Presentation is loading. Please wait.

Presentation is loading. Please wait.

Elliptic Curve Cryptography Lawrence Fallow 19 April 2007.

Published byBertram Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "Elliptic Curve Cryptography Lawrence Fallow 19 April 2007."— Presentation transcript:

1 Elliptic Curve Cryptography Lawrence Fallow 19 April 2007

2 What’s wrong with RSA? RSA is based upon the ‘belief’ that factoring is ‘difficult’ – never been proven RSA is based upon the ‘belief’ that factoring is ‘difficult’ – never been proven Prime numbers are getting too large Prime numbers are getting too large Amount of research currently devoted to factoring algorithms Amount of research currently devoted to factoring algorithms Quantum computing will make RSA obsolete overnight Quantum computing will make RSA obsolete overnight

3 What exactly is an elliptic curve? Let a ∈  ℝ,  b ∈  ℝ, be constants such that Let a ∈  ℝ,  b ∈  ℝ, be constants such that 4a³ + 27b² ≠ 0. A non-singular elliptic curve is the set E of solutions (x,y) ∈  ℝ x ℝ to the equation: 4a³ + 27b² ≠ 0. A non-singular elliptic curve is the set E of solutions (x,y) ∈  ℝ x ℝ to the equation: y² = x³ + ax + b y² = x³ + ax + b together with a special point O called the point at infinity. together with a special point O called the point at infinity.

4 Singular Elliptic Curve If 4a³ + 27b² = 0, then we have a singular elliptic curve If 4a³ + 27b² = 0, then we have a singular elliptic curve This could potentially lead to having to not having 3 distinct roots This could potentially lead to having to not having 3 distinct roots Therefore, we must deal with non-singular elliptic curves with the condition 4a³ + 27b² ≠ 0, in order to assure that we have 3 distinct roots. Therefore, we must deal with non-singular elliptic curves with the condition 4a³ + 27b² ≠ 0, in order to assure that we have 3 distinct roots. This will allow us to establish the fact that the solution set E forms an Abelian group. This will allow us to establish the fact that the solution set E forms an Abelian group.

5 What is a Group? Suppose we have any binary operation, such as addition (+), that is defined for every element in a set G, which is denoted (G, +) Suppose we have any binary operation, such as addition (+), that is defined for every element in a set G, which is denoted (G, +) Then G is a group with respect to addition if the following conditions hold: Then G is a group with respect to addition if the following conditions hold: 1.) G is closed under addition: x ∈  G, y ∈  G, 1.) G is closed under addition: x ∈  G, y ∈  G, imply x + y ∈  G imply x + y ∈  G 2.) + is associative. For all x, y, z, ∈  G, 2.) + is associative. For all x, y, z, ∈  G, x + (y + z) = (x + y) + z x + (y + z) = (x + y) + z 3.) G has an identity element e. There is an e in G such that x + e = e + x = x for all x ∈  G. 3.) G has an identity element e. There is an e in G such that x + e = e + x = x for all x ∈  G. 4.) G contains inverses. For each x ∈  G, there exists y ∈  G, such that x + y = y + x = e. 4.) G contains inverses. For each x ∈  G, there exists y ∈  G, such that x + y = y + x = e.

6 What is an Abelian Group An Abelian group contains all the rules of a group, but also must meet the following criteria: An Abelian group contains all the rules of a group, but also must meet the following criteria: 5.) + is commutative. For all x ∈  G, y ∈ G, x + y = y + x.

7 3 Cases for Solutions Suppose P, Q ∈  E, where P = (x 1,y 1 ) and Q = (x 2,y 2 ), we must consider three cases: Suppose P, Q ∈  E, where P = (x 1,y 1 ) and Q = (x 2,y 2 ), we must consider three cases: 1.) x 1 ≠ x 2 2.) x 1 = x 2 and y 1 = - y 2 3.) x 1 = x 2 and y 1 = y 2 These cases must be considered when defining “addition” for our solution set These cases must be considered when defining “addition” for our solution set

8 Defining Addition on E: Case 1 For the case x 1 ≠ x 2, addition is defined as follows: (x 1,y 1 ) + (x 2,y 2 ) = (x 3,y 3 ) ∈  E where x 3 = λ² - x 1 - x 2 x 3 = λ² - x 1 - x 2 y 3 = λ(x 1 – x 3 ) - y 1, and y 3 = λ(x 1 – x 3 ) - y 1, and λ = (y 2 – y 1 ) / (x 2 – x 1 ) λ = (y 2 – y 1 ) / (x 2 – x 1 )

9 Defining Addition on E : Case 2 For the case x 1 = x 2 and y 1 = - y 2, addition is defined as follows: (x 1,y 1 ) + (x 2,y 2 ) = (x 3,y 3 ) ∈  E where (x,y) + (x,-y) = O, the point at infinity

10 Defining Addition on E : Case 3 For the case x 1 = x 2 and y 1 = y 2, addition is defined as follows: (x 1,y 1 ) + (x 2,y 2 ) = (x 3,y 3 ) ∈  E where x 3 = λ² - x 1 - x 2 x 3 = λ² - x 1 - x 2 y 3 = λ(x 1 – x 3 ) - y 1, and y 3 = λ(x 1 – x 3 ) - y 1, and λ = (3x 1 2 + a) / 2y 1 λ = (3x 1 2 + a) / 2y 1

