Cpe5002 cse5210 advanced network security advanced cryptography and information security lecture 12
Download
1 / 36

Outline - PowerPoint PPT Presentation


  • 154 Views
  • Uploaded on

CPE5002/CSE5210 Advanced Network Security --- Advanced Cryptography and Information Security--- Lecture 12. Outline. Background Group Field Principle of public key systems Discrete Logarithm Problem (DLP) Elliptic Curve Cryptography EC with real numbers EC with finite groups

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Outline' - eliora


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Cpe5002 cse5210 advanced network security advanced cryptography and information security lecture 12

CPE5002/CSE5210Advanced Network Security--- Advanced Cryptography and Information Security---Lecture 12


Outline
Outline

  • Background

    • Group

    • Field

  • Principle of public key systems

    • Discrete Logarithm Problem (DLP)

  • Elliptic Curve Cryptography

    • EC with real numbers

    • EC with finite groups

  • ECC in practice

CPE5021 - Advanced Network Security


Acknowledment
Acknowledment

  • Acknowledgement:

    • Some of the figures in the lecture are borrowed from certicom.

    • Some diagrams are borrowed from other universities.

CPE5021 - Advanced Network Security


Some references
Some references

  • http://www.certicom.com/index.php?action=res,ecc_faq (good introduction papers)

  • http://cnscenter.future.co.kr/crypto/algorithm/ecc.html (more materials)

  • http://www.cs.mdx.ac.uk/staffpages/m_cheng/link/ecc_simple.pdf (good introduction for students with strong maths background)

    (You can find many more from the Web)

CPE5021 - Advanced Network Security


Group
Group

  • Definition: a set S together with a binary operation

    defined on S is a group if satisfies the following properties:

    - Closure:

    - Identity:

    - Associativity:

    - Inverses:

    For each

    If a group S satisfies the commutative law the group is said to be Abelian.

CPE5021 - Advanced Network Security


Field
Field

  • Definition:a set F with two operations (+,*) defined on it is a field if it satisfies the following criteria:

    - (F; +) is an Abelian group;

    - (F \ {0}, *) is an Abelian group, where {0}is the identity of addition and zero of multiplication;

    - distributive: x; y; z F

    x * (y + z) = x * y + x* z

    (x + y) * z = x * z + y * z

CPE5021 - Advanced Network Security


Group examples
Group: examples

  • (R,+): set of real number with addition is a group.

  • (Z, +): set of integer numbers with addition is a group.

  • (Zn, modulo): set of integers with modulon is a group.

  • (Zp, modulo p): {0,1,…p-1},wherep is a prime number, is a useful group in cryptography

  • (R,*): set of real number with multiplication. Is it a group ?

CPE5021 - Advanced Network Security


Field examples
Field: examples

  • (R,+,*) is a field.

  • (Q,+,*) is a field.

  • (Zp,+, *). Is it a field?

  • ([-a,a], +, *) a>0. Is it a field?

CPE5021 - Advanced Network Security


Elliptic curve cryptography ecc
Elliptic Curve Cryptography (ECC)

  • Security of popular RSA is provided by the intractability of the discrete logarithm problem (DLP) or integer factoring problem (IFP)

  • To ensure security of RSA-based systems, current key sizes must be a minimum of 1024 bits.

  • As computing power increases, larger key sizes will be needed to guarantee security of such systems. This will result in

    • higher computational costs

    • more space requirement for keys

    • reduction in scalability

CPE5021 - Advanced Network Security


Elliptic curve cryptosystem ecc
Elliptic curve cryptosystem (ECC)

  • Why ECC?

    • There are other public key cryptographic systems. However, we choose to study ECC because

      • The sub-exponential algorithm of breaking ECC has not been found, that is : ECC is not less secure than RSA or some other public key crypto algorithms.

      • ECC with smaller key size can achieve the same security as RSA or some other crypto algorithms. Hence ECC is more efficient for secure wireless applications.

      • High scalability.

      • More potential due to EC theory (rich theory with many alternatives).

CPE5021 - Advanced Network Security


Elliptic curve cryptosystem ecc1

Symmetric key size

(in bits)

Example algorithm

DLP key size for equivalent security

(p in bits)

RSA key size for equivalent security

(n in bits)

ECC key size for equivalent security

(n in bits)

Key size ratio of RSA to ECC (approx)

56

-

512

512

112

5:1

80

SKIPJACK22

1024

1024

160

6:1

112

Triple DES

2048

2048

224

9:1

128

AES-128

3072

3072

256

12:1

192

AES-192

7680

7680

384

20:1

256

AES-256

15360

15360

512

30:1

Elliptic curve cryptosystem (ECC)

Extract from my student’s Thesis – Markku N.M. Pekkarinen

Key Size Equivalence Against Best Known Attacks

(Based on López and Dahab, 2000 and Fibíková, 2002)

CPE5021 - Advanced Network Security


Rsa and ecc challenges
RSA and ECC challenges

Progress in Integer Factorisation (Certicom 1997)

CPE5021 - Advanced Network Security


Rsa and ecc challenges1
RSA and ECC challenges

  • RSA Security organisaton sponsors a challenge for solving the integer factorisation problem IFP or DLP (to break RSA), while Certicom corporation sponsors a challenge for solving the EC DLP (to break ECC)

Progress in solving ECDLP Certicom (2002)

CPE5021 - Advanced Network Security


Discrete logarithm problem dlp
Discrete Logarithm Problem (DLP)

  • For a group G,

    Given group elements,

    find an integer x such that

    xis calledthe discrete logof to the base .

