Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Information Security 5 ECC Cryptography

Published byMarylou Hood Modified over 6 years ago

Similar presentations

Presentation on theme: "Advanced Information Security 5 ECC Cryptography"— Presentation transcript:

1 Advanced Information Security 5 ECC Cryptography
Dr. Turki F. Al-Somani 2017

2 Module Outlines Elliptic Curve Protocols Data Embedding Summary
Elliptic Curve Diffie-Hellman Protocol Elliptic Curve ElGamal Protocol Data Embedding Summary

3 Elliptic Curve Diffie-Hellman Protocol
In Elliptic Curve Diffie-Hellman Protocol, the base point P and the elliptic curve equation are public. User’s A private and public keys are kA and PA respectively. User’s A public key is equal to kAP. User’s B, on the other hand, private and public keys are kB and PB respectively.

4 Elliptic Curve Diffie-Hellman Protocol (contd.)
Similarly, User’s A public key is equal to kBP. The message to be encrypted is embedded into the x-coordinate of a point on the elliptic curve (Pm = (xm, ym)). The shared secret key S between two parties A and B is easily calculated by: S = kA(kBP) = kB(kAP)

5 Elliptic Curve Diffie-Hellman Protocol (contd.)
Whenever one of the users need to send a message to the other party, he needs to add the shared secret key to the message to produce the ciphertext point Pc which is: Pc = Pm + S To decrypt the ciphertext point, the secret key is subtracted from the ciphertext point to give the plaintext point Pm as follows: Pm = Pc + S

6 Elliptic Curve ElGamal Protocol
In elliptic curve ElGamal protocol, on the other hand, for some user to encrypt and send the message point Pm to user A, he chooses a random integer “l” and generates the ciphertext Cm which consists of the following pair of points: Cm = (lP, Pm + lPA)

7 Elliptic Curve ElGamal Protocol
The ciphertext pair of points uses A’s public key, where only user A can decrypt the plaintext using his private key. To decrypt the ciphertext Cm, the first point in the pair of Cm, lP is multiplied by A’s private key to get the point ka(lP). This point is subtracted from the second point of Cm to produce the plaintext point Pm.

8 Elliptic Curve ElGamal Protocol
The complete decryption operations can be summarized in the following equation: Pm = (Pm + lPA) – kA(lP) = Pm + l(kAP) – kA(lP)

9 Data Embedding Data embedding is performed within the x- coordinate of a point on the elliptic curve. A random number is picked to fill the 5 most significant bits and the remaining bits will contain the data to be encrypted. If this x-coordinate is not a valid point on the elliptic curve, another random number is picked until a valid elliptic curve point is obtained.

10 The Checking Procedure
The equation of the curve over GF(2m) is: y2 + xy = x3 + ax2 + b → y2 + xy + f(x) = 0 where f(x) = (x3 + ax2 + b). Now, let y = zx, the equation becomes: (xz)2 + x2z + f(x) = 0 → z2 + z + c = 0 where c = f(x) . x-2.

11 The Checking Procedure (Contd.)
The function that checks if x is on the curve described below: Input: x  GF(2m) bits Output: true if x is the x-coordinate of a point, false otherwise c ← (x3 + ax2 + b) . x-2 trace XOR of all bits in c if trace = 1 then return false else return true 

12 The Checking Procedure (Contd.)
To compute the y-coordinate given the x-coordinate, We can rewrite the equation, that we are working on as (i  [0, m-1]): z = z1/2 + c1/2 → zi = zi-1 + ci-1 Moreover, if z is a solution to our equation, then the other solution is z + 1.

13 The Checking Procedure (Contd.)
Proof: Since z2 +z + c = 0 , and by replacing each z by z+1 we have: (z + 1)2 + (z + 1) + c = z2 + 2z z c = z2 + z + c + 2(z + 1) = z2 + z + c = 0  Since z + 1 is actually the complement of z in a normal basis, in one of the two solutions the least significant bit will be 0 and the other one will be 1. As a result, the least significant bit of the solution that we are looking for is equal to 0. We then further compute all the other bits one by one. To compute the y value, we simply multiply z by x.

14 The Checking Procedure (Contd.)
The algorithm that performs the operation compute y(x) is described below: Input: x  GF(2m) and c Output: M(x, y) a point of the curve z0← 0 for i from 1 to m-1 zi ← zi-1 + ci-1 y ← x . z return y

15 Summary There are two main elliptic curve protocols
Elliptic Curve Diffie-Hellman Protocol Elliptic Curve ElGamal Protocol Data embedding is performed within the x- coordinate of a point on the elliptic curve. If this x-coordinate is not a valid point on the elliptic curve, another random number is picked until a valid elliptic curve point is obtained.

16 Thanks & Good Luck Next is: 6 Side Channel Attacks
Dr. Turki F. Al-Somani 2017

Download ppt "Advanced Information Security 5 ECC Cryptography"

Similar presentations

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.
Lecture 8: Lattices and Elliptic Curves

Lecture 8: Lattices and Elliptic Curves
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.

Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
The RSA Algorithm Based on the idea that factorization of integers into their prime factors is hard. ★ n=p . q, where p and q are distinct primes Proposed.

The RSA Algorithm Based on the idea that factorization of integers into their prime factors is hard. ★ n=p . q, where p and q are distinct primes Proposed.
Rachana Y. Patil 1 1.

Rachana Y. Patil 1 1.
10.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 10 Symmetric-Key Cryptography.

10.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 10 Symmetric-Key Cryptography.
1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz

1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the order Teams mostly.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015.

Advanced Information Security 6 SIDE CHANNEL ATTACKS Dr. Turki F. Al-Somani 2015.
Implementing RSA Encryption in Java

Implementing RSA Encryption in Java
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.

Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.

Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.

Public Key Cryptosystem Introduced in 1976 by Diffie and Hellman [2] In PKC different keys are used for encryption and decryption 1978: First Two Implementations.

Similar presentations

Ads by Google