标准摘要
[中文适用范围]: ISO/IEC 9798 的这一部分指定了使用零知识技术的实体身份验证机制。 ?第 5 条指定了基于身份并提供单方面身份验证的机制(已存在于第一版 ISO/IEC 9798-4:1999 中)。 ISO/IEC 9796:1991 撤销后,它们已得到修复。 ?第 6 条指定了基于整数分解和提供单方面身份验证的机制(插入到第二版中)。 ?第 7 条和第 8 条指定了基于关于素数(参见第 7 条,第一版中已存在的机制)或合数(参见第 8 条,第二版中插入的机制)的数字的离散对数的机制,并提供单方面身份验证。 ?第 9 条规定了基于非对称加密系统的机制,并提供单方面(参见 9.3,第一版中已存在的机制)或双向(参见 9.4,第二版中插入的机制)身份验证。 验证者通过任何适当的过程将正确的验证密钥与声明者相关联,例如,通过从证书中检索它。 此类过程超出了 ISO/IEC 9798 本部分的范围。 为了识别每种机制,附件 A 根据 ISO/IEC 8825-1 规定了对象标识符。 这些机制是使用零知识技术的原理构建的,但根据附件 B 中对每个参数选择的严格定义,它们不会是零知识的。 附录 C 比较了这些机制并提供了参数选择的指导。 附录 D 提供了数值示例。 [外文原描述]: ISO/IEC 9798-5:2004 specifies authentication mechanisms in the form of exchange of information between a claimant and a verifier. In accordance with the types of calculations that need to be performed by a claimant and the verifier (see Annex C), the mechanisms specified in ISO/IEC 9798-5:2004 can be classified into four main groups. The first group is characterized by the performance of short modular exponentiations. The challenge size needs to be optimized since it has a proportional impact on workloads.The second group is characterized by the possibility of a "coupon" strategy for the claimant. A verifier can authenticate a claimant without computational power. The challenge size has no impact on workloads.The third group is characterized by the possibility of a "coupon" strategy for the verifier. A verifier without computational power can authenticate a claimant. The challenge size has no impact on workloads.The fourth group has no possibility of a "coupon" strategy.
英文名称Information technology - Security techniques - Entity authentication - Part 5: Mechanisms using zero-knowledge techniques