< draft-groves-sakke-02.txt		draft-groves-sakke-03.txt >
	Network Working Group Groves		Network Working Group Groves
	Internet Draft CESG		Internet Draft CESG
	Intended Status: Informational April 19, 2011		Intended Status: Informational October 27, 2011
	Expires: October 21, 2011		Expires: April 29, 2012
	Sakai-Kasahara Key Establishment (SAKKE)		Sakai-Kasahara Key Establishment (SAKKE)
	draft-groves-sakke-02		draft-groves-sakke-03
	Status of this Memo		Status of this Memo
	This Internet-Draft is submitted to IETF in full conformance with the		This Internet-Draft is submitted to IETF in full conformance with the
	provisions of BCP 78 and BCP 79.		provisions of BCP 78 and BCP 79.
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that		Task Force (IETF), its areas, and its working groups. Note that
	other groups may also distribute working documents as Internet-		other groups may also distribute working documents as Internet-
	Drafts.		Drafts.
	skipping to change at page 1, line 32 ¶		skipping to change at page 1, line 32 ¶
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	The list of current Internet-Drafts can be accessed at		The list of current Internet-Drafts can be accessed at
	http://www.ietf.org/ietf/1id-abstracts.txt.		http://www.ietf.org/ietf/1id-abstracts.txt.
	The list of Internet-Draft Shadow Directories can be accessed at		The list of Internet-Draft Shadow Directories can be accessed at
	http://www.ietf.org/shadow.html.		http://www.ietf.org/shadow.html.
	This Internet-Draft will expire on October 21, 2011.		This Internet-Draft will expire on April 29, 2012.
	Copyright Notice		Copyright Notice
	Copyright (c) 2011 IETF Trust and the persons identified as the		Copyright (c) 2011 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 12, line 7 ¶		skipping to change at page 12, line 7 ¶
	this will have been provided to A by KMS_T along with its User		this will have been provided to A by KMS_T along with its User
	Private Keys. The Sender MUST carry out the following steps.		Private Keys. The Sender MUST carry out the following steps.
	1) Select a random ephemeral integer value for the Shared Secret		1) Select a random ephemeral integer value for the Shared Secret
	Value SSV in the range 0 to 2^n - 1.		Value SSV in the range 0 to 2^n - 1.
	2) Compute r = HashToIntegerRange( SSV || b , q , Hash ).		2) Compute r = HashToIntegerRange( SSV || b , q , Hash ).
	3) Compute R_(b,S) = [r]([b]P + Z_S) in E(F_p).		3) Compute R_(b,S) = [r]([b]P + Z_S) in E(F_p).
	4) Compute the Hint, H := SSV xor HashToIntegerRange( g^r, 2^n,		4) Compute the Hint, H.
	Hash ).
			a) Compute g^r. Note that g is an element of PF_p[q]
			represented by an element of F_p. Thus, in order to
			calculate g^r, the operation defined in Section 2.1 for
			calculation of A * B in PF_p[q] is to be used as part of a
			square and multiply (or similar) exponentiation algorithm,
			rather than the regular F_p operations.
			b) Compute H := SSV xor HashToIntegerRange( g^r, 2^n, Hash ).
	5) Form the Encapsulated Data ( R_(b,S) , H ) and transmit it to		5) Form the Encapsulated Data ( R_(b,S) , H ) and transmit it to
	B.		B.
	6) Output SSV for use to derive key material for the application		6) Output SSV for use to derive key material for the application
	to be keyed.		to be keyed.
	6.2.2. Receiver		6.2.2. Receiver
	Device B receives Encapsulated Data from device A. In order to		Device B receives Encapsulated Data from device A. In order to
	skipping to change at page 14, line 52 ¶		skipping to change at page 15, line 11 ¶
	- SCIS, 2003.		- SCIS, 2003.
	[SK-KEM] Barbosa, M., Chen, L., Cheng, Z., Chimley, M.,		[SK-KEM] Barbosa, M., Chen, L., Cheng, Z., Chimley, M.,
	Dent, A., Farshim, P., Harrison, K., Malone-Lee,		Dent, A., Farshim, P., Harrison, K., Malone-Lee,
	J., Smart, N. and F. Vercauteren, "SK-KEM: An		J., Smart, N. and F. Vercauteren, "SK-KEM: An
	Identity-Based KEM", submission for IEEE P1363.3,		Identity-Based KEM", submission for IEEE P1363.3,
	June 2006.		June 2006.
	(http://grouper.ieee.org/groups/1363/IBC/		(http://grouper.ieee.org/groups/1363/IBC/
	submissions/Barbosa-SK-KEM-2006-06.pdf)		submissions/Barbosa-SK-KEM-2006-06.pdf)
	[SP800-57] E. Barker, W. Barker, W. Burr, W. Polk and M.		[SP800-57] E. Barker, W. Barker, W. Burr, W. Polk and M.
			Smid, "Recommendation for Key Management - Part 1:
	Smid, "Recommendation for Key Management - Part 1:		General (Revised)," NIST Special Publication
	General (Revised)," NIST Special Publication		800-57, March 2007.
	800-57, March 2007.
	9.2. Informative References		9.2. Informative References
	[Barreto] Barreto, P., Kim, H., Lynn, B. and M. Scott		[Barreto] Barreto, P., Kim, H., Lynn, B. and M. Scott
	"Efficient Algorithms for Pairing-Based		"Efficient Algorithms for Pairing-Based
	Cryptosystems", Advances in Cryptology - Crypto		Cryptosystems", Advances in Cryptology - Crypto
	2002, LNCS 2442, Springer-Verlag (2002),		2002, LNCS 2442, Springer-Verlag (2002),
	pp.354-368.		pp.354-368.
	[MIKEY-SAKKE] Groves, M., "MIKEY-SAKKE: Sakai-Kasahara Key		[MIKEY-SAKKE] Groves, M., "MIKEY-SAKKE: Sakai-Kasahara Key
	Exchange in Multimedia Internet KEYing (MIKEY)",		Exchange in Multimedia Internet KEYing (MIKEY)",
	draft-groves-mikey-sakke-02 [work in progress],		draft-groves-mikey-sakke-03 [work in progress],
	April 2011.		October 2011.
	[Miller] Miller, V., "The Weil pairing, and its efficient		[Miller] Miller, V., "The Weil pairing, and its efficient
	calculation", J. Cryptology 17 (2004), 235-261.		calculation", J. Cryptology 17 (2004), 235-261.
	[P1363] IEEE P1363-2000, "Standard Specifications for		[P1363] IEEE P1363-2000, "Standard Specifications for
	Public-Key Cryptography," 2001.		Public-Key Cryptography," 2001.
	[RFC4086] Eastlake, D., Schiller, J., and S. Crocker,		[RFC4086] Eastlake, D., Schiller, J., and S. Crocker,
	"Randomness Requirements for Security", BCP 106,		"Randomness Requirements for Security", BCP 106,
	RFC 4086, June 2005.		RFC 4086, June 2005.
	[RFC5091] Boyen, X. and L. Martin, "Identity Based		[RFC5091] Boyen, X. and L. Martin, "Identity Based
	Cryptography Standard (IBCS) #1: Supersingular		Cryptography Standard (IBCS) #1: Supersingular
	Curve Implementations of the BF and BB1		Curve Implementations of the BF and BB1
	Cryptosystems", RFC 5091, December 2007.		Cryptosystems", RFC 5091, December 2007.
End of changes. 7 change blocks.
	15 lines changed or deleted		22 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/