Skip to product information
1 of 6

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0080-2020 English PDF (GMT0080-2020)

GM/T 0080-2020 English PDF (GMT0080-2020)

Regular price $295.00 USD
Regular price Sale price $295.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0080-2020 to get it for Purchase Approval, Bank TT...

GM/T 0080-2020: SM9 cryptographic algorithm application specification

This Document defines the application method of SM9 cryptographic algorithm, as well as data formats such as keys, encryption, and signatures, etc. This Document is applicable to the application of SM9 cryptographic algorithm, and the development and testing of equipment and systems that support SM9 cryptographic algorithm.
GM/T 0080-2020
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 38.040
CCS L 80
SM9 Cryptographic Algorithm Application Specification
ISSUED ON: DECEMBER 28, 2020
IMPLEMENTED ON: JULY 01, 2021
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 4
Introduction ... 5
1 Scope ... 6
2 Normative References ... 6
3 Terms and Definitions ... 6
4 Abbreviations ... 7
5 SM9 Key Pair ... 8
5.1 Generator ... 8
5.2 SM9 master private key... 8
5.3 SM9 master public key ... 8
5.4 SM9 user private key ... 9
5.5 SM9 user public key ... 9
6 Data Format ... 9
6.1 Key data structure ... 9
6.2 Signature data structure ... 11
6.3 Encryption data structure ... 11
6.4 Key encapsulation data format ... 12
7 Pre-processing ... 12
7.1 Pre-processing hash function H1 ... 12
7.2 Pro-processing hash function H2 ... 12
7.3 Pre-processing pair calculation e ... 13
7.4 Pre-processing user?€?s signature verification QD ... 13
7.5 Pre-processing user?€?s encryption QE ... 14
8 Calculation Process ... 14
8.1 Key generation ... 14
8.2 Digital signature ... 16
8.3 Signature verification ... 16
8.4 Key encapsulation ... 17
8.5 Key unsealing ... 17
8.6 Encryption ... 18
8.7 Decryption ... 18
8.8 Key agreement ... 19
SM9 Cryptographic Algorithm Application Specification
1 Scope
This Document defines the application method of SM9 cryptographic algorithm, as well as data formats such as keys, encryption, and signatures, etc.
This Document is applicable to the application of SM9 cryptographic algorithm, and the development and testing of equipment and systems that support SM9
cryptographic algorithm.
2 Normative References
The following documents are essential to the application of this Document. For the dated documents, only the versions with the dates indicated are applicable to this Document; for the undated documents, only the latest version (including all the amendments) is applicable to this Document.
GB/T 32905 Information Security Technology - SM3 Cryptographic Hash
Algorithm
GB/T 32907 Information Security Techno1ogy - SM4 Block Cipher Algorithm GB/T 32918 (all parts) Information Security Technology - Public Key
Cryptographic Algorithm SM2 Based on Elliptic Curves
GB/T 38635.1-2020 Information Security Technology - Identity-Based
Cryptographic Algorithms SM9 - Part 1: General
GB/T 38635.2-2020 Information Security Technology - Identity-Based
Cryptographic Algorithms SM9 - Part 2: Algorithm
3 Terms and Definitions
For the purpose of this Document, the following terms and definitions apply. 3.1 Algorithm identifier
Digitized information that is used to indicate algorithmic mechanisms.
3.2 SM9 algorithm
PPS: Public Parameter Service.
5 SM9 Key Pair
5.1 Generator
The Generator P1 point on G1 is marked as (xp1, yP1); and the ASN.1 of the data format is defined as SM9P1::=BIT STRING; the type is BIT STRING; and its content is: 04?€?X1?€?Y1, where X1 and Y1 respectively identify the x component and y component of the point; and each component has a length of 256 bits.
The Generator P2 point on G2 is marked as (xp2, yP2); and the ASN.1 of the data format is defined as SM9P2::=BIT STRING; the type is BIT STRING; and its content is: 04?€?X1?€?X2?€?Y1?€?Y2, where X1, X2 and Y1, Y2 respectively identify the x component and y component of the public key; and each component has a length of 256 bits, or 03?€?X1?€?X2, where X1 and X2 respectively identify each x component of the public key; and each component has a length of 256 bits. Select the value whose rightmost bit is 1 in the decompressed Y root value (Y1?€?Y2). After the restoration, the rightmost bit of the Y root value shall be 1; otherwise, Y1=base field q - root Y1, Y2=base field q - root Y2. or
02?€?X1?€?X2, where X1 and X2 respectively identify the 2 x components of the public key; and each component has a length of 256 bits. Select the option value whose rightmost bit is 0 in the decompressed Y root value (Y1?€?Y2). After the restoration, the Y root value takes the option value whose rightmost bit is 0, otherwise Y1=base field q - root Y1, Y2=base field q - root Y2.
5.2 SM9 master private key
It includes the SM9 signature master private key and the encryption master private key; both are an integer greater than or equal to 1 and less than N-1 (N is the order of the cyclic group G1, G2, and GT, and its value is shown in Appendix A.1 of GB/T 38635.2- 2020), abbreviated as s, with the length of 256 bits.
5.3 SM9 master public key
It includes SM9 signature master public key Ppub2 and encryption master public key Ppub1. They are points on G2 and G1; and the coordinates are expressed as (xSPub, ySPub) and (xEPub, yEPub). Thereof, the x and y coordinates of the signature master public key also contain two components, namely x1 component and x2 component, y1 component and y2 component, and the length of each component is 256 bits. The length of the x and y coordinates of the encryption master public key are both 256 bits. 5.4 SM9 user private key
It includes SM9 user signature private key and user encryption private key, which are points on G1 and G2 respectively; and the coordinates are expressed as (xSPri, ySPri) and (xEPri, yEPri). The length of the x and y coordinates of the user signature key are both 256 bits. The x and y coordinates of the user's encryption private key also contain two components, namely x1 component and x2 component, y1 component and y2 component, and the length of each component is 256 bits.
5.5 SM9 user public key
In IBC technology, the user identification ID can uniquely determine the user's public key, which represents the public key in applications. The representation of ID coordinates based on bilinear pairing can be divided into user signature public key coordinates and user encryption public key coordinates. The user signature public key and the signature master public key are of the same coordinate structure; and there are two respective components on the x and y coordinates, which are marked as QS; and user encryption public key and the encryption master public key are of the same coordinate structure, which is marked as QE.
NOTE: Here is how to generate the user's public key coordinates.
Input: Algorithm function H, userID, hid, master public key Ppubi, generator Pi i=1,2. Output: User public key QA.
Calculation method:
, signature public key coordinates are
used for signature/verification of signature.
, encryption public key coordinates are
used for key encapsulation, encryption/decryption.
6 Data Format
6.1 Key data structure
The key is divided into signature/encryption master key, and signature/encryption user key:
a) The ASN.1 of data format of SM9 algorithm signature master private key is defined as:

View full details