Neko

Show All

C839 - Intro to Cryptography

Hopefully you have a good memory.


Last updated: May 4th, 2023

Fundamentals

Basics

  • Tools
    • Aescrypt - Individual files
    • BitLocker and FileVault - Entire Disks
  • Cipher Methods
    • Mono-alphabetic
      • Uses a single mapping from our alphabet
      • Vulnerable to frequency analysis
    • Poly-alphabetic
      • Uses multiple mappings
    • One-time pad
      • Only uses cipher code once
      • Theoretically unbreakable
  • Random Number Generators
    • PRNG
      • Pseudo-random because the numbers will repeat after enough time.
      • Fast and deterministic
    • TRNG
      • True-random but slow
  • Encoding
    • Binary representations of characters
    • ASCII - 8 bit
    • UTF-16 - 16 bits
  • HSM
    • Seperate physical device for crypto keys and processing
  • TPM
    • Handles disk encryption on a device and contains the encryption keys

Math

  • Combinations
    • Not concerned with order
  • Permutations
    • Consider all options, including sequence
  • Probability Theory
    • Dependent, Independent, and Mutually Exclusive

Secret Keys

  • Secret Key encryption
    • Uses a single key for both encryption and decryption.
    • Sharing or transporting the key securely between entities is a challenge.
    • Diffie-Hellman is a popular key exchange algorithm used to exchange secret keys.
    • S-boxes are used in secret key ciphers to perform substitution during the encryption process.
    • All current cipher codes can be cracked, and the work factor is used to measure the security of a code.
    • Salting is the process of adding an initialization vector to the ciphering process to ensure that the ciphertext does not give the original plaintext when played back.
  • Symmetric encryption
    • There are two types of symmetric encryption: Block and Stream.
    • Symmetric block encryption groups data into blocks and encrypts them, while stream encryption encrypts one bit at a time.
    • Padding is used in block encryption to fill blocks to operating size when data doesn't fit perfectly.
    • Block cipher modes include ECB, CBC, CFB, OFB, and CTR.
    • IVs refer random value used to initialize the encryption process, which is combined with the key to generate the keystream.
    • Stream encryption is faster and more suitable for real-time applications.

Hashing

  • Definition: a one-way encryption technique used to protect data integrity and authentication
  • Process: producing a fixed-length output (message digest) from a variable-length input
  • Weakness: same input produces the same output unless salt is applied
  • Factors affecting hash signatures:
    • Collision: when two different inputs produce the same hash signature
    • Similar context attack: when part of the message has some significance to the original
    • Full context attack: where an alternative message is created with the same hash signature and has a direct relatio
  • APR1 format: addresses brute force attacks on MD5 by iterating the hash value 1,000 times
  • SHA weakness: does not have a salted value, making it vulnerable to rainbow table and brute force attacks
  • HMAC: a message authentication code that can be used to verify integrity of a message and involves hashing the message with a secret key

Passwords

  • Hashed value passwords: can be cracked with rainbow tables or brute force attacks
  • One-time passwords (OTP):
    • Definition: a better option than hashed value passwords
    • Generated based on an initial seed or time
    • Types:
      • OTP: unique password to be created for each instance, based on an initial seed
      • TOTP: unique passcode to be created for each instance, based on an initial seed and for a given time period
      • HOTP: unique passcode to be created each instance, based on a counter value and an initial seed.

Public key encryption

  • Uses a key pair (public and private) for encryption and decryption.
  • Only the public key should be shared or distributed.
  • Is secure but often too slow for real-time communications.
  • Main applications are identity checking and key protection.

Public key encryption algorithms

  • RSA is based on the difficulty of factorizing products of large prime numbers.
  • Homomorphic encryption allows performing mathematical operations on ciphered values.
  • Elliptic Curve is an improved solution over RSA with smaller keys and more difficult curves to crack. Bitcoins use Elliptic Curve cryptography with 32-byte private keys and 64-byte public keys.
  • El Gamal is a public key method for encryption and digital signing, using discrete logarithms.
  • Cramer-Shoup is an extension of El Gamal with a one-way hashing method to protect against attacks.
  • The Paillier cryptosystem supports homomorphic encryption.

