Presentation is loading. Please wait.

Presentation is loading. Please wait.

Elliptic Curve Cryptography

Published byClaud Wood Modified over 8 years ago

Similar presentations

Presentation on theme: "Elliptic Curve Cryptography"— Presentation transcript:

1 Elliptic Curve Cryptography
By Krishan Swarup Gupta

2 Introduction ECC was introduced by Victor Miller and Neal Koblitz in 1985. For DSA, RSA we need larger key length. ECC requires significantly smaller key size with same level of security. Benefits of having smaller key sizes : faster computations, need less storage space. ECC ideal for constrained environments : Pagers ; PDAs ; Cellular Phones ; Smart Cards

3 Group A group is an algebric system consisting of a set G together with a binary operation * defined on G satisfying the following axioms : Closure : for all x,y in G we have x * y  G Associativity : for all x,y and z in G we have (x * y) * z = x * (y * z) Identity : there exists an e in G such that x * e = e * x = x for all x Inverse : for all x in G there exists y in G such that x * y = y * x = e In addition if for x, y in G we have x * y = y * x then we say that group G is abelian.

4 Finite Field A finite field is an algebric system consisting of a set F together with a binary operations + and * defined on F satisfying the following axioms : F is an abelian group with respect to +. F \ {0} is an abelian group with respect to *. For all x, y and z in F we have x * ( y + z) = (x * y) + (x * z) (x + y) * z = (x * z) + (y * z) The order of the finite field is the number of elements in the field.

5 Galois Field GF(p) It is a finite field and it consists of a set of integers {0,1,2,3….p-1} where p is a prime number. Additionally it satisfies the following arithmetic operations : Addition : if a, b  GF(p), then a + b = r where r is the remainder of the division of a + b by p and 0<= r <= p-1. This operation is called addition modulo p. Multiplication : if a, b  GF(p), then a . b = s where s is the remainder of the division of a . b by p and 0<= s <= p-1. This operation is called multiplication modulo p.

6 Galois Field GF(2m) It is a finite field and is called binary finite field. It is a vector space of dimension m over GF(2) i.e. there exists a set of m elements {m-1, …,1, 0} each i  {0,1} in GF(2m) such that each a  GF(2m) a = m-1xm-1 + … + 1x + 0 Additionally it satisfies the following arithmetic operations : a = {am-1,..a1,a0} and b = {bm-1,..b1,b0}  GF(2m) Addition : a + b = c = {cm-1,..c1,c0} where ci = (ai + bi) mod 2. c  GF(2m) Multiplication : a . b = c = {cm-1,..c1,c0} where c is the remiander of the division of the polynomial a(x) . b(x) by an irreducible polynomial of degree m. c  GF(2m)

7 Elliptic Curve over GF(p)
Let GF(p) be a finite field, p > 3, and let a, b  GF(p) are constant such that 4a3 + 27b2  0 (mod p). An elliptic curve, E(a,b)(GF(p)), is defined as the set of points (x,y)  GF(p) * GF(p) which satisfy the equation y2  x3 + ax + b (mod p) together with a special point, O, called the point at infinity.

8 Elliptic Curve over GF(p)
P and Q be two points on E(a,b)(GF(p)) and O is the point at infinity. P+O = O+P = P If P = (x1,y1) then -P = (x1 ,-y1) and P + (-P) = O. If P = (x1,y1) and Q = (x2,y2), and P and Q are not O. then P +Q = (x3 ,y3) where   x3 = 2 - x1 - x2 y3 = (x1 - x3) - y1 and  = (y2-y1)/(x2-x1) if P ≠ Q  = (3x12+a)/ 2y1 if P = Q

9 Elliptic Curve over GF(2m) for some m  1.
Elliptic curve E(a,b)(GF(2m)) is defined to be the set of points (x,y)  GF(2m) * GF(2m) which satisfy the equation y2 + xy = x3 + ax2 + b; where a, b  GF(2m) and b≠0, together with the point on the curve at infinity, O. The points on an elliptic curve form an abelian group under a well defined group operation. The identity of the group operation is the point O.

