1 / 38

Vorapong Suppakitpaisarn www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/

Discrete Methods in Mathematical Informatics Lecture 2 : Elliptic Curve Cryptography 16 th October 2012. Vorapong Suppakitpaisarn http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/ vorapong@mist.i.u-tokyo.ac.jp , Eng. 6 Room 363

lark
Download Presentation

Vorapong Suppakitpaisarn www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Discrete Methods in Mathematical InformaticsLecture 2: Elliptic Curve Cryptography16th October 2012 Vorapong Suppakitpaisarn http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/ vorapong@mist.i.u-tokyo.ac.jp, Eng. 6 Room 363 Download: Lecture 1: http://misojiro.t.u-tokyo.ac.jp/~vorapong/Lecture1.pptx Lecture 2: http://misojiro.t.u-tokyo.ac.jp/~vorapong/Lecture2.pptx

  2. Course Information (Many Changes from Last Week) Schedule Grading 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (2 Exercises) (Elliptic Curve Cryptography) 10/23 – Elliptic Curve III (2 Exercises) (Primality Testing and Factoring) 10/30 – Cancelled 11/7 – Online Algorithm I (Prof. Han) 11/14 – Online Algorithm II (Prof. Han) 11/21 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 11/28 – Elliptic Curve V (2 Exercises) (ECC Implementation II) 12/4 – Cancelled From 12/11 – To be Announced • For my part, you need to submit 2 Reports. • Report 1:Select 3 from 6 exercises in Elliptic Curve I – IIISubmission Deadline: 14 November • Report 2:Select 2 from 4 exercises in Elliptic Curve IV – VSubmission Deadline: TBD • Submit your report at Department of Mathematical Informatics’ office • [1st floor of this building]

  3. From Last Lecture… Weierstrass Equation: Point Addition - A= -4, B= 4 A= -4, B= 4 Point Double

  4. Cryptography • Methods or Algorithms for Secure Communication E(M) Memory Usage (assuming the same key size) RSA (the most popular algorithm) Alice Bob Optimize andAnalyze M E(M) Encryption Algorithm Decryption Algorithm Elliptic Curve Crypto-graphy E(M) M Fast Slow FasterAlgorithms Using Less Memory

  5. Some Progress on Elliptic Curve Cryptography 1976 Introduction of Elliptic Curve Cryptography (ECC) 2000’s Researchers Began to Interest in ECC Because of Its Memory Consumption is better than RSA 2002 Implementation of ECC in OpenSSL http://tools.ietf.org/html/rfc5246#ref-ECDSA 2008 Publication of Standard Defining the Use of ECC 2011 Google Introduce ECC to be the default algorithm for its https web page 2012 JouxandVitsesuccessfully break 151 bits of ECC [Joux, Vitsa, EUROCRYPT2012, June 2012] (While 768 bits of RSA is broken by Kleinjung et al. in 2010) [Kleinjung et al., CRYPTO2010, 2010]

  6. Overview Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem ElGamal Public Key Encryption Massey-OmuraEncryption ElGamalDigital Signatures Digital Signature Algorithm (DSA)

  7. Overview Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem ElGamal Public Key Encryption Massey-Omura Encryption ElGamal Digital Signatures ElGamal Digital Signatures

  8. Prime Field Fp • p is prime number. [Let p = 7 in this slide] • Consider a set {0, 1, …, p – 1} Exponentiation Addition Multiplication Subtraction

  9. Prime Field Fp(cont.) Prime Field F7 • p is prime number. [Let p = 7 in this slide] • Consider a set {0, 1, …, p – 1} MultiplicativeInverse Real Number? Theorem Proof

  10. Prime Field Fp(cont.) Prime Field F7 MultiplicativeInverse Real Number? Division Real Number? Prime Field F7

  11. Elliptic Curve with Prime Field Elliptic Curve Example, p = 5, A = 1, B = 1 (0,1),(0,4) (2,1),(2,4) (3,1),(3,4) (4,2),(4,3) ||E(Fp)||=9 Hasse’s Theorem (Hasse 1936)

