Presentation is loading. Please wait.

Presentation is loading. Please wait.

Discrete Methods in Mathematical Informatics Lecture 2: Elliptic Curve Cryptography 16 th October 2012 Vorapong Suppakitpaisarn

Published byNora Flora Gilbert Modified over 9 years ago

Similar presentations

Presentation on theme: "Discrete Methods in Mathematical Informatics Lecture 2: Elliptic Curve Cryptography 16 th October 2012 Vorapong Suppakitpaisarn"— Presentation transcript:

1 Discrete Methods in Mathematical Informatics Lecture 2: Elliptic Curve Cryptography 16 th October 2012 Vorapong Suppakitpaisarn http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/ vorapong@mist.i.u-tokyo.ac.jp, Eng. 6 Room 363 Download: Lecture 1: http://misojiro.t.u-tokyo.ac.jp/~vorapong/Lecture1.pptx Lecture 2: http://misojiro.t.u-tokyo.ac.jp/~vorapong/Lecture2.pptx

2 Course Information (Many Changes from Last Week) 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (2 Exercises) (Elliptic Curve Cryptography) 10/23 – Elliptic Curve III (2 Exercises) (Primality Testing and Factoring) 10/30 – Cancelled 11/7 – Online Algorithm I (Prof. Han) 11/14 – Online Algorithm II (Prof. Han) 11/21 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 11/28 – Elliptic Curve V (2 Exercises) (ECC Implementation II) 12/4 – Cancelled From 12/11 – To be Announced 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (2 Exercises) (Elliptic Curve Cryptography) 10/23 – Elliptic Curve III (2 Exercises) (Primality Testing and Factoring) 10/30 – Cancelled 11/7 – Online Algorithm I (Prof. Han) 11/14 – Online Algorithm II (Prof. Han) 11/21 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 11/28 – Elliptic Curve V (2 Exercises) (ECC Implementation II) 12/4 – Cancelled From 12/11 – To be Announced Schedule For my part, you need to submit 2 Reports. - Report 1: Select 3 from 6 exercises in Elliptic Curve I – III Submission Deadline: 14 November - Report 2: Select 2 from 4 exercises in Elliptic Curve IV – V Submission Deadline: TBD - Submit your report at Department of Mathematical Informatics’ office [1 st floor of this building] For my part, you need to submit 2 Reports. - Report 1: Select 3 from 6 exercises in Elliptic Curve I – III Submission Deadline: 14 November - Report 2: Select 2 from 4 exercises in Elliptic Curve IV – V Submission Deadline: TBD - Submit your report at Department of Mathematical Informatics’ office [1 st floor of this building] Grading

3 From Last Lecture… Point Addition Point Double Weierstrass Equation: A = -4, B = 4 -

4 Cryptography Methods or Algorithms for Secure Communication AliceBob M E(M)E(M) Encryption Algorithm E(M)E(M) E(M)E(M) Decryption Algorithm M Slow Memory Usage RSA (the most popular algorithm) Elliptic Curve Crypto- graphy Optimize and Analyze Fast Faster Algorithms Using Less Memory (assuming the same key size)

5 Some Progress on Elliptic Curve Cryptography 1976Introduction of Elliptic Curve Cryptography (ECC) 2000’sResearchers Began to Interest in ECC Because of Its Memory Consumption is better than RSA 2002Implementation of ECC in OpenSSL 2008Publication of Standard Defining the Use of ECC http://tools.ietf.org/html/rfc5246#ref-ECDSA 2011Google Introduce ECC to be the default algorithm for its https web page 2012Joux and Vitse successfully break 151 bits of ECC [Joux, Vitsa, EUROCRYPT2012, June 2012] (While 768 bits of RSA is broken by Kleinjung et al. in 2010) [Kleinjung et al., CRYPTO2010, 2010]