    - It is easy to compute

    - It is hard to find x, knowing and

CPE5021 - Advanced Network Security


Dlp example
DLP - Example

  • If ab = c, then logac = b

  • Example:

    • 23 = 8  log28 = 3

    • 103 = 100  log101000 = 3

  • Computing ab and logac are both easy for real numbers.

  • However, when working with field such as (Zp,mod), it is easy to calculate c = abmod p, but given c, a and p it is very difficult to find b.

  • Given an integer n it is hard to find two integers p, q such that n = p•q (factorisation problem as in RSA)

CPE5021 - Advanced Network Security


Real elliptic curves
Real Elliptic Curves

  • An elliptic curve is defined by an equation in two variables x & y, with coefficients:

    • y2 + axy + by = x3 + cx2 + dx + e (general form)

  • Consider a cubic elliptic curve of form

    • y2 = x3 + ax + b; where x,y,a,b are all real numbers. Eg.

      • y2 = x3 + x + 1.

      • y2 = x3 + 2x + 6.

CPE5021 - Advanced Network Security


Example of ec
Example of EC

CPE5021 - Advanced Network Security


Elliptic curve over real number
Elliptic curve over real number

  • Let’s consider the equation:

    y2 = x3 + ax + b, where x, y, a and b are real numbers, where 4a3 + 27b20 – condition for distinct single roots (smooth curve).

  • All (x,y) points satisfying above equation along with a infinite point O and addition operation (+), form a group. Oand (+) are defined in the next slide. O is the identity of the group.

CPE5021 - Advanced Network Security


Ec over a group g e g
EC over a group (G,+) – E(G,+)

An EC over a group (G,+) is defined with the following:

1. Addition: If P and Q are distinct, and P  -Q, define P+Q as follows:

  • Draw a line through P and Q, then the line will intersect with the curve, the intersected point is denoted as –R, and define P+Q=R.

    2. For every P, define P + (-P) = O

    3. If P=(x,0), then P+P = O, (a vertical line)

    Otherwise, draw a tangent line through P, the intersected point is defined as –R, then P+P =2P =R.

CPE5021 - Advanced Network Security


Definition of p q r
Definition of P+Q = R

CPE5021 - Advanced Network Security


Definition of p p
Definition of P+(-P)

CPE5021 - Advanced Network Security


Definition of p p where y 0
Definition of P+P (where y!=0)

CPE5021 - Advanced Network Security


Definition of p p where y 01
Definition of P+P (where y=0)

CPE5021 - Advanced Network Security


Elliptic curve an algebraic approach
Elliptic Curve : An Algebraic Approach

1. Adding distinct points P and Q (1)When P = (xP,yP) and Q = (xQ,yQ) and P Q, P  -Q,P + Q = R(xR, yR) with xR = s2 - xP - xQ and yR = s(xP - xR) - yPwhere s = (yP - yQ) / (xP - xQ)

2. Doubling the point P(2)When yP is not O,2P = R(xR, yR) with xR = s2 - 2xP and yR = s(xP - xR) -yP

where s = (3xP2 + a) / (2yP )

3. P + (-P) =O (3)

4. If P = (xP,yP) and yP =0, then P + P = 2P = O (4)

CPE5021 - Advanced Network Security


Finite elliptic curves on discrete fields
Finite Elliptic Curves on discrete Fields

  • Cryptography works with finite field and Elliptic curve cryptography uses curves whose variables and coefficients are finite

  • There are two commonly used ECC families:

    • prime curves Ep(a,b) defined over Zp

      • use modulo with a prime number p

      • efficient in software

    • binary curves E2m(a,b) defined over GF(2n)

      • use polynomials with binary coefficients

      • efficient in hardware

CPE5021 - Advanced Network Security


Elliptic curve groups over z p
Elliptic Curve Groups over Zp

  • (Zp, mod) = {0,1,…,p-1} is a group

    • Where p is a prime number

  • Define the elliptic curve

    • y2 = x3 + ax + b mod p

    • Where a and b are in Zp, and x, y are also in Zp.

    • (4a3 + 27b2 (mod p))  0 .

