• Like
  • Save
Ecc intro oct 2011
Upcoming SlideShare
Loading in...5
×
 

Ecc intro oct 2011

on

  • 525 views

introduction to elliptic curve cryptography

introduction to elliptic curve cryptography

Statistics

Views

Total Views
525
Views on SlideShare
523
Embed Views
2

Actions

Likes
0
Downloads
11
Comments
0

1 Embed 2

https://twitter.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Ecc intro oct 2011 Ecc intro oct 2011 Presentation Transcript

    • Elliptic Curve Cryptography - An Introduction Marisa Paryasto 33207002 27 October 2011Friday, October 28, 2011 1
    • What is Elliptic Curve Cryptography? ‣ Originally  proposed  by  Victor  Miller  and  Neal  Koblitz  independently  from  one   another  in  1985 ‣ ECC  proposed  an  alterna@ve  to  other  public-­‐key  encryp@on  algorithms,  such  as   RSAFriday, October 28, 2011 2
    • Elliptic Curve Called  “ellip@c”  because  of  its  rela@onship  with  ellip@c  integrals,  which  are   natural  expressions  for  the  arc  length  of  an  ellipse y2  =  x3  +  ax  +  b   Ellip@c  curve  is  not  an  ellipse!Friday, October 28, 2011 3
    • y2 = x3 - xFriday, October 28, 2011 4
    • y2 = x3Friday, October 28, 2011 5
    • y2 = x3 - 4/3x + 16/27Friday, October 28, 2011 6
    • y2 = x3 - 1/2x + 1/2Friday, October 28, 2011 7
    • Elliptic Curve Cryptography ‣ Point  mul@plica@on  Q  =  kP ‣ Repeated  point  addi@on  and  doubling: 9P  =  2(2(2P))  +  P ‣ Public  key  opera@on:  Q(x,y)  =  kP(x,y)    Q  =  public  key  P  =  base  point  (curve  parameter)  k  =  private  key  n  =  order  of  P ‣ Ellip@c  curve  discrete  logarithm    Given  public  key  kP,  find  private  key  kFriday, October 28, 2011 8
    • Elliptic Curve Addition Q P P+QFriday, October 28, 2011 9
    • Multiplying 3P in Elliptic Curve (1) P+P = 2P PFriday, October 28, 2011 10
    • Multiplying 3P in Elliptic Curve (2) P+P = 2P Notes: 3P = 2P + P -> draw a line that crosses point 2P and P 3P PFriday, October 28, 2011 11
    • Encryption Process 1)7+ %3,/!&7+ 30%4,6$0%+ &0+ 7#&#+ &0+ 32,4 *+&,-,.,/,/&,01*22,0& 8!0$%&9 *+&2/-;#.,6&.<-467<2& !"#$$%& %21), *+,-,.,/,/&,01*22,0& 21,/,3**&4******5& 7-21##6*&6*7<-;665& %($)! 21,/,3**&4******&& *+&,6,1,7,3&212.,6,1& 89: *+&-7327-16&<3*;))37& ,.,7,3,1&2127,.,2 -7;3-73*&1;1;7-71 )$*+$%&*, (-.+/- !"#$%&(& !0$%&+ (5.+/5 12"&$!"$3#&$0%+ 0%+32,4Friday, October 28, 2011 12
    • Decryption Process *+&2/-:#.,6&.;-467;2& 53,/!&$0%+ *+&,-,.,/,/&,01*22,0& 7-21##6*&6*7;-:665& !,0366 21,/,3**&4******5& *+,-,.,/,/&,01*22,0& !"#$$%& *+&-7327-16&;3*:))37& )&8&9 *+&,6,1,7,3&212.,6,1& 21,/,3**&4******&& %($)! -7:3-73*&1:1:7-71 ,.,7,3,1&2127,.,2 7+8+9(:.+/:; !0$%&+ (-.+/- )$*+$%&*, !"#$%&(& 12"&$!"$3#&$0%+ 0%+32,4Friday, October 28, 2011 13
    • Elliptic Curve y2 = x3 + x + 6 is defined over Z11 Z11 10 9 8 7 6 5 4 3 2 1 0 0 2 4 6 8 10 12Friday, October 28, 2011 14
    • An elliptic curve E: y2 = x 3 + x + 6 is defined over Z11Friday, October 28, 2011 15
    • Calculating Quadratic ResidueFriday, October 28, 2011 16
    • Points on CurveFriday, October 28, 2011 17
    • ‣ There  are  12  points  lying  on  the  ellip@c  curve.  Together  with  the  point  O  at   infinity,  the  points  on  the  ellip@c  curve  form  a  group  with  n  =  13  elements. ‣ n  is  called  the  order  of  the  ellip@c  curve  group  and  depends  on  the  choice  of   the  curve  parameters  a  and  b.Friday, October 28, 2011 18
    • Point Addition P1 = (2, 4) P2 = (5, 9) P1 + P2 = P3 = (x3 , y3 ) y2 − y 1 9−4 5 m= = = = 5 · 4 = 20 = 9 x2 − x1 5−2 3 x3 = m2 − x1 − x2 = (9)2 − 2 − 5 = 81 − 7 = 74 = 8 y3 = m(x1 − x3 ) − y1 = 9(2 − 8) − 4 = 9(−6) − 4 = −54 − 4 = −58 = 8 P3 = (x3 , y3 ) = (8, 8)Friday, October 28, 2011 19
    • Point Doubling ‣ Iterate the point (7, 2) lying on y_2 = x_3 + x + 6 mod 11 ‣ Compute P2 = P * P by doubling the point P dy x1 2 + b 3(7)2 + 1 147 + 1 148 ˙ m= = = = = = 148 · 3 = 53 = 15 = 4 dx 2y1 2(2) 4 4 x2 = m2 − 2x1 = (4)2 − 2(7) = 16 − 14 = 2 y2 = m(x1 − x2 ) − y1 = 4(7 − 2) − 2 = 4(5) − 2 = 20 − 2 = 18 = 7 P 2 = P ∗ P = (x2 , y2 ) = (2, 7)Friday, October 28, 2011 20
    • More point doubling Compute P3 = P2 * P P 2 = (2, 7) P = (7, 2) y2 − y 1 2−7 −5 6 m= = = = = 6 · 9 = 54 = 10 x2 − x1 7−2 5 5 x3 = m2 − x1 − x2 = (10)2 − 2 − 7 = 100 − 9 = 91 = 3 y3 = m(x1 − x3 ) − y1 = 10(2 − 3) − 7 = 10(−1) − 7 = −10 − 7 = −17 = P 2 = P ∗ P = (x3 , y3 ) = (3, 5)Friday, October 28, 2011 21
    • Representing plaintext ‣ Let E : y 2 ≡ x3 + bx + c(mod p) ‣ Message m (representated as a number) will be embedded in the x- coordinate of a point ‣ Adjoin a few bits at the end of m and adjust until we get a number x such that x3 + bx + c is square mod pFriday, October 28, 2011 22
    • Representing plaintext (example) ‣ Let p = 179 and E : y 2 = x3 + 2x + 7 1 ‣ If failure rate of 10 then we may take K = 10 2 ‣ We need m.K + K < 179 , we need 0 ≤ m ≤ 16 ‣ Suppose our message is m = 5. We consider x of the form m.K + j = 50 + j ‣ The possible choices for x are 50, 51, .., 59. For x = 51 we get x3 + 2x + 7 ≡ 121(mod 179) 112 = 121(mod 179) ‣ Thus, we represent the message m = 5 by the point (insert encryption process) Pm = (51, 11) ￿ 51 ￿ ‣ The message m can be recovered by m= 10 =5Friday, October 28, 2011 23
    • Basic ElGamal ElGamal Encryption ElGamal Decryption INPUT: Elliptic curve domain INPUT: Domain parameters,(p, E, P, n) parameters (p, E, P, n) ,public private key d , ciphertext (C1 , C2 ) key Q , plaintext m OUTPUT: Plaintext m OUTPUT: Ciphertext (C1 , C2 ) 1. Compute M = C2 − dC1 , and 1.Represent the message m as a extract m from M point M in E(Fp ) 2. Return( m) 2.Select k ∈R [1, n − 1] 3.Compute C1 = kP 4.Compute C2 = M + kQ 5.Return (C1 , C2 )Friday, October 28, 2011 24
    • poly_prime = Time of execution: 0.013889 seconds 80000000 3 =====IN send_elgamal===== NUMBITS = 63 data (in send_gamal function) : NUMWORD = 1 0 123 setting up curve Base point x: 2e7cf965 63323eab the curve after setting up: y: 730a0498 5b456f7d form: 1 Base curve a2: 0 2 form: 1 a6: 0 1 a2: 0 2 a6: 0 1 counter = 0 inc = 1 random value: Base point 52d518f2 9979dd24 x: 2e7cf965 63323eab Random point C1 y: 730a0498 5b456f7d x: 5458cfc 12efc03c y: 52d6eb3 a6af454b create side 2s private key counter = 0 inc = 0 Side 2 secret: raw point M (after poly_embed) 10fc68f8 254d4d11 x: 0 123 y: 628f64a8 105671e3 Generate side 2s public key Their_public: x: 47a20fe7 9afa870f Side 2 public key y: 3c871ef9 9f291729 x: 47a20fe7 9afa870f hidden point (after poly_elptic_mul) y: 3c871ef9 9f291729 x: 3e2ca01d e1b52870 data = y: 523fa9bd ab463883 0 123 Hidden data (C2): x: 23f5fe99 de42125d Hide data on curve and send from side 1 to side 2 y: 68420248 dfab3f44 Random point (C1): curve before send_elgamal: x: 5458cfc 12efc03c form: 1 y: 52d6eb3 a6af454b a2: 0 2 =====OUT send_elgamal a6: 0 1 Their_public before send_elgamal: x: 47a20fe7 9afa870f y: 3c871ef9 9f291729Friday, October 28, 2011 25
    • x: 0 123 y: 628f64a8 105671e3 raw_point.x AFTER send_elgamal 0 123 curve after send_elgamal: &raw_data (point): form: 1 x: bffff5ac bffff5e8 a2: 0 2 y: 8fe018b1 0 a6: 0 1 raw_data (point): x: 0 123 Hidden data (C2) y: 0 123 x: 23f5fe99 de42125d &raw_data (field): y: 68420248 dfab3f44 bffff5ac bffff5e8 Random point (C1) raw_data (field): x: 5458cfc 12efc03c 0 123 y: 52d6eb3 a6af454b =====OUT receive elgamal Recover transmitted message sent data 0 123 IN receive_elgamal received data (field) Base curve in receive_elgamal 0 123 form: 1 a2: 0 2 a6: 0 1 Hidden_data (in receive_elgamal) : x: 23f5fe99 de42125d y: 68420248 dfab3f44 Random point x: 5458cfc 12efc03c y: 52d6eb3 a6af454b hidden_point (d*C1): x: 3e2ca01d e1b52870 y: 523fa9bd ab463883 &raw_point:Friday, October 28, 2011 26