Dey Derivation Functions for DH key agreement

I might missed some discussions on this issue. The following comments
are for the "WG Working Draft 26 June 2001".

In Section 5.5: Key Agreement, there are two functions:

Keying Material = KM(1) | KM(2) | ...
KM(counter)=DigestAlg(EncryptionAlg | ZZ | counter | Nonce | KeySize)

In ANSI X9.42, ANSI X9.63, and IETF S/MIME, the first function  "Keying Material
= KM(1) | KM(2) | ..."
is the same. However, the second function "KM(counter)" is a little different
from the ANSI and IETF
one: KM(counter) = H(ZZ||counter||SharedInfo)
This difference is enough to produce incompatibility with ANSI/IETF standards
and currently available
API packages.

Is it possible to change the order of the input to KM so that it will look like:

KM(counter) = DigestAlg( ZZ | counter | EncryptionAlg | Nonce | KeySize)

Then one can encapsulate "EncryptionAlg | Nonce | KeySize" as the SharedInfo and
pass it
to the API package.


Received on Tuesday, 31 July 2001 10:45:50 UTC