Secret Key Exchange

  • Secret-key encryption's major problem is passing the key between entities.
  • Two methods for key exchange in symmetric cryptography are key exchange algorithms and public key encryption.
  • Forward secrecy is important in key exchange, preventing compromise of long-term keys from compromising previous session keys.
  • Ephemeral key methods use a different key for each connection, preventing all associated session keys from being breached if a long-term key is leaked.
  • Diffie-Hellman is a widely used key exchange algorithm, but a weakness was discovered in its use of two popular parameters.
  • DHE_EXPORT Downgrade attack involves forcing key negotiation to default to 512-bit prime numbers, but it can be combated by disabling export cipher suites, using ECDHE, or using a strong group.
  • Diffie-Hellman has three groups with varying sizes of prime numbers.
  • Diffie-Hellman suffers from man-in-the-middle attacks, but public key encryption is an improved method.
  • The strength of Diffie-Hellman depends on the size of the prime number bases used.
    • Select None if you do not want to use perfect forward secrecy.
    • Select a group below:
      • Group 1: 768-bit modulus (do not use in FIPS 140 mode)
      • Group 2: 1024-bit modulus (do not use in FIPS 140 mode)
      • Group 5: 1536-bit modulus (do not use in FIPS 140 mode)
      • Group 14: 2048-bit modulus
      • Elliptic curve groups:
        • Group 19: 256-bit random curve
        • Group 20: 384-bit random curve
        • Group 21: 521-bit random curve
      • Group 24: 2048-bit modulus with 256-bit prime order subgroup

Digital Certificates

  • Common certificate applications:
    • Server authentication
    • Client authentication
    • Code signing
    • Email signing
    • Time stamping
    • IP security
    • Windows hardware driver verification
    • Smart card logon
    • Document signing
    • Public key transport
  • Common certificate types:
    • IKE
    • PKCS #7
    • PKCS #10
    • RSA signatures
    • X.509v3
  • Public key transport in PKI:
    • A digital certificate can be used for public key transport in PKI by securely sharing a certificate that contains the public key of the certificate owner, which can be validated by a trusted source.
  • Obtaining a digital certificate signed by a trusted CA:
    1. Generating a key-pair
    2. Creating and submitting a Certificate Signing Request (CSR)
    3. CA generating the digital certificate
    4. CA signing the requester's digital certificate with its own private key and issuing the certificate to the requester.
  • X.509 certificates:
    • Can be in PEM (Base64 ASCII text) or DER (binary) format
    • Common file types include .cer, .crt, .pem, .key, and .der.
  • Authentication:
    • End-to-end authentication requires user authentication to the end service
    • Intermediate authentication only authenticates part of the conversation between entities.
  • Key/certificate management:
    1. Initialization (registration, key pair generation, certificate creation and distribution, certificate dissemination, and key backup)
    2. Issued (certificate retrieval, validation, recovery, and update)
    3. Cancellation (expiration, revocation, history, and archiving)
  • Validity and revocation:
    • Certificates have a validity period designated by a start and end date or expiration date.
    • Certificates may be revoked prior to the original expiration date due to reasons such as issuing CA or cert compromise, affiliation change, or update/superseding.
    • RFC 5280 defines "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile," with two main revocation states: revoked and hold.
    • CRLs must be published by the CA who originally generated the targeted certificates, signed by the CA's private key, and checked against its public key.
    • An alternative to CRL is the Online Certificate Status Protocol (OCSP), which is an online service used to check the validity of a certificate.

Tunneling

  • VPNs
    • IPSec
      • Mechanisms
        • ESP
        • AH
      • Connection Setup
        • Phase 1
          • Hash, encryption and key exchange methods are defined.
        • Phase 2
          • Policies are defined. Lifetime and AH/ESP
      • Transport Modes
        • End-to-End Tunneling
        • Tunneled Connection over a Public Network with Unprotected Traffic
      • Handshake
        • UDP Port 500
        • Protocol Number 50 for ESP and 51 for AH
  • SSL/TLS
    • Symmetric Key and Hashing Methods
    • Tunnel Creation
    • Flaws
      • Export-Grade Ciphersuites
      • DROWN
      • POODLE
      • FREAK
  • Onion Routing
    • Subscriber Computers
    • Tor Network
      • Volunteer Computers
      • Reduced Traceability

