TM HIU LC CH K S

DIGITAL SIGNATURE STANDARD

1. Gii thiu chung.
1.1 Gii thiu.
Trong ti ny, chng ta xem xt cc s ch k s (cn c gi l ch k s). Ch
k vit tay thng thng trn ti liu c dng xc minh ngi k n. Ch k c dng
hng ngy chng hn nh trn mt bc th nhn tin t nh bng, k hp ng....
S ch k l phng php k mt bc in lu di dng in t. Chng hn mt bc
in c k hiu c truyn trn mng my tnh. Chng trnh ny nghin cu vi s ch
k. Ta s tho lun trn mt vi khc bit c bn gia cc ch k thng thng v ch k s.
u tin l mt vn k mt ti liu: vi ch k thng thng n l mt phn vt l ca
ti liu. Tuy nhin, mt ch k s khng gn theo kiu vt l vo bc in nn thut ton
c dng phi khng nhn thy theo cch no trn bc in.
Th hai l vn v kim tra. Ch k thng thng c kim tra bng cch so snh vi
ch k xc thc khc. V d, ai k mt tm sc mua hng, ngi bn phi so snh ch
k trn mng giy vi ch k nm mt sau ca th tn dng kim tra. D nhin, y
khng phi l phng php an ton v c th d dng gi mo.
S khc bit c bn gia ch k s v ch k thng thng bn copy ti liu c k bng
ch k s ng nht vi bn gc, cn phi copy ti liu c ch k trn giy thng c th
khc so vi bn gc. iu ny c ngha l phi cn thn ngn chn mt bc k s khi b
dng li.
1.2 nh ngha ch k s.
Mt s ch k s thng cha hai thnh phn: thut ton k v thut ton xc minh.
Ch k sig(x) nhn c c th kim tra bng thut ton xc minh cng khai ver. Khi cho
trc cp (x, y), thut ton xc minh c gi tr TRUE hay FALSE ty thuc vo ch k c
thc hin nh th no. Di y l nh ngha hnh thc ca ch k:
Mt s ch k s l b 5 (P, A, K, S, V) tha mn cc iu kin di y:
1. P l tp hp cc bc in c th.
2. A l tp hp hu hn cc ch k c th.
3. K khng gian kha l tp hu hn cc kha c th.
4. Vi mi K thuc K tn ti mt thut ton k sigk S v l mt thut ton xc minh
verk V. Mi sigk: P A v verk : P x A { true, false} l nhng bn sao cho mi b m
x P v mi ch k y A tha mn phng trnh:
nu y = sig(x)
Verk
False nu y sig(x)
Vi mi k thuc K hm sigk v verk l cc hm thi gian a thc. Verk s l hm cng
khai sigk l mt. Khng th d dng tnh ton gi mo ch k ca ngi dng trn bc

1
in x. Ngha l x cho trc, ch c ngi dng mi c th tnh ton c y verk = true.
Mt s ch k s khng th an ton v iu kin v hacker c th kim tra tt c cc ch
k s c th c trn bc in x nh dng thut ton ver cng khai cho n khi anh ta tm thy
mt ch k ng. V th nu c thi gian th mi hacker lun lun c th gi mo ch k
ca ngi dng. Nh vy, ging nh trng hp h thng m ha kha cng khai, mc ch
ca chng ta l tm cc s ch k s an ton v mt tnh ton.
1.3 Cc tiu chun
Tiu chun ny xc nh phng php cho ch k k thut s th h c th c s dng
bo v d liu nh phn (thng c gi l mt tin nhn), v xc minh v xc nhn ca
nhng ch k k thut s. Ba k thut c ph duyt.
1. Thut ton ch k k thut s (DSA) c ch nh trong tiu chun ny. c im
k thut bao gm cc tiu ch cho cc th h ca cc tn min thng s, cho cc th h ca
cc cp kha cng cng v t nhn v cho cc th h v xc nhn ch k s.
2. Cc thut ton RSA ch k s c quy nh M quc gia tiu chun (ANS)
X9.31 v khu vc cha kha mt m tiu chun (PKCS) #1. FIPS 186-3 chp thun vic s
dng ca hin thc ca mt trong hai hoc c hai ca nhng tiu chun ny, nhng xc nh
yu cu b sung.
3. Cc elip cong Digital Signature Algorithm (ECDSA) c ch nh trong ANS
X9.62. FIPS 186-3 chp thun vic s dng cc ECDSA, nhng xc nh yu cu b sung.
ng cong elip c ngh cho chnh ph lin bang s dng c cung cp y.
Tiu chun ny bao gm cc yu cu cho vic thu thp cc s bo m cn thit cho ch
k k thut s hp l. Phng php cho vic thu thp nhng iu bo m c cung cp
ti NIST c bit n phm (SP) 800-89, khuyn ngh c c s m bo cho cc ng
dng ch k k thut s.
Mt ch k k thut s l mt tng t in t ca mt ch k vit; ch k in t c th
c s dng cung cp bo m rng k tuyn b k thng tin. Ngoi ra, mt ch k
k thut s c th c s dng pht hin c hoc khng c cc thng tin thay i sau
khi n c k kt (v d, pht hin s ton vn ca d liu k). C th thu c
nhng s bo m cho d cc d liu nhn c trong mt truyn hoc ly t kho. Mt
thut ton thc hin ng ch k in t p ng cc yu cu ca tiu chun ny c th cung
cp cc dch v.

