Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Successfully reported this slideshow.

Like this presentation? Why not share!

- symmetric key encryption algorithms by Rashmi Burugupalli 5143 views
- Cryptography and Message Authentica... by koolkampus 10715 views
- Alice & bob public key cryptograph... by Joshua Thijssen 2777 views
- ECC Elliptic Curve Cryptography Enc... by CheapSSLsecurity 622 views
- Public key cryptography and RSA by Shafaan Khaliq 5385 views
- Zero to ECC in 30 Minutes: A primer... by Entrust Datacard 1328 views

No Downloads

Total views

1,024

On SlideShare

0

From Embeds

0

Number of Embeds

10

Shares

0

Downloads

78

Comments

3

Likes

1

No notes for slide

- 1. Elliptic Curve Cryptography
- 2. Introduction • ECC was introduced by Victor Miller and Neal Koblitz in 1985. • For DSA, RSA we need larger key length. • ECC requires significantly smaller key size with same level of security. • Benefits of having smaller key sizes : faster computations, need less storage space. • ECC ideal for constrained environments : Pagers ; PDAs ; Cellular Phones ; Smart Cards 2
- 3. Group A group is an algebric system consisting of a set G together with a binary operation * defined on G satisfying the following axioms : 1. Closure : for all x,y in G we have x * y ∈ G 2. Associativity : for all x,y and z in G we have (x * y) * z = x * (y * z) 3. Identity : there exists an e in G such that x * e = e * x = x for all x 4. Inverse : for all x in G there exists y in G such that x * y = y * x = e In addition if for x, y in G we have x * y = y * x then we say that group G is abelian. 3
- 4. Finite Field A finite field is an algebric system consisting of a set F together with a binary operations + and * defined on F satisfying the following axioms : 1. F is an abelian group with respect to +. 2. F {0} is an abelian group with respect to *. 3. For all x, y and z in F we have x * ( y + z) = (x * y) + (x * z) (x + y) * z = (x * z) + (y * z) The order of the finite field is the number of elements in the field. 4
- 5. Galois Fields The polynomials Zp[x] mod p(x) where p(x) ∈ Zp[x], p(x) is irreducible, and deg(p(x)) = n (i.e., n+1 coefficients) form a finite field. Such a field has pn elements. These fields are called Galois Fields or GF(pn ). The special case n = 1 reduces to the fields Zp The multiplicative group of GF(pn )/{0} is cyclic .
- 6. Galois Field GF(p) It is a finite field and it consists of a set of integers {0,1,2,3….p-1} where p is a prime number. Additionally it satisfies the following arithmetic operations : 1. Addition : if a, b ∈ GF(p), then a + b = r where r is the remainder of the division of a + b by p and 0<= r <= p-1. This operation is called addition modulo p. 2. Multiplication : if a, b ∈ GF(p), then a . b = s where s is the remainder of the division of a . b by p and 0<= s <= p-1. This operation is called multiplication modulo p. 6
- 7. Galois Field GF(2m ) It is a finite field and is called binary finite field. It is a vector space of dimension m over GF(2) i.e. there exists a set of m elements {αm- 1, …,α1, α0} each αi ∈ {0,1} in GF(2m ) such that each a ∈ GF(2m ) a = αm-1xm-1 + … + α1x + α0 Additionally it satisfies the following arithmetic operations : a = {am-1,..a1,a0} and b = {bm-1,..b1,b0} ∈ GF(2m ) • Addition : a + b = c = {cm-1,..c1,c0} where ci = (ai + bi) mod 2. c ∈ GF(2m ) • Multiplication : a . b = c = {cm-1,..c1,c0} where c is the remiander of the division of the polynomial a(x) . b(x) by an irreducible polynomial of degree m. c ∈ GF(2m ) 7
- 8. Definition of Elliptic curves An elliptic curve over a field K is a nonsingular cubic curve in two variables, f(x,y) =0 with a rational point (which may be a point at infinity). The field K is usually taken to be the complex numbers, reals, rationals, algebraic extensions of rationals, p-adic numbers, or a finite field. Elliptic curves groups for cryptography are examined with the underlying fields of Fp (where p>3 is a prime) and F2 m (a binary representation with 2m elements).
- 9. General form of a EC An elliptic curve is a plane curve defined by an equation of the form baxxy ++= 32 Examples
- 10. Let GF(p) be a finite field, p > 3, and let a, b ∈ GF(p) are constant such that 4a3 + 27b2 ≡ 0 (mod p). An elliptic curve, E(a,b) (GF(p)), is defined as the set of points (x,y) ∈ GF(p) * GF(p) which satisfy the equation y2 ≡ x3 + ax + b (mod p) together with a special point, O, called the point at infinity. Elliptic Curve over GF(p) 10
- 11. P and Q be two points on E(a,b) (GF(p)) and O is the point at infinity. • P+O = O+P = P • If P = (x1 ,y1 ) then -P = (x1 ,-y1 ) and P + (-P) = O. • If P = (x1 ,y1 ) and Q = (x2 ,y2 ), and P and Q are not O. then P +Q = (x3 ,y3 ) where x3 = λ2 - x1 - x2 y3 = λ(x1 - x2 ) - y1 and λ = (y2 -y1 )/(x2 -x1 ) if P ≠ Q Elliptic Curve over GF(p) 11
