Elliptic Curve Cryptography

Similar documents
Joseph Fadyn Kennesaw State University 1100 South Marietta Parkway Marietta, Georgia

Elliptic Curve Cryptography

CPSC 467b: Cryptography and Computer Security

8 Elliptic Curve Cryptography

CPSC 467: Cryptography and Computer Security

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Other Public-Key Cryptosystems

Public Key Cryptography

Lecture 1: Introduction to Public key cryptography

Public Key Cryptography

MATH 158 FINAL EXAM 20 DECEMBER 2016

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Mathematics of Cryptography

Elliptic Curves Cryptography and factorization. Part VIII. Elliptic curves cryptography and factorization. Historical Remarks.

One can use elliptic curves to factor integers, although probably not RSA moduli.

Introduction to Modern Cryptography. Benny Chor

Other Public-Key Cryptosystems

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Introduction to Elliptic Curve Cryptography. Anupam Datta

basics of security/cryptography

Mathematics of Public Key Cryptography

Discrete logarithm and related schemes

Chapter 8 Public-key Cryptography and Digital Signatures

Cryptography. P. Danziger. Transmit...Bob...

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Lecture Notes, Week 6

Elliptic Curves I. The first three sections introduce and explain the properties of elliptic curves.

CPSC 467b: Cryptography and Computer Security

Introduction to Modern Cryptography. Benny Chor

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Discrete Mathematics GCD, LCM, RSA Algorithm

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

CRYPTOGRAPHY AND NUMBER THEORY

Elliptic Curve Cryptography with Derive

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Introduction to Cryptography. Lecture 8

MATH3302 Cryptography Problem Set 2

Public-Key Cryptosystems CHAPTER 4

COMP4109 : Applied Cryptography

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.

Elliptic Curve Cryptosystems

Digital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

10 Modular Arithmetic and Cryptography

Asymmetric Encryption

Joseph Fadyn Southern Polytechnic State University 1100 South Marietta Parkway Marietta, Georgia 30060

Elliptic Curve Cryptography

10 Public Key Cryptography : RSA

Public-Key Encryption: ElGamal, RSA, Rabin

ASYMMETRIC ENCRYPTION

Carmen s Core Concepts (Math 135)

Practice Assignment 2 Discussion 24/02/ /02/2018

Public Key Algorithms

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

RSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen

Public-key Cryptography and elliptic curves

Applied Cryptography and Computer Security CSE 664 Spring 2018

9 Knapsack Cryptography

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Suppose F is a field and a1,..., a6 F. Definition 1. An elliptic curve E over a field F is a curve given by an equation:

Elliptic Curve Cryptography

Chapter 10 Elliptic Curves in Cryptography

RSA Cryptosystem and Factorization

Lecture 7: ElGamal and Discrete Logarithms

RSA. Ramki Thurimella

Number theory (Chapter 4)

Notes for Lecture 17

Overview. Public Key Algorithms II

RSA RSA public key cryptosystem

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Public Key Cryptography

Introduction to Elliptic Curve Cryptography

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Algorithmic Number Theory and Public-key Cryptography

Arithmétique et Cryptographie Asymétrique

Part VIII. Elliptic curves cryptography and factorization

Cryptography. pieces from work by Gordon Royle

CIS 551 / TCOM 401 Computer and Network Security

Analysis of the RSA Encryption Algorithm

Lattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Introduction. will now introduce finite fields of increasing importance in cryptography. AES, Elliptic Curve, IDEA, Public Key

Cryptography IV: Asymmetric Ciphers

Public-key cryptography and the Discrete-Logarithm Problem. Tanja Lange Technische Universiteit Eindhoven. with some slides by Daniel J.

Elliptic Curves. Giulia Mauri. Politecnico di Milano website:

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Cryptography and Security Final Exam

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Is It As Easy To Discover As To Verify?

Public-key Cryptography and elliptic curves

Introduction to Cybersecurity Cryptography (Part 4)

dit-upm RSA Cybersecurity Cryptography

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

Solution to Midterm Examination

SEMINAR SECURITY - REPORT ELLIPTIC CURVE CRYPTOGRAPHY

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Introduction to Cybersecurity Cryptography (Part 4)

Transcription:

Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is defined over elliptic curves, and this with the inclusion of a point O, called point at infinity. If three points are on a line intersect an elliptic curve, the their sum is equal to this point at infinity O (which acts as the identity element for this addition operation. Figure 1 shows the elliptic curves y = x 3 +x + 5 and y = x 3 x +1. 10 10 p1 8 p1 8 6 6 4 4 y 0 q r y 0 q r 4 4 6 6 8 10 1 0 1 3 4 5 6 x p1 8 10 1 0 1 3 4 5 6 x p1 Figure 1: Elliptic curves y = x 3 +x + 5 and y = x 3 x +1. Elliptic Curves over Galois Fields An elliptic group over the Galois Field E p (a, b) is obtained by computing x 3 + ax + b mod p for 0 x<p. The constants a and b are non negative integers smaller than the prime number p and must satify the condition: 4a 3 +7b mod p 0 For each value of x, one needs to determine whether or not in it a quadratic residue. If it is the case, then there are two values in the elliptic group. If not, then the point is not in the elliptic group E p (a, b). 1