6 Overview Basics Prime Field & Elliptic Curve Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem Massey- Omura Encryption ElGamal Public Key Encryption ElGamal Digital Signatures Digital Signature Algorithm (DSA)

7 Overview Basics Prime Field & Elliptic Curve Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem Massey- Omura Encryption ElGamal Public Key Encryption ElGamal Digital Signatures

8 Prime Field F p p is prime number. [Let p = 7 in this slide] Consider a set {0, 1, …, p – 1} Addition Subtraction Multiplication Exponentiation

9 Prime Field F p (cont.) Multiplicative Inverse p is prime number. [Let p = 7 in this slide] Consider a set {0, 1, …, p – 1} Real Number? Prime Field F 7 Theorem Proof

10 Prime Field F p (cont.) Multiplicative Inverse Real Number? Prime Field F 7 DivisionReal Number?Prime Field F 7

11 Elliptic Curve with Prime Field Elliptic Curve Example, p = 5, A = 1, B = 1 (0,1),(0,4)(2,1),(2,4)(3,1),(3,4)(4,2),(4,3) ||E(F p )||=9 Hasse’s Theorem (Hasse 1936)

12 Elliptic Curve with Prime Field (cont.) Elliptic Curve Example, p = 5, A = 1, B = 1 Point Double

13 Scalar Multiplication Scalar Multiplication on Elliptic Curve S = P + P + … + P = rP when r 1 is positive integer, S,P is a member of the curve Double-and-add method Let r = 14 = (01110) 2 Compute rP = 14P r = 14 = (0 1 1 1 0) 2 P3P3P7P7P14P 6P6P2P2P 3 – 1 = 2 Point Additions 4 – 1 = 3 Point Doubles r times O Exercise 3

14 Overview Basics Prime Field & Elliptic Curve Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem Massey- Omura Encryption ElGamal Public Key Encryption ElGamal Digital Signatures

15 Private Key Cryptography Key Agreement Protocol kk M Encryption Algorithm E k (M) Decryption Algorithm D k (E k (M)) = M Data Encryption Scheme (DES) (Developed by IBM in 1970’s) Advanced Encryption Scheme (AES) (Daemen, Rijmen 2002) Diffie-Hellman Key Exchange (Diffie, Hellman 1976) One-Time Pad k = 01101 M = 10100 Encryption Algorithm Decryption Algorithm

16 Diffie-Hellman Key Exchange 1.Generate P 2 E(F) 2.Generate positive integers a 3.Receive Q = bP 4.Compute aQ = abP 1.Receive P 2.Receive S = aP 3.Generate positive integer b 4.Compute bS = abP P aP bP Key ALICEALICE ALICEALICE BOBBOB BOBBOB Eve knows P, aP, bP, but not abP Given P, aP, and bP, Compute abP. Diffie-Hellman Problem Given P, aP Compute a. Discrete Logarithm Problem

17 Overview Basics Prime Field & Elliptic Curve Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem Massey- Omura Encryption ElGamal Public Key Encryption ElGamal Digital Signatures

18 Baby Step, Giant Step [Shanks 1971] Given P, Q = aP compute a. Discrete Logarithm Problem 012… … ……………… ……………… ……………… ……………… ……………… ……N-1 Baby Step, Giant Step Pre-Computation Q Baby Step Giant Step Example

19 Pollard’s Method [Pollard 1978] [Teske, 1998] (Semi-)Objective (Semi-) Algorithm (Real-)Objective Function f for Discrete Log (Real-)Algorithm

20 Examples Example Algorithm

21 Overview Basics Prime Field & Elliptic Curve Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem Massey- Omura Encryption ElGamal Public Key Encryption ElGamal Digital Signatures

22 Three-Pass Protocol [Shamir 1980] Private Key Cryptography Key Agreement Protocol kk M Encryption Algorithm E k (M) Decryption Algorithm D k (E k (M)) = M Three-pass Protocol k1k1 k2k2 M E k 1 (M) Encryption Algorithm E k 1 (M) Super-Encryption Algorithm E k 2 ( E k 1 (M)) Decryption Algorithm E k 2 (M)=D k 1 ( E k 2 ( E k 1 (M))) E k 2 (M) Super-Decryption Algorithm M

