GM/T 0044.5-2016 Identity-based cryptographic algorithms SM9 -- Part 5: Parameter definition
1 Scope
This part specifies the curve parameters for use with the SM9 identity-based cryptographic algorithms and provides examples for the usage of the digital signature algorithm, the key exchange protocol, the key encapsulation mechanism, and the public key encryption algorithm.
This part applies to the verification of correctness in stepwise operations for the implementation of SM9 identity-based cryptographic algorithms.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes the requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GM/T 0004, SM3 Cryptographic Hash Algorithm GM/T 0002, SM4 Block Cipher Algorithm
GM/T 0044.1‒2016, SM9 Identity-based Cryptographic Algorithms — Part 1: General
GM/T 0044.2‒2016, SM9 Identity-based Cryptographic Algorithms — Part 2: Digital Signature Algorithm
GM/T 0044.3‒2016, SM9 Identity-based Cryptographic Algorithms — Part 3: Key Exchange Protocol
GM/T 0044.4‒2016, SM9 Identity-based Cryptographic Algorithms — Part 4: Key Encapsulation Mechanism and Public Key Encryption Algorithm
3 Parameter definition
3.1 System parameters
256-bit BN curves are used in this standard.
The elliptic curve equation: y2 = x3 + b.
The elliptic curve parameters:
t: 60000000 0058F98A
trace trt = 6t2 + 1: D8000000 019062ED 0000B98B 0CB27659
the characteristic of the base field q t = 36t4 + 36t3 + 24t2 + 6t + 1:
B6400000 02A3A6F1 D603AB4F F58EC745 21F2934B 1A7AEEDB E56F9B27 E351457D the equation parameter b: 05
the order of the group N(t) = 36t4 + 36t3 + 18t2 + 6t + 1:
B6400000 02A3A6F1 D603AB4F F58EC744 49F2934B 18EA8BEE E56EE19C D69ECF25
the cofactor cf: 1
the embedding degree k: 12
the twisted curve parameter β: —2
factors of k: d1 = 1, d2 = 2
the curve identifier cid: 0x12
the generator P1 = (xP1, y P1) of G1:
the coordinate xP1 : 93DE051D 62BF718F F5ED0704 487D01D6 E1E40869 09DC3280 E8C4E481 7C66DDDD
the coordinate y P1 : 21FE8DDA 4F21E607 63106512 5C395BBC 1C1C00CB FA602435 0C464CD7 0A3EA616
the generator P2 = (xP2, y P2) of G2:
the coordinate xP2 : (85AEF3D0 78640C98 597B6027 B441A01F F1DD2C19 0F5E93C4 54806C11 D8806141, 37227552 92130B08 D2AAB97F D34EC120 EE265948 D19C17AB F9B7213BAF82D65B)
the coordinate y P2 : (17509B09 2E845C12 66BA0D26 2CBEE6ED 0736A96F A347C8BD 856DC76B 84EBEB96, A7CF28D5 19BE3DA6 5F317015 3D278FF2 47EFBA98 A71A0811 6215BBA5 C999A7C7)
the bilinear pairing identifier eid: 0x04
3.2 Representation of the elements of extension fields
The tower extension 1-2-4-12 ofF 12 :
q
(1) Fq2 u = Fq u/(u2 — α), α = — 2;
(2) Fq4 v = Fq2 v/(v2 — ξ), ξ = u;
(3) Fq12 w = Fq4 w/(w3 — v) , v2 = ξ;
where,
the irreducible polynomial for the quadratic extension of (1) is x2 — α, α = — 2;
the irreducible polynomial for the quadratic extension of (2) is x2 — u, u2 = α, u = —2;
the irreducible polynomial for the cubic extension of (3) is x3 — v, v2 = u, v = —2;
u ∈ Fq2 is represented as (1,0) , where the left is dimension 1 (the higher dimension) and the right is dimension 0 (the lower dimension).
v ∈ Fq4 is represented as (0, 1,0,0) , where (0, 1) in the left is dimension 1 and (0,0) in the right is dimension 0.
The elements in Fq12 have three representations:
(1) The element A ∈ Fq12 is represented via the elements in Fq4:
A = aw2 + bw + C = (a, b, C),
a, b, C are represented via the elements in Fq2 :
a = a1v + a0 = (a1, a0);
b = b1v + b0 = (b1, b0);
C = C1v + C0 = (C1, C0); where a1, a0, b1, b0, C1, C0 ∈ Fq2 .
(2) The element A ∈ Fq12 is represented via the elements in Fq2 :
A = (a1, a0, b1, b0, C1, C0),
a1, a0, b1, b0, C1, C0 are represented via the elements in Fq:
a0 = a0, 1u + a0,0 = (a0, 1, a0,0);