Example(construction of an elliptic group): Let the prime number p = 3 and let the constants a = 1 and b = 1 as well. We first verify that: 4a 3 +7b mod p = 4 1 3 +7 1 mod 3 4a 3 +7b mod p = 4+7mod3=31mod3 4a 3 +7b mod p = 8 0 We then determine the quadratic residues Q 3 from the reduced set of residues Z 3 = {1,, 3,...,1, }: x mod p (p x) mod p = 1 mod 3 mod 3 1 mod 3 1 mod 3 4 3 mod 3 0 mod 3 9 4 mod 3 19 mod 3 16 5 mod 3 18 mod 3 6 mod 3 17 mod 3 13 7 mod 3 16 mod 3 3 8 mod 3 15 mod 3 18 9 mod 3 14 mod 3 1 10 mod 3 13 mod 3 8 11 mod 3 1 mod 3 6 Therefore set of p 1 = 11 quadratic residues Q 3 = {1,, 3, 4, 6, 8, 9, 1, 13, 16, 18}. Now, for 0 x<p, compute y = x 3 + x + 1 mod 3 and determine if y is in the set of quadratic residues Q 3 : x 0 1 3 4 5 6 7 8 9 10 11 y 1 3 11 8 0 16 16 6 15 3 9 y Q 3? yes yes no yes no yes yes yes no yes no yes y 1 1 7 10 0 4 4 11 7 3 y 16 13 0 19 19 1 16 0 x 1 13 14 15 16 17 18 19 0 1 y 16 3 10 19 9 9 17 14 y Q 3? yes yes no no no yes yes yes no no no y 1 4 7 3 3 5 y 19 16 0 0 18

The elliptic group E p (a, b) =E 3 (1, 1) thus include the points (including also the additional single point (4, 0)): E 3 (1, 1) = (0, 1) (0, ) (1, 7) (1, 16) (3, 10) (3, 13) (4, 0) (5, 4) (5, 19) (6, 4) (6, 19) (7, 11) (7, 1) (9, 7) (9, 16) (11, 3) (11, 0) (1, 4) (1, 19) (13, 7) (13, 16) (17, 3) (17, 0) (18, 3) (18, 0) (19, 5) (19, 18) Figure shows a scatterplot of elliptic group E p (a, b) =E 3 (1, 1). 5 0 15 y 10 5 0 0 4 6 8 10 1 14 16 18 0 x Figure : Scatterplot of elliptic group E p (a, b) =E 3 (1, 1). 3

Addition and multiplication operations over elliptic groups Let the points P =(x 1,y 1 )andq =(x,y ) be in the elliptic group E p (a, b), and O is the point at infinity. The rules for addition over the elliptic group E p (a, b) are: 1. P + O = O + P = P. If x = x 1 and y = y 1, that is P =(x 1,y 1 )andq =(x,y )=(x 1, y 1 )= P, then P + Q = O. 3. If Q P, then the sum P + Q =(x 3,y 3 )isgivenby: where x 3 = λ x 1 x mod p y 3 = λ(x 1 x 3 ) y 1 mod p λ { y y 1 x x 1 3x 1 +a y 1 if P Q if P = Q Example(Multiplication over an elliptic curve group): The multiplication over an elliptic curve group E p (a, b) is the equivalent of the modular exponentiation in RSA. Let P =(3, 10) E 3 (1, 1). Then P =(x 3,y 3 ) is equal to: P = P + P =(x 1,y 1 )+(x 1,y 1 ) Since P = Q and x = x 1, the values of λ, x 3 and y 3 are given by: λ = 3x 1 + a mod p = 3 (3 )+1 mod 3 = 5 y 1 10 0 mod 3 = 4 1 mod 3 = 6 x 3 = λ x 1 x mod p =6 3 3 mod 3 = 30 mod 3 = 7 y 3 = λ(x 1 x 3 ) y 1 mod p =6 (3 7) 10 mod 3 = 34 mod 3 = 1 Therefore P =(x 3,y 3 )=(7, 1). The multiplication kp is obtained by doing the elliptic curve addition operation k times by following the same additive rules. 4

k λ = y y 1 x x 1 (if P Q) or x 3 y 3 kp λ = 3x 1 +a y 1 if P = Q λ x 1 x mod 3 λ(x 1 x 3 ) y 1 mod 3 (x 3,y 3 ) 1 (3,10) 6 7 1 (7,1) 3 1 19 5 (19,5) 4 4 17 3 (17,3) 5 11 9 19 (9,16) 6 1 1 4 (1,4) 7 7 11 3 (11,3) 8 13 16 (13,16) 9 19 0 1 (0,1) 10 3 6 4 (6,4) 11 1 18 0 (18,0) 1 16 5 4 (5,4) 13 0 1 7 (1,7) 14 13 4 0 (4,0) 15 13 1 16 (1,16) 16 0 5 19 (5,19) 17 16 18 3 (18,3) 18 1 6 19 (6,19) 19 3 0 (0,) 0 19 13 7 (13,7) 1 11 0 (11,0) 7 1 19 (1,19) 3 1 9 7 (9,7) 4 11 17 0 (17,0) 5 4 19 18 (19,18) 6 1 7 11 (7,11) 7 6 3 13 (3,13) 5

