Unless otherwise stated, the ECIES profiles follow the terminology and processing specified in SECG version 2 [29] and [30]. The profiles shall use "named curves" over prime fields. For generating successive counter blocks from the initial counter block (ICB) in CTR mode, the profiles shall use the standard incrementing function in section B.1 of NIST Special Publication 800-38A [16] with m = 32 bits. The ICB corresponds to T1 in section 6.5 of [16]. The value of the MAC tag in ECIES, shall be the L most significant octets of the output generated by the HMAC function, where L equals to the maclen. Profile A shall use its own standardized processing for key generation (Section 6 of RFC 7748) and shared secret calculation (Section 5 of RFC 7748). The Diffie-Hellman primitive X25519 (Section 5 of RFC 7748) takes two random octet strings as input, decodes them as scalar and coordinate, performs multiplication, and encodes the result as an octet string. The shared secret output octet string from X25519 shall be used as the input Z in the ECIES KDF (section 3.6.1 of [29]). As the point compression is not applied for profile A, the prefix rule for compression type defined in section 5.1.3 of [29] shall not be used in profile A, i.e., there shall be no prefix for the ephemeral public key of Profile A. Profile B shall use point compression to save overhead and shall use the Elliptic Curve Cofactor Diffie-Hellman Primitive (section 3.3.2 of [29]) to enable future addition of profiles with cofactor h ≠ 1. For curves with cofactor h = 1 the two primitives (section 3.3.1 and 3.3.2 of [29]) are equal. The profiles shall not use backwards compatibility mode (therefore are not compatible with version 1 of SECG).

The ME and SIDF shall implement this profile. The ECIES parameters for this profile shall be the following: EC domain parameters EC Diffie-Hellman primitive point compression KDF Hash SharedInfo1 MAC mackeylen maclen SharedInfo2 ENC enckeylen icblen backwards compatibility mode

The ME and SIDF shall implement this profile. The ECIES parameters for this profile shall be the following: EC domain parameters EC Diffie-Hellman primitive point compression KDF Hash SharedInfo1 MAC mackeylen maclen SharedInfo2 ENC enckeylen icblen backwards compatibility mode

The following test data set corresponds to ECIES-based encryption in the UE for IMSI-based SUPI and null-scheme.

The following test data set corresponds to ECIES-based encryption in the UE for network specific identifier-based SUPI and null-scheme.

The following test data set corresponds to SUCI computation in the UE for IMSI-based SUPI and ECIES Profile A. The ECIES Scheme Output is computed in the UE as defined in Figure C.3.2-1 of clause C.3.2 with the following data

The following test data set corresponds to SUCI computation in the UE for network specific identifier-based SUPI and ECIES Profile A. The ECIES Scheme Output is computed in the UE as defined in Figure C.3.2-1 of clause C.3.2 with the following data

The following test data set corresponds to ECIES-based encryption in the UE for IMSI-based SUPI and ECIES Profile B. The Scheme Output is computed in the UE as defined in Figure C.3.2-1 of clause C.3.2 with following data:

The following test data set corresponds to ECIES-based encryption in the UE for network specific identifier-based SUPI and ECIES Profile B. The Scheme Output is computed in the UE as defined in Figure C.3.2-1 of clause C.3.2 with following data: