Elliptic Curve Cryptography and
Zero Knowledge Proof
Nimish Joseph
AGENDA
•
•
•
•
•
•

Mathematical Foundations
Public Key Cryptography
Elliptic Curve
Elliptic Curve Cryptography
Elliptic C...
Let’s Build the Foundation!
Mathematical Background for
Cryptography
• Modulo Arithmetic
d=n*q + r, 0 ≤r<n.
we say this as “d is equal to r modulo n”
...
Group
• Basic algebraic structure
• A pair <G,*>, where G is a set and * is a binary
operation such that the following hol...
Ring
A triplet < R, +, *>, where + and * are binary operations and R
is a set satisfying the following properties:
<R, +> ...
Fields
• <R, +, * > is a commutative ring with :
R has a multiplicative identity
Each element, x, in R (except for 0) has ...
Cryptography - Basics
• Private Key Cryptography

• Public Key Cryptography

06-Nov-2013

ECC and Zero Knowledge Proof

8
Public-Key Cryptosystems

Authentication: Only A can
generate the encrypted message
06-Nov-2013

ECC and Zero Knowledge Pr...
Public-Key Cryptography

06-Nov-2013

ECC and Zero Knowledge Proof

10
Public-Key Cryptography

06-Nov-2013

ECC and Zero Knowledge Proof

11
RSA
•
•
•
•
•

Choose two large primes p and q
n=p*q
φ(n)= (p-1)*(q-1)
Choose e, such that gcd(e, φ(n)) = 1
Compute d, suc...
Discrete Logarithmic Problem
y = gx mod p
Challenge :
Given y, g and p (g and p very large) it is not
VERY EASY(impossible...
Diffie-Hellman Key Exchange
ga mod p
gb mod p

K = (gb mod p)a = gab mod p

06-Nov-2013

K = (ga mod p)b = gab mod p

ECC ...
El Gamal Encryption
•
•
•
•

K=gamodp. (p,g,K) public and (a) private
Choose r such that gcd(r,p-1)=1
C1= gr mod p
C2= (m*...
Elliptic Curve Cryptography
Elliptic Curve Cryptography
• Elliptic Curve (EC) systems as applied to
cryptography were first proposed in 1985
independe...
What Is Elliptic Curve Cryptography
(ECC)?
• Elliptic curve cryptography [ECC] is a public-key
cryptosystem just like RSA,...
Using Elliptic Curves In Cryptography
• The central part of any cryptosystem involving elliptic
curves is the elliptic gro...
General form of a EC
• An elliptic curve is a plane curve defined by an
equation of the form

y  x  ax  b
2

3

Example...
EC as a group
An Elliptic Curve is a curve given by an equation
y2 = f(x)

Where f(x) is a square-free (no double roots) c...
Elliptical Curve as a Group - Properties
• P + Q = Q + P (commutativity)
• (P + Q) + R = P + (Q + R) (associativity)

• P ...
Elliptic Curve Picture
y

• Consider elliptic curve
E: y 2 = x 3 - x + 1
P2

P1

x

R

06-Nov-2013

• If P 1 and P 2 are o...
Case 1 : R’ ≠P1, R’≠ P2, R’≠ 0
•
•
•
•
•
•
•

P1+P2 = -R’ = R
R = (x3,y3)
Let y=mx+c
m= (y2-y1)/(x2-x1)
y2 = (mx+c)2 = m2x...
• (x-x1)(x-x2)(x-x3)=0
• x3-x2 (x1+x2+x3) + x (x1x2+x2x3+x3x1) – x1x2x3 = 0
• x3 = m2 –x1 –x2
• m= ((-y3)-y1)/(x3-x1)
• y3...
Case 2 : P1= -P2 or R’ = 0

P1

P2

06-Nov-2013

ECC and Zero Knowledge Proof

26
Case 3: R’=P1 or R’=P2
Tangent Line to EC at P2

R
P1

P2

06-Nov-2013

ECC and Zero Knowledge Proof

27
Case 4 : Doubling of Point P
Tangent Line to EC at P

R

P

2*P
06-Nov-2013

ECC and Zero Knowledge Proof

28
P1=P2
•
•
•
•
•

2y * dy/dx =3x2 + a
Slope of the tangent m = dy/dx = (3x2 + a)/2y
At (x1,y1) = (3x12 + a)/2y1
x3 = m2 –2x...
Work Out !
• EC(-1,1).
A(1,-1) B( 1/4, 7/8). A+B = ?
• m = (-1-7/8)/(1-1/4) = -5/2
• x3 = (-5/2)2 -1 -1/4 =5
• y3 = -(-1)+...
Elliptic Curve over Prime Fields
• Points on the curve y2 =x3 +2x +4
0
(0,2) (0,11)
(2,4) (2,9)
(5,3) (5,10)
(7,6) (7,7)
(...
Hasse’s Theorem
p +1 -2√p ≤ #EC(Fp) ≤ p+1+2√p
Establishes the tight bounds on the number of
points on the EC

