Presentation is loading. Please wait.

Presentation is loading. Please wait.

Discrete Methods in Mathematical Informatics Lecture 3: Other Applications of Elliptic Curve 23h October 2012 Vorapong Suppakitpaisarn http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/

Published byBrittney Dimit Modified over 10 years ago

Similar presentations

Presentation on theme: "Discrete Methods in Mathematical Informatics Lecture 3: Other Applications of Elliptic Curve 23h October 2012 Vorapong Suppakitpaisarn http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/"— Presentation transcript:

1 Discrete Methods in Mathematical Informatics Lecture 3: Other Applications of Elliptic Curve 23h October 2012 Vorapong Suppakitpaisarn Eng. 6 Room 363 Download: Lecture 1: Lecture 2: Lecture 3:

2 Course Information (Many Changes from Last Week)
Schedule Grading 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (1 Exercises) (Elliptic Curve Cryptography[1]) 10/23 – Elliptic Curve III (3 Exercises) (Elliptic Curve Cryptography[2]) 10/30 – Cancelled 11/7 – Online Algorithm I (Prof. Han) 11/14 – Online Algorithm II (Prof. Han) 11/21 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 11/28 – Elliptic Curve V (2 Exercises) (ECC Implementation II) 12/4 – Cancelled From 12/11 – To be Announced For my part, you need to submit 2 Reports. Report 1: Select 3 from 6 exercises in Elliptic Curve I – III Submission Deadline: 14 November Report 2: Select 2 from 4 exercises in Elliptic Curve IV – V Submission Deadline: TBD Submit your report at Department of Mathematical Informatics’ office [1st floor of this building]

3 Discrete Logarithm Problem
From Last Lecture… Scalar Multiplication on Elliptic Curve S = P + P + … + P = rP when r1 is positive integer, S,P is a member of the curve Double-and-add method Let r = 14 = (01110)2 Compute rP = 14P r = 14 = ( )2 r times P 3P 7P 14P O 2P 6P 14P 3 – 1 = 2 Point Additions 4 – 1 = 3 Point Doubles Discrete Logarithm Problem Given P, aP - Compute a.

4 Overview Discrete Logarithm Problem Massey-Omura Encryption
ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

5 Overview Discrete Logarithm Problem Massey-Omura Encryption
ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

6 Pollard’s Method [Pollard 1978]
(Semi-)Objective [Teske, 1998] (Real-)Algorithm (Semi-) Algorithm (Real-)Objective Function f for Discrete Log

7 Examples Algorithm Example

8 Exercise Exercise 4

9 The Pohlig-Hellman Method [Pohlig, Hellman 1978]

10 The Pohlig-Hellman Method [cont.]
Algorithm (Real-)Problem Given P, Q = aP - Compute a. (Semi-)Problem Given P, Q = aP - Compute a mod pkek Properties

11 The Pohlig-Hellman Method [cont.]
Given P, Q = aP - Compute a mod pkek Algorithm

12 Chinese Remainder Theorem
(Semi-)Problem Given P, Q = aP - Compute a mod pkek

13 Overview Discrete Logarithm Problem Massey-Omura Encryption
ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

14 Three-Pass Protocol [Shamir 1980]
Private Key Cryptography Three-pass Protocol k1 k2 M Key Agreement Protocol Encryption Algorithm k k Ek1(M) Ek1 (M) Super-Encryption Algorithm M Dk(Ek(M)) = M Ek2 ( Ek1 (M)) Encryption Algorithm Ek2 ( Ek1 (M)) Decryption Algorithm Decryption Algorithm Ek(M) Ek(M) Ek2 (M)=Dk1 ( Ek2 ( Ek1 (M))) Ek2(M) Super-Decryption Algorithm M

15 Massey-Omura Protocol [Massey, Omura 1986]
Three-pass Protocol Massey-Omura Protocol k1 k2 M Encryption Algorithm Encryption Algorithm Ek1(M) Ek1 (M) Super-Encryption Algorithm Super-Encryption Algorithm Ek2 ( Ek1 (M)) Ek2 ( Ek1 (M)) Decryption Algorithm Decryption Algorithm Ek2(M) Ek2(M) Super-Decryption Algorithm Super-Decryption Algorithm M

16 Massey-Omura Protocol [cont.]
Example Encryption Algorithm Encryption Algorithm Super-Encryption Algorithm Super-Encryption Algorithm Decryption Algorithm Ek2(M) Decryption Algorithm Super-Decryption Algorithm Super-Decryption Algorithm

17 Massey-Omura Protocol [cont.]
Integer  Point on Elliptic Curve Point on Elliptic Curve  Integer Exercise 4 Exercise 5

18 Overview Discrete Logarithm Problem Massey-Omura Encryption
ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

19 Public Key Cryptography
Private Key Cryptography Public Key Cryptography Certificate Authority (CA) Key Agreement Protocol kpub,kpri kpub k k Dkpri (Ekpub (M)) = M M M Dk(Ek(M)) = M Encryption Algorithm Encryption Algorithm Decryption Algorithm Decryption Algorithm Ekpub(M) Ekpub (M) Ek(M) Ek(M)

20 ElGamal Public Key Encryption [ElGamal 1985]
Public Key Cryptography ElGamal PKE Certificate Authority (CA) Certificate Authority (CA) kpub,kpri kpub Dkpri (Ekpub (M)) = M2-sM = M Dkpri (Ekpub (M)) = M M Encryption Algorithm Encryption Algorithm Decryption Algorithm Decryption Algorithm Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 Ekpub(M) Ekpub (M) M1 = kP, M2 = M + kB

