 5.5 Primality Testing Methods............................................................................................. 31 5.6 Nonces............................................................................................................................ 31 5.7 Symmetric Key-Wrapping Algorithms.......................................................................... 31 5.8 Mask Generation Function (MGF) ................................................................................ 32 5.9 Key Derivation Functions for Key Establishment Schemes.......................................... 33 5.9.1 Concatenation Key Derivation Function (Approved Alternative 1).................. 34 5.9.2 ASN.1 Key Derivation Function (Approved Alternative 2).............................. 36 6 RSA Key Pairs ....................................................................................................39 5 NIST SP 800-56B: Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography August 2009 6.1 General Requirements.................................................................................................... 39 6.2 Criteria for RSA Key Pairs for Key Establishment ....................................................... 40 6.2.1 Definition of a Key Pair..................................................................................... 40 6.2.2 Formats .............................................................................................................. 41 6.2.3 Parameter Length Sets ....................................................................................... 42 6.3 RSA Key Pair Generators .............................................................................................. 43 6.3.1 RSAKPG1 Family: RSA Key Pair Generation with a Fixed Public Exponent . 43 6.3.2 RSAKPG2 Family: RSA Key Pair Generation with a Random Public Exponent ............................................................................................................................ 45 6.4 Assurances of Validity................................................................................................... 48 6.4.1 Assurance of Key Pair Validity ......................................................................... 48 6.4.2 Recipient Assurances of Public Key Validity.................................................... 55 6.5 Assurances of Private Key Possession........................................................................... 56 6.5.1 Owner Assurance of Private Key Possession .................................................... 56 6.5.2 Recipient Assurance of Owner’s Possession of a Private Key.......................... 57 6.6 Key Confirmation .........................................................................................................