Ecc intro oct 2011

629 views
524 views

Published on

introduction to elliptic curve cryptography

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
629
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
41
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ecc intro oct 2011

  1. 1. Elliptic Curve Cryptography - An Introduction Marisa Paryasto 33207002 27 October 2011Friday, October 28, 2011 1
  2. 2. What is Elliptic Curve Cryptography? ‣ Originally  proposed  by  Victor  Miller  and  Neal  Koblitz  independently  from  one   another  in  1985 ‣ ECC  proposed  an  alterna@ve  to  other  public-­‐key  encryp@on  algorithms,  such  as   RSAFriday, October 28, 2011 2
  3. 3. Elliptic Curve Called  “ellip@c”  because  of  its  rela@onship  with  ellip@c  integrals,  which  are   natural  expressions  for  the  arc  length  of  an  ellipse y2  =  x3  +  ax  +  b   Ellip@c  curve  is  not  an  ellipse!Friday, October 28, 2011 3
  4. 4. y2 = x3 - xFriday, October 28, 2011 4
  5. 5. y2 = x3Friday, October 28, 2011 5
  6. 6. y2 = x3 - 4/3x + 16/27Friday, October 28, 2011 6
  7. 7. y2 = x3 - 1/2x + 1/2Friday, October 28, 2011 7
  8. 8. Elliptic Curve Cryptography ‣ Point  mul@plica@on  Q  =  kP ‣ Repeated  point  addi@on  and  doubling: 9P  =  2(2(2P))  +  P ‣ Public  key  opera@on:  Q(x,y)  =  kP(x,y)    Q  =  public  key  P  =  base  point  (curve  parameter)  k  =  private  key  n  =  order  of  P ‣ Ellip@c  curve  discrete  logarithm    Given  public  key  kP,  find  private  key  kFriday, October 28, 2011 8
  9. 9. Elliptic Curve Addition Q P P+QFriday, October 28, 2011 9
  10. 10. Multiplying 3P in Elliptic Curve (1) P+P = 2P PFriday, October 28, 2011 10
  11. 11. Multiplying 3P in Elliptic Curve (2) P+P = 2P Notes: 3P = 2P + P -> draw a line that crosses point 2P and P 3P PFriday, October 28, 2011 11
  12. 12. Encryption Process 1)7+ %3,/!&7+ 30%4,6$0%+ &0+ 7#&#+ &0+ 32,4 *+&,-,.,/,/&,01*22,0& 8!0$%&9 *+&2/-;#.,6&.<-467<2& !"#$$%& %21), *+,-,.,/,/&,01*22,0& 21,/,3**&4******5& 7-21##6*&6*7<-;665& %($)! 21,/,3**&4******&& *+&,6,1,7,3&212.,6,1& 89: *+&-7327-16&<3*;))37& ,.,7,3,1&2127,.,2 -7;3-73*&1;1;7-71 )$*+$%&*, (-.+/- !"#$%&(& !0$%&+ (5.+/5 12"&$!"$3#&$0%+ 0%+32,4Friday, October 28, 2011 12
  13. 13. Decryption Process *+&2/-:#.,6&.;-467;2& 53,/!&$0%+ *+&,-,.,/,/&,01*22,0& 7-21##6*&6*7;-:665& !,0366 21,/,3**&4******5& *+,-,.,/,/&,01*22,0& !"#$$%& *+&-7327-16&;3*:))37& )&8&9 *+&,6,1,7,3&212.,6,1& 21,/,3**&4******&& %($)! -7:3-73*&1:1:7-71 ,.,7,3,1&2127,.,2 7+8+9(:.+/:; !0$%&+ (-.+/- )$*+$%&*, !"#$%&(& 12"&$!"$3#&$0%+ 0%+32,4Friday, October 28, 2011 13
  14. 14. Elliptic Curve y2 = x3 + x + 6 is defined over Z11 Z11 10 9 8 7 6 5 4 3 2 1 0 0 2 4 6 8 10 12Friday, October 28, 2011 14
  15. 15. An elliptic curve E: y2 = x 3 + x + 6 is defined over Z11Friday, October 28, 2011 15
  16. 16. Calculating Quadratic ResidueFriday, October 28, 2011 16
  17. 17. Points on CurveFriday, October 28, 2011 17
  18. 18. ‣ There  are  12  points  lying  on  the  ellip@c  curve.  Together  with  the  point  O  at   infinity,  the  points  on  the  ellip@c  curve  form  a  group  with  n  =  13  elements. ‣ n  is  called  the  order  of  the  ellip@c  curve  group  and  depends  on  the  choice  of   the  curve  parameters  a  and  b.Friday, October 28, 2011 18
  19. 19. Point Addition P1 = (2, 4) P2 = (5, 9) P1 + P2 = P3 = (x3 , y3 ) y2 − y 1 9−4 5 m= = = = 5 · 4 = 20 = 9 x2 − x1 5−2 3 x3 = m2 − x1 − x2 = (9)2 − 2 − 5 = 81 − 7 = 74 = 8 y3 = m(x1 − x3 ) − y1 = 9(2 − 8) − 4 = 9(−6) − 4 = −54 − 4 = −58 = 8 P3 = (x3 , y3 ) = (8, 8)Friday, October 28, 2011 19
  20. 20. Point Doubling ‣ Iterate the point (7, 2) lying on y_2 = x_3 + x + 6 mod 11 ‣ Compute P2 = P * P by doubling the point P dy x1 2 + b 3(7)2 + 1 147 + 1 148 ˙ m= = = = = = 148 · 3 = 53 = 15 = 4 dx 2y1 2(2) 4 4 x2 = m2 − 2x1 = (4)2 − 2(7) = 16 − 14 = 2 y2 = m(x1 − x2 ) − y1 = 4(7 − 2) − 2 = 4(5) − 2 = 20 − 2 = 18 = 7 P 2 = P ∗ P = (x2 , y2 ) = (2, 7)Friday, October 28, 2011 20