Other VPNs

Protocol Security Speed Performance Cost
PPTP Low Fast Poorer and less stable Lower than L2TP
L2TP High Slower than PPTP More stable Higher than PPTP

Cracking

  • Backdoor methods:
    • Key escrow: a copy of the encryption key is kept in escrow for government use.
    • NOBUS backdoor: only government agents can mathematically crack the encryption.
  • Methods for intruders to crack a cipher:
    • Exhaustive search: tries every possible key through brute force.
    • Known plaintext attack: uses known ciphertext and plaintext to decrypt the rest of the message.
    • Man-in-the-middle: intruder impersonates two parties to each other.
    • Chosen-ciphertext: intruder sends a message to target and analyzes encrypted message.
    • Active attack: intruder inserts or modifies messages.
    • Replay system: intruder sends a legitimate message into the network at a future time.
    • Cut-and-paste: intruder mixes parts of two encrypted messages to create a new message.
    • Time resetting: resetting computer time or determining message creation time gives useful information.
    • Time attack: determines user decryption time to find key.
  • AES is generally secure, but poor implementation leaves it vulnerable to attacks such as brute force and copy-and-paste.
  • RSA is susceptible to numerous attacks and cracking methods.

Lightweight Crypto

  • Most conventional cryptosystems are unsuitable for implementation in IoT, embedded systems, and RFID due to their high processing power, physical space, and battery power requirements.
  • Light-weight cryptography refers to cryptosystems that can provide cryptographic functions while requiring less processing power, physical space, and battery power than conventional cryptosystems.
  • NIST categorizes devices into two spectra:
    • Conventional cryptography for servers, desktops, tablets, and smartphones.
    • Light-weight cryptography for embedded systems, RFID, and sensor networks.
  • Quantum computers can break most existing RSA implementations due to their fast multiplication circuits.
  • A Merkle tree is a hash tree that provides verification of large-scale data structures.
  • Lattice-based cryptography is being investigated because of its quantum robustness, unlike existing public key methods such as RSA and Diffie-Hellman cryptosystems which can be broken with quantum computers.

Cryptocurrencies

  • Bitcoin
    • Uses blockchain technology to protect against overspending.
    • Created through mining, which involves using computers to perform complex calculations.
    • New blocks of transactions are added to the blockchain every 10 minutes through a mining process.
    • The blockchain is a publicly available ledger that records transactions and allows the Bitcoin network to know the number of bitcoins a user has.
  • Ethereum
    • Built on the Bitcoin/Blockchain concept and includes the concept of smart contracts.
    • Smart contracts are programs stored on a blockchain that run when predetermined conditions are met.
    • Gas is the unit used to measure the amount of work required to perform a single Keccak-256 hash in Ethereum applications.
    • Enables users to create their own contracts that will be strictly abided by.
  • Hyperledger
    • Common option for implementing blockchain.
    • Offers the smart contract feature.

Wireless

  • Encryption schemes used with Wi-Fi:
    • 40-bit RC4 (WEP)
    • TKIP with 128-bit RC4 (WPA)
    • 128-bit AES-CCMP (WPA-2)
  • RC4 key limitations and increase:
    • RC4 key was initially limited to 40 bits due to export restrictions
    • It was later increased to 128 bits
  • Weaknesses of WEP:
    • Small IV
    • Susceptibility to weak key attacks
    • Lack of protection against message replay and tampering
    • No key updates
  • WPA addressing WEP weaknesses:
    • Supporting TKIP
    • Increasing IV value to 48 bits
    • Focusing on WPA-PSK and WPA Enterprise
  • Advancements in WPA-2:
    • Adding AES-CCMP
    • Supporting Personal and Enterprise modes
  • WPA Enterprise:
    • Includes MIC to guard against bit flipping attacks identified within WEP
  • Mobile phone networks/GSM encryption:
    • A5/1 or A5/2 encryption has been targeted by crackers
    • A5/3 is the upgrade to A5/1 and uses a block cipher
  • Alternative to AES for TLS connections:
    • Google proposed ChaCha20 as an alternative to AES
    • Stream ciphers can be faster than block ciphers.