23 Massey-Omura Protocol [Massey, Omura 1986] Three-pass Protocol k1k1 k2k2 M E k 1 (M) Encryption Algorithm E k 1 (M) Super-Encryption Algorithm E k 2 ( E k 1 (M)) Decryption Algorithm E k 2 (M) Super-Decryption Algorithm M Massey-Omura Protocol Encryption Algorithm Super-Encryption Algorithm Decryption Algorithm E k 2 (M) Super-Decryption Algorithm M

24 Massey-Omura Protocol [cont.] Given k 1 P, k 2 P, k 1 k 2 P,Compute P. Massey-Omura Problem Massey-Omura Protocol Encryption Algorithm Super-Encryption Algorithm Decryption Algorithm E k 2 (M) Super-Decryption Algorithm M Given P, aP Compute a. Discrete Log Problem Integer  Point on Elliptic Curve Point on Elliptic Curve  Integer

25 Exercise Integer  Point on Elliptic Curve Exercise 4Exercise 5

26 Overview Basics Prime Field & Elliptic Curve Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem Massey- Omura Encryption ElGamal Public Key Encryption ElGamal Digital Signatures

27 Public Key Cryptography Private Key Cryptography Key Agreement Protocol kk M Encryption Algorithm E k (M) Decryption Algorithm D k (E k (M)) = M Public Key Cryptography k pub,k pri Certificate Authority (CA) k pub M Encryption Algorithm E k pub (M) Decryption Algorithm D k pri (E k pub (M)) = M

28 ElGamal Public Key Encryption [ElGamal 1985] Public Key Cryptography k pub,k pri Certificate Authority (CA) k pub M Encryption Algorithm E k pub (M) Decryption Algorithm D k pri (E k pub (M)) = M Certificate Authority (CA) Encryption Algorithm E k pub (M) = M 1,M 2 M 1 = kP, M 2 = M + kB E k pub (M) = M 1,M 2 Decryption Algorithm D k pri (E k pub (M)) = M 2 -sM 1 = M ElGamal PKE

29 ElGamal Public Key Encryption (cont.) Certificate Authority (CA) Encryption Algorithm E k pub (M) = M 1,M 2 M 1 = kP, M 2 = M + kB E k pub (M) = M 1,M 2 Decryption Algorithm D k pri (E k pub (M)) = M 2 -sM 1 = M ElGamal PKE Given P, sP (public key), kP, M + skP, Find M. ElGamal Problem Ver. I Given P, sP Find s. Discrete Log.

30 Overview Basics Prime Field & Elliptic Curve Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem Massey- Omura Encryption ElGamal Public Key Encryption ElGamal Digital Signatures

31 Digital Signature [Diffie, Hellman 1976] Alice is sending a message M to Bob 1.Bob can be sure that the sender is really Alice. 2.Alice cannot refuse that she did send the message 3.No one can send a message claiming that they are Alice. Objective Digital Signature k pri,k pub Certificate Authority (CA) k pub M Signing Algorithm M,S k pri (M) Verification Algorithm V k pub (S k pri (M)) = M ? Public Key Cryptography k pub,k pri Certificate Authority (CA) k pub M Encryption Algorithm E k pub (M) Decryption Algorithm D k pri (E k pub (M)) = M

32 ElGamal Digital Signatures [ElGamal 1985] Digital Signature k pri,k pub Certificate Authority (CA) k pub M Signing Algorithm M,S k pri (M) Verification Algorithm S k pri (M)) is signed by Alice??? ElGamal’s Protocol Certificate Authority (CA) k pub =(A,B) Signing Algorithm Verification Algorithm

33 ElGamal Digital Signatures (cont.) ElGamal’s Protocol Certificate Authority (CA) k pub =(A,B) Signing Algorithm Verification Algorithm Given A, B=aA (public key), m (message), Find R,s such that ElGamal Problem Ver. II Given P, sP Find s. Discrete Log.