CPE5021 - Advanced Network Security


Ec over zp mod examples
EC over (Zp, mod)- examples

  • p=11, Zp=Z11. y2 = x3 + x + 6 (mod 11)

    • E(Z11, mod) = {(2,4),(2,7), (3,5),(3,6), (5,2),(5,9), (7,2),(7,9), (8,3),(8,8), (10,2),(10,9)}

  • p=23, Zp=Z23. y2 = x3 + x (mod 23)

    • E(Z23, mod) = {(0,0), (1,5), (1,18), (9,5), (9,18), (11,10), (11,13), (13,5), (13,18), (15,3), (15,20), (16,8), (16,15), (17,10), (17,13), (18,10), (18,13) (19,1),(19,22), (20,4), (20,19), (21,6), (21,17)}

  • p=23, Zp=Z23. y2 = x3 + x + 1 (mod 23)

    • E(Z23,mod) = { (0,1), (0,22), (1,7), (1,16), (3,10), (3,13), (4,0), (5,4), (5,19), (6,4), (6,19), (7,11), (7,12), (9,7), (9,16), (11,3), (11,20), (12,4), (12,19), (13,7), (13,16), (17,3), (17,20), (18,3), (18,20), (19,5), (19,18)}

CPE5021 - Advanced Network Security


Y 2 x 3 x mod 23
y2 = x3 + x mod 23

CPE5021 - Advanced Network Security


Operations on e z 11 mod
Operations on E(Z11,mod)

  • Consider the E(Z11,mod):

    Let Pand Qon E(Z11,mod)

    • P = (10,2) and Q= (5,2) then P + Q = (10,2) + (5,2) = (7,9).

    • P = (2,7); P + P = (5,2).

    • P = (2,7); -P = (2,-7); P + -P =?

CPE5021 - Advanced Network Security


Elliptic curve cryptography ecdlp
Elliptic Curve Cryptography (ECDLP)

  • Assume that we are working with E(Zp, mod)

    • Let Q and P be on E(Zp, mod); and 1 < k < p-1

  • Define a hard problem which is equivalent to the DLP: Q=kP

    • It is “easy” to compute Q given k and P

    • but it is “hard” to find k given Q,P

    • known as the elliptic curve logarithm problem (ECDLP)

CPE5021 - Advanced Network Security


Ecc in practice simple method
ECC in Practice – simple method

  • Suppose A wants to send a messagemto B using EC over group (G,+) = {0, ..n-1} with generator g

    • Key generation: B selects a random integer Bs from the interval [1, n-1] as private key and publish Bp = Bsg as B’s public key

    • Encryption: A selects a random integer As as A’s secrete key and send to B: (Asg, AsBp + m) to B as ciphertext (Asg = Ap is A’s public key).

    • B decrypts the message by computing

      m + AsBp - Bs(Asg) = m + As Bsg - BsAsg = m

CPE5021 - Advanced Network Security


E z 11 mod with generator
E(Z11,mod) with generator

  • y2= x3 +x+6 mod 11.

    • E(Z11,mod) = {(2,4),(2,7), (3,5),(3,6), (5,2),(5,9), (7,2),(7,9), (8,3),(8,8), (10,2),(10,9)}

CPE5021 - Advanced Network Security


E z 11 mod with generator1
E(Z11,mod) with generator

  • Let’s select g =(2,7) as a generator.

  • Compute 2g, 3g, … as using the following:

    • 2P = R(xR, yR) with xR = s2 - 2xP and yR = s(xP - xR) -yP where s = (3xP2 + a) / (2yP )

      {g=(2,7), 2g=(5,2), 3g=(8,3), 4g=(10,2)

      5g=(3,6), 6g=(7,9), 7g=(7,2), 8g=(3,5)

      9g=(10,9), 10g=(8,8),11g=(5,9),12g=(2,4)}

CPE5021 - Advanced Network Security


Ecc example on e z 11 mod y 2 x3 x 6 mod 11
ECC example on E(Z11,mod) y2= x3 +x+6 mod 11

  • Suppose message is m =(3,6) (a point on E).

  • B selects a randomBs =3, then sendBp to A;

  • Bp=Bsg = 3g = g+g+g = (8,3); where g =(2,7)

  • A selects a random number and generates A’s public key, let’s say 2. As = 2; Ap=Asg=2g=g+g = (5,2).

    • A encrypts the message: (Asg, AsBp + m) = ((5,2), 2(8,3) + (3,6)) = ((5,2), (7,9) + (3,6)) = ((5,2), (5,9)).

  • B decrypts the cipher by first computing AsgBs

    • AsgBs = 3(5,2) = (5,2) + (5,2) + (5,2) = (10,2) + (5,2) = (7,9);

    • AsBp + m – AsgBs = (5,9) – (7,9) = (5,9) + (7,-9) = (5,9) + (7,2) = (3,6)

CPE5021 - Advanced Network Security


Ecc in practice
ECC in Practice

  • ECC can be embedded in different schemes or protocols

    • EC with AES

    • EC with ElGamal

    • EC with Massey-Omura

    • EC with Menezes-Vanstone

    • EC with RSA

CPE5021 - Advanced Network Security


Remarks
Remarks

  • ECC is young and rich in its nature. Its application is huge including wireless security, smart cards, personal chips, home devices, etc.

  • RSA theory is easier to understand but harder to develop further.

  • Currently, RSA is not a good choice for low computational devices, especially for handheld devices and smart cards those are becoming everyday used devices.

  • RSA is currently more established and supported by industries.

CPE5021 - Advanced Network Security