ISO IEC 9796-2 pdf download.Information technology — Security techniques — Digital signature schemes giving message recovery
1 Scope
This part of ISO/IEC 9796 specifies three digital signature schemes giving message recovery, two of which are deterministic (non-randomized) and one of which is randomized. The security of all three schemes is based on the difficulty of factorizing large numbers. All three schemes can provide either total or partial message recovery. This part of ISO/IEC 9796 specifies the method for key production for the three signature schemes. However, techniques for key management and for random number generation (as required for the randomized signature scheme) are outside the scope of this part of ISO/IEC 9796. The first mechanism specified in this part of ISO/IEC 9796 is only applicable for existing implementations, and is retained for reasons of backward compatibility.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 10118 (all parts), Information technology — Security techniques — Hash-functions
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. 3.1 capacity positive integer indicating the number of bits available within the signature for the recoverable part of the message 3.2 certificate domain collection of entities using public key certificates created by a single Certification Authority (CA) or a collection of CAs operating under a single security policy 3.3 certificate domain parameters cryptographic parameters specific to a certificate domain and which are known and agreed by all members of the certificate domain 3.4 collision-resistant hash-function hash-function satisfying the following property: ⎯ it is computationally infeasible to find any two distinct inputs which map to the same output [ISO/IEC 10118-1] 3.5 hash-code string of bits which is the output of a hash-function [ISO/IEC 10118-1] 3.6 hash-function function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties: ⎯ for a given output, it is computationally infeasible to find an input which maps to this output; ⎯ for a given input, it is computationally infeasible to find a second input which maps to the same output [ISO/IEC 9797-2] 3.7 mask generation function function which maps strings of bits to strings of bits of arbitrary specified length, satisfying the following property: ⎯ it is computationally infeasible to predict, given one part of an output but not the input, another part of the output 3.8 message string of bits of any length [ISO/IEC 14888-1] 3.9 message representative bit string derived as a function of the message and which is combined with the private signature key to yield the signature 3.10 nibble block of four consecutive bits (half an octet) 3.11 non-recoverable part part of the message stored or transmitted along with the signature; empty when message recovery is total 3.12 octet string of eight bits 3.13 private key key of an entity’s asymmetric key pair which should only be used by that entity [ISO/IEC 9798-1] 3.14 private signature key private key which defines the private signature transformation [ISO/IEC 9798-1] 3.15 public key key of an entity’s asymmetric key pair which can be made public [ISO/IEC 9798-1] 3.16 public key system 〈digital signature〉 cryptographic scheme consisting of three functions: ⎯ key production, a method for generating a key pair made up of a private signature key and a public verification key; ⎯ signature production, a method for generating a signature Σ from a message representative F and a private signature key; ⎯ signature opening, a method for obtaining the recovered message representative F* from a signature Σ and a public verification key NOTE The output of this function also contains an indication as to whether the signature opening procedure succeeded or failed. 3.17 public verification key public key which defines the public verification transformation [ISO/IEC 9798-1] 3.18 recoverable part part of the message conveyed in the signature 3.19 salt random data item produced by the signing entity during the generation of the message representative in Signature scheme 2 3.20 signature string of bits resulting from the signature process [ISO/IEC 14888-1] 3.21 trailer string of bits of length one or two octets, concatenated to the end of the recoverable part of the message during message representative production
ISO IEC 9796-2 pdf download