NSA Suite B

  • AES: Symmetric Encryption
  • AES w/ GCM: Authenticated Symmetric Encryption
  • ECDSA: Digital Signatures
  • ECDH: Key Agreement
  • SHA2 (SHA256-SHA-384): Message Digest

CNSA

  • AES w/ 256 bit keys: Symmetric
  • ECDH and ECDSA with curve P-384: Key Agreement and Digital Sigs
  • SHA-2 with 384: Message Digests
  • DH with 3072 bit modulus: Key Agreement
  • RSA with 3072 modulus: Digital Sigs and Key Exchange

PQC (Not necessary for class)

  • Lattice-Based
    • Based on the hardness of certain problems in lattice theory, such as the shortest vector problem or the closest vector problem.
  • Multivariate
    • Based on the difficulty of solving systems of multivariate equations over finite fields
  • Hash-Based
    • Based on the use of one-way hash functions
    • One of the most well-known hash-based schemes is the Merkle signature scheme, which uses a hash tree structure to sign messages.
  • Code-Based
    • Code-based cryptography is based on the hardness of certain coding theory problems, such as the decoding problem or the syndrome decoding problem because they require solving a large system of linear equations.
  • Supersingular Elliptic Curve Isogeny Cryptography
    • Based on the use of isogenies, which are maps between elliptic curves that preserve certain algebraic properties
  • Symmetric Key Quantum Resistance
    • One example of a quantum-resistant symmetric key scheme is the AES-256 algorithm, which uses a 256-bit key and is believed to be secure against attacks by quantum computers

Cisco (Not entirely necessary, just look at notes column)

Cisco Password Crackability Best speed John the Ripper Hashcat Notes
Type 0 instant instant n/a n/a Clear-text password stored in the configuration file
Type 7 instant instant n/a n/a Weak hashing algorithm (MD5) with no salt
Type 4 easy 26.4 million per second --format=Raw-SHA256 -m 5700 SHA-256 hashing algorithm with no salt
Type 5 medium 1.2 million per second --format=md5crypt -m 500 MD5 hashing algorithm with salt
Type 8 hard 11.6 thousand per second --format=pbkdf2-hmac-sha256 -m 9200 PBKDF2 key derivation function with HMAC-SHA256 and 1000 rounds of hashing
Type 9 very hard 1.8 thousand per second --format=scrypt -m 9300 Scrypt key derivation function with N=16384, r=8, p=1, and 64-byte salt

Historical Ciphers

Name Description
Pigpen Mono-alphabetic substitution cipher that uses graphical characters instead of alphabetic ones to map plaintext characters.
Rail Code Scrambles text by writing it in a sequence across a number of rails.
BIFID Uses a grid to map letters into numeric values.
Playfair Uses a 5 x 5 matrix containing the alphabet (excluding "J") to cipher/decipher text with a set of rules for column and row use.
Morse Code Encoding method that translates characters into sequences of dots and dashes.
Caesar Mono-alphabetic substitution cipher that replaces plaintext letters with a fixed number of positions down the alphabet.
Vigenere Polyalphabetic cipher that maps each character of the cipher using a different mapping based on a keyword.
One Time Pad Unbreakable cipher that uses a code mapping only once, requiring the generation of a new pad each time.
Four-square Uses four 5 x 5 matrices arranged in a square for encoding and decoding operations.
Enigma Machine Uses a polyalphabetic substitution cipher with a secret key that does not repeat within a reasonable time period.

Conventional Block

Name Block Size (In Bits) Key Size (In Bits) Rounds Underlying Algorithm Notes
DES 64 56 16 Feistel One of the earliest and most widely used encryption algorithms, but now considered insecure due to its short key length.
3DES 64 112 48 Feistel An extension of DES that uses three iterations of the DES algorithm with two or three different keys, making it more secure but slower than DES.
AES 128 128, 192, or 256 10, 12, or 14 Substitution-Permutation Network The most widely used encryption algorithm today, chosen as the standard symmetric encryption algorithm by the US government and widely adopted by other organizations.
IDEA 64 128 >17 Feistel Developed as a replacement for DES, but never gained widespread adoption due to patent issues. Still considered secure but slower than other alternatives.
Skipjack 64 80 32 Feistel Developed by the NSA for use in the Clipper chip, a controversial encryption chip with a built-in backdoor for law enforcement access.
Blowfish 64 32-448 (common = 128, 192, or 256) 16 Feistel A fast and widely used encryption algorithm, but now considered less secure than alternatives like AES or Twofish.
Twofish 128 1-256 (common = 128, 192, or 256) 16 Feistel-like Developed as a candidate for the AES standard, but lost out to Rijndael. Still considered secure and widely used in applications like disk encryption.
Camellia 128 128, 192, or 256 18 or 24 Substitution-Permutation Network A fast and secure encryption algorithm developed jointly by Mitsubishi Electric and NTT of Japan.
RC5 32, 64, or 128 0-2048 0-255 Feistel-like A flexible encryption algorithm that allows for variable block and key sizes, as well as variable numbers of rounds.
RC2 64 1-128 (suggested minimum = 40) 18 Feistel-like A fast and widely used encryption algorithm, but now considered less secure than alternatives like AES.
RC6 Variable (common = 128) Variable (common = 128, 192 or 256) 20 Feistel-like A flexible encryption algorithm that allows for variable block and key sizes, as well as variable numbers of rounds.
XTEA 64 128 Variable (64 suggested) Feistel A simple and fast encryption algorithm designed for use in applications like small embedded systems.

Block Cipher Modes

Name Description
ECB Each block of plaintext is encrypted separately and independently of each other, using the same key. This makes it susceptible to certain attacks, as identical plaintext blocks will result in identical ciphertext blocks.
CBC Each plaintext block is XORed with the ciphertext of the previous block before encryption.
PCBC Similar to CBC, but the XOR operation is also applied to the plaintext before encryption.
CFB The encryption algorithm is applied to the previous ciphertext block to generate a keystream, which is then XORed with the plaintext block to generate the ciphertext block.
OFB Similar to CFB, but the encryption algorithm is applied to the previous keystream to generate the next keystream, which is then XORed with the plaintext block to generate the ciphertext block.
CTR A unique counter value is combined with the key to generate a keystream, which is then XORed with the plaintext to generate the ciphertext. This allows for parallel encryption and decryption, and is often used in applications that require random access to the encrypted data.

Conventional Stream

Name Notes
RC4 1-256 bytes key size (40-bit minimum recommended), 1 round
ChaCha Uses a 256-bit key and a 64-bit nonce. ~ three times faster than software-enabled AES and is not sensitive to timing attacks

Conventional Hash

Cryptographic

Name Hash Value (bits) Notes
MD2 128 -
MD4 128 -
MD5 128 Vulnerable to collision attacks, and should not be used for security purposes.
MD6 1-512 Not widely used or standardized. Still under development and not yet established as a secure hash function.
SHA-1 160 Vulnerabilities have been found that make it susceptible to collision attacks.
SHA-2 256, 384, or 512 Widely used and considered secure for most purposes. SHA-256 is the most commonly used variant and is recommended for most purposes, while SHA-512 provides better security but is slower.
SHA-3 Variable Newer standard and considered secure. Provides better security and performance than SHA-2.

Non-Cryptographic

Name Hash Value (bits) Notes
Bernstein 32 Simple and fast hash function.
Buzhash Variable Designed for pattern matching and data deduplication.
CityHash 64, 128, or 256 Optimized for hash table use and provides good performance for short keys.
Fowler-Noll-Vo 32, 64, 128, 126, 512, or 1024 Fast and widely used hash function with good distribution.
Java hashCode() 32 Simple hash function used in the Java programming language.
Jenkins 32 or 64 Fast and provides good distribution.
MurmurHash 32, 64, or 128 Fast and provides good distribution.
Numeric Hash Variable Designed for hashing numerical data.
Paul Hsieh’s SuperFastHash 32 Simple and fast hash function.
Pearson 8 Simple hash function used in some compression and encryption algorithms.
PJW hash/Elf Hash 32 or 64 Designed for use with strings and hash table keys.
SpookyHash 32, 64, or 128 Provides good distribution and collision resistance.
xxHash 32 or 64 Fast and provides good distribution.

Conventional Key Exchange

Name Notes
Diffie-Hellman Provides a method for key exchange using a one-way function.

