Modern cryptography is founded on the principal that the key you use to encrypt your data can be made public, while the key used to decrypt your data can be kept private. These systems are known as public key cryptographic systems, which are used daily for secure web browsing (HTTPS), protecting online transactions, ensuring the authenticity of software, and securing digital communications like email and instant messaging. ANSI X9.63-2011 (R2017): Public Key Cryptography for the Financial Services Industry – Key Agreement and Key Transport Using Elliptic Curve Cryptography defines public key cryptographic schemes for the financial services industry, focusing on key establishment using elliptic curve cryptography.
What Is Public-Key Cryptography?
Often operating silently in the background to provide privacy, integrity, and authentication for users worldwide, we use public-key cryptography each day. Public-key cryptography—also known as asymmetric cryptography— is a system that allows for secure communication between parties without the need to share a secret key beforehand. In public-key cryptography, there are two keys to secure communications and transactions:
- A public key (shared with everyone and cab be used to encrypt message or verify digital signatures)
- A private key (kept secret by the owner and is then used to decrypt the message or create the digital signature)
A “key” is a unique string of data that acts like a password to lock or unlock encrypted information, allowing people and systems to exchange sensitive information.
Both keys are mathematically linked so that:
- You can encrypt data with the public key, and only the private key can decrypt it.
- Or, you can sign data with the private key, and anyone with the public key can verify the signature.
Public key encryption is important because it solves one of cybersecurity’s most enduring challenges: protecting sensitive information in environments where trust is limited or non-existent.
What Is Elliptic Curve Cryptography (ECC)?
Despite being one of the most powerful types of cryptography used today, Elliptic Curve Cryptography (ECC) is not as well understood. ECC is a public-key cryptosystem that utilizes the mathematical properties of elliptic curves to provide secure communication and encryption. It is commonly used for securing communications and transactions in various applications, including web security (SSL/TLS), mobile devices and messaging apps, online banking, and cryptocurrencies, due to its efficiency in providing strong security with smaller key sizes (i.e., keys with a fewer number of bits).
A smaller key reduces the computational resources needed for encryption and decryption but is more vulnerable to brute-force attacks. However, some advanced cryptographic methods, like elliptic-curve cryptography (ECC), achieve high security with smaller keys—especially when in conformance to ANSI X9.63-2011 (R2017).
What Is ANSI X9.63-2011 (R2017)?
ANSI X9.63-2011 (R2017) defines key establishment schemes that employ asymmetric cryptographic techniques. It specifies key agreement (where parties compute a shared key) and key transport(where one party sends a key to another) schemes using elliptic curves over finite fields.
These schemes allow two parties (e.g., financial institutions) to derive shared secret data, which can then be used with symmetric algorithms (like AES or TDEA) for assuring confidentiality and data integrity.
ANSI X9.63-2011 (R2017) is derived from and adapts the international standard ISO/IEC 11740-3: Informational Technology – Security Techniques – Key Management – Part 3: Mechanisms using asymmetric techniques” for use by the financial services industry.
Public Key Cryptography: ECC vs RSA vs DSA
Public key cryptography relies on mathematical algorithms to generate pairs of keys. RSA, DSA, and ECC are the primary algorithms used, each offering unique benefits in terms of performance, speed, and security
- Elliptic Curve Cryptography (ECC) allows smaller keys to provide equivalent security, making ECC efficient for resource-constrained environments and devices with limited computer power. It relies on the algebraic structure of elliptic curves over finite fields.
- Rivest-Shamir-Adleman (RSA) is a staple of asymmetric cryptography and known for its robustness. It relies on the difficulty of factoring large prime numbers and supports both encryption and digital signatures. RSA was the first algorithm to take advantage of the public key/private key paradigm.
- Digital Signature Algorithm (DSA) supports digital signatures and meets Federal Information Processing Standards (FIPS) compliance requirements. Since DSA is endorsed by the U.S. Federal Government, it is efficient for both signing and verification processes.
Where to Find ANSI X9.63-2011 (R2017)
ANSI X9.63-2011 (R2017): Public Key Cryptography for the Financial Services Industry – Key Agreement and Key Transport Using Elliptic Curve Cryptography is available on the ANSI Webstore .ANSI X9.63-2011 (R2017) is developed by the Accredited Standards Committee X9 Inc. (X9)
Please direct any technical questions relating to this American National Standard to the developer. You can find the contact information for all standard developing organizations (SDOs) here: Who to Contact for Standards Related Questions.