IEEE P1363 -
ECC is included in IEEE P1363 which was approved as an IEEE standard in
February 2000. This document includes comprehensive coverage of the three
types of well known, widely marketed public key cryptosystems (ECC, DL,
and RSA). Certicom researchers were the primary authors of the ECC
portions of the standard.
ANSI X9F -
ECC is being incorporated into two American National Standards Institute
(ANSI) Accredited Standards Committee (ASC) X9F (Financial Services)
drafts. Other ANSI standards reference the algorithms and schemes
contained in these two drafts. Financial institutions, governments and
technology companies send representatives to the ANSI X9 standards bodies.
This is a critical forum for an algorithm to be considered as acceptable
for use in the delivery of financial services. Certicom authored these
standards.
- ANSI X9.62 - "Elliptic Curve Digital Signature Algorithm
(ECDSA)." ECDSA is an analog of the NIST Digital Signature Algorithm
(DSA) using elliptic curves. X9.62 will meet the unusually stringent
security requirements of the financial services industry. X9.62 was
published as an ANSI standard in January 1999.
- ANSI X9.63 - "Elliptic Curve Key Agreement and Key
Management." This standard is expected to be passed in 2000.
FIPS (Federal Information Processing Standard) 186-2: The
US government's National Institute of Standards and Technology (NIST)
announced in February 2000 the extension of its Digital Signature Standard
(DSS) to include the ECDSA as specified in ANSI X9.62. The revised
standard is FIPS 186-2. This standard is a landmark in the commercial
acceptance of ECC since government agencies are now able to purchase
security products containing ECC without having to receive special
approval. NIST is also including specifications for ECC in its Minimum
Interoperability Specification (MISPC).
ISO/IEC - ECC is being incorporated into several ISO/IEC drafts
- ISO/IEC 14888: "Digital Signature with Appendix Part 3:
Certificate-based Mechanisms"
- ISO/IEC 9796-4: "Digital Signature with Message Recovery,
Discrete Logarithm-based Mechanisms"
- ISO/IEC 14946: "Cryptographic Techniques Based on Elliptic
Curves"
Vertical market standards, or application standards,
usually reference the work already completed in core cryptographic
standards. Numerous initiatives are underway to develop protocols that use
public-key certificates and other types of public-key management systems.
Most of these protocols are being written so that they are
algorithm-independent, allowing any commonly used public-key algorithm to
be implemented. This enables ECC use in environments where other types of
public-key systems would be impractical, especially as key sizes increase.
Given the growth in non-PC Internet appliances, strong support for ECC
inclusion exists in these standards. The following are examples of some
standards which include ECC.
ATM Forum -
Asynchronous Transport Mode (ATM).
WAP
(Wireless Application Protocol) - Version 1.0 (released May 1998) provides
secure Internet access and other advanced services to digital cellular
phones and wireless terminals. ECC is incorporated into the WAP security
layer through wTLS (Wireless Transport Layer Security).
ANSI X12 and UN/EDIFACT - ECC is currently at the initial stage of
incorporation into Electronic Data Interchange (EDI) standards. Nothing is
preventing the use of ECC for EDI, new data elements simply need to be
defined.
FSTC
(Financial Services Technology Consortium) - Electronic checking
specification.
OTP 0.9
(Open Trading Protocol) - Framework for encapsulating payment protocols.
IETF -
SSL/TLS, IPSEC, PKIX, S/MIME.
CPDP
(Cellular Digital Packet Data) - ECC for key agreement.
ReFLEX - Two-way paging standard by
Motorola.