  21. 21. More point doubling Compute P3 = P2 * P P 2 = (2, 7) P = (7, 2) y2 − y 1 2−7 −5 6 m= = = = = 6 · 9 = 54 = 10 x2 − x1 7−2 5 5 x3 = m2 − x1 − x2 = (10)2 − 2 − 7 = 100 − 9 = 91 = 3 y3 = m(x1 − x3 ) − y1 = 10(2 − 3) − 7 = 10(−1) − 7 = −10 − 7 = −17 = P 2 = P ∗ P = (x3 , y3 ) = (3, 5)Friday, October 28, 2011 21
  22. 22. Representing plaintext ‣ Let E : y 2 ≡ x3 + bx + c(mod p) ‣ Message m (representated as a number) will be embedded in the x- coordinate of a point ‣ Adjoin a few bits at the end of m and adjust until we get a number x such that x3 + bx + c is square mod pFriday, October 28, 2011 22
  23. 23. Representing plaintext (example) ‣ Let p = 179 and E : y 2 = x3 + 2x + 7 1 ‣ If failure rate of 10 then we may take K = 10 2 ‣ We need m.K + K < 179 , we need 0 ≤ m ≤ 16 ‣ Suppose our message is m = 5. We consider x of the form m.K + j = 50 + j ‣ The possible choices for x are 50, 51, .., 59. For x = 51 we get x3 + 2x + 7 ≡ 121(mod 179) 112 = 121(mod 179) ‣ Thus, we represent the message m = 5 by the point (insert encryption process) Pm = (51, 11) 51 ‣ The message m can be recovered by m= 10 =5Friday, October 28, 2011 23
  24. 24. Basic ElGamal ElGamal Encryption ElGamal Decryption INPUT: Elliptic curve domain INPUT: Domain parameters,(p, E, P, n) parameters (p, E, P, n) ,public private key d , ciphertext (C1 , C2 ) key Q , plaintext m OUTPUT: Plaintext m OUTPUT: Ciphertext (C1 , C2 ) 1. Compute M = C2 − dC1 , and 1.Represent the message m as a extract m from M point M in E(Fp ) 2. Return( m) 2.Select k ∈R [1, n − 1] 3.Compute C1 = kP 4.Compute C2 = M + kQ 5.Return (C1 , C2 )Friday, October 28, 2011 24
  25. 25. poly_prime = Time of execution: 0.013889 seconds 80000000 3 =====IN send_elgamal===== NUMBITS = 63 data (in send_gamal function) : NUMWORD = 1 0 123 setting up curve Base point x: 2e7cf965 63323eab the curve after setting up: y: 730a0498 5b456f7d form: 1 Base curve a2: 0 2 form: 1 a6: 0 1 a2: 0 2 a6: 0 1 counter = 0 inc = 1 random value: Base point 52d518f2 9979dd24 x: 2e7cf965 63323eab Random point C1 y: 730a0498 5b456f7d x: 5458cfc 12efc03c y: 52d6eb3 a6af454b create side 2s private key counter = 0 inc = 0 Side 2 secret: raw point M (after poly_embed) 10fc68f8 254d4d11 x: 0 123 y: 628f64a8 105671e3 Generate side 2s public key Their_public: x: 47a20fe7 9afa870f Side 2 public key y: 3c871ef9 9f291729 x: 47a20fe7 9afa870f hidden point (after poly_elptic_mul) y: 3c871ef9 9f291729 x: 3e2ca01d e1b52870 data = y: 523fa9bd ab463883 0 123 Hidden data (C2): x: 23f5fe99 de42125d Hide data on curve and send from side 1 to side 2 y: 68420248 dfab3f44 Random point (C1): curve before send_elgamal: x: 5458cfc 12efc03c form: 1 y: 52d6eb3 a6af454b a2: 0 2 =====OUT send_elgamal a6: 0 1 Their_public before send_elgamal: x: 47a20fe7 9afa870f y: 3c871ef9 9f291729Friday, October 28, 2011 25
  26. 26. x: 0 123 y: 628f64a8 105671e3 raw_point.x AFTER send_elgamal 0 123 curve after send_elgamal: raw_data (point): form: 1 x: bffff5ac bffff5e8 a2: 0 2 y: 8fe018b1 0 a6: 0 1 raw_data (point): x: 0 123 Hidden data (C2) y: 0 123 x: 23f5fe99 de42125d raw_data (field): y: 68420248 dfab3f44 bffff5ac bffff5e8 Random point (C1) raw_data (field): x: 5458cfc 12efc03c 0 123 y: 52d6eb3 a6af454b =====OUT receive elgamal Recover transmitted message sent data 0 123 IN receive_elgamal received data (field) Base curve in receive_elgamal 0 123 form: 1 a2: 0 2 a6: 0 1 Hidden_data (in receive_elgamal) : x: 23f5fe99 de42125d y: 68420248 dfab3f44 Random point x: 5458cfc 12efc03c y: 52d6eb3 a6af454b hidden_point (d*C1): x: 3e2ca01d e1b52870 y: 523fa9bd ab463883 raw_point:Friday, October 28, 2011 26

×