34 Overview Basics Prime Field & Elliptic Curve Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem Massey- Omura Encryption ElGamal Public Key Encryption ElGamal Digital Signatures Digital Signature Algorithm (DSA)

35 Digital Signature Algorithm [Vanstone 1992] ElGamal’s Protocol Certificate Authority (CA) k pub =(A,B) Signing Algorithm Verification Algorithm DSA’s Protocol Certificate Authority (CA) k pub =(A,B) Signing Algorithm Verification Algorithm 3 Scalar Multiplications 2 Scalar Multiplications

36 Today’s Exercises Exercise 3 Exercise 4

37 Course Information (Many Changes from Last Week) 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (2 Exercises) (Elliptic Curve Cryptography) 10/23 – Elliptic Curve III (2 Exercises) (Primality Testing and Factoring) 10/30 – Cancelled 11/7 – Online Algorithm I (Prof. Han) 11/14 – Online Algorithm II (Prof. Han) 11/21 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 11/28 – Elliptic Curve V (2 Exercises) (ECC Implementation II) 12/4 – Cancelled From 12/11 – To be Announced 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (2 Exercises) (Elliptic Curve Cryptography) 10/23 – Elliptic Curve III (2 Exercises) (Primality Testing and Factoring) 10/30 – Cancelled 11/7 – Online Algorithm I (Prof. Han) 11/14 – Online Algorithm II (Prof. Han) 11/21 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 11/28 – Elliptic Curve V (2 Exercises) (ECC Implementation II) 12/4 – Cancelled From 12/11 – To be Announced Schedule For my part, you need to submit 2 Reports. - Report 1: Select 3 from 6 exercises in Elliptic Curve I – III Submission Deadline: 14 November - Report 2: Select 2 from 4 exercises in Elliptic Curve IV – V Submission Deadline: TBD - Submit your report at Department of Mathematical Informatics’ office [1 st floor of this building] For my part, you need to submit 2 Reports. - Report 1: Select 3 from 6 exercises in Elliptic Curve I – III Submission Deadline: 14 November - Report 2: Select 2 from 4 exercises in Elliptic Curve IV – V Submission Deadline: TBD - Submit your report at Department of Mathematical Informatics’ office [1 st floor of this building] Grading

38 Thank you for your attention Please feel free to ask questions or comment.

Download ppt "Discrete Methods in Mathematical Informatics Lecture 2: Elliptic Curve Cryptography 16 th October 2012 Vorapong Suppakitpaisarn"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Discrete Methods in Mathematical Informatics Lecture 3: Other Applications of Elliptic Curve 23h October 2012 Vorapong Suppakitpaisarn http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/

Discrete Methods in Mathematical Informatics Lecture 3: Other Applications of Elliptic Curve 23h October 2012 Vorapong Suppakitpaisarn
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Discrete Methods in Mathematical Informatics Lecture 1: What is Elliptic Curve? 9 th October 2012 Vorapong Suppakitpaisarn

Discrete Methods in Mathematical Informatics Lecture 1: What is Elliptic Curve? 9 th October 2012 Vorapong Suppakitpaisarn
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.

Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
No-Key Cryptography Nathan Marks Based on Massey-Omura US Patent # 4,567,600.

No-Key Cryptography Nathan Marks Based on Massey-Omura US Patent # 4,567,600.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Key Establishment Techniques: Key Distribution and Key Agreement

Key Establishment Techniques: Key Distribution and Key Agreement
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:

CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from Foundations of Security: What Every Programmer Needs To Know by Neil Daswani, Christoph Kern,

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,

Similar presentations

Ads by Google