Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECC Curve Selection By Edward Yin CS 265 Project Spring 2005.

Published byLionel Randall Modified over 9 years ago

Similar presentations

Presentation on theme: "ECC Curve Selection By Edward Yin CS 265 Project Spring 2005."— Presentation transcript:

1 ECC Curve Selection By Edward Yin CS 265 Project Spring 2005

2 Why ECC? Key Size, Speed, and Scalability NIST guidelines for equivalent strengths: Bits of Security Symmetric key algs. Hash algs. Discrete Logs (DSA, DH, MQV) RSA Elliptic Curves 80SHA-1L = 1024 N = 160k = 1024f = 160 112TDESL = 2048 N = 224k = 2048f = 224 128AES-128SHA-256L = 3072 N = 256k = 3072f = 256 192AES-192SHA-384L = 7680 N = 384k = 7680f = 384 256AES-256SHA-512L = 15360 N = 512k = 15360f = 512

3 ECC Basics Prime: GF(p) Y 2 = X 3 + aX + b with 4a 3 + 27b 2 ≠ 0 Binary: GF(2 m ) Y 2 + XY = X 3 + aX 2 + b with b ≠ 0 An “elliptic curve” means points on the curve plus the point at infinity. Private: integer k Public: a, b, point P, point Q=kP

4 Discrete Logs Discrete Log Problem (DLP) –Given p, g, and y, find x such that g x = y (mod p). ECDLP –Given P, Q, find k such that kP = Q. Diffie-Hellman Problem (DHP) –Given p, g, g a, g b, find g ab (mod p). ECDHP –Given P, sP, tP, find stP.

5 DLP and ECDLP Regular DL (e.g. Diffie-Hellman) ECC with prime field ECC with binary field FieldGF(p) GF(2 m ) Field representation0,1,…,p-1 Polynomial basis or normal basis Field order (size)pp2m2m Group elementsGF(p)* E(GF(p)) = curve E over GF(p) E(GF(2 m )) = curve E over GF(2 m ) Basic operation Multiplication in GF(p) Addition of points on E Base elementGenerator gBase point P Main operationExponentiationScalar multiplication Group order (size)p-1 p+1-2p 1/2 ≤ #E(GF(p)) ≤ p+1+2p 1/2 2 m +1-2 m/2+1 ≤ #E(GF(2 m )) ≤ 2 m +1+2 m/2+1

6 Known Attacks Best general attack is the Pollard rho method, taking O(n 1/2 ) curve additions, where n is the order of the base point P (smallest positive integer such that nP = 0). Shortcuts: 1.The Pohlig-Hellman algorithm reduces the size of the problem.  ECDLP reduced to ECDLP modulo each prime factor of n 2.ECDLP for anomalous curves in a prime field is solvable in polynomial time.  Prime-field-anomalous if group order = field order = n 3.ECDLP for some curves (e.g. supersingular curves) is solvable in subexponential time  MOV reduction possible if (field order) k = 1 (mod n) for some k

7 Avoiding Weak Curves 1.#E(GF(q)) = hn with large prime n, small h and nP=0. 2.#E(GF(q)) ≠ q. 3.The order n of point P should not divide q k -1 for all 1 ≤ k ≤ C, C≥20 in practice.

8 Approaches to Curve Selection Choose the group order first –Use the Complex Multiplication method (CM) Construct curve from another known curve Choose a random curve –Count points with Schoof’s algorithm or the Schoof- Elkies-Atkin (SEA) algorithm Use a published curve Algorithms: see e.g. IEEE P1363 Annex A. Implementation: see e.g. MIRACL at http://indigo.ie/~mscott/

Download ppt "ECC Curve Selection By Edward Yin CS 265 Project Spring 2005."

Similar presentations

Lecture 8: Lattices and Elliptic Curves

Lecture 8: Lattices and Elliptic Curves
The XTR public key system (extended version of Crypto 2000 presentation) Arjen K. Lenstra Citibank, New York Technical University Eindhoven Eric R. Verheul.

The XTR public key system (extended version of Crypto 2000 presentation) Arjen K. Lenstra Citibank, New York Technical University Eindhoven Eric R. Verheul.
Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.

Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.

Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.
Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.

Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.
Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.

Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.

Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.
CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.

Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II

Electronic Payment Systems Lecture 5: ePayment Security II
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.
CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:

CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:
ECE578: Cryptography 6: Primes, Galois Fields, ECC, and the Discrete Logarithm Problem Professor Richard A. Stanley, P.E. Spring 2010 © 2000-2010, Richard.

ECE578: Cryptography 6: Primes, Galois Fields, ECC, and the Discrete Logarithm Problem Professor Richard A. Stanley, P.E. Spring 2010 © , Richard.
Digital Signatures Presented by Olga Shishenina. 2 Outline  Cryptographic goals  Message Authentication Codes (MACs)  Digital signatures RSA digital.

Digital Signatures Presented by Olga Shishenina. 2 Outline  Cryptographic goals  Message Authentication Codes (MACs)  Digital signatures RSA digital.
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.

Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.
-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.

-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.
By Abhijith Chandrashekar and Dushyant Maheshwary.

By Abhijith Chandrashekar and Dushyant Maheshwary.
Elliptic Curve Cryptography

Elliptic Curve Cryptography

Similar presentations

Ads by Google