Elliptic Curve Cryptography ( ECC )
description
Transcript of Elliptic Curve Cryptography ( ECC )
Elliptic Curve Cryptography (ECC)
Mustafa Demirhan
Bhaskar Anepu
Ajit Kunjal
Contents
Introduction Addition Law Elliptic Curves Mod n Encryption Example Decryption Example General Diffie-Hellman Key Exchange Scheme Diffie Hellman Method with Elliptic Curves Conclusions
Introduction
What is Elliptic Curve Cryptography (ECC)? ECC is an encryption technique based on elliptic curve
theory that can be used as faster, smaller, and more efficient cryptosystems
Who introduced it and when? Miller and Koblitz in mid 1980s and Lenstra showed how
to use elliptic curves to factor integers
What is the basic principle? Obtain same level of security as conventional
cryptosystems but with much smaller key sizes
General Form of Elliptic Curve
An elliptic curve E: y2 = x3 + ax + b
(a, b) belong to any of the appropriate sets namely rational numbers, complex numbers, integers etc.
More general form: y2+a1xy+a3y = x3+a2x2+a4x+a5
Addition Law
Given two points P1 and P2 on E, we can find P3 as follows:
Let P1 = (2, 9) and P2 = (3, 10) and E: y2 = x3 + 73
Find the equation of the line passing through P1 and P2
Find a point Q such that it lies on the line through P1 and P2 and the curve E
Q
P3
P2P1
Addition Law: Example
Equation of the line: y = x + 7 For Q, substitute this eqn. in E.
(x+7)2 = x3 + 73 Roots of this cubic: P1,P2 and Q. Rule: For a cubic polynomial of
the form x3+a2x2+a1x+a0 the roots r1,r2 and r3 are related by: r1+r2+r3=-a2
Applying this to our cubicx3-x2-14x+24 = 0, we obtain 2+3+xQ=1 xQ = -4yQ=xQ+7 yQ = 3 Q = (-4,3)
P3 is the mirror image of Q. Thus P3 = (-4, -3)
Addition Law-Definition
Define a law of addition on E by:P1 + P2 = P3
Addition Law: Let E: y2 = x3 + ax + b and let
P1 = (x1, y1) & P2 = (x2, y2)Then P 1 + P2 = P3 = (x3, y3) where
x3 = m2 - x1 - x2
y3 = m (x1 - x3) - y1
and m = (y2 - y1) / (x2 – x1) if P1 ≠ P2
m = (3x12 + a) / (2y1) if P1 = P2
Definition of P + P
Draw a tangent line through P, the point of intersection with the curve is defined as –R, then P+P = 2P = R
Definition of P + (-P)
P + (-P) = O
Multiplication
k.P = P + P + P + …. + P (k times) where k is an integer
Elliptic Curves Mod n
Let E: y2 ≡ x3 + 2x + 3 (mod 5)
The points on E are pairs (x, y) mod 5 that satisfy the equation
The possible values are
x ≡ 0 y2 ≡ 3 (mod 5) no solutionsx ≡ 1 y2 ≡ 6 (mod 5) y ≡ 1, 4x ≡ 2 y2 ≡ 15 (mod 5) y ≡ 0x ≡ 3 y2 ≡ 36 (mod 5) y ≡ 1, 4x ≡ 4 y2 ≡ 75 (mod 5) y ≡ 0
Therefore the points on E are (1,1), (1,4), (2,0), (3,1), (3,4), (4,0)
Encryption: Example
Let E: y2 ≡ x3 + 2x + 3 (mod 5)
P = (1, 4), K = (3, 1)
The cipher text is obtained as follows:m = (1–4)/(3-1) = 1 (mod 5)x3 = -1-1-3 = -3 (mod 5) = 2y3 = 1(1-2)-4 = 0 (mod 5)
Cipher Text = C = (2,0)
PK
Q
C
Decryption: Example
Let E: y2 ≡ x3 + 2x + 3 (mod 5)
C = (2, 0); K = (3, 1)
The decryption is same as encrypting with –K
-K = (3,-1) (mod 5) = (3,4)
m = 4/1 = 4x3 = 16-2-3 = 1 (mod 5)y3 = 4(2-1)-0 = 4
Hence, P = (1,4)
P
KQ
C
An Example Usage of Elliptic Curves The crucial property of an elliptic curve is that we can define a
rule for "adding" two points which are on the curve, to obtain a third point which is also on the curve
Cryptography can be done as follows: Alice, Bob, Cathy and David… agree on a (non-secret) elliptic
curve and a (non-secret) fixed curve point F. Alice chooses a secret random integer KA which is her secret key, and publishes the curve point PA = KA*F as her public key. Bob, Cathy and David do the same
Now suppose Alice wishes to send a message to Bob. One method is for Alice to simply compute KA*PB and use the result as the secret key for a conventional symmetric block cipher (say DES)
Bob can compute the same number by calculating KB * PA, since KB*PA = KB*(KA*F) = (KB*KA)*F = KA*(KB*F) = KA*PB
The security of the scheme is based on the assumption that it is difficult to compute k given F and k*F.
General Diffie-Hellman Key Exchange
Alice and Bob chooses a large prime number p and a primitive root α (mod p). Both p and α can be made public.
Alice chooses a secret random x and Bob chooses a secret random y.
Alice sends αx (mod p) to Bob, and Bob sends αy (mod p) to Alice.
Alice calculates key as K = (αy)x
(mod p) and Bob calculates K = (αx)y (mod p)
Alice Bob(α, p)
x
y
αx (mod p)
αy (mod p)
(αy)x
(mod p)(αx)y
(mod p)
DH Key Exchange with Elliptic Curves
Diffie-Hellman key exchange- another example
Given elliptic curve E and a point P (public)
Alice selects an a, computes A=aP, send A to Bob
Bob selects a b, computes B=bP, sends B to Alice
Then Alice can compute the key K=aB=abP, similarly, Bob computes the key K=bA=abP
Alice Bob(E, P)
a, A
b, B
A = aP
B = bP
abP abP
Using The Shared Keys
The key that we obtained using Diffie-Hellman with elliptic curves can be used either directly in another elliptic curve cryptosystem, or in a conventional cryptosystem such as DES, RSA etc.
However, for the latter, we need to convert the point in the elliptic curve system to a number. This can be done, but it is beyond the scope of this presentation
Conclusions
Elliptic Curves are just another way to map the data into another form. The power of the scheme comes from the fact that it is very hard to do the un-mapping without knowledge of the key
Elliptic Curve Cryptosystems provide same level of security as other conventional cryptosystems; but with a much smaller key size
Smaller the key size, lesser the hardware required