Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.

Published byScott Townsend Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption."— Presentation transcript:

1 Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption

2 Outline Encryption as points on elliptic curves in space Elliptic curves and modular arithmetic Mathematical operations on elliptic curves Elliptic curve Diffie-Hellman Elliptic curve Elgamal Security and speed of elliptic curve cryptography

3 Elliptic Curve Mathematics General mathematical form (Weierstraus equation) : y 2 = x 3 + ax + b For some a, b (curve parameters)

4 Elliptic Curve Encryption Encryption: Transforming points on curve (P, K PU ) into other point on same curve (C) Main idea (Abelian group): Need a definition of “+” so that “sum” of two points on a curve is also on the same curve R = P + Q where P = (x P, y P ) Q = (x Q, y Q ) R = (x R, y R )

5 Elliptic Curve Addition Cases Case 1: R based on line formed by P, Q (x P ≠ x Q, y P ≠ y Q ) Equations:  = (y Q – y P ) / (x Q – x P ) x R =  2 – x P – x Q y R =  (x P – x R ) – y P

6 Elliptic Curve Addition Cases Case 2: P = Q, R based on tangent to curve (x P = x Q, y P = y Q ) Equations: x R = ((3x P 2 + a) / 2y P ) 2 - 2x P y R = ((3x P 2 + a) / 2y P ) 2 (x P – x R ) – y P

7 Elliptic Curve Addition Cases Case 3: P = -Q, line does not intercept curve (x P = x Q, y P ≠ y Q ) R = “0” (additive identity) –Point at infinity –0 = -0

8 Elliptic Curves over Z p Encryption requires modular arithmetic –Must be difficult to recover original points from R. –Modular arithmetic prevents “working backward”, as in RSA Define “curve” as E p (a, b) where p is the modulus, a, b are the coefficients of y 2 = x 3 + ax + b Looking for (x, y) such that y 2 = (x 3 + ax + b) mod p –Note: “points” on curve are integers

9 Finding Points on a Z p Curve Points on elliptic curve y 2 = x 3 + x + 1 for GF(13): –Must find integer values for x, y < 13 such that (y 2 ) mod 13 = (x 3 + x + 1) mod 13  x = 0: y 2 mod 13 = 1 mod 13 y =  1 y = 1, 12 (-1 mod 13 = 12)  x = 1: y 2 mod 13 = 3 mod 13 y =  4 (16 mod 13 = 3) y = 4, 9

10 Finding Points on a Z p Curve Note: Not all values of x have a corresponding y  x = 2: y 2 mod 13 = 11 mod 13 No solution for y (Can test all y < 13)  x = 3: y 2 mod 13 = 31 mod 13 = 5 No solution for y (Can test all y < 13)  x = 4: y 2 mod 13 = 69 mod 13 = 4 y =  2 y = 2, 11

11 Finding Points on a Z p Curve Points on elliptic curve y 2 = x 3 + x + 1 over GF(13):

12 Elliptic Curve Mathematics Computing (x R, y R ) = (x P, y P ) + (x Q, y Q ) –Necessary to turn 2 points corresponding to key, plaintext into point corresponding to ciphertext Use same rules for “+” as curves in space Main ideas: –Addition/subtraction/multiplication in mod p –Division = multiplication by inverse mod p

13 Example: (4, 2) + (10, 6) on E 13 (1, 1) step 1: compute  = (y Q – y P ) / (x Q – x P )  = (6 – 2) x (10 – 4) -1 mod 13 = 4 x 6 -1 mod 13 6 -1 mod 13 = 11 = 4 x 11 mod 13 = 5 step 2: compute x R =  2 – x P – x Q x R = 25 – 4 – 10 mod 13 = 11 step 3: compute y R =  (x P – x R ) – y P y R = 5 x (4 – 11) – 2 mod 13 = 2 (4, 2) + (10, 6) = (11, 2) note: also on curve!

