Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.

Published byErica Sullivan Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016."— Presentation transcript:

1 Cryptography Hyunsung Kim, PhD kim@kiu.ac.kr University of Malawi, Chancellor College Kyungil University February, 2016

2 2/16 Contents 12. Public Key Cryptography 12.5 Elliptic Curve Cryptography - EC Diffie-Hellman - EC ElGamal Message Exchange

3 Why ECC  Index calculus : Fastest method we know to break original DH and RSA (RSA-2012, RSA-2048)  1975, continued fraction factorization method (CFRAC) -2 120, 2 170  1977, linear sieve (LS) -2 110, 2 160  1982, quadratic sieve (QS) -2 100, 2 150  1990, number0field sieve (NFS) -2 80, 2 112  1994, function-field sieve (FFS)  2006, medium-prime FFS/NFS  2013, x q -x FFS “cryptopocalypse” 3/16

4 Elliptic Curve Cryptography  Elliptic curves are used in public key cryptography because you can use shorter keys than for RSA and cryptosystems whose security is based on the FFDLP  An elliptic curve is a curve described by an equation of the form y 2 +a 1 xy+a 3 y=x 3 +a 2 x 2 +a 4 x+a 6 y 2 +a 1 xy+a 3 y=x 3 +a 2 x 2 +a 4 x+a 6 and an extra O -point and an extra O -point 4/16

5 Elliptic Curve Cryptography  Definition  Let be a field. An elliptic curve  over is a smooth curve  : y 2 +a 1 xy+a 3 y=x 3 +a 2 x 2 +a 4 x+a 6 (1) in so called “long Weierstrass form” where the coefficients a i lie in and the discriminant of ,  0 in, where  is defined as  = -d 2 2 d 8 -8d 4 3 -27d 6 2 +9d 2 d 4 d 6 with d 2 = a 1 2 +4a 2 ; d 4 = 2a 4 +a 1 a 3 ; d 6 = a 3 2 +4a 6 ; d 8 = a 1 2 a 6 +4a 2 a 6 -a 1 a 3 a 4 +a 1 a 3 2 +a 4 2 ; together with a special point known as the point at infinity, O 5/16

6 Elliptic Curve Cryptography 6/16  This transforms Equation 1 to the equation of an isomorphic curve of the form  : y 2 =x 3 +Ax+B (2)  : y 2 =x 3 +Ax+B (2)  We refer to this simpler form as a short Weierstrass form. A criterion to ensure that the curve in Equation 2 has no singular points. The curve’s discriminant  = 4A 3 -27B 2  0

7 Elliptic Curve Cryptography  Group law on elliptic curve  Elliptic curves are of great use in a number of cryptographic protocols, mainly because it is possible to take two points on such a curve and generate a third point on the same curve  In fact, we will show that the points on the elliptic curve generate an additive abelian group  This group can then be used to develop a similar instance of the DLP which is the basis for most public key cryptosystems  The chord-and-tangent rule for adding two points in  () provides  () with the needed abelian structure  The point at infinity O, is the identity element 7/16

8 Elliptic Curve Cryptography  Let be an elliptic curve defined over the field  There is a chord-and-tangent rule for adding two points  () to give a third point in  ()  Together with this addition operation, the set of polynomial  () forms an abelian group with O serving as its identity  It is this group that is used in the construction of elliptic cryptographic systems  The addition rule is best explained geometrically as 8/16

9 Elliptic Curve Cryptography  Addition rule  Let P=(x 1, y 1 ) and Q=(x 2, y 2 ) be two distinct points of elliptic curve   The sum R of P and Q is defined as First draw a line though P and Q; this line intersects the elliptic curve at a third point Then R is the reflection of this point about the x-axis 9/16

10 Elliptic Curve Cryptography  Doubling rule  Let P=(x 1, y 1 ) a point on an elliptic curve   The double R of P is defined as First draw the tangent line to the elliptic curve at P This line intersects the elliptic curve at a second point Then R is the reflection of this point about the x-axis 10/16