  12. Elliptic Curve with Prime Field (cont.) Elliptic Curve Example, p = 5, A = 1, B = 1 Point Double

  13. Scalar Multiplication • Scalar Multiplication on Elliptic Curve S= P + P + … + P = rP whenr1 is positive integer, S,Pis a member of the curve • Double-and-add method • Let r = 14 = (01110)2 Compute rP = 14Pr = 14 = (0 1 1 1 0)2 r times P 3P 7P 14P O 2P 6P 14P 3 – 1 =2Point Additions 4 – 1 = 3 Point Doubles Exercise 3

  14. Overview Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem ElGamal Public Key Encryption Massey-Omura Encryption ElGamal Digital Signatures ElGamal Digital Signatures

  15. Private Key Cryptography Diffie-Hellman Key Exchange (Diffie, Hellman 1976) Private Key Cryptography One-Time Pad Key Agreement Protocol k = 01101 k = 01101 M = 10100 k k Encryption Algorithm M Dk(Ek(M)) = M Decryption Algorithm Encryption Algorithm Decryption Algorithm Ek(M) Ek(M) Data Encryption Scheme (DES) (Developed by IBM in 1970’s) Advanced Encryption Scheme (AES) (Daemen, Rijmen 2002)

  16. Diffie-Hellman Key Exchange Eve knows P, aP, bP, but not abP P • Generate P2 E(F) • Generate positive integers a • Receive Q = bP • Compute aQ = abP • Receive P • Receive S = aP • Generate positive integer b • Compute bS = abP A L I C E aP B O B bP Key Diffie-Hellman Problem Discrete Logarithm Problem Given P,aP, and bP, Compute abP. Given P,aP Compute a.

  17. Overview Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem ElGamal Public Key Encryption Massey-Omura Encryption ElGamal Digital Signatures ElGamal Digital Signatures

  18. Baby Step, Giant Step[Shanks 1971] Discrete Logarithm Problem Given P, Q = aP compute a. Pre-Computation Baby Step Baby Step, Giant Step Giant Step Q Example

  19. Pollard’s Method [Pollard 1978] (Semi-)Objective [Teske, 1998] (Real-)Algorithm (Semi-) Algorithm (Real-)Objective Function f for Discrete Log

  20. Examples Algorithm Example

  21. Overview Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem ElGamal Public Key Encryption Massey-OmuraEncryption ElGamal Digital Signatures ElGamal Digital Signatures

  22. Three-Pass Protocol[Shamir 1980] Private Key Cryptography Three-pass Protocol k1 k2 M Key Agreement Protocol Encryption Algorithm k k Ek1 (M) Ek1(M) Super-Encryption Algorithm M Dk(Ek(M)) = M Ek2 ( Ek1 (M)) Ek2 ( Ek1 (M)) Encryption Algorithm Decryption Algorithm Decryption Algorithm Ek(M) Ek(M) Ek2 (M)=Dk1 ( Ek2 ( Ek1 (M))) Ek2(M) Super-Decryption Algorithm M

  23. Massey-Omura Protocol[Massey, Omura 1986] Three-pass Protocol Massey-Omura Protocol k1 k2 M Encryption Algorithm Encryption Algorithm Ek1 (M) Ek1(M) Super-Encryption Algorithm Super-Encryption Algorithm Ek2 ( Ek1 (M)) Ek2 ( Ek1 (M)) Decryption Algorithm Decryption Algorithm Ek2(M) Ek2(M) Super-Decryption Algorithm Super-Decryption Algorithm M M

  24. Massey-Omura Protocol [cont.] Massey-Omura Protocol Massey-Omura Problem Given k1P, k2P, k1k2P,Compute P. Discrete Log Problem Given P, aPCompute a. Encryption Algorithm Integer  Point on Elliptic Curve Super-Encryption Algorithm Decryption Algorithm Ek2(M) Super-Decryption Algorithm Point on Elliptic Curve  Integer M

  25. Exercise Integer  Point on Elliptic Curve Exercise 4 Exercise 5

  26. Overview Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem ElGamal Public Key Encryption Massey-Omura Encryption ElGamal Digital Signatures ElGamal Digital Signatures