14 Multiplication on an Elliptic Curve Multiplication = addition multiple times –Necessary for some forms of elliptic curve cryptography –Must use formula where P = Q for first addition Example: 3 x (1, 4) on E 13 (1, 1) 3 x (1, 4) = ((1, 4) + (1, 4)) + (1, 4) = (8, 1) + (1, 4) = (1, 9)

15 Elliptic Curve Encryption Generally based on using elliptic curves in place of exponentiation in existing public key algorithm Examples: –Elliptic Curve Diffie-Hellman –Elliptic Curve Elgamal

16 Elliptic Curve Diffie-Hellman Alice and Bob agree on global parameters: –E p (a, b): Elliptic curve mod p (prime) with parameters a and b –G : “Generator” point on that elliptic curve For all points R on the curve, there exists some n such that G  n = R –Example: P = 211 E p (0, -4) the curve y 2 = x 3 - 4 G = (2, 2)

17 Elliptic Curve Diffie-Hellman Alice and Bob select own private x and y They each generate a public R 1 and R 2 as R 1 = x  G and R 2 = y  G They exchange these values Example: x = 121 R 1 = 121  (2, 2) = (115, 48) y = 203 R 2 = 203  (2, 2) = (130, 203) (115, 48) (130, 203)

18 Elliptic Curve Diffie-Hellman Alice and Bob generate the same key k Alice: k = R 2  x Bob: k = R 1  y Proof: R 2  x = (G  y)  x R 1  y = (G  x)  y Example: 121  (130, 203) = 203  (115, 48) = (161, 69)

19 Elliptic Curve Elgamal Generating public and private keys: Bob chooses an E p (a, b) for an elliptic curve in Z p Bob chooses a point (x 1, y 1 ) on that curve Bob chooses a secret integer multiplier d < p Bob computes a second point (x 2, y 2 ) on the curve as (x 2, y 2 ) = d  (x 1, y 1 ) public key: the values p, a, and b that define the curve the two points (x 1, y 1 ) and (x 2, y 2 ) private key: the multiplier d

20 Elliptic Curve Elgamal Encryption: Alice selects a point P on E p (a, b) that corresponds to the plaintext message she wishes to send Alice selects a random multiplier r Alice creates the ciphertext as two points on the curve: C 1 = r  (x 1, y 1 ) C 2 = P + r  (x 2, y 2 )

21 Elliptic Curve Elgamal Decryption: Bob computes the plaintext as: P = C 2 – (d  C 1 )) Why does this work? P = C 2 – (d  C 1 )) = (P + r  (x 2, y 2 ) ) – (d  r  (x 1, y 1 ) )) = (P + d  r  (x 1, y 1 ) ) – (d  r  (x 1, y 1 ) )) = P

22 Security and Speed Why is this secure? –Same type of inverse modular problem (elliptic curve logarithm problem) –No simple way to determine d from (x 1, y 1 ) and (x 2, y 2 ) without trying all possible values –Computationally secure as long as p large enough to prevent this (2 160 for example)

23 Security and Speed Why is this fast? –Only uses addition and multiplication – no exponents! –Smaller key sizes 160 bit ECC key equivalent to 1024 bit RSA key

Download ppt "Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption."

Similar presentations

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.

Data Security 1 El_Gamal Cryptography. Data Security2 Introduction El_Gamal is a public-key cryptosystem technique El_Gamal is a public-key cryptosystem.
What is Elliptic Curve Cryptography?

What is Elliptic Curve Cryptography?
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
7. Asymmetric encryption-

7. Asymmetric encryption-
Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.

Elliptic curve arithmetic and applications to cryptography By Uros Abaz Supervised by Dr. Shaun Cooper and Dr. Andre Barczak.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.

Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.

Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.

Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II

Electronic Payment Systems Lecture 5: ePayment Security II
Cryptography & Number Theory

Cryptography & Number Theory
Chapter 3 Encryption Algorithms & Systems (Part B)

Chapter 3 Encryption Algorithms & Systems (Part B)
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.

Similar presentations

Ads by Google