BSI TR-02102-1
###################

[BSI TR-02102-1: Cryptographic Mechanisms:Recommendations and Key Lengths](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile&v=10)

行文结构比较漂亮，内容与NIST差不多。

proof
==========================================================

Instance authentication: 向第三方证明说拥有某一个secret

MAC
==========================================================

GHASH不能单独用于MAC场景，要用就用GMAC

AES
==========================================================

AES-CCM tag >= 64 bits

AES-GCM tag >= 96 bits

padding for AES-CBC
==========================================================

ISO padding: ISO/IEC 9797-1-2011

RFC5652: CMS Padding

RFC4303: ESP Padding

hash
==========================================================

One-way property:  给定h，难以求解 H(m) = h

2nd preimage property: 给定m，难以求解 H(m') = H(m)

Collision resistance: 难以找到m & m'，使得 H(m) = H(m')

signature
==========================================================

ECKDSA

ECGDSA

Merkle signature

kdf
==========================================================

    K_t+1 = KDF(secret, label, context, L, K_t)

random
==========================================================

PTG: physical random number generators

DRG: deterministic random number generators

NPTRNG: Non-physical non-deterministic random number generators