2
 Mt thut ton ch k s bao gm mt qu trnh th h ch k v mt qu trnh xc minh
ch k. K s dng qu trnh th h to ra mt ch k k thut s trn d liu; verifier
mt s dng qu trnh xc minh xc minh tnh xc thc ca ch k. Mi k c mt cha

Ch k th h Ch k xc minh

Tin nhn/d liu Tin nhn/d liu

Hm bm Hm bm

M ha tin nhn M ha tin nhn

Kha cng Ch k xc
Kha Ch k th khai minh Hp l
ring h Ch k hoc khng
hp l
Hnh 1: Quy trnh k thut s ch k

kha cng cng v t nhn v ch s hu m cp kha. Nh minh ho trong hnh 1, kha

ring c s dng trong qu trnh th h ch k. Ch s hu cp chnh l cc thc th duy
nht c y quyn s dng kha ring to ch k s. ngn chn cc thc th t
xng l ch s hu cp kha v bng cch s dng kha ring to ch k la o, kha
ring phi gi b mt. Cc thut ton c ph duyt ch k in t c thit k ngn
chn mt k th ngi khng bit tham gia kha ring t vic to ch k tng t nh tham
gia vo mt thng bo khc nhau. Ni cch khc, ch k c thit k h khng th l
gi mo. Mt s thay th cm t c s dng trong tiu chun ny tham chiu n ch
s hu do hoc kha cp. Mt t chc d nh to ch k s trong tng lai c th c
gi l d nh tham gia. Trc khi xc minh th k, k c gi l tuyn b k cho n
khi thi gian nh m bo y c th thu c ca danh tnh thc s ca k.
Cc kha cng khai c s dng trong qu trnh xc minh ch k (xem hnh 1). Cha
kha cng cng cn khng c gi b mt, nhng tnh ton vn ca n phi c duy tr.
Bt c ai c th xc minh th k mt cch chnh xc bng cch s dng cha kha cng
cng.

3
 Cho c cc ch k th h v xc minh qu trnh, thng bo (v d, cc d liu k) c
chuyn thnh mt i din c nh di ca tin nhn bng phng tin ca mt hm bm
c chp thun. Th gc v ch k s c to sn cho mt verifier.
Verifier mt i hi phi bo m rng cc kha cng khai c s dng xc minh
ch k thuc v cc t chc m tuyn b to ra mt ch k k thut s (tc l, k tuyn
b). C ngha l, mt verifier i hi phi bo m rng k l ch s hu thc t ca cc
cp chnh cng/t, c s dng to ra v xc minh ch k in t. Mt rng buc ca
mt ch s hu bn sc v cha kha cng cng ca ch s hu s c thc hin cung
cp bo m ny.
Cng i hi phi m bo rng ch s hu chnh i thc s s hu kha ring gn lin
vi cc kha cng khai v kha cng khai l mt cha kha chnh xc v mt ton hc.
Bng cch ly nhng s bo m, verifier m bo rng nu ch k k thut s c th
c xc nhn mt cch chnh xc bng cch s dng cha kha cng cng, ch k in t
c hiu lc (tc l, cc ch s hu chnh i thc s k th). Xc nhn ch k s bao gm
c vic xc minh (ton hc) ca ch k s v nhn c s m bo thch hp. Di y l
cc l do ti sao nh vy bo m yu cu.
2. Gii thut ch k k thut s (DSA).
2.1. Thng s DSA.
Mt ch k k thut s DSA l tnh ton bng cch s dng mt tp hp cc thng s tn
min, mt x chnh ring, mi tin nhn b mt mt s k, d liu c k v mt hm bm.
Mt ch k k thut s c xc minh bng cch s dng cc tham s min tng t, mt
cha kha cng cng y l ton hc kt hp vi phm x ring dng to ch k k thut
s, d liu c xc minh v cng mt hm bm c s dng trong th h ch k. Cc
tham s c xc nh nh sau:

p mt m un c a, ni 2L1 < p < 2L, v L l chiu di bit ca trang gi tr cho L c

cung cp trong phn phn 4.2.

q mt c s nguyn t ca (p-1), ni 2N1 < q < 2 N v N l di bit ca q. gi tr cho

N c cung cp trong phn phn 4.2.
g mt my pht in ca nhm con ca th t q mod p, sao cho 1< g< p
x kha ring phi gi b mt; x l mt s nguyn ngu nhin hoc pseudorandomly c
to ra, nh vy m 0 < x < q, v d, x l trong khong [1, q-1].

y cha kha cng cng, ni y = gx mod p.