06-Nov-2013
...
Work Out!
• EC(2,4) over F13
• A = (2,4) B = (8,5) . Compute A+B
m = (5-4)/(8-2) mod 13 =11
x3 = (112 -2 -8) mod 13 = 7
y3...
ECs Over Binary Fields
• y2+xy =x3 +ax2 +b, b!=0
• A=(x,y) : -A = (x,x+y)
• For adding two points
m= (y2+y1)/(x2+x1)
x3 = ...
Discrete Logarithm Problem on
Elliptic Curves
• The problem of computing k given the EC
parameters, G and kG, is called th...
Computing kG
• kG = G + G + ...+ G k times
• To compute 168G , compute the series obtained
by doubling the point,
2G, 4G, ...
Diffie-Hellman Modified
• Select <p,a,b,G,n,h>
• Alice chooses x and send xG
• Bob chooses y and send yG

• Alice on recei...
El Gamal Modified
•
•
•
•
•
•

k= aG
Choose r; Compute rG
Compute m + rk
Send <rG, m + rk>
To decrypt a(rG) = rk
m + rk – ...
Comparison of key sizes for same
level of security
ECC

RSA

• 110

• 512

• 163

• 1024

• 256

• 3072

• 384

• 7680

• ...
RSA vs ECC Timings
• To encrypt ECC takes nearly 10 times of that
of RSA upto a key size of 384(ECC) and
7680(RSA).
• For ...
Applications of ECC
• Many devices are small and have limited storage and
computational power
• Where can we apply ECC?
–
...
A Conference on ECC
• ECC 2013:
https://www.cosic.esat.kuleuven.be/ecc2013

06-Nov-2013

ECC and Zero Knowledge Proof

42
Zero Knowledge Proof
Zero Knowledge Proofs (ZKP)
• Goldwasser, Micali, and Rackoff, 1985.
• ZKP instance of Interactive Proof System
• Interact...
ZKP
• Zero knowledge Transfer between the Prover and
the Verifier
• The verifier accepts or rejects the proof after
multip...
Zero Knowledge Proofs
•
•
•
•
•
•

Introduction
Properties of ZKP
Advantages of ZKP
Examples
Fiat-Shamir Identification Pr...
Zero Knowledge Proofs

(ZKP)

• Goldwasser, Micali, and Rackoff, 1985.
• ZKP instance of Interactive Proof System
• Intera...
Properties of ZKP
• Completeness
– Succeeds with high probability for a true assertion
given an honest verifier and an hon...
Advantages of ZKP
•
•
•
•

As name Suggests – Zero Knowledge Transfer
Computational Efficiency – No Encryption
No Degradat...
Classic Example
• Ali Baba’s Cave
Alice has to convince Bob She knows the secret to
open the cave door without telling the...
Fiat-Shamir Identification Protocol
• 3 Message Protocol
• Alice A, the Prover and Bob B, the Verifier
A random modulus n,...
Fiat-Shamir Identification Protocol (contd)
• Alice chooses a random number r (1  r  n-1)
• Sends to Bob x = r2 mod n – ...
Fiat-Shamir Identification Protocol (contd)
• After many iterations, with a very high probability Bob can verify
Alice’s i...
Applications
• Watermark Verification
– Show the presence of watermark without
revealing information about it
– prevents f...
References
• Network Security and Cryptography, Bernard Menezes
• I. Blake, G. Seroussi, and N. Smart, Elliptic Curves in ...
References
• D. Hankerson, A. Menezes, and S.A. Vanstone, Guide to Elliptic Curve
Cryptography, Springer-Verlag, 2004
• ht...
THANK YOU!!

