Sean Shuo Shen

1
SeND CGA ECC Support

• Sean Shuo Shen
• sshen_at_huawei.com

2
Outline

• SeND CGAs PKI Support
• RSA is default, how about ECC?
• Why ECC?
• Parts in SENDCGA involving public keys
• Issues need to be addressed

3
Why ECC?

• Agility
• With the development of cryptography research,
  choice of cryptosystem is necessary
• Key Length

NIST s chart on security strength of different
crypto algorithms
ECC Open Source http// research.sun.com
/projects/crypto/
4
CGA Public Key

• Public Key
• Encoding rfc3280
• DER-encoded, ITU.X690
• RSA rfc3279
• algorithmidentifier rsaEncryption
• 1.2.840.113549.1.1.1
• RSApubickey

CGA Parameters Data Structure

• possibly
• ECC rfc3279
• section 2.3.5 rfc3279

5
SEND Public Key

• RSA Signature Option
• PKCS1 v1.5 signature
• Processing for Senders
• Processing for Receivers
• Performance

• ECC Signature Option
• Referred ECC standards
• Recommended elliptic curve parameters
• Performance

6
Issues compatibility

• RSA is mandatory in SENDCGA, other public key
  types are not used in SEND in order to avoid
  incompatibilities between implementations. So we
  need to do extra work
• Preference should be defined
• Negotiations of choices should be defined
• Negotiations between ECC-implemented node and
  non-ECC implemented node should be defined.

• Good Part
• If we make ECC-supporting be an extension of
  SENDCGA
• RSA-only nodes will not bother with PKC choices
  and interoperation.
• RSA-only nodes dont have to support ECC
  arithmetic

7
Questions?