k mt s b mt m l duy nht cho mi tin nhn; k l mt s nguyn ngu nhin hoc
pseudorandomly c to ra, nh vy m 0 < k < q, tc l, k l trong khong [1, q-1].
4
2.2. La chn cc tham s kch c v chc nng bm cho DSA.
Tiu chun ny ch nh cc la chn sau cho cc cp L v N ( di bit ca p v q, tng
ng):
L = 1024, N = 160
L = 2048, N = 224
L = 2048, N = 256
L = 3072, N = 256
Chnh ph lin bang s to ra ch k s s dng s dng mt hoc nhiu ca cc la chn
ny.
Mt hm bm c chp thun, nh c ch ra trong FIPS 180-3, s c s dng trong
th h ca ch k s. Sc mnh an ninh lin quan n qu trnh ch DSA l khng ln hn
ti thiu sc mnh an ninh (L, N) cp v sc mnh an ninh ca hm bm c s dng.
Sc mnh an ninh ca hm bm c s dng v sc mnh an ninh (L, N) cp s p ng
hoc vt qu sc mnh an ninh cn thit cho qu trnh k thut s ch k. Sc mnh an
ninh cho mi (L, N) cp v bm chc nng c cung cp trong SP 800-57.
SP 800-57 cung cp thng tin v vic la chn thch hp (L, N) cp ph hp vi mt sc
mnh mong mun bo mt cho mt khong thi gian nht nh cho cc th h ca ch k
s. Mt (L, N) cp s c la chn m bo v thng tin ch k trong sut cuc i d
kin ton b cc thng tin . Cho v d, nu mt ch k s c to ra trong nm 2009
cho cc thng tin cn c bo v trong nm nm, v mt cp c bit (L, N) l khng hp
l sau nm 2010, sau mt ln hn (L, N) cp s c s dng vn cn hp l cho ton
b thi gian ca thi gian m thng tin trn cn phi c bo v.
l khuyn co rng sc mnh an ninh (L, N) cp v sc mnh an ninh ca hm bm
c s dng cho cc th h ca ch k s l nh vy tr khi mt tha thun c thc
hin gia cc thc th tham gia s dng mt hm bm mnh m hn. Khi chiu di ca
u ra ca hm bm l ln hn N (tc l, cht chiu di ca q), sau N bit tn cng bn
tri ca khi u ra chc nng bm s c s dng trong bt k tnh ton bng cch s
dng u ra chc nng bm trong cc th h hoc xc minh mt sig k thut s bn cht.
Mt hm bm cung cp sc mnh an ninh thp hn (L, N) ghp thng khng nn c
s dng, v iu ny s lm gim sc mnh an ninh ca qu trnh k thut s ch k n
mt mc khng ln hn c cung cp bi hm bm.
Mt chnh ph lin bang thc th khc hn l mt c quan chng nhn (CA) nn s dng
ch l ngi u tin ba (L, N) cp (tc l, cc (1024, 160), (2048, 224) v (2048, 256)
cp). Mt CA s s dng mt (L, N) cp l bng hoc ln hn (L, N) cp c s dng bi
cc thu bao. V d, nu thu bao ang s dng cc (2048, 224) ghp ni, sau CA s s

5
dng mt trong hai ngi (2048, 224), (2048, 256) hoc (3072, 256) cp. C th c trng
hp ngoi l cho quy tc ny bao gm cc chng nhn cho gia CAs, cha xc nhn cho
cc mc ch khc vi ch k s v chuyn tip t mt kch thc quan trng hoc cc
thut ton khc. Xem SP 800-57 c hng dn thm.
2.3. Min tham s DSA.
DSA i hi cc cp kha ring/khu vc c s dng cho th h k thut s ch k v
xc minh c to ra i vi mt tp hp c th ca tn min tham s. Cc tham s tn
min c th c ph bin cho mt nhm ngi dng v c th c cng khai. Ngi
dng ca mt tp hp cc thng s tn min (v d, k v verifier) c trch nhim bo m
hiu lc ca h trc khi s dng chng (xem phn 3). Mc d tn min tham s c th l
thng tin cng cng, h s c qun l cho th t chnh xc gia mt cp kha nht
nh v thit lp ca tham s tn min mnh c duy tr cho tt c cc bn s dng cp
kha. Mt tp hp cc tn min thng s c th vn c nh cho mt khong thi gian di.
2.3.1. Tn min tham s th h.
Tn min tham s c th c to ra bi mt bn th ba tin cy (mt TTP, chng hn nh
mt CA), hoc bng mt thc th khc hn l mt TTP. m bo tn min tham s hiu
lc phi c ly trc khi ch k k thut s th h, xc minh ch k in t hoc th h
ch cht cp (xem phn 3).
Cc s nguyn p v q s c to ra nh quy nh ti ph lc A.1. u vo cho qu trnh
th h l cc gi tr c chn ca L v N (xem phn 2.2); u ra ca qu trnh th h l
cc gi tr p v q, ty chn, cc gi tr ca domain_parameter_seed v truy cp
My pht in g s c to ra nh quy nh ti ph lc A.2.
Sc mnh an ninh ca mt hm bm c s dng trong th h ca tham s tn min s
p ng hoc vt qu sc mnh an ninh lin quan (L, N) cp. Lu rng y l hn ch
hn so vi hm bm c th c s dng cho qu trnh ch k k thut s (xem phn 2.2).
2.3.2. Qun l tn min tham s.
Mi cp kha k thut s ch k c mt cch chnh xc kt hp vi mt tp hp c th
ca tham s tn min (v d, bi mt khu vc quan trng chng ch xc nh cc thng s
tn min lin kt vi cc kha cng khai). Cc thng s tn min s c bo v t tri
php thay i cho n khi cc thit lp ngng hot ng (nu v khi cc thit lp khng
cn t ch trc). Cc thng s tn min tng t c th c s dng cho nhiu mc
ch (v d: cng mt tn min tham s c th c s dng cho ch k s v thnh lp
chnh). Tuy nhin, bng cch s dng gi tr khc nhau cho cc my pht in g lm gim
nguy c rng cha kha cp c to ra cho mt mc ch c th c v tnh s dng
(thnh cng) cho cc mc ch khc.
2.4. Cp kha.

6
Mi k kt c mt cp kha: mt kha b mt x v mt kha cng khai y rng v mt ton
hc c lin quan vi nhau. Kha b mt s c s dng cho duy nht mt khong thi
gian c nh thi gian (v d, kha ring cryptoperiod), trong ch k k thut s c th
c to ra; kha cng khai c th tip tc c s dng cng lu, ch k s c to
ra bng cch s dng lin quan tin chnh cn phi c xc nhn (v d, kha cng khai c
th tip tc c s dng vt qu cryptoperiod ca lin private key).

