1 / 39

Introduction to Elliptic Curves in Cryptography: A Comprehensive Guide

Explore the fundamentals of elliptic curves, their applications in cryptography, and the advantages they offer compared to traditional methods. Learn about ECC encryption, Diffie-Hellman key exchange, digital signatures, and ECC security.

manng
Download Presentation

Introduction to Elliptic Curves in Cryptography: A Comprehensive Guide

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Number Theory and Advanced Cryptography4. Elliptic Curves Chih-Hung Wang Sept. 2011 Part I: Introduction to Number Theory Part II: Advanced Cryptography

  2. Elliptic Curve Cryptography • Majority of public-key crypto (RSA, D-H) use either integer or polynomial arithmetic with very large numbers/polynomials • Imposes a significant load in storing and processing keys and messages • An alternative is to use elliptic curves • In the mid-1980s, Miller and Koblitz introduced elliptic curves into cryptography. • Offers same security with smaller bit sizes • 4096-bit key size can be replaced by 313-bit elliptic curve system

  3. Real Elliptic Curves • An elliptic curve is defined by an equation in two variables x & y, with coefficients • Consider a cubic elliptic curve of form • y2 = x3 + ax + b • where x,y,a,b are all real numbers • also define zero point O • Have addition operation for elliptic curve • geometrically sum of Q+R is reflection of intersection R

  4. Real Elliptic Curve Example 1

  5. Real Elliptic Curve Example 2

  6. Geometric Description of Addition

  7. Algebraic Description of Addition P+Q = R =(yQ-yP)/(xQ-xP) P+P = 2P = R

  8. Addition Law

  9. Example of Addition (1)

  10. Example of Addition (2)

  11. Example of Addition (3)

  12. Elliptic Curves Mod p

  13. Example 1

  14. Example 2-1

  15. Example 2-2

  16. Example 3

  17. Example 4

  18. Law 1

  19. Law 2

  20. Number of points Mod p

  21. Hasse’s Theorem Schoof Algorithm: http://www.math.rochester.edu/people/grads/jdreibel/ref/12-7-05-Schoof.pdf

  22. Discrete Logarithms on EC

  23. Representing plaintext (1)

  24. Representing plaintext (2)

  25. Elliptic Curve Cryptography • ECC addition is analog of modulo multiply • ECC repeated addition is analog of modulo exponentiation • need “hard” problem equiv to discrete log • Q=kP, where Q,P belong to a prime curve • is “easy” to compute Q given k,P • but “hard” to find k given Q,P • known as the elliptic curve logarithm problem • Certicom example: E23(9,17)

  26. ECC Diffie-Hellman (1) • can do key exchange analogous to D-H • users select a suitable curve Ep(a,b) • select base point G=(x1,y1) with large order n s.t. nG=O • A & B select private keys nA<n, nB<n • compute public keys: PA=nA×G, PB=nB×G • compute shared key: K=nA×PB,K=nB×PA • same since K=nA×nB×G

  27. ECC Diffie-Hellman (2)

  28. ECC Diffie-Hellman (3)

  29. ECC Diffie-Hellman (4) • Page 365

  30. ECC Encryption/Decryption (1) • several alternatives, will consider simplest • must first encode any message M as a point on the elliptic curve Pm • select suitable curve & point G as in D-H • each user chooses private key nA<n • and computes public key PA=nA×G • to encrypt Pm : Cm={kG, Pm+k Pb}, k random • decrypt Cm compute: Pm+kPb–nB(kG) = Pm+k(nBG)–nB(kG) = Pm

  31. ECC Encryption/Decryption (2) • Page 363-364

  32. ECC Encryption/Decryption (3)

  33. ECC Security (1) • Relies on elliptic curve logarithm problem • Fastest method is “Pollard rho method” • Compared to factoring, can use much smaller key sizes than with RSA etc • For equivalent key lengths computations are roughly equivalent • Hence for similar security ECC offers significant computational advantages

  34. ECC Security (2)

  35. ECC Digital Signature (page 365-366) Signing

  36. ECC Digital Signature (page 365-366)II Verification

  37. ECC Digital Signature (1)

  38. ECC Digital Signature (2)

  39. ECC Digital Signature (3)

More Related