10 Elliptic Curve over GF(2m) for some m  1.
P and Q be two points on E(a,b)(GF(2m)) and O is the point at infinity. P+O = O+P = P If P = (x1,y1) then -P = (x1 ,-y1) and P + (-P) = O. If P = (x1,y1) and Q = (x2,y2), and P and Q are not O. then P +Q = (x3 ,y3), where y3 = (x1 + x3) + x3 + y1 and  = (y1+y2)/(x1+x2) if P ≠ Q  = (x1 y1 + x1)/ y1 if P = Q

11 ECC Domain Parameters ECC domain parameters over GF(q), are a sextuple:  T = (q, a, b, G, n, h) q = p or q = 2m a and b  GF(q) y2  x3 + ax + b (mod p) for q = p > 3 y2 + xy = x3 + ax2 + b for q = 2m  1 a base point G = (xG,yG) on E(a,b)(GF(q)), a prime n which is the order of G (The order of a point P on an elliptic curve is the smallest positive integer r such that rP = O.) h = #E/n. where #E represents number of points on elliptic curve and is called the curve order.

12 ECC Key Generation A public key Q = (xQ,yQ) associated with a domain parameter (q, a, b, G, n, h) is generated for an entitiy A using the following procedure : Select a random or pseudo-random integer d in the interval [1,n-1]. Compute Q = dG. A's public key is Q; A's private key is d.

13 ECC Key Validation A public key Q = (xQ,yQ) associated with a domain parameter (q, a, b, G, n, h) is validated for an entitiy A using the following procedure : Check that Q  O Check that xQ and yQ are properly represented elements of GF(q). Check that Q lies on the elliptic curve defned by a and b. Check that nQ = O.

14 Elliptic Curve Digital Signature Algorithm (ECDSA)
Proposed by Abdalla, Bellare and Rogaway in 1999. Entity A has domain parameters D = (q, a, b, G, n, h) and public key QA and private key dA. And entity B has authentic copies of D and QA.  To sign a message m, A does the following: Select a random integer k from [1,n-1]. Compute kG = (x1,y1) and r = x1 mod n. If r = 0 then go to step 1. Compute k-1 mod n. Compute e = SHA-1(m). Compute s = k-1{e + dA . r} mod n. If s = 0 then go to step 1. A's signature for the message m is (r, s).

15 Elliptic Curve Digital Signature Algorithm (ECDSA)
To verify A's signature (r, s) on m, B performs the following steps: Verify that r and s are integers in [1,n-1]. Compute e = SHA-1(m). Compute w = s-1 mod n. Compute u1 = ew mod n and u2 = rw mod n. Compute (x1,y1) = u1G+ u2 QA Compute v = x1 mod n. Accept the signature if and only if v = r. SHA-1 denotes the 160-bit hash function

16 Elliptic Curve Authenticated Encryption Scheme (ECAES)
Analogue of the DSA, proposed by Scott Vanstone in 1992. To encrypt a message m for B, A performs: Select a random integer r from [1,n-1]. Compute R = rG. Compute K = hrQB = (KX, KY). Check that K  O: Compute k1|| k2 = KDF(KX). Compute c = (k1, m). Compute t = MAC(k2, c). Send (R; c; t) to B. ENC a symmetric encryption scheme such as Triple-DES MAC denotes a message authentication code (MAC) algorithm “RFC 2104” ; KDF a key derivation function

17 Elliptic Curve Authenticated Encryption Scheme (ECAES)
To decrypt a ciphertext (R; c; t), B does: Perform a partial key validation on R. Compute K = hdBR = (KX, KY).. Check that that K  O: Compute k1|| k2 = KDF(KX). Verify that t = MAC(k2, c). Compute m = ENC-1(k1, c).

18 ECC, DSA and RSA key length comparisons done by Lopez and
Dahab in May 2000. Elliptic Curve Cryptography provides added security over DSA/RSA.

19 Reference : An Overview of Elliptic Curve Cryptography by Julio Lopez and Richard Dahab May M. Abdalla, M. Bellare and P. Rogaway. “DHAES: An encryption scheme on the Diffie- Hellman problem”, preprint

Download ppt "Elliptic Curve Cryptography"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.

Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.
Cryptography and Network Security

Cryptography and Network Security
Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”

Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.

Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.
1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.
Lecture 8: Lattices and Elliptic Curves

Lecture 8: Lattices and Elliptic Curves
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:

CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:
ECE578: Cryptography 6: Primes, Galois Fields, ECC, and the Discrete Logarithm Problem Professor Richard A. Stanley, P.E. Spring 2010 © 2000-2010, Richard.

ECE578: Cryptography 6: Primes, Galois Fields, ECC, and the Discrete Logarithm Problem Professor Richard A. Stanley, P.E. Spring 2010 © , Richard.
Digital Signatures Presented by Olga Shishenina. 2 Outline  Cryptographic goals  Message Authentication Codes (MACs)  Digital signatures RSA digital.

Digital Signatures Presented by Olga Shishenina. 2 Outline  Cryptographic goals  Message Authentication Codes (MACs)  Digital signatures RSA digital.

Similar presentations

Ads by Google