PSEC-KEM

1
PSEC-KEM

• NTT
• Tetsutaro Kobayashi

2
Policy

• Elliptic curve cryptsystem
• IND-CCA2

3
Key Types

• Secret key SK ( s )
• Public key PK ( E , W , MGF , hLen
  ) E Elliptic curve parameter W Base point of
  E , W sP MGF Choice of MGF hLen Bit length
  of MGF output

4
Specification
Key encapsulation mechanisms

• ES-PSEC-KEM

• KGP-PSEC
• EP-PSEC
• DP-PSEC

• EME-PSEC-KEM-A
• EME-PSEC-KEM-B
• EME-PSEC-KEM-C
• EME-PSEC-KEM-D

Cryptograhic primitives
Encoding methods
5
Cryptographic Primitives

• EP-PSEC Encryption Q ?W C1 ?P
• DP-PSEC Decryption Q sC1

6
Encoding Methods

• EME-PSEC-A

hLen bit
32 bit
00000000
Random r
MGF
t
k
keyLen bit
pLen 128 bit

• EME-PSEC-B

(? t mod p )
?P
?W
32 bit
qmLen bit
qmLen bit
00000001
C1
Q
MGF
r
c2
hLen bit
hLen bit
hLen bit
C0 C1 c2
7
Elliptic Curve DH Problem

• Solve abP form given P , aP , bP on elliptic
  curve ? ECDHP is difficult

8
Comparison of Security
?
9
Advantage of Ellptic curve
10
Comparison of Efficiency
Group checking operation
11
Parameters

• Necessary conditions
• Parameters
• pLen ?160
• hLen ? 128
• Hash function
• Any

• Recommended conditions
• Parameters
• pLen 160
• hLen 160
• keyLen 256
• Hash function
• MGF MGF1-SHA1
• R Compressed

12
Evaluation by Implement

• Environment
• CPU Pentium-III 600MHz (FSB 100MHz)
• RAM 128MB
• OS Windows2000 5.0 (Build 2195) SP2
• Compiler Visual Studio 6 Enterprise SP5
• Language C
• Parameters
• Same as recommended conditions
• Prime field

13
Result
14
Status of Publicity

• Essential patent of PSEC
• Announcement of royalty-free licenses Apr 17,
  2001
• ISO JTC1 SC27 WG2 draft