AIMS-VOLKSWAGEN STIFTUNG WORKSHOP ON INTRODUCTION TO COMPUTER ALGEBRA AND APPLICATIONS Douala, Cameroon, October 12, 2017 Elliptic Curve Cryptography presented by : BANSIMBA Gilda Rech BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 1 / 21
Goal The goal of this talk is to present the Elliptic Curve Cryptography over a finite field of characteristic greater than 3 BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 2 / 21
content The presentation is organized as follows: I-Introduction II- Overview on Cryptography III- Discrete Logarithm and Cryptography on elliptic curves IV-Conclusion BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 3 / 21
I-Introduction cryptography: science of secret RSA mostly used public key cryptosystem increasing of key sizes ECC easy implementation on low power environment BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 4 / 21
II-Overview on Cryptography Symmetric Cryptography Figure: Symmetric Encryption BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 5 / 21
Examples: Cesar encryption Vigenere encryption AES, DES, 3DES,... Advantages: fast encryption and decryption operations Inconvenience: key Distribution and management to remediate to this lattest issue, we have BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 6 / 21
Asymmetric Cryptography Figure: Asymmetric encryption BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 7 / 21
Examples Merkle Hellman RSA El Gamal Advantages: Multi usage (key-exchange protocols, digital signatures,...) Inconvenience: slow encryption and decryption operations Elliptic Curve Cryptography is an example of this type of Asymmetric cryptography. BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 8 / 21
III-Descrete Logarithm and elliptic curves Let G be a cyclic group over a finite field K and g a generator which order is n. In this case: G =< g >= {g k such that k n for all k N} if the group law is multiplicative or G =< g >= {k g such that k n for all k N} if the group law is additive. Let β be a point of G. g x = β mod n gx = β mod n (1) BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 9 / 21
Elliptic Curves non-singular algebraic curve (with no double points, neither a cusp) over a field K given by the Weierstrass equation form: (E) : y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6, with a i K (2) to which is added the O that we call point at infinity. BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 10 / 21
Depending on the characteristic of the field on which it is defined, its equation may be given under most simplified forms: y 2 + cy = x 3 + ax + b or y 2 + xy = x 3 + ax 2 + b if carac(k) = 2 y 2 = x 3 + ax 2 + bx + c if carac(k) = 3 y 2 = x 3 + bx + c if carac(k) > 3 (3) BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 11 / 21
Consider the case where the characteristic of K is > 3 (the case we study here), according to (2) we therefore have the equation (E) : y 2 = x 3 + ax + b (4) The discriminant is defined by δ = 16(4a 3 + 27b 2 ). This latter determines the nature of the curve. BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 12 / 21
Example y 2 = x 3 36x : δ > 0 y 2 = x 3 + 36 : δ < 0 y 2 = x 3 : δ = 0 Figure: 3 Example of Curves BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 13 / 21
By setting h(x, y) = y 2 x 3 ax b.we define the algebraic affine variety by v = {(x, y) K K / h(x, y) = 0 } (5) We then have its projective form: h(x, Y, Z) = ZY 2 X 3 Z 2 ax Z 3 b (6) BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 14 / 21
Let be P = (x P, y P ), Q = (x Q, y Q ) and R = (x R, y R ) 3 points of the curve. consider R = (x R, y R ) as the 3 rd point of intersection of the straight line passing through P and Q with the curve. if P Q { = x P+Q = x R = α 2 x P x Q = ( y P y Q x P x Q ) 2 x P x Q y P+Q = y R = y P + α(x P x R ) (7) if P = Q x P+P = x 2P = x R = α 2 2x P = ( 3x2 P +a 2y = P ) 2 2x P y P+P = y P + α(x P x 2P ) = y P + 3x2 P +a 2y P (x P x 2P ) (8) By the same way the point np is defined as np = P + P +... + P }{{} n times (9) BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 15 / 21
Example:(E) : y 2 = x 3 36x, P = ( 3, 9) and Q = ( 2, 8) With respect to the above formulas, we get P + Q = (6, 0) et 2P = ( 25 4, 35 8 ) Figure: representation of the points BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 16 / 21
group Structure: Associativity: Figure: associativity, we show that (P+Q)+R=P+(Q+R) Neutral element: O. O+P=P+O=P symmetrical element: P = (x 1, y 1 ) and the point P = (x 1, y 1 ) are symmetrical Commutativity: P + Q=Q + P Thus (E(a, b, K), +) forms an Abelian group in which one can carry out cryptographic operations. BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 17 / 21
ECDH (Elliptic Curve Diffie-Hellman): Alice and Bob E(a, b, K) P = (x P, y P ) of order n Alice : (k A, Q A ), with k A [1, n 1], Q A = k A P Bob : (k B, Q B ), with k B [1, n 1], Q B = k B P common key: k A Q B = k B Q A Alice sends the message m E(a, b, K) Encryption: m = m + k A Q B Decryption: m k B Q A BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 18 / 21
Implementation : Bob and Alice both choose the elliptic curve (E) : y 2 = x 3 4 the point P = (2, 2) of order 241 Bob : k K = 121 (his secrete key) and computes y K = k K P = 121(2, 2) = (115, 48) mod 241 à Alice. Alice: k A = 203 (her secrete key), her public key y A = k A P = 203(2, 2) = (130, 203) then sends it to Bob. Their common key is : k K y A = k A y K = 121(130, 203) = 203(115, 48) = (161, 169) Let be the message x = (2, 2) to deliver to Alice. To encrypt, Bob computes x = x + k K y A = (2, 2) + 121(130, 203) mod 241 = then sends it to Alice. To decrypt, Alice computes y = x k A y K then finds the initial message. BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 19 / 21
Conclusion The set of points of an elliptic curve together with the point at infinity provided with the additive law forms an abelian group,and thus we can make cryptography on the cyclic subgroups associated with theses groups.this cryptography has the particularity of a significant security with advantage of small key sizes compared to RSA thanks to the difficulty of computation of the discrete logarithm on those points that is far more difficult than the same computations over subgroups of R, Q, Z p. BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 20 / 21
Thank you for your kind attention BANSIMBA Gilda Rech Elliptic () Curve Cryptographie October 12, 2017 21 / 21