2.4.1. H cp kha DSA.

Mt ch k s cp kha x v y c to ra cho mt tp hp cc thng s tn min
( p , q , g {,domain_parameter_seed , truy cp }).

2.4.2. Qun l cp kha.

Hng dn v cng tc bo v ca cp kha c cung cp trong SP 800-57. Vic s dng
an ton ca k thut sch k ph thuc vo cng tc qun l ch k k thut s cp kha
ca mt thc th nh sau:
1. Hiu lc ca cc thng s min s c m bo trc khi th h ca kha
cp, hoc xc minh v xc nhn ca mt ch k in t.
2. Mi cp kha s c lin kt vi cc thng s min theo cc cp kha
c to ra.
3. Mt cp kha s ch c s dng to ra v xc minh ch k s dng tn min cc
thng s lin quan n cp kha.
4. Cc kha b mt s ch c s dng cho th h ch k theo quy nh ti Tiu chun ny
v s c gi b mt; kha cng khai s ch c s dng xc minh ch k v cha
c cng khai.
5. Mt k kt d nh s c s m bo ca s hu kha ring trc hoc
ng thi vi vic s dng n to ra mt ch k k thut s.
6. Mt kha ring s c bo v khi nhng truy cp tri php, tit l v sa i.
7. Mt kha cng khai s c bo v khi sa i tri php (bao gm thay th).
V d, chng thc kha cng khai c k bi mt CA c th cung cp s bo h .
8. Mt ngi xc minh s c yn tm v mt rng buc gia kha cng khai, min lin
quan thng s v ch s hu cp kha (xem Phn 1).
9. Mt ngi xc minh s c kha cng khai mt cch ng tin cy (v d, t mt giy
chng nhn c ch k ca CA rng tin tng t chc no, hoc trc tip t ngi k d
nh hoc khng nh, vi iu kin cc thc th c tin tng bi ngi xc minh v c
th c chng thc l ngun gc ca k thng tin m l c xc nhn).
10. B kim tra phi c m bo rng ngi k tuyn b l ch s hu cp kha, v rng
ch s hu kha b mt c s dng to ra ch k s vo thi im rng ch k
c to ra (v d, cc kha b mt c lin kt vi cng chng quan trng m s c
s dng xc minh ch k k thut s).
11. Mt k v xc minh phi c m bo tnh hp l ca kha cng khai.

2.5. DSA Per-tin nhn b mt S.

7
Mt b mt mi s ngu nhin k phi c to ra trc khi th h ca mi k thut s ch
k s dng trong qu trnh to ch k. S b mt ny s c bo v
t tit l tri php v sa i.
1 l nghch o ca k i vi nhn modulo vi q ; v d, 0 < 1 <q
v 1 = ( k 1 ) mod q. Nghch o ny l cn thit cho qu trnh to ch k. Mt k thut
c quy nh ti Ph lc C.1 cho pht sinh 1 t k. k v 1 c th c tnh ton trc,
v kin thc ca thng ip s c k kt l khng cn thit cho
cc tnh ton. Khi k v 1 l tnh ton trc, bo mt v tnh ton vn ca h s c bo
v.

2.6. Th h ch k DSA.
Hy N c di bit ca q. Hy min ca ( N , outlen ) biu th mc ti thiu ca s
nguyn dng N v outlen , ni outlen l di bit ca khi lng hm bm.
Ch k ca mt thng ip M bao gm cc cp s r v s c tnh theo
cc phng trnh sau y:
r = ( mod p ) mod q.
z = tn cng bn tri min( N, outlen ) bit ca Hash ( M ).
s = ( 1 ( z + xr )) mod q .
Khi tnh ton s , chui z thu c t Hash ( M ) s c chuyn i sang mt s
nguyn. Cc quy tc chuyn i c cung cp ti Ph lc C.2.
Lu rng r c th c tnh ton bt c khi no k , p , q v g c sn, v d, bt c khi no
min thng s p , q v g c bit n, v k c in sn tnh (xem Phn 4.5), r cng
c th c tnh li, v kin thc ca thng ip s c k kt l khng cn thit cho vic
tnh ton ca r . Tnh ton li k , 1 v r gi tr phi c bo v theo cch tng t nh
cc tin cha kha x cho n khi s c tnh ton (xem SP 800-57).
Cc gi tr ca r v s s c kim tra xc nh xem r = 0 hay s = 0. Nu mt trong
hai r = 0 hay s = 0, mt gi tr mi ca k s c to ra, v ch k s c tnh ton li. N
l thc s khng chc rng r = 0 hay s = 0 nu ch k c to ra ng cch.
Ch k ( r , s ) c th c truyn cng vi cc thng ip ti ngi xc minh.

2.7. Ch k xc nhn DSA v thi hn.

Xc minh ch k c th c thc hin bi bt c bn no (v d, ngi k, ngi nhn
nh hoc bt k bn no khc) s dng kha cng khai ca ngi k. Mt k kt c th
mun xc minh rng ch k c tnh ton l ng trc khi gi thng ip k hp ng
vi cc d nh ngi nhn. Ngi nhn c nh (hoc bt k bn no khc) xc minh
ch k xc nh ca n tnh xc thc.
Trc khi xc minh ch k ca th k, cc thng s tn min, v tuyn b quan trng
v tnh cng khai ca ngi k s c cung cp cho ngi xc minh trong mt chng
thc cch thc. Cha kha no c th, v d, thu c di dng mt giy chng nhn c
ch k ca t chc ng tin cy (v d, mt CA) hoc trong mt cuc hp mt i mt vi
ch s hu kha cng khai.

8
Hy M ', r ', v s 'l phin bn nhn ca M , r v s , tng ng; hy y l cha kha cng
cng ca ngi k bo h; v cho N l chiu di bit ca q . Ngoi ra, chng ta hy
min( N , outlen ) biu th ti thiu ca s nguyn dng N v outlen , ni outlen l di
bit ca bm khi bm chc nng u ra.
Qu trnh xc minh ch k nh sau:
1. Xc minh c trch nhim kim tra xem 0 < r '< q v 0 < s ' < q ; nu mt trong hai iu
kin l vi phm, ch k s b t chi l khng hp l.
2. Nu hai iu kin bc 1 c hi lng, ngi xc minh tnh nh sau:
w = ( s ') -1mod q.
z = tn cng bn tri pht ( N, outlen ) bit ca Hash ( M ').
u 1 = ( ZW ) mod q.
u 2 = (( r ') w ) mod q.
v = ((( g )u 1( Y )u 2) Mod p ) mod q .
Mt k thut c quy nh ti Ph lc C.1 cho pht sinh ( s ') - 1 (tc l, nhn gingnghch
o ca s mod ' q ).
Chui z thu c t Hash ( M ') s c chuyn i sang mt s nguyn. vic quy i quy
tc c quy nh ti Ph lc C.2.
3. Nu v = r ', sau ch k c xc minh. i vi mt bng chng cho thy v =
r 'khi M ' = M , r ' = r v s '= S , xem Ph lc E.
4. Nu v khng bng r ', sau c thng bo hoc ch k c th c sa i, c th
l mt li trong qu trnh to ca ngi k, hoc mt k mo danh (ngi khng bit kha
ring gn lin vi kha cng khai ca ngi k tuyn b) c th c c gng gi mo ch
k. Ch k s c coi l khng hp l. khng suy lun c th c thc hin nh vic
liu cc d liu c gi tr, ch rng khi s dng kha cng khai xc minh ch k, ch k
l khng chnh xc cho d liu .
5. Trc khi chp nhn ch k l hp l, ngi xc minh phi c s bo m theo quy nh
ti Phn 1.3.
Chnh sch ca mt t chc c th chi phi cc hnh ng c thc hin cho ch k s
hp l. Nh l chnh sch nm ngoi phm vi ca tiu chun ny. Hng dn v vic xc
nh kp thi ca ch k s thng ip c cp trong SP 800-102, Khuyn ngh cho
ch k s ngay lp tc.
3. Thut ton m ha RSA.
3.1. Th h cp kha RSA.
Mt cp kha ch k s RSA bao gm mt kha b mt RSA, c s dng tnh ton
mt ch k in t v mt kho cng khai RSA,c s dng xc minh ch k k thut
s.
Mt kha cng khai RSA bao gm mt m un n, l sn phm ca hai s nguyn t tch
c p v q(v d n=p.q), v mt s m e. Nh vy, kha cng khai RSA l cp gi tr (n,e)
v c s dng xc minh ch k k thut s. kch thc ca mt cp kha RSA thng
l chiu di ca m un n theo bit(nlen).

9
Cha kha RSA tng ng bao gm cc m dun cng n v mt s kha ring m d m ph
thuc vo n v m s cng cng e. Nh vy,kha ring RSA l cp gi tr (n,d) v c s
dng to ch k s.
m bo cho qu trnh thc hin ch k s, hai s nguyn p v q, v kha ring m d
s c gi b mt. Cc m un n v m s cng cng e c th c thc hin c bit
n vi bt k ai.
Tiu chun cho chiu di ca m un l: 1024,2048 v 3072 bit. Cc t chc chnh ph
lin bang s to ch k k thut s s dng mt hoc nhiu nhng la chn ny.
Sc mnh an ninh lin quan n qu trnh thc hin ch k s RSA l khng ln hn ti
tiu sc mnh bo mt lin quan vi chiu di bit ca m un v an ninh sc mnh hm
bng c s dng. Sc mnh an ninh cho mi m un v hm bng s dng trong qu
trnh thc hin ch k s c cung cp trong SP 800-57. Sc mnh an ninh ca hm bm
c s dng v sc mnh an ninh lin quan n chiu di bit ca m un n s p ng
hoc vt qu sc mnh an ninh yu cu cho ch k k thut s.
khuyn co rng sc mnh an ninh ca m un v sc mnh an ninh ca hm bm l
nh vy tr khi mt tha thun c thc hin gia cc thc th tham gia s dng mt
hm bm mnh m hn. Mt hm bm cung cp mt sc mnh an ninh thp hn so vi sc
mnh an ninh lin quan n chiu di bit ca m un thng khng nn c s dng, v
iu ny s lm gim sc mnh an ninh ca qu trnh k thut s ch k n mt mc
khng ln hn iu c cung cp bi hm bm.
C quan chnh ph lin bang khc hn l CAs nn s dng ch l nhng s la chn u
tin hai (v d, nlen = 1024 hoc 2048) trong khung thi gian nu trong SP 800-57. Mt
CA nn s dng mt modul c chiu di nlen l bng hoc ln hn moduli c s dng
bi cc thu bao. V d, nu cc thu bao ang s dng nlen = 2048, sau CA nn s
dng nlen > 2048. SP 800-57 cung cp thm thng tin v vic la chn chiu di bit ca n.
c th ngoi l cho quy tc ny bao gm qua chng nhn gia CAs, cha kha cho cc mc
ch khc hn l k thut s ch k xc nhn v chuyn tip t mt kch thc quan trng
hoc cc thut ton khc.
Khi tham s RSA ngu nhin c to ra (tc l s nguyn t p v q, v ty chn, khu vc
phm s m e), h s c to ra bng cch s dng mt ph duyt ngu nhin hoc ngu
nhin o qua s my pht in (xem SP 800-90). S ngu nhin (gi) kt qu s c s
dng nh ht ging to ra RSA tham s (v d, s ngu nhin (gi) c s dng nh l
mt ht ging th h s nguyn t). S nguyn t h ht ging s c gi b mt hoc b
ph hy khi m un n c tnh. Nu ht ging th h s nguyn t c gi li, h s ch
c s dng nh l bng chng rng cc gi tr c to ra (tc l, p v q) c xc
nh mt cch ty , v cc ht ging s c bo v mt cch (t nht) tng ng vi
s bo v cn thit cho cha kha ring.

