ISO/IEC INTERNATIONAL STANDARD 14888-3 Fourth edition 2018-11 IT Security techniques Digital signatures with appendix - Part 3: Discrete logarithm based mechanisms Techniques de sécurite IT - Signatures numeriques avec appendice- Partie 3: Mécanismes basés sur un logarithme discret Reference number IEC IS0/IEC 14888-3:2018(E) ISO @ IS0/IEC 2018 IS0/IEC 14888-3:2018(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC2018 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting below orIso'smemberbody inthe country ofthe requester. ISO copyright office CP 401 · Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +4122 749 01 11 Fax:+41227490947 Email:[email protected] Website: www.iso.org Published in Switzerland ii IS0/IEC2018-Allrightsreserved IS0/IEC14888-3:2018(E) Contents Page Foreword vi Introduction. .vii 1 Scope. .1 2 Normative references .1 3 Terms and definitions. .1 4 Symbols and abbreviated terms. .3 5 General model .5 5.1 Parameter generation process 5 5.1.1 Certificate-based mechanisms. 5 5.1.2 Identity-based mechanisms. 5 5.1.3 Parameter selection. 6 5.1.4 Validity of domain parameters and verification key 7 5.2 Signature process 7 5.2.1 General. 7 5.2.2 Producing the randomizer. .8 5.2.3 Producing the pre-signature. 8 5.2.4 Preparing the message for signing 9 5.2.5 Computing the witness (the first part of the signature) .9 5.2.6 Computing the assignment. 9 5.2.7 Computing the second part of the signature 9 5.2.8 Constructing the appendix 9 5.2.9 Constructing the signed message 9 5.3 Verification process 10 5.3.1 General. 10 5.3.2 Retrieving the witness 11 5.3.3 Preparing message for verification 11 5.3.4 Retrieving the assignment. 11 5.3.5 Recomputing the pre-signature. .11 5.3.6 Recomputing the witness. 11 5.3.7 Verifying the witness. 11 6 Certificate-based mechanisms 12 6.1 General. .12 6.2 DSA, 13 6.2.1 General. 13 6.2.2 Parameters 13 6.2.3 Generation of signature key and verification key 14 6.2.4 Signature process. 14 6.2.5 Verification process. 15 6.3 KCDSA 16 6.3.1 General. 16 6.3.2 Parameters 16 6.3.3 Generation of signature key and verification key .17 6.3.4 Signature process. .17 6.3.5 Verification process 18 6.4 Pointcheval/Vaudenay algorithm 19 6.4.1 General. 19 6.4.2 Parameters 19 6.4.3 Generation of signature key and verification key 19 6.4.4 Signature process. 20 6.4.5 Verification process. .20 6.5 SDSA .21 6.5.1 General. .21 IS0/IEC2018-Allrightsreserved ii