The first ECC standard developed by an accredited standards body was ANSI X9.62: The Elliptic Curve Digital Signature Algorithm (ECDSA) in 1999. ANSI X9.63: Key Agreement and Key Transport Using Elliptic Curve Cryptography followed in 2001.

ANSI was interested in Elliptic Curve Cryptography as far back as 1995 because of its potential for providing strong and efficient security for applications in the financial services industry.

The ANSI X9.62 and X9.63 standards provide detailed specifications of elliptic curve cryptographic protocols for the fundamental tasks of signatures, key agreement, and key transport. These core cryptographic standards are extremely important because they provide the reference base for other standards bodies that develop security and applications standards. For example, the FIPS 186-2 standard describes ECDSA by simply providing a pointer to ANSI X9.62. FIPS 186-2 in turn is very influential in dictating the cryptographic mechanisms deployed within the US federal government.

This article provides some background on ANSI, and summarizes the key elements of the ANSI X9.62 and X9.63 standards for elliptic curve signatures and key establishment.

ANSI: The Organization

ANSI is a private, non-profit organization whose mission is to promote and facilitate voluntary consensus standards and conformity assessment systems, and safeguard their integrity. There are presently over 11,000 ANSI standards that specify ratings, test methods, performance and safety requirements, systems, and services for a diverse range of industries. The ANSI C standard, familiar to most software developers, is an example of a widely deployed ANSI standard.

ANSI does not itself create standards. Rather, it establishes the consensus procedures that are the basis for the development of a standard, accredits organizations that develop draft standards for a particular sector, and approves these draft standards provided that all procedural requirements have been met. ANSI also promotes the use of US standards internationally via their membership in the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), thus facilitating their widespread adoption.

X9 is an ANSI-approved organization that creates standards for the financial services industry, which includes banks and credit card companies. Within X9, the X9F subcommittee deals with data and information security issues. X9F has five working groups:

  • X9F1 – Cryptographic Tools
  • X9F3 – Protocols
  • X9F4 – Cryptographic Applications
  • X9F5 – Digital Signature and Certificate Policy
  • X9F6 – Cardholder Authentication and ICC’s

The X9F1 working group is responsible for developing the core cryptography standards that specify symmetric-key and public-key algorithms for encryption and authentication.

The time between when a cryptographic algorithm is first proposed to the working group to when it eventually is included in an official ANSI standard can be as long as five years. During this time, the algorithms are thoroughly scrutinized by experts, while details such as parameter choices and data formatting are debated by the members of the working group until a consensus is reached. Working group members typically consult with the experts and implementers at their home institutions who provide valuable feedback during the evolution of the standard. An approved standard is reviewed every five years and updated as necessary.

Some of the important cryptographic standards that have been produced by the X9F1 working group are the following:

  • X9.30:1 – The Digital Signature Algorithm
  • X9.30:2 – The Secure Hash Algorithm
  • X9.31 – Digital Signatures Using Reversible Public Key Cryptography
  • X9.42 – Agreement of Symmetric Keys Using Discrete Logarithm Cryptography
  • X9.52 – Triple Data Encryption Algorithm Modes of Operation
  • X9.62 – Elliptic Curve Digital Signature Algorithm (ECDSA)
  • X9.63 – Key Agreement and Key Transport Using Elliptic Curve Cryptography
  • X9.80 – Prime Number Generation, Primality Testing, and Primality Certificate

X9.30 specifies the Digital Signature Algorithm (DSA), while X9.31 describes a particular variant of the RSA signature scheme.