~Nimish Joseph
Q&A
Upcoming SlideShare
Loading in...5
×

Elliptic curve cryptography and zero knowledge proof

179

Published on

Faculty Development Programme - College of Engineering Cherthala

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
179
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Elliptic curve cryptography and zero knowledge proof"

  1. 1. Elliptic Curve Cryptography and Zero Knowledge Proof Nimish Joseph
  2. 2. AGENDA • • • • • • Mathematical Foundations Public Key Cryptography Elliptic Curve Elliptic Curve Cryptography Elliptic Curve over Prime Fields Zero Knowledge Proof 06-Nov-2013 ECC and Zero Knowledge Proof 2
  3. 3. Let’s Build the Foundation!
  4. 4. Mathematical Background for Cryptography • Modulo Arithmetic d=n*q + r, 0 ≤r<n. we say this as “d is equal to r modulo n” r ≡ d (mod n) 5 ≡ 26 (mod 7) 06-Nov-2013 ECC and Zero Knowledge Proof 4
  5. 5. Group • Basic algebraic structure • A pair <G,*>, where G is a set and * is a binary operation such that the following hold Closure Associativity Identity Element Inverse < Zn, +n > 06-Nov-2013 ECC and Zero Knowledge Proof 5
  6. 6. Ring A triplet < R, +, *>, where + and * are binary operations and R is a set satisfying the following properties: <R, +> is a commutative group For all x, y, and z in R x*y is also in R x*(y*z)=(x*y)*z x*(y+z)= (x*y)+(x*z ) < Zn, +n, *n> 06-Nov-2013 ECC and Zero Knowledge Proof 6
  7. 7. Fields • <R, +, * > is a commutative ring with : R has a multiplicative identity Each element, x, in R (except for 0) has an inverse element in R , denoted by x-1 <Zn, +n, *n > where n is prime. 06-Nov-2013 ECC and Zero Knowledge Proof 7
  8. 8. Cryptography - Basics • Private Key Cryptography • Public Key Cryptography 06-Nov-2013 ECC and Zero Knowledge Proof 8
  9. 9. Public-Key Cryptosystems Authentication: Only A can generate the encrypted message 06-Nov-2013 ECC and Zero Knowledge Proof Secrecy: Only B can Decrypt the message 9
  10. 10. Public-Key Cryptography 06-Nov-2013 ECC and Zero Knowledge Proof 10
  11. 11. Public-Key Cryptography 06-Nov-2013 ECC and Zero Knowledge Proof 11
  12. 12. RSA • • • • • Choose two large primes p and q n=p*q φ(n)= (p-1)*(q-1) Choose e, such that gcd(e, φ(n)) = 1 Compute d, such that d = e-1mod φ(n) C = Me mod n M= Cd mod n 06-Nov-2013 ECC and Zero Knowledge Proof 12
  13. 13. Discrete Logarithmic Problem y = gx mod p Challenge : Given y, g and p (g and p very large) it is not VERY EASY(impossible) to calcuate x. 06-Nov-2013 ECC and Zero Knowledge Proof 13
  14. 14. Diffie-Hellman Key Exchange ga mod p gb mod p K = (gb mod p)a = gab mod p 06-Nov-2013 K = (ga mod p)b = gab mod p ECC and Zero Knowledge Proof 14
  15. 15. El Gamal Encryption • • • • K=gamodp. (p,g,K) public and (a) private Choose r such that gcd(r,p-1)=1 C1= gr mod p C2= (m*Kr) mod p... m is the message Sends(C1, C2) • To Decrypt C1-a*C2 mod p =m 06-Nov-2013 ECC and Zero Knowledge Proof 15
  16. 16. Elliptic Curve Cryptography
  17. 17. Elliptic Curve Cryptography • Elliptic Curve (EC) systems as applied to cryptography were first proposed in 1985 independently by Neal Koblitz and Victor Miller. • The discrete logarithm problem on elliptic curve groups is believed to be more difficult than the corresponding problem in (the multiplicative group of nonzero elements of) the underlying finite field. 06-Nov-2013 ECC and Zero Knowledge Proof 17
  18. 18. What Is Elliptic Curve Cryptography (ECC)? • Elliptic curve cryptography [ECC] is a public-key cryptosystem just like RSA, Rabin, and El Gamal. • Every user has a public and a private key. – Public key is used for encryption/signature verification. – Private key is used for decryption/signature generation. • Elliptic curves are used as an extension to other current cryptosystems. 06-Nov-2013 ECC and Zero Knowledge Proof 18