10
3.2. Qun l cha kha cp.
An ton s dng ch k s ph thuc vo s qun l ca mt thc th ch chnh cp. Yu
cu qun l ch cht cp cho RSA c cung cp trong phn 4.4.2, yu cu 4-11. Lu
rng cc yu cu u tin trong phn 4.4.2, gii quyt cc mi quan h gia cc tn min
thng s v cha kha cp, khng p dng i vi RSA.
3.3. Bo m
K d nh c trch nhim bo m theo quy nh ti mc 2.1. Trc khi chp nhn ch
k in t l hp l, verifier c trch nhim bo m nh quy nh trong phn 2.3.
3.4. ANS X9.31.
ANS X9.31, k thut s ch k bng cch s dng o ngc cng kha mt m cho ngnh
cng nghip dch v ti chnh (RDSA), c pht trin cho vin tiu chun quc gia M
do y ban tiu chun cng nhn dch v ti chnh, X9. Xem http://www.x9.org bit
thng tin v ly bn sao ca ANS X9.31 v bt k lin kt errata. Cc cuc tho lun sau
y c da trn cc phin bn ca X9.31 ANS c ph duyt nm 1998.
Phng php cho cc th h ca ring cc yu t nguyn t p v q c cung cp trong
ph lc B.3. ANS X9.31, chiu di ca m un n c cho php trong gia s 256 bit
ngoi ti thiu l 1024 bit. Trin khai tuyn b s ph hp FIPS 186-3 bao gm mt
hoc nhiu ca cc kch thc mun c ch nh trong phn 5.1.
Hai phng php cc th h ca ch k s c bao gm trong ANS X9.31. Khi khu
vc ch k xc nhn s m e l s l, thut ton ch k in t thng gi l RSA; Khi
khu vc ch k xc nhn s m e thm ch, cc thut ton ch k in t thng c gi
l Rabin-Williams. Tiu chun ny (tc l, FIPS 186-3) thng qua vic s dng ca RSA,
nhng khng chp nhn vic s dng ca Rabin-Williams.
Trong ch k xc nhn, khai thc cc gi tr bm H(M) t cu trc d liu IR s c
thc hin bng mt trong hai:
la chn hashlen byte d liu cu trc IR ngay lp tc n trc hai byte ca thng
tin trailer, hashlen u chiu di theo byte ca hm bm c s dng, bt k
di ca padding, hoc
Nu gi tr bm H(M) c chn bi v tr ca n i vi cc byte cui ca m
(v d: 0xBA), bao gm c kim tra gi tr bm tip theo ch hai byte gi tr d kin
trailer.
ANS X9.31 cha mt ph lc vo h s ngu nhin. Tuy nhin, vic trin khai ca ANS
X9.31 s s dng c chp thun ngu nhin s th h phng php c ch nh
trong SP 800-90. Phn ph lc ANS X9.31 cung cp thng tin cc cuc tho lun ca
cn nhc an ninh v thc hin.

11
 3.5. PKCS #1
Cha kha cng cng Cryptography tiu chun (PKCS) #1, RSA mt m tiu chun,
xc nh c ch cho vic mt m ha v ng nhp d liu bng cch s dng thut
ton RSA. PKCS #1 v2.1 ch nh hai quy trnh k thut s ch k v cc nh dng
tng ng: RSASSA-PKCS1-v1.5 v RSASSA-PSS. C hai chng trnh ch k c
chp thun cho s dng, nhng hn ch b sung c p dng ngoi nhng quy nh
trong PKCS #1 v2.1.
a) Trin khai to RSA key cp phi s dng cc tiu ch v phng php trong ph
lc B.3 to ra nhng cp kha.
b) Ch c chc nng bm c chp thun s c s dng.
c) Ch c hai yu t nguyn t p v q s c s dng to thnh m un n.
d) S ngu nhin s c to ra theo SP 800-90.
e) i vi RSASSA-PSS, chiu di ca mui (sLen) s l: 0 < sLen <hlen, ni hlen
l chiu di ca khi lng hm bm.
f) Cho RSASSA-PKCS-v1.5, khi gi tr bm phc hi t cc tin nhn c m ha
EM trong qu trnh xc minh signature1 k thut s, vic khai thc gi tr bm
s c thc hin bng mt trong hai:
Chn cc bit (t quan trng) ba phi ca EM, da trn kch thc ca
hm bm c s dng, bt k di ca padding, hoc
Nu gi tr ca hash c la chn bi v tr ca n i vi cc byte cui
ca padding, bao gm c kim tra gi tr bm nm ba phi byte (t quan
trng) ca EM (tc l, khng c cc thng tin sau bm c gi tr trong tin
nhn c m ha).
Lu : PKCS #1 c ban u c pht trin bi RSA phng th nghim vo nm
1991 v c thay i nh nhiu phin bn. Ti thi im ph duyt ca tin ch FIPS
186-3, 3 Phin bn ca PKSC #1 c sn: Phin bn 1.5, phin bn 2.0 v phin bn 2.1.
Tiu chun ny tham chiu ch Phin bn 2.1.
4. Thut ton ch k s ng cong (The Elliptic Curve Digital Signature
Algorithm (ECDSA)).
ANS X9.62, mt m kha cng cng cho cc ngnh cng nghip dch v ti chnh: The
Elliptic Curve Digital Signature tiu chun (ECDSA), c pht trin cho M vin tiu
chun quc gia do y ban tiu chun cng nhn dch v ti chnh, X9. Thng tin v vic c
c bn sao ca ANS X9.62 c sn ti http://www.x9.org. Cc cuc tho lun sau y c
da trn cc phin bn ca X9.62 ANS c ph chun vo nm 2005. Phin bn ny ca
ANS X9.62 s c s dng, ty thuc vo giai on chuyn tip c tham chiu trong
lch trnh thc hin ca tiu chun ny.
ANS X9.62 xc nh phng php cho th h k thut s ch k v xc minh bng cch
s dng cc elip cong Digital Signature Algorithm (ECDSA). Thng s k thut cho th h

