ISO IEC 19772:2009 pdfダウンロード

ISO IEC 19772:2009 pdfダウンロード。Information technology — Security techniques — Authenticated encryption
1 Scope
This nternational Standard specifies six methods for authenticated encryption, i.. detined ways ot processinga data string with the following security objectives:
data confidentiality, i.e. protection against unauthorized disclosure of data.
data integrity, i.e. protection that enables the recipient of data to verify that it has not been modified.
data origin authentication, i.e. protection that enables the recipient of data to verify the identity of the dataoriginator.
All six methods specified in this lnternational Standard are based on a block cipher algorithm, and require theoriginator and the recipient of the protected data to share a secret key for this block cipher. Key managementis outside the scope of this standard; key management techniques are defined in ISO/IEC 11770
Four of the mechanisms in this standard, namely mechanisms 1, 3, 4 and 6, allow data to be authenticatedwhich is not encrypted. That is, these mechanisms allow a data string that is to be protected to be divided intotwo parts, D, the data string that is to be encrypted and integrity-protected, and A (the additional authenticateddata) that is integrity-protected but not encrypted. In all cases, the string A may be empty.
NOTEExamples of types of data that may need to be sent in unencrypted form, but whose integrity should beorotected. include addresses, port numbers. seauence numbers. protoco version numbers. and other network prolocol fieldsthat indicate how the plaintext should be handled, forwarded, or processed
2 Normative references
The following referenced documents are indispensable for the application of this document. For datedreferences, only the edition cited applies. For undated references, the latest edition of the referenceddocument (including any amendments)applies.
SO/IEC 9797-1:-1)lnformation technology – Security techniques – Message Authentication Codes(MACs)- Part 1: Mechanisms using a block cipher
SO/IEC 10116. Information technology – Security technigues 一 Modes ofoperation for an n-bit block cipherSO/EC 18033-3,Information technology – Security technigues – Encryption algorithms – Part 3: Blockciphers
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
authenticated encryption
(reversible) transformation of data by a cryptographic algorlthm to produce ciphertext that cannot be altered byan unauthorized entity without detection, i.e. it provides data confidentiality, data integrity, and data originauthentication
3.2
authenticated encryption mechanismcryptographic technique used to protect the confidentiality and guarantee the origin and integrity of data, andwhich consists of two component processes: an encryption algorithm and a decryption algorithm
3.3
block ciphersymmetric encryption system with the property that the encryption algorithm operates on a block of plaintexti.e. a string of bits of a defined length, to yield a block of ciphertext [ISO/IEC 18033-1]
3.4
ciphertext
data which has been transformed to hide its information content (ISO/IEC 10116)
3.5
data integritythe property that data has not been altered or destroyed in an unauthorized manner (ISO/IEC 9797-1]
3.6
decryptionreversal of a corresponding encryption [ISO/EC 18033-1]
37
encryption
(reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e., to hide theinformation content of the data [ISO/IEC 18033-1]
3.8
encryption system
cryptographic technique used to protect the confidentiality of data, and which consists of three componentprocesses: an encryption algorithm, a decryption algorithm, and a method for generating keys (ISO/IEC18033-11
3.9
key
sequence of symbols that controls the operation of cryptographic transformation (e.g. encipherment.decipherment)[ISO/EC 18033-1]
3,10
message authentication code (MAC)string of bits which is the output of a MAC algorithm [ISO/EC 9797-1]
3.11
partition
process of dividing a string of bits of arbitrary length into a sequence of blocks, where the length of each blockshall be n bits, except for the final block which shall contain r bits, 0 < rs n 3,12 plaintext unencrypted information[ISO/IEC 10116]