Proved here is the sufficiency of certain conditions to ensure the Elliptic Curve Digital Signature Algorithm (ECDSA) existentially unforgeable by adaptive chosen-message attacks. The sufficient conditions include (i) a uniformity property and collision-resistance for the underlying hash function, (ii) pseudo-randomness in the private key space for the ephemeral private key generator, (iii) generic treatment of the underlying group, and (iv) a further condition on how the ephemeral public keys are mapped into the private key space. For completeness, a brief survey of necessary security conditions is also given. Some of the necessary conditions are weaker than the corresponding sufficient conditions used in the security proofs here, but others are identical.

This paper gives a survey on cryptographic primitives based on class groups of imaginary quadratic orders (IQ cryptography, IQC). We present IQC versions of several well known cryptographic primitives, and we explain, why these primitives are secure if one assumes the hardness of the underlying problems. We give advice on the selection of the cryptographic parameters and show the impact of this advice on the eciency of some IQ cryptosystems.

Version 1.0 c2000 Certicom Corp. License to copy this document is granted provided it is identified as “Standards for Efficient Cryptography (SEC)”, in all material mentioning or referencing it.

Version 0.6 c 1999 Certicom Corp. License to copy this document is granted provided it is identified as “Standards for Efficient Cryptography (SEC)”, in all material mentioning or referencing it.Contents Page i