21 ElGamal Public Key Encryption (cont.)
Example ElGamal PKE Certificate Authority (CA) Dkpri (Ekpub (M)) = M2-sM = M Dkpri (Ekpub (M)) = M2-sM1 = (0,1)-5(4,3) = (4,2) Encryption Algorithm Encryption Algorithm Decryption Algorithm Decryption Algorithm Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 M1 = (4,3) M2 = (0,1) M1 = kP, M2 = M + kB M1 = kP = 7(0,1) = (4,3), M2 = M + kB = (4,2)+7(3,1) = (0,1)

22 ElGamal Public Key Encryption (cont.)
ElGamal PKE ElGamal Problem Ver. I Given P, sP (public key), kP, M + skP, Find M. Certificate Authority (CA) Dkpri (Ekpub (M)) = M2-sM = M Discrete Log. Given P, sP Find s. Encryption Algorithm Decryption Algorithm Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 M1 = kP, M2 = M + kB

23 Overview Discrete Logarithm Problem Massey-Omura Encryption
ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

24 Digital Signature [Diffie, Hellman 1976]
Public Key Cryptography Digital Signature Certificate Authority (CA) Certificate Authority (CA) kpub,kpri kpub kpri,kpub kpub Dkpri (Ekpub (M)) = M M Encryption Algorithm Decryption Algorithm Vkpub (Skpri(M)) = M ? M Ekpub(M) Ekpub (M) Signing Algorithm Objective Verification Algorithm Alice is sending a message M to Bob Bob can be sure that the sender is really Alice. Alice cannot refuse that she did send the message No one can send a message claiming that they are Alice. M,Skpri(M) M, Skpri(M)

25 ElGamal Digital Signatures [ElGamal 1985]
ElGamal’s Protocol Certificate Authority (CA) Certificate Authority (CA) kpub=(A,B) kpri,kpub kpub Signing Algorithm Skpri(M)) is signed by Alice??? M Signing Algorithm Verification Algorithm Verification Algorithm M,Skpri(M) M, Skpri(M)

26 ElGamal Digital Signatures (cont.)
Example ElGamal’s Protocol Certificate Authority (CA) kpub=(A,B) Signing Algorithm Signing Algorithm Verification Algorithm Verification Algorithm

27 ElGamal Digital Signatures (cont.)
ElGamal’s Protocol ElGamal Problem Ver. II Given A, B=aA (public key), m (message), m‘ (forged message) Find R,s such that Certificate Authority (CA) kpub=(A,B) Signing Algorithm Discrete Log. Given P, sP Find s. Verification Algorithm

28 Exercise Given A, B=aA (public key), m (message), m‘ (forged message)
ElGamal Problem Ver. II Given A, B=aA (public key), m (message), m‘ (forged message) Find R,s such that Discrete Log. Given P, sP Find s. Exercise 6

29 Overview Discrete Logarithm Problem Massey-Omura Encryption
ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

30 Digital Signature Algorithm [Vanstone 1992]
ElGamal’s Protocol DSA’s Protocol Certificate Authority (CA) Certificate Authority (CA) kpub=(A,B) kpub=(A,B) 2 Scalar Multiplications 3 Scalar Multiplications Signing Algorithm Signing Algorithm Verification Algorithm Verification Algorithm

31 Exercise Exercise 4 Exercise 4 Exercise 5

32 Exercise Exercise 6

33 Pairing-Based Cryptography
Diffie-Hellman Exchange Protocol Three-Parties DHE P 1. Generate P 2 E(F) 2. Generate positive integers a 3. Receive Q = bP 4. Compute aQ = abP 1. Receive P 2. Receive S = aP 3. Generate positive integer b 4. Compute bS = abP B O ALICE A L I C E aP a, aP bP aP C H A L I E bP B O b, bP cP c, cP Bilinear Function ALICE Three-Parties DHE with Pairing a, aP, bP ALICE abP C H A L I E bcP a, aP B O C H A L I E b, bP cP acP c, cP aP aP aP bP cP B O b, bP cP c, cP bP

34 Thank you for your attention
Please feel free to ask questions or comment.

Download ppt "Discrete Methods in Mathematical Informatics Lecture 3: Other Applications of Elliptic Curve 23h October 2012 Vorapong Suppakitpaisarn http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/"

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Public Key Cryptosystem

Public Key Cryptosystem
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.

PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Public Key Encryptions CS461/ECE422 Fall 2011. Reading Material Text Chapters 2 and 20 Handbook of Applied Cryptography, Chapter 8 –

Public Key Encryptions CS461/ECE422 Fall Reading Material Text Chapters 2 and 20 Handbook of Applied Cryptography, Chapter 8 –
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9
Discrete Methods in Mathematical Informatics Lecture 2: Elliptic Curve Cryptography 16 th October 2012 Vorapong Suppakitpaisarn

Discrete Methods in Mathematical Informatics Lecture 2: Elliptic Curve Cryptography 16 th October 2012 Vorapong Suppakitpaisarn
Discrete Methods in Mathematical Informatics Lecture 1: What is Elliptic Curve? 9 th October 2012 Vorapong Suppakitpaisarn

Discrete Methods in Mathematical Informatics Lecture 1: What is Elliptic Curve? 9 th October 2012 Vorapong Suppakitpaisarn
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.

Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
No-Key Cryptography Nathan Marks Based on Massey-Omura US Patent # 4,567,600.

No-Key Cryptography Nathan Marks Based on Massey-Omura US Patent # 4,567,600.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

Similar presentations

Ads by Google