Skip to content

Overview of ECCSI

More...

Detailed Description

ECCSI (Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption) is specified in RFC 6507 (https://tools.ietf.org/html/rfc6507).

In Identity-Based cryptography, there is a Key Management Service that generates keys based on an identity for a client. The private key (SSK) and public key (PVT) are delivered to the signer and the public key (PVT) only delivered to the verifier on request.

wolfCrypt offers the ability to:

  1. Create KMS keys,
  2. Generate signing key pairs,
  3. Validate signing key pairs,
  4. Sign messages and
  5. Verify messages.

KMS:

  1. Initialize ECCSI Key: wc_InitEccsiKey()
  2. Make and save or load ECCSI Key:
  3. Wait for request:
  4. Free ECCSI Key: wc_FreeEccsiKey()

Client, signer:

  1. Initialize ECCSI Key: wc_InitEccsiKey()
  2. (When signing pair not cached) Request KPAK and signing pair from KMS
  3. (If not done above) Load KMS Public Key: wc_ImportEccsiPublicKey()
  4. (If not cached) Calculate hash of the ID and PVT: wc_HashEccsiId()
  5. For each message:
  6. Free ECCSI Key: wc_FreeEccsiKey()

Client, verifier:

  1. Receive hash ID, message and signature from signer.
  2. Request KPAK (if not cached) and PVT (if not cached) for hash ID from KMS.
  3. Receive KPAK (if not cached) and PVT (if not cached) for hash ID from KMS.
  4. Initialize ECCSI Key: wc_InitEccsiKey()
  5. Load KMS Public Key: wc_ImportEccsiPublicKey()
  6. Decode PVT: wc_DecodeEccsiPvtFromSig()
  7. Calculate hash of the ID and PVT: wc_HashEccsiId()
  8. Set ECCSI key pair: wc_SetEccsiPair()
  9. Verify signature of message: wc_VerifyEccsiHash()
  10. Free ECCSI Key: wc_FreeEccsiKey()

Updated on 2024-03-29 at 01:13:55 +0000