Lightweight Block

Name Block Size (In Bits) Key Size (In Bits) Rounds Lightweight Feasibility Attributes
PRESENT 64 80 or 128 32 Relatively small key and block sizes. Uses an SPN (substitution permutation network) method. One of the 1st considered as an AES replacement for use in light-weight implementations.
XTEA 64 128 Variable (64 recommended) Relatively small key and block sizes and variable rounds setting. Operates with just a few lines of code. Fast speed.
RC5 32, 64, or 128 0-2048 Variable 0-255 Variable block size, key size, and rounds. Can be optimized to IoT devices. Conventional method suitable for light-weight implementations.
SIMON 32, 48, 64, 96, 128 64, 72, 96, 128, 144, 192, or 256 Variable (32 or 44 common) Variable block sizes key sizes, and rounds. Optimized for hardware implementations.
SPECK 32, 48, 64, 96, or 128 Variable Variable (32 or 44 common) Variable block sizes key sizes, and rounds. Optimized for software implementations.
CLEFIA 128 128, 192, and 256 18, 22, or 26 Variable key size and rounds

Lightweight Stream

Name Key Size (In Bits) Initialization Vector (IV) Size (In Bits) Lightweight Feasibility Attributes
Rabbit 128 64 Low memory requirements, high speed and efficiency
Mickey v2 80 Variable up to 80 Low power consumption, small code size, secure key exchange mechanisms
Trivium 80 80 Low memory requirements, small code size, high speed and efficiency, secure key exchange mechanisms
Grain 80 64 Low memory requirements, low power consumption, high speed and efficiency
Enocoro 128 64 Low memory requirements, high speed and efficiency, secure key exchange mechanisms

Lightweight Hashing

Name Hash Value (In Bits) Lightweight Feasibility Attributes
PHOTON 80, 128, 160, 224 or 256-bit Small memory footprint and have a target an input of just 256 characters (whereas typical hash functions support up to 264 bits). Different size hash values available.
SPONGENT 88, 128, 160, 224 or 256 Small memory footprint and have a target an input of just 256 characters (whereas typical hash functions support up to 264 bits). Different size hash values available.
Lesamnta-LW 256 Small memory footprint and have a target an input of just 256 characters (whereas typical hash functions support up to 264 bits). Fast (five times faster than SHA-256). Primary target implementation is 8-bit CPUs for short message hashing.
Quark 64 or 112 Small memory footprint and have a target an input of just 256 characters (whereas typical hash functions support up to 264 bits). Can be used for hashing and in stream encryption.

Lightweight Signing

Name Key Size (in bits) Description
Chaskey 128 Light-weight cryptography method for signing messages (MAC). Relatively undemanding hardware implementation (only ~3,333 gates required at 1MHz clock rate) making it suitable for IoT implementation.

Lightweight Publickey

Name Description
Elli Light-Weight public key solution. Short for "Elliptic Light". Uses Elliptic Curves along with a Diffie-Hellman related handshake between the RFID tag and the RFID reader in RFID implementations

Asymmetric

Name Notes
RSA Partially homomorphic crypto system that leverages prime number characteristics, 1024-4096 bits variable key size, 1 round.
ECC Improved solution over RSA often used with key exchange methods as well as with DSA in creating digital signatures.
EL Gamal Used in both encryption and digital signing.
DSA Federal Information Processing Standard (FIPS 186) for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem.

Standards

Standard Notes
FIPS 180-2 Cryptographic Hash Standard
FIPS 140 Security Requirements for Cryptographic Modules
FIPS 186 Digital Signature Standard
FIPS 197 Advanced Encryption Standard
FIPS 180-4 Secure Hash Standard
FIPS 198-1 The Keyed-Hash Message Authentication Code (HMAC)
FIPS 202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions
FIPS 800-38A Recommendation for Block Cipher Modes of Operation: Methods and Techniques
FIPS 800-56A Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
PKCS #1 RSA Cryptography Standard
PKCS #3 Diffie-Hellman Key Agreement Standard
PKCS #5 Password-Based Cryptography Standard
PKCS #7 Cryptographic Message Syntax Standard
PKCS #8 Private-Key Information Syntax Standard
PKCS #13 Elliptic Curve Cryptography Standard
RFC 2898 Password-Based Cryptography Standard
RFC 3174 Secure Hash Algorithm (SHA-1) Signature Standard
ANSI X9.31 Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry
ANSI X9.63 Key Agreement and Key Transport Using Elliptic Curve Cryptography
ISO/IEC 9796-2 Digital signature schemes giving message recovery
ISO/IEC 18033 Cryptographic Algorithms
ISO/IEC 19772 Authenticated Encryption