Elliptic Curve Encryption Elliptic curve cryptography can be used to encrypt plaintext messages, M, into ciphertexts. The plaintext message M is encoded into a point P M form the finite set of points in the elliptic group, E p (a, b). The first step consists in choosing a generator point, G E p (a, b), such that the smallest value of n such that ng = O is a very large prime number. The elliptic group E p (a, b) and the generator point G are made public. Each user select a private key, n A <nand compute the public key P A as: P A = n A G. To encrypt the message point P M for Bob (B), Alice (A) choses a random integer k and compute the ciphertext pair of points P C using Bob s public key P B : P C = [(kg), (P M + kp B )] After receiving the ciphertext pair of points, P C, Bob multiplies the first point, (kg) with his private key, n B, and then adds the result to the second point in the ciphertext pair of points, (P M + kp B ): (P M + kp B ) [n B (kg)] = (P M + kn B G) [n B (kg)] = P M which is the plaintext point, corresponding to the plaintext message M. Only Bob, knowing the private key n B, can remove n B (kg) from the second point of the ciphertext pair of point, i.e. (P M + kp B ), and hence retrieve the plaintext information P M. Example(Elliptic curve encryption): Consider the following elliptic curve: y = x 3 + ax + b mod p y = x 3 x + 188 mod 751 that is: a = 1, b = 188, and p = 751. The elliptic curve group generated by the above elliptic curve is then E p (a, b) =E 751 ( 1, 188). Let the generator point G =(0, 376). Then the multiples kg of the generator point G are (for 1 k 751): G =(0, 376) G =(1, 376) 3G = (750, 375) 4G =(, 373) 5G = (188, 657) 6G =(6, 390) 7G = (667, 571) 8G = (11, 39) 9G = (58, 736) 10G =(57, 33)... 761G = (565, 31) 76G = (38, 569) 763G = (677, 185) 764G = (196, 681) 765G = (417, 30) 766G =(3, 370) 767G =(1, 377) 768G =(0, 375) 769G = O(point at infinity) If Alice wants to send to Bob the message M which is encoded as the plaintext point P M = (443, 53) E 751 ( 1, 188). She must use Bob public key to encrypt it. Suppose that Bob secret key is n B = 85, then his public key will be: P B = n B G = 85(0, 376) P B = (671, 558) 6

Alice selects a random number k = 113 and uses Bob s public key P B = (671, 558) to encrypt the message point into the ciphertext pair of points: P C = [(kg), (P M + kp B )] P C = [113 (0, 376), (443, 53) + 113 (671, 558)] P C = [(34, 633), (443, 53) + (47, 416)] P C = [(34, 633), (17, 606)] Upon receiving the ciphertext pair of points, P C =[(34, 633), (17, 606)], Bob uses his private key, n B = 85, to compute the plaintext point, P M, as follows (P M + kp B ) [n B (kg)] = (17, 606) [85(34, 633)] (P M + kp B ) [n B (kg)] = (17, 606) [(47, 416)] (P M + kp B ) [n B (kg)] = (17, 606) + [(47, 416)] (since P =(x 1, y 1 )) (P M + kp B ) [n B (kg)] = (17, 606) + [(47, 335)] (since 416 335 (mod 751)) (P M + kp B ) [n B (kg)] = (443, 53) and then maps the plaintext point P M = (443, 53) back into the original plaintext message M. Security of ECC The cryptographic strength of elliptic curve encryption lies in the difficulty for a cryptanalyst to determine the secret random number k from kp and P itself. The fastest method to solve this problem (known as the elliptic curve logarithm problem) is the Pollard ρ factorization method [Sta99]. The computational complexity for breaking the elliptic curve cryptosystem, using the Pollard ρ method, is 3.8 10 10 MIPS-years (i.e. millions of instructions per second times the required number of years) or an elliptic curve key size of only 150 bits [Sta99]. For comparison, the fastest method to break RSA, using the General Number Field Sieve Method to factor the composite interger n into the two primes p and q, requires 10 8 MIPS-years for a 768-bit RSA key and 3 10 11 MIPS-years with a RSA key of length 104. If the RSA key length is increased to 048 bits, the General Number Field Sieve Method will need 3 10 0 MIPS-years to factor n whereas increasing the elliptic curve key length to only 34 bits will impose a computational complexity of 1.6 10 8 MIPS-years (still with the Pollard ρ method). 7

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback