Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
ISO/IEC 15946-1:2018 — A Comprehensive Guide to Elliptic Curve Cryptography Standards
Understanding the General Framework for Cryptographic Techniques Based on Elliptic Curves
1. Scope and General Overview
ISO/IEC 15946-1:2018, adopted in Canada as CAN/CSA-ISO/IEC 15946-1:18, is the foundational part of the ISO/IEC 15946 series that specifies cryptographic techniques based on elliptic curves. It establishes the general framework for elliptic curve cryptography (ECC), including the mathematical preliminaries, domain parameter generation, and key pair generation and validation. The standard is designed to be used in conjunction with subsequent parts that define specific signature, key agreement, and encryption mechanisms.
This edition (2018) supersedes the 2008 version and incorporates clarifications and alignments with current cryptographic best practices. It is applicable to any organization or system that requires interoperable and secure ECC implementations, including financial services, government communications, and IoT devices.
Tip: The 2018 edition introduced editorial corrections and updated normative references to align with the latest security standards (e.g., ISO/IEC 14888-3). Always verify that your implementation uses the corrigendum version when adopting this part.
2. Technical Requirements and Parameter Specification
The core of ISO/IEC 15946-1:2018 lies in its rigorous specification of elliptic curve domain parameters and key generation. Domain parameters must be generated and validated according to the methods outlined in the standard to ensure cryptographic strength. The standard defines three families of elliptic curves: prime field curves (over F_p), binary field curves (over F_{2^m}), and optimal extension field curves (OEF). For each family, specific parameter generation and validation procedures are mandated.
2.1 Domain Parameter Requirements
| Parameter | Requirement | Validation Criterion |
|---|---|---|
| Field size (p or q) | Prime or 2^m, with m ≥ 160 | Must be proven prime or irreducible polynomial |
| Equation coefficients (a, b) | Ensure non-singularity (4a³+27b² ≠ 0) | Verification of discriminant |
| Base point (G) | Order n must be prime and > 2^160 | Check n * G = O and n prime |
| Cofactor (h) | h ≤ 4, typically h = 1 | Ensure |E| = n · h |
The standard mandates that domain parameters be generated using an approved process (e.g., using a verifiably random seed) to prevent backdoor manipulation. Parameters may also be obtained from trusted sources such as NIST or SECG, provided they comply with the validation procedures in ISO/IEC 15946-1.
2.2 Key Pair Generation and Validation
Private keys must be generated as a statistically random or pseudorandom integer in the range [1, n-1]. Public keys are computed as Q = dG, followed by a mandatory validation check to confirm that Q is not the point at infinity and lies on the curve. The standard specifies a comprehensive validation routine for both static and ephemeral key pairs.
Warning: Implementations must never skip public key validation. Failure to validate can expose systems to small-subgroup attacks and invalid-curve attacks. Always follow the validation steps in Annex A of the standard.
3. Implementation Highlights
When implementing systems in compliance with ISO/IEC 15946-1:2018, developers should pay special attention to the following:
- Randomness Quality: Private keys must be generated using a DRBG that meets ISO/IEC 18031 or NIST SP 800-90A requirements.
- Side-Channel Resistance: While not explicitly mandated, the standard recommends incorporating protections such as constant-time execution and scalar blinding.
- Parameter Caching: Domain parameters may be shared across many keys; however, integrity checks (e.g., hash of parameters) should be used to avoid substitution attacks.
- Compatibility: Ensure alignment with elliptic curve internet standards (RFC 6090, RFC 7748) when interoperability is required.
Success: Adhering to the 2018 edition ensures your ECC implementation meets a globally recognized baseline. Many certification schemes (Common Criteria, FIPS 140-3) accept this standard as a reference for elliptic curve operations.
4. Compliance and Certification Considerations
For organizations seeking formal certification, compliance with ISO/IEC 15946-1:2018 is often a prerequisite. The standard is referenced in directives for electronic signatures, secure messaging, and identity documents. The Canadian adoption (CAN/CSA-ISO/IEC 15946-1:18) makes it a national standard of Canada, applicable to federal procurement and regulated industries.
Key compliance steps include:
- Documenting the parameter set used and its validation.
- Implementing a key validation routine as part of key import/export.
- Using only approved curves (e.g., Brainpool, NIST P-256, P-384, P-521) or generating conformant custom curves.
- Undergoing independent testing by an accredited laboratory.
Important: Do not use curves with prime order (h=1) without verifying that the base point order matches the specified security level. Some older curves may not satisfy the 2018 requirements due to insufficient field sizes.
FAQs
Q: Does ISO/IEC 15946-1:2018 mandate a specific set of curves?
A: No. The standard defines requirements for domain parameters and their validation, but does not prescribe a fixed set. However, it provides examples and refers to widely accepted curve standards.
A: No. The standard defines requirements for domain parameters and their validation, but does not prescribe a fixed set. However, it provides examples and refers to widely accepted curve standards.
Q: Can I use this standard with ECDSA or ECDH?
A: Yes. The 15946 series includes separate parts for signature (ECDSA), key agreement (ECKA), and encryption (ECIES). Part 1 supplies the common foundation for all those mechanisms.
A: Yes. The 15946 series includes separate parts for signature (ECDSA), key agreement (ECKA), and encryption (ECIES). Part 1 supplies the common foundation for all those mechanisms.
Q: What is the difference between the 2008 and 2018 editions?
A: The 2018 edition primarily corrects errors in the mathematical descriptions, updates references to newer security standards, and clarifies validation steps. It does not introduce new curve families.
A: The 2018 edition primarily corrects errors in the mathematical descriptions, updates references to newer security standards, and clarifies validation steps. It does not introduce new curve families.
Q: Is CAN/CSA-ISO/IEC 15946-1:18 identical to the ISO/IEC version?
A: Yes. The Canadian adoption is a verbatim adoption of ISO/IEC 15946-1:2018 without modification. The Canadian standard number is used for national referencing.
A: Yes. The Canadian adoption is a verbatim adoption of ISO/IEC 15946-1:2018 without modification. The Canadian standard number is used for national referencing.
Last updated: 2026