Elliptic Curve Cryptography Celia Li Computer Science and Engineering November 10, 2005.
-
Upload
geraldine-bathsheba-alexander -
Category
Documents
-
view
217 -
download
0
description
Transcript of Elliptic Curve Cryptography Celia Li Computer Science and Engineering November 10, 2005.
Elliptic Curve Cryptography
Celia LiComputer Science and Engineering
November 10, 2005
2
ContentIntroduction of Elliptic Curve
Theory Elliptic Curve Diffie-Helman
ProtocolElliptic Curve Digital Signature
AuthenticationECC Security Analysis
3
What is Elliptic Curve Cryptography (ECC) ?
A public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys
4
Elliptic Curve Over Real Numbers
Set of Points (x, y): y2 = x3 + ax + b where x, y, a and b are real
numbers. Includes all points (x, y) + a special point O, called
the point at infinity Point O does not satisfy
elliptic curve equation, but is needed for addition operation
5
Elliptic Curve Addition
Adding distinct points P and Q P=(xP, yP), Q=(xQ, yQ) are not negative of each other P + Q = R where s= (yP-yQ)/ (xP-xQ) xR = s2-xP-xQ
yR = -yP+s (xP-xR) s is the slope of the line through P and Q Example: P(-2.35, -1.86), Q(-0.1, 0.836) –R(3.89, 5.62), R(3.89, -5.62) P+Q=R=(3.89, -5.62)
P+Q=R
6
Elliptic Curve Addition
Adding Points P and -P Elliptic curve group includes the point at infinity O. P+(-P)=O P+O=P All elliptic curves have the point at infinity O
P+(-P)=O
7
Elliptic Curve Addition
Doubling the Point P if yP0 P=(xP, yP), yP0 P+P=2P=R s= (3xP
2 +a)/ (2yP) xR = s2-2xP
yR = -yP+s (xP-xR) Example: P(2, 2.65), –R(-1.11, -2.64), R(-1.11, 2.64) 2P=R=(-1.11, -2.64)
P+P=2P=R
8
Elliptic Curve Addition
Doubling the Point P if yP=0 P+P=2P=O 3P= 2P+P=O+P=P 4P= 3P+P=P+P=O 5P=P, 6P=O, 7P=P, etc
2P=O
(1.1, 0)
9
Elliptic Curve Over Finite Field Fz
Major Difference between Elliptic Curve Over Fz and Over Real Numbers
Elliptic curve over Fz has a finite number of points Unlike elliptic curve over real numbers, computations over Fz involve no round off error Computations are performed by modulo z
10
Set of points (x, y) satisfy y2 = x3 + ax + b mod z, where z is a prime number>3, a, b, x, y Fz
Adding Distinct Points P and Q P=(xp, yp) , -P=(xp, -ypmod z). P+Q=R where s= (yP-yQ)/ (xP-xQ) mod z xR = s2-xP-xQ mod z yR = -yP+s (xP-xR) mod z Doubling the Point P if yp 0 2P=R where s= (3xP
2 +a)/ (2yP) mod z xR = s2-2xP mod z yR = -yP+s (xP-xR) mod z
Elliptic Curve Over Finite Field Fz
11
Conclude Elliptic Curve Theory
Crucial Property of an Elliptic Curve
Define a rule for “adding” two points which are on the elliptic curve, to obtain a 3rd point which is also on the elliptic curve
Include a special point O, which does not satisfy the elliptic curve equation
Order of a Point Order of a point P on the elliptic
curve is the smallest integer r such that r*P=O
12
Elliptic Curve Discrete Logarithm Problem (ECDLP)
Public-key cryptography systems use hard-to-solve problems as the basis of the algorithm
Prime factorization is a hard problem used by RSA
ECDLP is a “hard” problem used by ECC Given two points Q & G on elliptic curve, such that Q = d*G Can we easily find integer d? Q is public key, d is private key Relatively easy to perform, but extremely
difficult to reverse
13
Elliptic Curve Diffie-Helman Protocol
Generates dAlice
Computes QAlice=dAlice *G
Generates dBob
Computes QBob=dBob *G
Publish Curve Point QAlice
Publish QBob
Computes P1=dAlice*QBobComputes P2=dBob * QAliceUse this computed
point P1 or P2 as the shared secret key
Message
P1=P2=dAlice* dBob* G
Given a curve point G and the result of d*G, it is difficult to compute d.
Q: public keyd: private keyG: a fixed point on elliptic curve
=dBob * (dAlice *G)=dAlice*(dBob*G)
= =
shared secret key
shared secret key
14
Elliptic Curve Digital Signature Authentication
Sends message m
and her signature
(r,s) r=0?
Select a random number k[1,n-1]Compute point P=k *G=(x,y)
Compute r=x mod n
e=SHA-1(m)
Compute s=k-1(e+dAlice*r) mod n
s=0?
No
Yes
Yes
Verify r and s are integers in the range [1, n-1]
e=SHA-1(m)
Compute w=s-1 mod n
Compute u1=e*w and u2=r*w
Point X=(x1, y1)=u1*G+u2*QAlice
Signature of m is the pair (r,s)
Yes
No
Reject
Accept Alice’s signature if v=r
Compute v=x1 mod n
X=O?
QAlice: public keydAlice: private key
G: a point on elliptic curve n: order of point G, n*G=O
(k*x)mod n=1 x=k-1
(29*35)mod78=1
15
Security AnalysisRSA Key Size
Time to Break Key
(MIPS Years)
ECC Key Size for
Equivalent Security
RSA:ECC Key Size Ratio
512 104 106 5:1768 108 132 6:1
1,024 1011 160 7:12,048 1020 210 10:121,00
01078 600 35:1
ECC can offer same levels of security with small size keys comparable to RSA and other public key cryptography methods
Designed for devices with limited memory, bandwidth, computational power, e.g. smartcards and PDAs
16
Reference
Neal Koblitz, "Elliptic curve cryptosystems", Mathematics of Computation 48, 1987, pp203–209.
V. Miller, "Use of elliptic curves in cryptography", CRYPTO 85, 1985. Blake, Seroussi, Smart, "Elliptic Curves in Cryptography", Cambridge
University Press, 1999. Hankerson, Menezes, Vanstone, "Guide to Elliptic Curve
Cryptography", Springer-Verlag, 2004. L. Washington, "Elliptic Curves: Number Theory and Cryptography",
Chapman & Hall/CRC, 2003. B.Schneier. Applied Cryptography. John Wiley and Sons, second
edition, 1996 Julio Lopez and Ricardo Dahab, “An overview of elliptic curve
cryptography”, May 2000. V. Miller, “Uses of elliptic curves in cryptography”, Advances in
Cryptology - CRYPTO'85, LNCS 218, pp.417-426, 1986. Robert Milson, “Introduction to Public Key Cryptography and
Modular Arithmetic” William Stallings, Cryptography and Network Security-Principles and
Practice second edition, Prentice Hall publications. R. Schroppel, H. Orman, S. O’Malley and O. Spatscheck, “Fast key
exchange with elliptic key systems”, Advances in Cryptography, Proc. Crypto’95, LNCS 963, pp. 43-56, Springer-Verlag, 1995.
17
Thank You !