  27. Public Key Cryptography Private Key Cryptography Public Key Cryptography Certificate Authority (CA) Key Agreement Protocol kpub,kpri kpub k k Dkpri(Ekpub(M)) = M M M Dk(Ek(M)) = M Encryption Algorithm Decryption Algorithm Encryption Algorithm Decryption Algorithm Ekpub(M) Ekpub(M) Ek(M) Ek(M)

  28. ElGamal Public Key Encryption [ElGamal 1985] Public Key Cryptography ElGamal PKE Certificate Authority (CA) Certificate Authority (CA) kpub,kpri kpub Dkpri(Ekpub(M)) = M2-sM1 = M Dkpri(Ekpub(M)) = M M Encryption Algorithm Encryption Algorithm Decryption Algorithm Decryption Algorithm Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 Ekpub(M) Ekpub(M) M1 = kP, M2 = M + kB

  29. ElGamal Public Key Encryption (cont.) ElGamal PKE ElGamal Problem Ver. I Given P, sP (public key), kP, M + skP, Find M. Certificate Authority (CA) Dkpri(Ekpub(M)) = M2-sM1 = M Discrete Log. Given P, sP Find s. Encryption Algorithm Decryption Algorithm Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 M1 = kP, M2 = M + kB

  30. Overview Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem ElGamal Public Key Encryption Massey-Omura Encryption ElGamalDigital Signatures ElGamal Digital Signatures

  31. Digital Signature [Diffie, Hellman 1976] Public Key Cryptography Digital Signature Certificate Authority (CA) Certificate Authority (CA) kpub,kpri kpub kpri,kpub kpub Dkpri(Ekpub(M)) = M M Encryption Algorithm Decryption Algorithm Vkpub(Skpri(M)) = M ? M Ekpub(M) Ekpub(M) Signing Algorithm Objective Verification Algorithm Alice is sending a message M to Bob Bob can be sure that the sender is really Alice. Alice cannot refuse that she did send the message No one can send a message claiming that they are Alice. M,Skpri(M) M, Skpri(M)

  32. ElGamal Digital Signatures [ElGamal 1985] Digital Signature ElGamal’s Protocol Certificate Authority (CA) Certificate Authority (CA) kpub=(A,B) kpri,kpub kpub Signing Algorithm Skpri(M)) is signed by Alice??? M Signing Algorithm Verification Algorithm Verification Algorithm M,Skpri(M) M, Skpri(M)

  33. ElGamal Digital Signatures (cont.) ElGamal’s Protocol ElGamal Problem Ver. II Given A, B=aA (public key), m (message), Find R,s such that Certificate Authority (CA) kpub=(A,B) Signing Algorithm Discrete Log. Given P, sP Find s. Verification Algorithm

  34. Overview Basics Prime Field & Elliptic Curve Diffie-Hellman Key Exchange Discrete Logarithm Problem ElGamal Public Key Encryption Massey-Omura Encryption ElGamal Digital Signatures Digital Signature Algorithm (DSA)

  35. Digital Signature Algorithm [Vanstone 1992] ElGamal’s Protocol DSA’s Protocol Certificate Authority (CA) Certificate Authority (CA) kpub=(A,B) kpub=(A,B) 2 Scalar Multiplications 3 Scalar Multiplications Signing Algorithm Signing Algorithm Verification Algorithm Verification Algorithm

  36. Today’s Exercises Exercise 3 Exercise 4

  37. Course Information (Many Changes from Last Week) Schedule Grading 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (2 Exercises) (Elliptic Curve Cryptography) 10/23 – Elliptic Curve III (2 Exercises) (Primality Testing and Factoring) 10/30 – Cancelled 11/7 – Online Algorithm I (Prof. Han) 11/14 – Online Algorithm II (Prof. Han) 11/21 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 11/28 – Elliptic Curve V (2 Exercises) (ECC Implementation II) 12/4 – Cancelled From 12/11 – To be Announced • For my part, you need to submit 2 Reports. • Report 1:Select 3 from 6 exercises in Elliptic Curve I – IIISubmission Deadline: 14 November • Report 2:Select 2 from 4 exercises in Elliptic Curve IV – VSubmission Deadline: TBD • Submit your report at Department of Mathematical Informatics’ office • [1st floor of this building]

  38. Thank you for your attention Please feel free to ask questions or comment.

More Related