Elliptic Curve Cryptography (ECC)

Mustafa Demirhan

Bhaskar Anepu

Ajit Kunjal

Contents

Introduction Addition Law Elliptic Curves Mod n Encryption Example Decryption Example General Diffie-Hellman Key Exchange Scheme Diffie Hellman Method with Elliptic Curves Conclusions

Introduction

What is Elliptic Curve Cryptography (ECC)? ECC is an encryption technique based on elliptic curve

theory that can be used as faster, smaller, and more efficient cryptosystems

Who introduced it and when? Miller and Koblitz in mid 1980s and Lenstra showed how

to use elliptic curves to factor integers

What is the basic principle? Obtain same level of security as conventional

cryptosystems but with much smaller key sizes

General Form of Elliptic Curve

An elliptic curve E: y2 = x3 + ax + b

(a, b) belong to any of the appropriate sets namely rational numbers, complex numbers, integers etc.

More general form: y2+a1xy+a3y = x3+a2x2+a4x+a5

Addition Law

Given two points P1 and P2 on E, we can find P3 as follows:

Let P1 = (2, 9) and P2 = (3, 10) and E: y2 = x3 + 73

Find the equation of the line passing through P1 and P2

Find a point Q such that it lies on the line through P1 and P2 and the curve E

Q

P3

P2P1

Addition Law: Example

Equation of the line: y = x + 7 For Q, substitute this eqn. in E.

(x+7)2 = x3 + 73 Roots of this cubic: P1,P2 and Q. Rule: For a cubic polynomial of

the form x3+a2x2+a1x+a0 the roots r1,r2 and r3 are related by: r1+r2+r3=-a2

Applying this to our cubicx3-x2-14x+24 = 0, we obtain 2+3+xQ=1 xQ = -4yQ=xQ+7 yQ = 3 Q = (-4,3)

P3 is the mirror image of Q. Thus P3 = (-4, -3)

Addition Law-Definition

Define a law of addition on E by:P1 + P2 = P3

Addition Law: Let E: y2 = x3 + ax + b and let

P1 = (x1, y1) & P2 = (x2, y2)Then P 1 + P2 = P3 = (x3, y3) where

x3 = m2 - x1 - x2

y3 = m (x1 - x3) - y1

and m = (y2 - y1) / (x2 – x1) if P1 ≠ P2

m = (3x12 + a) / (2y1) if P1 = P2

Definition of P + P

Draw a tangent line through P, the point of intersection with the curve is defined as –R, then P+P = 2P = R

Definition of P + (-P)

P + (-P) = O

Multiplication

k.P = P + P + P + …. + P (k times) where k is an integer

Elliptic Curves Mod n

Let E: y2 ≡ x3 + 2x + 3 (mod 5)

The points on E are pairs (x, y) mod 5 that satisfy the equation

The possible values are

x ≡ 0 y2 ≡ 3 (mod 5) no solutionsx ≡ 1 y2 ≡ 6 (mod 5) y ≡ 1, 4x ≡ 2 y2 ≡ 15 (mod 5) y ≡ 0x ≡ 3 y2 ≡ 36 (mod 5) y ≡ 1, 4x ≡ 4 y2 ≡ 75 (mod 5) y ≡ 0

Therefore the points on E are (1,1), (1,4), (2,0), (3,1), (3,4), (4,0)

Encryption: Example

Let E: y2 ≡ x3 + 2x + 3 (mod 5)

P = (1, 4), K = (3, 1)

The cipher text is obtained as follows:m = (1–4)/(3-1) = 1 (mod 5)x3 = -1-1-3 = -3 (mod 5) = 2y3 = 1(1-2)-4 = 0 (mod 5)

Cipher Text = C = (2,0)

PK

Q

C

Decryption: Example

Let E: y2 ≡ x3 + 2x + 3 (mod 5)

C = (2, 0); K = (3, 1)

The decryption is same as encrypting with –K

-K = (3,-1) (mod 5) = (3,4)

m = 4/1 = 4x3 = 16-2-3 = 1 (mod 5)y3 = 4(2-1)-0 = 4

Hence, P = (1,4)

P

KQ

C

An Example Usage of Elliptic Curves The crucial property of an elliptic curve is that we can define a

rule for "adding" two points which are on the curve, to obtain a third point which is also on the curve

Cryptography can be done as follows: Alice, Bob, Cathy and David… agree on a (non-secret) elliptic

curve and a (non-secret) fixed curve point F. Alice chooses a secret random integer KA which is her secret key, and publishes the curve point PA = KA*F as her public key. Bob, Cathy and David do the same

Now suppose Alice wishes to send a message to Bob. One method is for Alice to simply compute KA*PB and use the result as the secret key for a conventional symmetric block cipher (say DES)

Bob can compute the same number by calculating KB * PA, since KB*PA = KB*(KA*F) = (KB*KA)*F = KA*(KB*F) = KA*PB

The security of the scheme is based on the assumption that it is difficult to compute k given F and k*F.

General Diffie-Hellman Key Exchange

Alice and Bob chooses a large prime number p and a primitive root α (mod p). Both p and α can be made public.

Alice chooses a secret random x and Bob chooses a secret random y.

Alice sends αx (mod p) to Bob, and Bob sends αy (mod p) to Alice.

Alice calculates key as K = (αy)x

(mod p) and Bob calculates K = (αx)y (mod p)

Alice Bob(α, p)

x

y

αx (mod p)

αy (mod p)

(αy)x

(mod p)(αx)y

(mod p)

DH Key Exchange with Elliptic Curves

Diffie-Hellman key exchange- another example

Given elliptic curve E and a point P (public)

Alice selects an a, computes A=aP, send A to Bob

Bob selects a b, computes B=bP, sends B to Alice

Then Alice can compute the key K=aB=abP, similarly, Bob computes the key K=bA=abP

Alice Bob(E, P)

a, A

b, B

A = aP

B = bP

abP abP

Using The Shared Keys

The key that we obtained using Diffie-Hellman with elliptic curves can be used either directly in another elliptic curve cryptosystem, or in a conventional cryptosystem such as DES, RSA etc.

However, for the latter, we need to convert the point in the elliptic curve system to a number. This can be done, but it is beyond the scope of this presentation

Conclusions

Elliptic Curves are just another way to map the data into another form. The power of the scheme comes from the fact that it is very hard to do the un-mapping without knowledge of the key

Elliptic Curve Cryptosystems provide same level of security as other conventional cryptosystems; but with a much smaller key size

Smaller the key size, lesser the hardware required