ISO/TR 14742:2010

TECHNICAL ISO/TR
REPORT 14742
First edition
2010-07-01
Financial services — Recommendations
on cryptographic algorithms and their
use
Services financiers — Recommandations sur les algorithmes
cryptographiques et leur utilisation

Reference number
©
ISO 2010
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO 2010
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2010 – All rights reserved

Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Measuring bits of security.2
3 Algorithm migration .3
4 Block ciphers .4
4.1 General .4
4.2 Keying options.4
4.3 Recommended block ciphers .5
4.4 Block size and key use .6
4.5 Modes of operation .6
4.6 Enciphering small plaintexts.7
4.7 Migrating from TDEA to AES.7
5 Stream ciphers.7
6 Hash functions.7
6.1 Hash functions and their properties.7
6.2 Hash functions based on block ciphers .8
6.3 Dedicated hash functions.8
6.4 Hash functions using modular arithmetic .10
6.5 Migrating from one hash function to another.10
7 Message authentication codes .11
7.1 Recommended MAC algorithms .11
7.2 MAC algorithms based on block ciphers.11
7.3 MAC algorithms based on hash functions .11
7.4 Length of the MAC.12
7.5 Message span of the key .12
8 Asymmetric algorithms.12
8.1 General .12
8.2 Factorization-based security mechanisms.14
8.3 Integer discrete logarithm-based security mechanisms.14
8.4 Elliptic curve discrete logarithm-based security mechanisms .15
8.5 Algorithm or key expiry .15
8.6 Digital signature schemes giving message recovery.15
8.7 Digital signatures with appendix .16
8.8 Asymmetric ciphers .16
9 Random number generation.18
Annex A (informative) Entity authentication and key management mechanisms .19
Bibliography.28

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
In exceptional circumstances, when a technical committee has collected data of a different kind from that
which is normally published as an International Standard (“state of the art”, for example), it may decide by a
simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely
informative in nature and does not have to be reviewed until the data it provides are considered to be no
longer valid or useful.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO/TR 14742 was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 2,
Security management and general banking operations.
iv © ISO 2010 – All rights reserved

Introduction
The financial services industry has a clear need for cryptographic algorithms for a number of different
applications. ISO standards provide definitions for an extensive and comprehensive set of such algorithms.
However, as the state of the art of cryptology progresses and the power of computers increases,
cryptographic algorithms as well as cryptographic keys of a particular length all have a limited window of time
in which they can be considered secure. Furthermore, as neither the development of cryptology nor the
increase in computing power are entirely predictable, the collective wisdom of the cryptographic community as
to which algorithms and key lengths are secure is constantly evolving. For this reason it was felt that there
was an equally clear need in the financial services industry for guidance regarding the current and up-to-date
view in the cryptographic community about the security of cryptographic algorithms and their keys. It was also
felt that there was a need for appropriate guidance on migration from one algorithm or key length to another.
The ISO standards that define cryptographic algorithms for the financial services industry do not contain such
guidance, and by the evolving nature of the field, it would be difficult for them to do so. Hence, the need was
recognized for a document that could contain such guidance, and be updated more frequently than the five
year review cycle for ISO standards. This Technical Report is intended to be that document. The intention is to
update this Technical Report when the need arises, or at least every other year.
The strength requirements of a security mechanism can vary depending on the application(s) in which the
mechanism is being used and the way it is being used. The recommendations given in this Technical Report
are considered to be general purpose recommendations. Although it is accepted that there may exist low-risk
applications that do not warrant the level of cryptographic strength recommended in this Technical Report, it is
advisable that deviation from the recommendations only be made after appropriate analysis of the risks and in
the context of any rules and policies that might apply.
A special case of the above relates to the lifetime of protection required by the application and its data. For
example, if protection requirements are ephemeral (e.g. confidentiality is required only for one day, or
authentication is one-time) then this may be cause for allowing a deviation from the recommendations.
Conversely, if the data must remain protected for a very long period of time, then the keys and algorithms
used to provide the protection must be good for that duration, even if the keys are no longer in active use.
TECHNICAL REPORT ISO/TR 14742:2010(E)

Financial services — Recommendations on cryptographic
algorithms and their use
1 Scope
This Technical Report provides a list of recommended cryptographic algorithms for use within applicable
financial services standards prepared by ISO/TC 68. It also provides strategic guidance on key lengths and
associated parameters and usage dates.
The focus is on algorithms rather than protocols, and protocols are in general not included in this Technical
Report. However, in some cases, for example for some key agreement and some authentication protocols,
there is no “underlying” algorithm, and in a sense it is the protocol that constitutes the algorithm. In this case,
the mechanisms are included, in particular where they have security parameters that can be adjusted for
higher or lower security.
Algorithmic vulnerabilities or cryptographic keys of inadequate lengths are less often the cause of security
compromises in the financial industry than are inadequate key management or other procedural flaws, or
mistakes in the implementation of cryptographic algorithms or the protocols that use them. However,
compromises caused by algorithmic vulnerabilities are more systemic and harder to recover from than other
kinds of compromises.
This Technical Report deals primarily with recommendations regarding algorithms and key lengths.
NOTE Key management is covered in ISO 11568-1, ISO 11568-2 and ISO 11568-4.
The categories of algorithms covered in this Technical Report are:
⎯ block ciphers;
⎯ stream ciphers;
⎯ hash functions;
⎯ message authentication codes (MACs);
⎯ asymmetric algorithms:
⎯ digital signature schemes giving message recovery,
⎯ digital signatures with appendix,
⎯ asymmetric ciphers;
⎯ authentication mechanisms;
⎯ key establishment and agreement mechanisms;
⎯ key transport mechanisms.
This Technical Report does not define any cryptographic algorithms; however, the standards to which this
Technical Report refers may contain necessary implementation information as well as more detailed guidance
regarding choice of security parameters, security analysis, and other implementation considerations.
2 Measuring bits of security
For both block ciphers (Clause 4) and hash algorithms (Clause 6) the notion of “n bits of security” is introduced
(e.g. see NIST SP 800-57, 2007, 5.6.1). For a block cipher
...