12
cc thng s tn min c s dng trong cc th h v xc nhn ch k s cng c bao
gm trong ANS X9.62. ECDSA l cc ng cong elip analog ca DSA. ECDSA phm s
khng c s dng cho mc ch no khc (v d, thit lp quan trng).
4.1 Min tham s ca ECDSA.
ECDSA yu cu cc cp kha ring/ cng khai c s dng cho th h k thut s ch
k v xc minh c to ra i vi mt tp hp c th ca tn min tham s. Cc tham s
tn min c th c ph bin cho mt nhm ngi dng v c th c cng khai. Tn
min tham s c th vn c nh cho mt khong thi gian di. Tn min tham s cho
ECDSA l cc hnh thc (q, FR, a, b {, domain_parameter_seed}, G, n, h), trong q l
kch thc ca lnh vc; FR l mt du hiu ca c s s dng; mt v b l hai lnh vc
yu t xc nh phng trnh ca ng cong; domain_parameter_seed l tn min tham
s ht l mt chui bit ty chn c trnh by nu ng cong elip ngu nhin c to
ra trong mt thi trang kim chng, G l mt im c bn ca nguyn t th t trn cc
ng cong (tc l, G = (xG, yG)), n l th t ca im G , v h l cofactor ( l bng
nhau v ng cong chia cho n).
4.1.1. Th h tn min tham s.
Tiu chun ny xc nh nm phm vi cho n (xem bng 1). i vi mi phm vi, mt
kch thc ti a cofactor cng c ch nh. Lu c im k thut ca mt cofactor h
trong mt tp hp cc tn min thng s l ty chn trong ANS X9.62, trong khi trin khai
ph hp vi tiu chun ny (tc l, FIPS 186-3) s xc nh cofactor h trong cc thit lp
ca tham s tn min. Bng 1 cung cp cc kch thc ti a cho cofactor h.
Bng 1: Cc thng s bo mt ECDSA
Bit chiu di ca n Cofactor ti
a (h)
log 2 n
160 - 223 210

224 - 255 214

256 - 383 216
384 - 511 224

512 223

ECDSA c nh ngha cho hai lnh vc s hc: trng hu hn GFp v hu hn lnh

vc GF2m. i vi lnh vc GFp, p l cn thit l mt s nguyn t l.
ng cong NIST ngh c cung cp trong ph lc D ca tiu chun ny (tc l,
FIPS 186-3). Ba loi ca cc ng cong c cung cp:
1. ng cong trn lnh vc chnh c xc nh l P-xxx,
2. ng cong trn lnh vc nh phn c xc nh l B-xxx
3. Cc ng cong Koblitz, c xc nh l K-xxx,
13
 Ni xxx cho bit chiu di bit trong kch thc ca lnh vc.
Ngoi ra, tn min ECDSA tham s c th c to ra nh quy nh ti ANS X9.62; Khi
cc thng s tn min ECDSA c to ra (tc l, cc ng cong NIST khuyn co khng
c s dng), gi tr ca G nn c to ra canonically (verifiably ngu nhin). Mt hm
bm c chp thun, nh c ch ra trong FIPS 180-3, s c s dng trong th h
ECDSA tn min tham s. Khi to cc tham s ca tn min, sc mnh an ninh ca mt hm
bm c s dng phi p ng hoc vt qu sc mnh an ninh lin quan n chiu di bit
ca n (xem ch thch (2) di y).

Mt hm bm c chp thun, nh c ch ra trong FIPS 180-3, l cn thit trong th

h ca tham s tn min. Sc mnh an ninh ca hm bm c s dng phi p ng hoc
vt qu sc mnh an ninh lin quan n chiu di bit ca n. Sc mnh an ninh cho cc dy
n v cc hm bm c cung cp trong SP 800-57.