11 Defining the Identity The point at infinity O, is the identity element. P + O = O + P = P, for all P ∈  E. The point at infinity O, is the identity element. P + O = O + P = P, for all P ∈  E. From Case 2, and the Identity Element, we now have the existence of inverses From Case 2, and the Identity Element, we now have the existence of inverses Beyond the scope here to prove that we have commutativity and associativity as well Beyond the scope here to prove that we have commutativity and associativity as well Therefore the set of solutions E, forms an Abelian group (Importance of this will be shown later) Therefore the set of solutions E, forms an Abelian group (Importance of this will be shown later)

12 Elliptic Curves modulo p Let p > 3 be prime. The elliptic curve y² = x³ + ax + b over ℤ p is the set of solutions (x,y) ∈  ℤ p x ℤ p to the congruence: Let p > 3 be prime. The elliptic curve y² = x³ + ax + b over ℤ p is the set of solutions (x,y) ∈  ℤ p x ℤ p to the congruence: y² ≡ x³ + ax + b (mod p) where a ∈  ℤ p,  b ∈  ℤ p, are constants such that 4a³ + 27b² ≢ 0 (mod p), together with a special point O called the point at infinity. where a ∈  ℤ p,  b ∈  ℤ p, are constants such that 4a³ + 27b² ≢ 0 (mod p), together with a special point O called the point at infinity. Solutions still form an Abelian group Solutions still form an Abelian group

13 So now for an example Let’s examine the following elliptic curve as an example: Let’s examine the following elliptic curve as an example: y² = x³ + x + 6 over ℤ 11 y² = x³ + x + 6 over ℤ 11 X012345678910 x³ + x + 6 mod 11 68538484974 QR?NNYYNYNYYNY Y4,75,62,92,93,82,9

14 Generating our group From the previous chart, and including the point at infinity O, we have a group with 13 points. From the previous chart, and including the point at infinity O, we have a group with 13 points. Since the O(E) is prime, the group is cyclic. Since the O(E) is prime, the group is cyclic. We can generate the group by choosing any point other then the point at infinity. We can generate the group by choosing any point other then the point at infinity. Let our generator =  = (2,7) Let our generator =  = (2,7)

15 The Group We can generate this by using the rules of addition we defined earlier where      

16 Encryption Rules Suppose we let  = (2,7) and choose the private key to be 7 Suppose we let  = (2,7) and choose the private key to be 7 then  = 7  = (7,2) then  = 7  = (7,2) Encryption: Encryption: e K (x,k) = (k(  ), x + k(  )) e K (x,k) = (k(2,7), x+k(7,2)), where x ∈ E and 0 ≤ k ≤ 12

17 Decryption Rule Decryption: Decryption: d K (y 1, y 2 ) = y 2 – K priv y 1 d K (y 1, y 2 ) = y 2 – 7y 1 d K (y 1, y 2 ) = y 2 – 7y 1 This is based on the ElGamal scheme of elliptic curve encryption This is based on the ElGamal scheme of elliptic curve encryption

18 Using this Scheme Suppose Alice wants to send a message to Bob. Suppose Alice wants to send a message to Bob. Plaintext is x = (10,9) which is a point in E Plaintext is x = (10,9) which is a point in E Choose a random value for k, k = 3 Choose a random value for k, k = 3 So now calculate (y 1, y 2 ): So now calculate (y 1, y 2 ): y 1 = 3(2,7) = (8,3) y 1 = 3(2,7) = (8,3) y 2 = (10,9) + 3(7,2) = (10,9) + (3,5) = (10,2) y 2 = (10,9) + 3(7,2) = (10,9) + (3,5) = (10,2) Alice transmits y = ((8,3),(10,2)) Alice transmits y = ((8,3),(10,2))

19 Bob Decrypts Bob receives y = ((8,3),(10,2)) Bob receives y = ((8,3),(10,2)) Calculates Calculates x = (10,2) – 7(8,3) x = (10,2) – 7(8,3) = (10,2) – (3,5) = (10,2) – (3,5) = (10,2) + (3,6) = (10,9) Which was the plaintext

20 Real example from the NSA Curve P-192 Curve P-192 p = 62771017353866807638578942320766641608390870039024961279 r = 627710173538668076385789423176059013767194773182842284081 a = 3099d2bb bfcb2538 542dcd5f b078b6ef 5f3d6fe2 c745de65 b = 64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1 G x = 188da89e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012 G y = 07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811

21 Sources Used “Recommended Elliptic Curves For Federal Government Use” July 1999 “Recommended Elliptic Curves For Federal Government Use” July 1999 Cryptography Theory and Practice. Douglas Stinson, 3 rd ed Cryptography Theory and Practice. Douglas Stinson, 3 rd ed A Friendly Introduction to Number Theory. Joseph Silverman, 3 rd ed A Friendly Introduction to Number Theory. Joseph Silverman, 3 rd ed Elements of Modern Algebra. Gilbert and Gilbert, 6 th edition Elements of Modern Algebra. Gilbert and Gilbert, 6 th edition

Download ppt "Elliptic Curve Cryptography Lawrence Fallow 19 April 2007."

Similar presentations

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”

Chapter 4 Finite Fields. Introduction of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”
Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.

Chapter 4 – Finite Fields. Introduction will now introduce finite fields of increasing importance in cryptography –AES, Elliptic Curve, IDEA, Public Key.
1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
7. Asymmetric encryption-

7. Asymmetric encryption-
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.

Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.

Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.

Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.

Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.

Similar presentations

Ads by Google