Download presentation

Presentation is loading. Please wait.

1
Elliptic Curve

2
p2. Outline EC over Z p EC over GF(2 n )

3
EC over Z p

4
p4. Let a, b in Z p and 4a 3 +27b 2 !=0 mod p Define: where O is an identity point at infinity Ex: Elliptic Curve Over Z p (P>3):

5
p5. Define operation + Assume define P+Q: Elliptic Curve Over Zp (cont.) P -P-P

6
p6. Elliptic Curve Over Zp (cont.)

7
p7. Elliptic Curve Over Zp (cont.) Comparing coefficient of x 2 :

8
p8. Example: P -P Q P+Q

9
p9. Hasse’s Theorem Over a finite field Z p, the order of E(Z p ) is denoted by #E(Z p ). Hasse’s Theorem p+1-2p 0.5 <= #E(Z p ) <= p+1+2p 0.5

10
p10. Theorem (Group structure of E(Z p ) ) Let E be an elliptic curve defined over Z p and p>3. Then there exist positive integers n 1 and n 2 such that (E,+) is isomorphic to Z n1 x Z n2. Further, n 2 |n 1 and n 2 |(p-1).

11
p11. Define a singular point on elliptic curves: We write the equation as the form: If there exists a point, which is on the curve, and such that then we call P is a singular point on the curve. The reason for

12
p12. The singular point on the curve will make the tangent line at that point not well-define. ---destroy the group structure on the elliptic curve.

13
p13. Lemma: If there is a singular point on is a double root of pf:

14
p14.

15
p15. Consider f(x) has a double root x 1 and another root x 2 :

16
p16. Example: Find all (x,y)’s and O: 1.fix x and determine y. 2. O is an artificial point. 12 (x,y) pairs plus O and have #E=13

17
p17. There are 13 points on the group E 1,6 (Z 11 ) and so any non-identity point (i.e. not the point at infinity, noted as O) is a generator of E 1,6 (Z 11 ). Choose generator α=(2,7). α=(2,7) 2α=(5,2) 3α=(8,3) 4α=(10,2) 5α=(3,6) 6α=(7,9) 7α=(7,2) 8α=(3,5) 9α=(10,9) 10α=(8,8) 11α=(5,9) 12α=(2,4) 13α=O

18
p18. Recall the ElGamal encryption scheme Parameters p : a large prime α: a primitive number in GF(p) a : a private key, a [1, p-1] β : a public key, β = α a (mod p) m : a message to be signed, m [1, p-1] k : a random integer that is privately selected, k [0, p-2] K = (p, α, a, β) : public key + private key Encryption e K (m, k)=(y 1, y 2 ) where y 1 = α k mod p and y 2 =mβ k mod p Decryption m = d K (y 1, y 2 ) = y 2 (y 1 a ) -1 mod p

19
p19. Let’s modify ElGamal encryption by using the elliptic curve E 1,6 (Z 11 ). Suppose that α=(2,7) and Bob’s private key is 7, so β= 7α=(7,2) Thus the encryption operation is e K (x,k)=(k(2,7), x+k(7,2)), where x is in E and 0<=k<=12, and the decryption operation is d K (y 1,y 2 )=y 2 -7y 1

20
p20. Suppose that Alice wishes to encrypt the plaintext x=(10,9) (which is a point on E). if she chooses the random value k=3, then y 1 =3(2,7)=(8,3) and y 2 =(10,9)+3(7,2) =(10,9)+(3,5)=(10,2) Hence y=((8,3),(10,2)). Now, if Bob receives the ciphertext y, he decrypts it as follows: x=(10,2)-7(8,3) =(10,2)-(3,5) =(10,2)+(3,6) =(10,9).

21
EC over GF(2 n )

22
p22. Galois Field Z 2 [x] is the set of polynomials with coefficient over Z 2 and p(x) is an irreducible polynomial of degree n in Z 2 [x]. Ex: has elements {0,1,x,x+1 ……..,x 3 +x 2 +x+1}.

23
p23. The elements of Z 2 [x]/x 4 +x+1 : 0 x 9 =x 8 x=x 3 +x x 0 = 1 x 10 =x 9 x=x 4 +x 2 =x 2 +x+1 x 1 = x x 11 =x 10 x=x 3 +x 2 +x x 2 = x 2 x 12 =x 4 +x 3 +x 2 =x 3 +x 2 +x+1 x 3 = x 3 x 13 =x 4 +x 3 +x 2 +x=x 3 +x 2 +1 x 4 = x 4 =x+1 x 14 =x 4 +x 3 +x=x 3 +1 x 5 = x 4 x=x 2 +x x 15 =1=x 0 x 6 = x 5 x=x 3 +x 2 x 7 = x 6 x=x 4 +x 3 =x 3 +x+1 x 8 = x 7 x=x 4 +x 2 +x=x 2 +1 x is a generator.

24
p24. GF(2 n ) in Vector Form Rewrite a 3 x 3 +a 2 x 2 +a 1 x 1 +a 0 x 0 in vector form (a 3 a 2 a 1 a 0 ), g=x is a generator. (0000) 0 g 1 = (0010) x g 2 = (0100) x 2 g 3 = (1000) X 3 g 4 = (0011) x+1 g 5 = (0110) x 2 +x g 6 = (1100) x 3 +x 2 g 7 = (1011) x 3 +x+1 g 8 = (0101) x 2 +1 g 9 = (1010) x 3 +x g 10 = (0111) x 2 +x+1 g 11 = (1110) x 3 +x 2 +x g 12 = (1111) x 3 +x 2 +x+1 g 13 = (1101) x 3 +x 2 +1 g 14 = (1001) x 3 +1 g 15 = (0001) 1

25
p25. Elliptic Curve over GF(2 n ) Over GF(2 n ), Elliptic Curve can be written in the form: Points on Elliptic Curve E/ GF(2 n ) : O is an identity point at infinity

26
p26. Example (1)

27
p27. Example (1) (0001)g 1 = (0010) g 2 = (0100) g 3 = (1000) g 4 = (0011) g 5 = (0110) g 6 = (1100) g 7 = (1011) g 8 = (0101) g 9 = (1010) g 10 = (0111) g 11 = (1110) g 12 = (1111) g 13 = (1101) g 14 = (1001) g 15 =g 0 (0001)

28
p28. Adding Formula Def: Define P+Q :, O is an identity point at infinity Go

29
p29. Example (2) (0001)g 1 = (0010) g 2 = (0100) g 3 = (1000) g 4 = (0011) g 5 = (0110) g 6 = (1100) g 7 = (1011) g 8 = (0101) g 9 = (1010) g 10 = (0111) g 11 = (1110) g 12 = (1111) g 13 = (1101) g 14 = (1001) g 15 =g 0 (0001)

30
p30. Example (2) (0001)g 1 = (0010) g 2 = (0100) g 3 = (1000) g 4 = (0011) g 5 = (0110) g 6 = (1100) g 7 = (1011) g 8 = (0101) g 9 = (1010) g 10 = (0111) g 11 = (1110) g 12 = (1111) g 13 = (1101) g 14 = (1001) g 15 =g 0 (0001)

31
p31. Check –P is on Curve. Back

32
p32. Back (x 1,y 1 ) (x 2,y 2 ) (x 3,y 3 ) (x 3,y ’ )

33
p33. The Slope when P=Q Back

Similar presentations

© 2020 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google