(2)
cc ng cong NIST khuyn co c to ra trc khi xy dng cc hng dn ny v s dng SHA-1, m l duy nht chp
thun hm bm c sn ti thi im . K t khi SHA-1 c coi l an ton ti thi im th h, cc ng cong c cng b rng ri
na v cc SHA-1 s ch c s dng xc nhn nhng ng cong, ng cong NIST khuyn co vn c coi l an ton v thch hp
cho chnh ph lin bang s dng.

l khuyn co rng sc mnh an ninh lin quan n chiu di bit ca n v sc mnh

an ninh ca hm bm l nh vy tr khi mt tha thun c thc hin gia cc thc th
tham gia s dng mt hm bm mnh hn; mt hm bm cung cp mt sc mnh an ninh
thp hn c kt hp vi bit di n th khng c s dng. Nu chiu di ca u ra ca
hm bm l ln hn di bit ca n, sau n bit tn cng bn tri ca khi u ra chc nng
bm s c s dng trong bt k tnh ton bng cch s dng u ra chc nng bm trong
cc th h hoc giy xc nhn ca mt ch k s.
Thng thng, mt CA nn s dng mt cht di n c sc mnh nh gi bo mt c
bng hoc ln hn sc mnh nh gi bo mt lin quan n chiu di bit ca n c s
dng bi cc thu bao. V d, nu ngi ng k s dng mt cht di n vi mt sc mnh
nh gi an ninh 112 bit, sau CAs nn s dng mt cht di n c sc mnh nh gi bo
mt c bng hoc ln hn 112 bit. SP 800-57 cung cp thm thng tin v cc la chn
ca mt chiu di bit n. c th ngoi l cho quy tc ny bao gm qua chng nhn gia CAs,
cha kha cho cc mc ch khc hn l k thut s ch k xc nhn v chuyn tip t mt
kch thc quan trng hoc cc thut ton khc. Tuy nhin, nhng trng hp ngoi l
cn thm phn tch.
4.1.2 Qun l tn min tham s.

14
 Mi cp phm ECDSA c lin kt mt cch chnh xc vi mt c th thit lp cc thng
s tn min (v d, bi mt khu vc quan trng chng ch xc nh cc thng s tn min
lin kt vi cc kha cng khai). Cc thng s tn min s c bo v t tri php thay i
cho n khi cc thit lp ngng hot ng (nu v khi cc thit lp khng cn t ch trc).
Cc thng s tn min tng t c th c s dng cho nhiu mc ch (v d: cng mt
tn min tham s c th c s dng cho ch k s v thnh lp chnh). Tuy nhin, bng
cch s dng tham s khc nhau tn min lm gim nguy c rng cha kha cp c to ra
cho mt mc ch c th c v tnh s dng (thnh cng) cho cc mc ch khc.
4.2 Kha ring/ kha cng khai.
Mt cp kha ECDSA bao gm mt kha d quan trng ring v mt khu vc kha Q
c kt hp vi mt tp hp c th ca cc thng s min ECDSA; d, Q v cc thng s
tn min c ton hc lin quan n nhau. Ring phm thng c s dng cho mt khong
thi gian (v d, cryptoperiod); Cc kha cng khai c th tip tc c s dng nh ch k
s c to ra bng cch s dng kha ring lin quan cn phi c xc nhn (v d,
cc kha cng khai c th tip tc c s dng vt qu cryptoperiod kha ring kt hp).
Xem SP 800-57 c hng dn thm.
Kha ECDSA s ch c dng cho cc th h v xc nhn ch k s ECDSA.
4.2.1 Th h cp kha
Mt ch k k thut s cp phm d v Q c to ra cho mt tp hp cc thng s tn
min (q, FR, a, b {, domain_parameter_seed}, G, n, h). Phng php cho cc th h ca d
v Q.
4.2.2 Qun l cp kha
An ton s dng ch k s ph thuc vo s qun l ca mt thc th ch chnh cp nh
quy nh.
4.3 Th h s b mt
Mt ngu nhin b mt mi s k s c to ra trc khi cc th h ca mi ch k in
t s dng trong sut qu trnh th h ch k. S b mt ny s c bo v khi tit l
tri php v sa i. Phng php cho cc th h ca mi tin nhn b mt s.
k-1 l kh nghch o ca k i vi cc php nhn theo modulo n; V d, 0 < k-1 < n v 1
= (k-1 k) mod n. Nghch o ny l cn thit cho qu trnh th h ch k. Mt k thut c
cung cp ti ph lc C.1 cho k-1 bt ngun t k.
k v k-1 c th c trc tnh, v kin thc ca th c k kt khng phi l bt buc
i vi cc tnh ton. Khi k v k-1 trc tnh, bo mt v tnh ton vn ca h s c bo
v.

15
 4.4. Th h ch k s ECDSA v xc minh.
Mt ECDSA k thut s ch k (r, s) s c to ra nh quy nh ti ANS X9.62, bng
cch s dng:
1. Tn min tham s c to ra theo phn 4.1.1.
2. Mt cha kha ring c to ra nh quy nh ti phn 4.2.1.
3. Mt s b mt cho mi tin nhn c to ra nh quy nh trong phn 4.3
4. Mt hm bm c chp thun.
5. Mt chp thun ngu nhin s my pht in theo quy nh ti SP 800-90.
Mt ch k k thut s ECDSA s c xc nhn nh quy nh ti ANS X9.62, bng
cch s dng cng mt tn min tham s v hm bm c s dng trong th h ch k.
Mt hm bm c chp thun, nh c ch ra trong FIPS 180-3, s c s dng trong
th h ca ch k s. Sc mnh an ninh lin quan n qu trnh ch ECDSA l khng ln
hn ti thiu ca sc mnh an ninh lin quan n chiu di bit ca n v sc mnh an ninh
ca hm bm c s dng. Sc mnh an ninh ca hm bm c s dng v sc mnh
an ninh lin quan n chiu di bit ca n s p ng hoc vt qu sc mnh an ninh cn
thit cho qu trnh k thut s ch k. Nhng th mnh an ninh cho phm vi chiu di cht
n v cho mi hm bm c cung cp ti SP.

16