Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.

Similar presentations


Presentation on theme: "Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016."— Presentation transcript:

1 Cryptography Hyunsung Kim, PhD kim@kiu.ac.kr University of Malawi, Chancellor College Kyungil University February, 2016

2 2/16 Contents 12. Public Key Cryptography 12.5 Elliptic Curve Cryptography - EC Diffie-Hellman - EC ElGamal Message Exchange

3 Why ECC  Index calculus : Fastest method we know to break original DH and RSA (RSA-2012, RSA-2048)  1975, continued fraction factorization method (CFRAC) -2 120, 2 170  1977, linear sieve (LS) -2 110, 2 160  1982, quadratic sieve (QS) -2 100, 2 150  1990, number0field sieve (NFS) -2 80, 2 112  1994, function-field sieve (FFS)  2006, medium-prime FFS/NFS  2013, x q -x FFS “cryptopocalypse” 3/16

4 Elliptic Curve Cryptography  Elliptic curves are used in public key cryptography because you can use shorter keys than for RSA and cryptosystems whose security is based on the FFDLP  An elliptic curve is a curve described by an equation of the form y 2 +a 1 xy+a 3 y=x 3 +a 2 x 2 +a 4 x+a 6 y 2 +a 1 xy+a 3 y=x 3 +a 2 x 2 +a 4 x+a 6 and an extra O -point and an extra O -point 4/16

5 Elliptic Curve Cryptography  Definition  Let be a field. An elliptic curve  over is a smooth curve  : y 2 +a 1 xy+a 3 y=x 3 +a 2 x 2 +a 4 x+a 6 (1) in so called “long Weierstrass form” where the coefficients a i lie in and the discriminant of ,  0 in, where  is defined as  = -d 2 2 d 8 -8d 4 3 -27d 6 2 +9d 2 d 4 d 6 with d 2 = a 1 2 +4a 2 ; d 4 = 2a 4 +a 1 a 3 ; d 6 = a 3 2 +4a 6 ; d 8 = a 1 2 a 6 +4a 2 a 6 -a 1 a 3 a 4 +a 1 a 3 2 +a 4 2 ; together with a special point known as the point at infinity, O 5/16

6 Elliptic Curve Cryptography 6/16  This transforms Equation 1 to the equation of an isomorphic curve of the form  : y 2 =x 3 +Ax+B (2)  : y 2 =x 3 +Ax+B (2)  We refer to this simpler form as a short Weierstrass form. A criterion to ensure that the curve in Equation 2 has no singular points. The curve’s discriminant  = 4A 3 -27B 2  0

7 Elliptic Curve Cryptography  Group law on elliptic curve  Elliptic curves are of great use in a number of cryptographic protocols, mainly because it is possible to take two points on such a curve and generate a third point on the same curve  In fact, we will show that the points on the elliptic curve generate an additive abelian group  This group can then be used to develop a similar instance of the DLP which is the basis for most public key cryptosystems  The chord-and-tangent rule for adding two points in  () provides  () with the needed abelian structure  The point at infinity O, is the identity element 7/16

8 Elliptic Curve Cryptography  Let be an elliptic curve defined over the field  There is a chord-and-tangent rule for adding two points  () to give a third point in  ()  Together with this addition operation, the set of polynomial  () forms an abelian group with O serving as its identity  It is this group that is used in the construction of elliptic cryptographic systems  The addition rule is best explained geometrically as 8/16

9 Elliptic Curve Cryptography  Addition rule  Let P=(x 1, y 1 ) and Q=(x 2, y 2 ) be two distinct points of elliptic curve   The sum R of P and Q is defined as First draw a line though P and Q; this line intersects the elliptic curve at a third point Then R is the reflection of this point about the x-axis 9/16

10 Elliptic Curve Cryptography  Doubling rule  Let P=(x 1, y 1 ) a point on an elliptic curve   The double R of P is defined as First draw the tangent line to the elliptic curve at P This line intersects the elliptic curve at a second point Then R is the reflection of this point about the x-axis 10/16

11 Elliptic Curve Cryptography  Theorem (Group law on elliptic curves)  Let  / be an elliptic curve given by y 2 =x 3 +Ax+B. The chord- tangent method defines an addition on the set  () of -rational points on  ; let P=(x 1, y 1 ) and Q=(x 2, y 2 ) be points on  with P, Q  O. We then define P+Q=(x 3, y 3 ) as  If x 1  x 2 then x 3 = m 2 - x 1 - x 2 and where m=(y 2 - y 1 )/(x 2 - x 1 )  If x 1 = x 2 but y 1  y 2 then P + Q = O  If P = Q and y 1  0 then x 3 = m 2 - 2x 1 and y 3 = m(x 1 – x 3 ) – y 1 where m=(3x 1 2 + A)/2y 1  If P = Q and y 1 = 0 then P + Q = O. Also we define P + O = P for all points P on   This addition law can be shown to be commutative and associative, effectively making (  (), +) an abelian group 11/16

12 Elliptic Curve Cryptography  Example  Let p=29, a=4 and b=20, and consider the elliptic curve  : y 2 =x 3 +4x+20 Defined over 29  Verify that  = 4A 3 -27B 2  0 (mod 29)  Thus  is indeed an elliptic curve  Verify that some of the points in  ( 29 ) are the following O, (2,6), (4, 19), (8, 10), (13, 23), (16, 2), (19, 16), (27, 2), (0,7), (2,23), (5,7), (8, 19), (14, 6), (16, 27), (20, 3), … 12/16

13 Elliptic Curve Cryptography  Definition (Elliptic Curve DLP) The elliptic curve DLP (ECDLP) is : Given an elliptic curve  defined over a finite field q a point P  ( q ) of order n and a point Q , find the integer l  [0, n-1] such that Q=lP. The integer l is called the discrete logarithm of Q to the base P, denoted l=log P Q The elliptic curve DLP (ECDLP) is : Given an elliptic curve  defined over a finite field q a point P  ( q ) of order n and a point Q , find the integer l  [0, n-1] such that Q=lP. The integer l is called the discrete logarithm of Q to the base P, denoted l=log P Q 13/16

14 Elliptic Curve Cryptography  Solving the ECDLP for an elliptic curve over q with q  2 163 (or 2 192 ) is about as hard as solving the FFDLP for q with q  2 1024 or factoring n with n  2 1024 (or 2 8000, respectively)  So we can use shorter keys. Another advantage here is that for a given finite field there can be lots of associated elliptic curves 14/16

15 Elliptic Curve Diffie-Hellman  Specify q,  ( q ) and G  Select a random point a A and compute R A = a A G 15/16 AliceBob Symmetric key for AES   Select a random point a B  a B G  Compute R B = a B G  q,  (  q ), G, R A RBRBRBRB  a A  Compute SK=R B a A  a B  Compute SK=R A a B a A = a B Ga A =a B = a B a A G SK = R B a A = a B Ga A = a B R A = a B a A G

16 Elliptic Curve ElGamal 16/16  Select two random numbers k and a A  Compute R A =a A G AliceBob Specify  q,  (  q ) and G   Select a random number a B  G  Compute R B = a B G RARARARA RBRBRBRB M  kG  Compute R k =kG  R B k  Compute C=M  (R B )k   Compute R k a B   Compute (R k a B ) -1   Compute M=C  (R k a B ) -1 Rk, CRk, CRk, CRk, C Finding k requires solving the ECDLP


Download ppt "Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016."

Similar presentations


Ads by Google