11 Elliptic Curve Cryptography  Theorem (Group law on elliptic curves)  Let  / be an elliptic curve given by y 2 =x 3 +Ax+B. The chord- tangent method defines an addition on the set  () of -rational points on  ; let P=(x 1, y 1 ) and Q=(x 2, y 2 ) be points on  with P, Q  O. We then define P+Q=(x 3, y 3 ) as  If x 1  x 2 then x 3 = m 2 - x 1 - x 2 and where m=(y 2 - y 1 )/(x 2 - x 1 )  If x 1 = x 2 but y 1  y 2 then P + Q = O  If P = Q and y 1  0 then x 3 = m 2 - 2x 1 and y 3 = m(x 1 – x 3 ) – y 1 where m=(3x 1 2 + A)/2y 1  If P = Q and y 1 = 0 then P + Q = O. Also we define P + O = P for all points P on   This addition law can be shown to be commutative and associative, effectively making (  (), +) an abelian group 11/16

12 Elliptic Curve Cryptography  Example  Let p=29, a=4 and b=20, and consider the elliptic curve  : y 2 =x 3 +4x+20 Defined over 29  Verify that  = 4A 3 -27B 2  0 (mod 29)  Thus  is indeed an elliptic curve  Verify that some of the points in  ( 29 ) are the following O, (2,6), (4, 19), (8, 10), (13, 23), (16, 2), (19, 16), (27, 2), (0,7), (2,23), (5,7), (8, 19), (14, 6), (16, 27), (20, 3), … 12/16

13 Elliptic Curve Cryptography  Definition (Elliptic Curve DLP) The elliptic curve DLP (ECDLP) is : Given an elliptic curve  defined over a finite field q a point P  ( q ) of order n and a point Q , find the integer l  [0, n-1] such that Q=lP. The integer l is called the discrete logarithm of Q to the base P, denoted l=log P Q The elliptic curve DLP (ECDLP) is : Given an elliptic curve  defined over a finite field q a point P  ( q ) of order n and a point Q , find the integer l  [0, n-1] such that Q=lP. The integer l is called the discrete logarithm of Q to the base P, denoted l=log P Q 13/16

14 Elliptic Curve Cryptography  Solving the ECDLP for an elliptic curve over q with q  2 163 (or 2 192 ) is about as hard as solving the FFDLP for q with q  2 1024 or factoring n with n  2 1024 (or 2 8000, respectively)  So we can use shorter keys. Another advantage here is that for a given finite field there can be lots of associated elliptic curves 14/16

15 Elliptic Curve Diffie-Hellman  Specify q,  ( q ) and G  Select a random point a A and compute R A = a A G 15/16 AliceBob Symmetric key for AES   Select a random point a B  a B G  Compute R B = a B G  q,  (  q ), G, R A RBRBRBRB  a A  Compute SK=R B a A  a B  Compute SK=R A a B a A = a B Ga A =a B = a B a A G SK = R B a A = a B Ga A = a B R A = a B a A G

16 Elliptic Curve ElGamal 16/16  Select two random numbers k and a A  Compute R A =a A G AliceBob Specify  q,  (  q ) and G   Select a random number a B  G  Compute R B = a B G RARARARA RBRBRBRB M  kG  Compute R k =kG  R B k  Compute C=M  (R B )k   Compute R k a B   Compute (R k a B ) -1   Compute M=C  (R k a B ) -1 Rk, CRk, CRk, CRk, C Finding k requires solving the ECDLP

Download ppt "Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016."

Similar presentations

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.
Elliptic Curve Cryptography with Derive Johann Wiesenbauer Vienna University of Technology DES-TIME-2006, Dresden.

Elliptic Curve Cryptography with Derive Johann Wiesenbauer Vienna University of Technology DES-TIME-2006, Dresden.
7. Asymmetric encryption-

7. Asymmetric encryption-
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.

Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.
Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.

Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.

Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.
CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.

Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II

Electronic Payment Systems Lecture 5: ePayment Security II
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:

CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, A Public-Key Cryptosystem and a Signature Scheme.

ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
By Abhijith Chandrashekar and Dushyant Maheshwary.

By Abhijith Chandrashekar and Dushyant Maheshwary.
Ipsita Sahoo 10IT61B05 School of Information Technology IIT Kharagpur October 29, 2011 E LLIPTIC C URVES IN C RYPTOGRAPHY.

Ipsita Sahoo 10IT61B05 School of Information Technology IIT Kharagpur October 29, 2011 E LLIPTIC C URVES IN C RYPTOGRAPHY.
Elliptic Curve Cryptography

Elliptic Curve Cryptography
1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz

1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz

Similar presentations

Ads by Google