  19. 19. Using Elliptic Curves In Cryptography • The central part of any cryptosystem involving elliptic curves is the elliptic group. • All public-key cryptosystems have some underlying mathematical operation. – RSA has exponentiation (raising the message or ciphertext to the public or private values) – ECC has point multiplication (repeated addition of two points). 06-Nov-2013 ECC and Zero Knowledge Proof 19
  20. 20. General form of a EC • An elliptic curve is a plane curve defined by an equation of the form y  x  ax  b 2 3 Examples 06-Nov-2013 ECC and Zero Knowledge Proof 20
  21. 21. EC as a group An Elliptic Curve is a curve given by an equation y2 = f(x) Where f(x) is a square-free (no double roots) cubic or a quartic polynomial y2 = x3 + ax + b 4a3 + 27b2 ≠ 0 EC(-3,2) So y2 = x3 is not an elliptic curve, but y2 = x3-1 is 06-Nov-2013 ECC and Zero Knowledge Proof 21
  22. 22. Elliptical Curve as a Group - Properties • P + Q = Q + P (commutativity) • (P + Q) + R = P + (Q + R) (associativity) • P + O = O + P = P (existence of an identity element) • there exists ( − P) such that − P + P = P + ( − P) = O (existence of inverses) 06-Nov-2013 ECC and Zero Knowledge Proof 22
  23. 23. Elliptic Curve Picture y • Consider elliptic curve E: y 2 = x 3 - x + 1 P2 P1 x R 06-Nov-2013 • If P 1 and P 2 are on E , we can define R = P1 + P2 as shown in picture • Addition is all we need ECC and Zero Knowledge Proof 23
  24. 24. Case 1 : R’ ≠P1, R’≠ P2, R’≠ 0 • • • • • • • P1+P2 = -R’ = R R = (x3,y3) Let y=mx+c m= (y2-y1)/(x2-x1) y2 = (mx+c)2 = m2x2+2mxc+c2 x3+ax+b = m2x2+2mxc+c2 x3 - m2x2 + (a-2mc)x + (b- c2 ) = 0 06-Nov-2013 ECC and Zero Knowledge Proof 24
  25. 25. • (x-x1)(x-x2)(x-x3)=0 • x3-x2 (x1+x2+x3) + x (x1x2+x2x3+x3x1) – x1x2x3 = 0 • x3 = m2 –x1 –x2 • m= ((-y3)-y1)/(x3-x1) • y3= -y1 +m(x1-x3) 06-Nov-2013 ECC and Zero Knowledge Proof 25
  26. 26. Case 2 : P1= -P2 or R’ = 0 P1 P2 06-Nov-2013 ECC and Zero Knowledge Proof 26
  27. 27. Case 3: R’=P1 or R’=P2 Tangent Line to EC at P2 R P1 P2 06-Nov-2013 ECC and Zero Knowledge Proof 27
  28. 28. Case 4 : Doubling of Point P Tangent Line to EC at P R P 2*P 06-Nov-2013 ECC and Zero Knowledge Proof 28
  29. 29. P1=P2 • • • • • 2y * dy/dx =3x2 + a Slope of the tangent m = dy/dx = (3x2 + a)/2y At (x1,y1) = (3x12 + a)/2y1 x3 = m2 –2x1 y3= -y1 +m(x1-x3) 06-Nov-2013 ECC and Zero Knowledge Proof 29
  30. 30. Work Out ! • EC(-1,1). A(1,-1) B( 1/4, 7/8). A+B = ? • m = (-1-7/8)/(1-1/4) = -5/2 • x3 = (-5/2)2 -1 -1/4 =5 • y3 = -(-1)+(-5)/2*(1-5) = 11 (5,11) 06-Nov-2013 ECC and Zero Knowledge Proof 30
  31. 31. Elliptic Curve over Prime Fields • Points on the curve y2 =x3 +2x +4 0 (0,2) (0,11) (2,4) (2,9) (5,3) (5,10) (7,6) (7,7) (8,5) (8,8) (9,6) (9,7) (10,6) (10,7) (12,1) (12,11) 06-Nov-2013 ECC and Zero Knowledge Proof 31
  32. 32. Hasse’s Theorem p +1 -2√p ≤ #EC(Fp) ≤ p+1+2√p Establishes the tight bounds on the number of points on the EC 06-Nov-2013 ECC and Zero Knowledge Proof 32
  33. 33. Work Out! • EC(2,4) over F13 • A = (2,4) B = (8,5) . Compute A+B m = (5-4)/(8-2) mod 13 =11 x3 = (112 -2 -8) mod 13 = 7 y3 = (-4 +11*(2-7)) mod 13 = 6 A+B =(7,6) • Compute 2A = (8,5) 06-Nov-2013 ECC and Zero Knowledge Proof 33
  34. 34. ECs Over Binary Fields • y2+xy =x3 +ax2 +b, b!=0 • A=(x,y) : -A = (x,x+y) • For adding two points m= (y2+y1)/(x2+x1) x3 = m2+m +x1 +x2 + a y3 = m(x1+x3) +x3 +y1 • Point doubling m = x1 +(y1/x1) x3 = m2+m+a y3 = x12 +(m+1)*x3 06-Nov-2013 ECC and Zero Knowledge Proof 34
  35. 35. Discrete Logarithm Problem on Elliptic Curves • The problem of computing k given the EC parameters, G and kG, is called the discrete log problem for points on an elliptic curve. • This problem is known to be infeasible in EC groups beyond 2120 elements 06-Nov-2013 ECC and Zero Knowledge Proof 35
  36. 36. Computing kG • kG = G + G + ...+ G k times • To compute 168G , compute the series obtained by doubling the point, 2G, 4G, 8G, 16G, 32G,... • Now 168 = 10101000 in binary 168G = 128G+32G+8G O(log k) 06-Nov-2013 ECC and Zero Knowledge Proof 36
  37. 37. Diffie-Hellman Modified • Select <p,a,b,G,n,h> • Alice chooses x and send xG • Bob chooses y and send yG • Alice on receipt compute x(yG) =xyG • Bob on receipt compute y(xG) = xyG 06-Nov-2013 ECC and Zero Knowledge Proof 37
  38. 38. El Gamal Modified • • • • • • k= aG Choose r; Compute rG Compute m + rk Send <rG, m + rk> To decrypt a(rG) = rk m + rk – rk = m 06-Nov-2013 ECC and Zero Knowledge Proof 38
  39. 39. Comparison of key sizes for same level of security ECC RSA • 110 • 512 • 163 • 1024 • 256 • 3072 • 384 • 7680 • 512 • 15360 06-Nov-2013 ECC and Zero Knowledge Proof 39
  40. 40. RSA vs ECC Timings • To encrypt ECC takes nearly 10 times of that of RSA upto a key size of 384(ECC) and 7680(RSA). • For Decryption RSA takes more time for a key size higher than 1024 when compared to ECC (163) 06-Nov-2013 ECC and Zero Knowledge Proof 40
  41. 41. Applications of ECC • Many devices are small and have limited storage and computational power • Where can we apply ECC? – – – – Wireless communication devices Smart cards Web servers that need to handle many encryption sessions Any application where security is needed but lacks the power, storage and computational power that is necessary for our current cryptosystems 06-Nov-2013 ECC and Zero Knowledge Proof 41
  42. 42. A Conference on ECC • ECC 2013: https://www.cosic.esat.kuleuven.be/ecc2013 06-Nov-2013 ECC and Zero Knowledge Proof 42
  43. 43. Zero Knowledge Proof
  44. 44. Zero Knowledge Proofs (ZKP) • Goldwasser, Micali, and Rackoff, 1985. • ZKP instance of Interactive Proof System • Interactive Proof Systems – Challenge-Response Authentication – Prover and Verifier – Verifier Accepts or Rejects the Prover 06-Nov-2013 ECC and Zero Knowledge Proof 44
  45. 45. ZKP • Zero knowledge Transfer between the Prover and the Verifier • The verifier accepts or rejects the proof after multiple challenges and responses • Probabilistic Proof Protocol • Overcomes Problems with Password Based Authentication 06-Nov-2013 ECC and Zero Knowledge Proof 45
  46. 46. Zero Knowledge Proofs • • • • • • Introduction Properties of ZKP Advantages of ZKP Examples Fiat-Shamir Identification Protocol Real-Time Applications 06-Nov-2013 ECC and Zero Knowledge Proof 46
  47. 47. Zero Knowledge Proofs (ZKP) • Goldwasser, Micali, and Rackoff, 1985. • ZKP instance of Interactive Proof System • Interactive Proof Systems – Challenge-Response Authentication – Prover and Verifier – Verifier Accepts or Rejects the Prover 06-Nov-2013 ECC and Zero Knowledge Proof 47
  48. 48. Properties of ZKP • Completeness – Succeeds with high probability for a true assertion given an honest verifier and an honest prover. • Soundness – Fails for any other false assertion, given a dishonest prover and an honest verifier • Zero Knowledge 06-Nov-2013 ECC and Zero Knowledge Proof 48
  49. 49. Advantages of ZKP • • • • As name Suggests – Zero Knowledge Transfer Computational Efficiency – No Encryption No Degradation of the protocol Based on problems like discrete logarithms and integer factorization 06-Nov-2013 ECC and Zero Knowledge Proof 49
  50. 50. Classic Example • Ali Baba’s Cave Alice has to convince Bob She knows the secret to open the cave door without telling the secret (source: http://www.rsasecurity.com/rsalabs/faq/2-1-8.html) 06-Nov-2013 ECC and Zero Knowledge Proof 50
  51. 51. Fiat-Shamir Identification Protocol • 3 Message Protocol • Alice A, the Prover and Bob B, the Verifier A random modulus n, product of two large prime numbers p and q generated by a trusted party and made public • Prover chooses secret s relatively prime to n • prover computes v = s2 mod n, where v is the public key A  B A  B A  B 06-Nov-2013 : x = r2 mod n : e  { 0,1} : y = r * se mod n. Is y2 = x * ve ? ECC and Zero Knowledge Proof 51
  52. 52. Fiat-Shamir Identification Protocol (contd) • Alice chooses a random number r (1  r  n-1) • Sends to Bob x = r2 mod n – commitment • Bob randomly sends either a 0 or a 1 ( e  { 0,1}) as his challenge • Depending on the challenge from Bob, Alice computes the response as y = r if e = 0 or otherwise y = r*s mod n • Bob accepts the response upon checking y2  x * ve mod n 06-Nov-2013 ECC and Zero Knowledge Proof 52
  53. 53. Fiat-Shamir Identification Protocol (contd) • After many iterations, with a very high probability Bob can verify Alice’s identity • Alice’s response does not reveal the secret s (with y = r or y = r* s mod n) • An intruder can prove Alice’s identity without knowing the secret, if he knows Bob’s challenge in advance: – Generate random r – If expected challenge is 1, send x = r2/v mod n as commitment, and y = r as response – If expected challenge is 0, send x = r mod n as commitment • Probability that any Intruder impersonating the prover can send the right response is only ½ • Probability reduced as iterations are increased • Important - Alice should not repeat r 06-Nov-2013 ECC and Zero Knowledge Proof 53
  54. 54. Applications • Watermark Verification – Show the presence of watermark without revealing information about it – prevents from removing the watermark and reselling multiple duplicate copies • Others – e-voting, e-cash etc. 06-Nov-2013 ECC and Zero Knowledge Proof 54
  55. 55. References • Network Security and Cryptography, Bernard Menezes • I. Blake, G. Seroussi, and N. Smart, Elliptic Curves in Cryptography, London Mathematical Society 265, Cambridge University Press, 1999 • Overview of Zero-Knowledge Protocols, Jeffrey Knapp • http://en.wikipedia.org/wiki/Elliptic_curve_cryptography as on November 4, 2013 • Koblitz, N. (1987). "Elliptic curve cryptosystems". Mathematics of Computation 48 (177): 203–209. JSTOR 2007884 • Menezes, A.; Okamoto, T.; Vanstone, S. A. (1993). "Reducing elliptic curve logarithms to logarithms in a finite field". IEEE Transactions on Information Theory 39 • K. Malhotra, S. Gardner, and R. Patz, Implementation of Elliptic-Curve Cryptography on Mobile Healthcare Devices, Networking, Sensing and Control, 2007 IEEE International Conference on, London, 15–17 April 2007 Page(s):239–244 06-Nov-2013 ECC and Zero Knowledge Proof 55
  56. 56. References • D. Hankerson, A. Menezes, and S.A. Vanstone, Guide to Elliptic Curve Cryptography, Springer-Verlag, 2004 • http://en.wikipedia.org/wiki/Zero-knowledge_proof as on November 4, 2013 • Stinson, Douglas Robert (2006), Cryptography: Theory and Practice (3rd ed.), London: CRC Press, ISBN 978-1-58488-508-5 • Agrawal, Manindra; Kayal, Neeraj; Saxena, Nitin (2004). "PRIMES is in P". Annals of Mathematics 160 (2): 781–793. • Theory of Computing Course, Cornell University 2009, Zero knowledge proofs • A Survey of Zero-Knowledge Proofs with Applications to Cryptography, Austin Mohr Southern Illinois University at Carbondale 06-Nov-2013 ECC and Zero Knowledge Proof 56
  57. 57. THANK YOU!! ~Nimish Joseph
  58. 58. Q&A
  1. Gostou de algum slide específico?

    Recortar slides é uma maneira fácil de colecionar informações para acessar mais tarde.

×