Standard No.:	GB/T 38635.1-2020
English Name:	Information security technology—Identity-based cryptographic algorithms SM9—Part 1:General
Chinese Name:	信息安全技术 SM9标识密码算法 第1部分：总则
Chinese Classification:	L80    Data encryption
Professional Classification:	GB    National Standard
Issued by:	SAMR and SAMR
Issued on:	2020-04-28
Implemented on:	2020-11-1
Status:	valid
Language:	English
File Format:	PDF
Word Count:	20500 words
Price(USD):	615.0
Delivery:	via email in 1 business day

GB/T 38635.1-2020 Information security technology - Identity-based cryptographic algorithms SM9 - Part 1: General 1 Scope This part of GB/T 38635 specifies the necessary relevant mathematical basics, cryptographic techniques and specific parameters involved in the identity-based cryptographic algorithms SM9. This part is applicable to the implementation and application of identity-based cryptography SM9. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm GB/T 32907 Information security technology - SM4 block cipher algorithm 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 identity information that cannot be denied by an entity, such as its recognizable name, email address, ID number, phone number, and street address, which can be used to identify the entity uniquely 3.2 master key key at the top level of the hierarchy of identity-based cryptographic key, consisting of master private key and master public key; the master public key is publicly available, while the master private key is kept secret by the key generation center (KGC); the KGC uses the master private key and the user identity to generate the private key of the user; in identity-based cryptography, the master private key is typically generated by the KGC using a random number generator, and the master public key is generated by combining the master private key with the system parameters 3.3 key generation center; KGC trusted organization that is responsible for selecting system parameters, generating the master key and producing the user's private key in the identity-based cryptography SM9 3.4 SM3 algorithm a hash algorithm defined by GB/T 32905 3.5 SM4 algorithm a block encryption algorithm defined by GB/T 32907 4 Symbols For the purposes of this document, the following symbols apply. cf: The cofactor of the elliptic curve order relative to N. cid: A one-byte curve identifier that distinguishes the type of curve used. deg(f): The degree of the polynomial f(x). d1, d2: Two factors of k. E: An elliptic curve defined over a finite field. ECDLP: Elliptic curve discrete logarithm problem. E(Fq): A set of all rational points (including the point at infinity, O) of the elliptic curve E over the finite field Fq. E(Fq)[r]: A set of r-torsion points over E(Fq) [i.e., r-order torsion subgroup on the curve E(Fq)]. e: Bilinear pairing from G1×G2 to GT. eid: A one-byte identifier of bilinear pairing e, which distinguishes the type of the bilinear pairing used. FDLP: Finite field discrete logarithm problem. Fp: A prime field containing p elements. Fq: A finite field containing q elements. F_q^*: A multiplicative group consisting of all non-zero elements in Fq. F_(q^m ): m-degree extension field of finite field Fq. GT: Multiplicative cyclic group with prime order N. G1: Additive cyclic group with prime order N. G2: Additive cyclic group with prime order N. gcd(x, y): The greatest common divisor of x and y. k: The embedding degree of the curve E(Fq) relative to N, where N is the prime factor of #E(Fq). m: The degree of extension of the finite field F_(q^m ) relative to Fq. modf(x): Operation of the modular polynomial f(x). modn: Modulo n operation. Example: 23 mod 7=2. N: The order of cyclic groups G1, G2 and GT, which is a prime number greater than 2191. O: A special point on an elliptic curve, called the point at infinity or zero point, which is the identity element in additive group of the elliptic curve. P: P=(xP, yP) is a point on an elliptic curve other than O, of which the coordinates xP, yP satisfy the elliptic curve equation. P1: The generating element of G1. P2: The generating element of G2. P+Q: The sum of two points P and Q on the elliptic curve E. p: A prime number greater than 2191. q: The number of elements in the finite field Fq. xP: The x coordinate of point P. x‖y: The concatenation of x and y, where x and y are bit strings or byte strings. x≡y(mod q): x is congruent to y modulo q. That is, x mod q=y mod q. yP: The y coordinate of point P. #E(K): The number of points on E(K), called the order of the elliptic curve group E(K), where K is a finite field (including Fq and F_(q^k )).

: The cyclic group generated by point P on an elliptic curve. [u]P: u-multiplied point of the point P on the elliptic curve. [x, y]: A set of integers not less than x and not greater than y.

Foreword II Introduction III 1 Scope 2 Normative references 3 Terms and definitions 4 Symbols 5 Finite field and elliptic curve 5.1 Finite field 5.2 Elliptic curves over finite fields 5.3 Elliptic curve group 5.4 Elliptic curve point multiplication 5.5 Verification of points on elliptic curve subgroups 5.6 Discrete logarithm problem 6 Bilinear pairing and security curve 6.1 Bilinear pairing 6.2 Security 6.3 Embedding degree and security curve 7 Data types and their conversions 7.1 Data types 7.2 Data type conversion 8 System parameters and their verification 8.1 System parameters 8.2 Verification of system parameters Annex A (Normative) Definitions of parameters Annex B (Informative) Background knowledge on elliptic curve Annex C (Informative) Computation of bilinear pairings on elliptic curves Annex D (Informative) Number-theoretic algorithm Bibliography