- 12. Task 1 - Multiplication c = a.b in GF11 Compile a multiplication table for c = a . b mod 11 Determine the solutions of the equation x2 = 5 mod 11 You have about 10 minutes for this task
- 13. Solution 1 : Multiplication c = a.b in GF11 x2 = 5 mod 11 ? x1 = 4, x2 = 7
- 14. Task 2 : Iterate a Point on the Elliptic Curve Iterate the point P(2,4) lying on y2 = x3 + x + 6 mod 11: Compute P2 = P P by doubling the point P Compute P3 = P P P = P2 P by point addition All operations are computed in GF11
- 15. • Elliptic curve E(a,b) (GF(2m )) is defined to be the set of points (x,y) ∈ GF(2m ) * GF(2m ) which satisfy the equation y2 + xy = x3 + ax2 + b; where a, b ∈ GF(2m ) and b≠0, together with the point on the curve at infinity, O. • The points on an elliptic curve form an abelian group under a well defined group operation. The identity of the group operation is the point O. Elliptic Curve over GF(2m ) for some m ≥ 1. 15
- 16. Elliptic Curve over GF(2m ) for some m ≥ 1. P and Q be two points on E(a,b) (GF(2m )) and O is the point at infinity. • P+O = O+P = P • If P = (x1 ,y1 ) then -P = (x1 ,-y1 ) and P + (-P) = O. • If P = (x1 ,y1 ) and Q = (x2 ,y2 ), and P and Q are not O, then P +Q = (x3 ,y3 ): if P ≠ Q x3 = λ2 + λ + x1 + x2 + a y3 = λ(x1 + x3 ) + x3 + y1 and λ = (y1 +y2 )/(x1 +x2 ) if P = Q x3 = λ2 + λ + a y3 = x1 2 + (λ + 1)x 1 16
- 17. What Is Elliptic Curve Cryptography (ECC)? Elliptic curve cryptography [ECC] is a public-key cryptosystem just like RSA, Rabin, and El Gamal. Every user has a public and a private key. Public key is used for encryption/signature verification. Private key is used for decryption/signature generation. Elliptic curves are used as an extension to other current cryptosystems. Elliptic Curve Diffie-Hellman Key Exchange Elliptic Curve Digital Signature Algorithm
- 18. Using Elliptic Curves In Cryptography The central part of any cryptosystem involving elliptic curves is the elliptic group. All public-key cryptosystems have some underlying mathematical operation. RSA has exponentiation (raising the message or ciphertext to the public or private values) ECC has point multiplication (repeated addition of two points).
- 19. Elliptic Curve Discrete Logarithm Problem (ECDLP) Given an elliptic curve y2 = x3 + ax + b mod p and a basis point P, we can compute Q = Pk through k-1 iterative point additions. Fast algorithms for this task exist. Question: Is it possible to compute k when the point Q is known? Answer: This is a hard problem known as the Elliptic Curve Discrete Logarithm.
- 20. ECC Domain Parameters ECC domain parameters over GF(q), are a six tuple: T = (q, a, b, G, n, h) • q = p or q = 2m • a and b ∈ GF(q) y2 ≡ x3 + ax + b (mod p) for q = p > 3 y2 + xy = x3 + ax2 + b for q = 2m ≥ 1 • a base point G = (xG ,yG ) on E(a,b)( GF(q)), • a number n which is the order of G (The order of a point P on an elliptic curve is the smallest positive integer n such that nP = O.) • h = #E/n. where #E represents number of points on elliptic curve and is called the curve order. 20
- 21. Key Generation Agree on the following (public): Curve parameters (a, b) The modulus p Base point G (on the curve) Pick a random integer n as private key Calculate public key P = n*G 21
- 22. Diffie-Hellman (DH) Key Exchange
- 23. ECC Diffie-Hellman Public: Elliptic curve and point G=(x,y) on curve Secret: Alice’s a and Bob’s b Alice, A Bob, B a(x,y) b(x,y) • Alice computes a(b(x,y)) • Bob computes b(a(x,y)) • These are the same since ab = ba
- 24. Example – Elliptic Curve Diffie-Hellman Exchange Alice and Bob want to agree on a shared key. Alice and Bob compute their public and private keys. Alice Private Key = nA Public Key = PA = nA* G Bob Private Key = nB Public Key = PB = nB * G Alice and Bob send each other their public keys. Both take the product of their private key and the other user’s public key. Alice KAB = PB*nA = (nB * G)*nA Bob KAB = PA* nB = (nA* G)*nB Shared Secret Key = KAB = nA *nB * G
- 25. Encryption/Decryption Alice represents her text or data to send as a point Pm Alice sends Bob a pair of points: Cm= {k*G, Pm + k*PB} where k = randomly chosen integer Bob decrypts the message using his private key: Pm + k*P – nB (k*G) = Pm + k(nB *G) - nB (k*G) = Pm 25
- 26. Example – Elliptic Curve Cryptosystem Analog to El Gamal Suppose Alice wants to send to Bob an encrypted message. Both agree on a base point, G. Alice and Bob create public/private keys. Alice Private Key = a Public Key = PA = a* G Bob Private Key = b Public Key = PB = b * G Alice takes plaintext message, M, and encodes it onto a point, PM, from the elliptic group
- 27. Example – Elliptic Curve Cryptosystem Analog to El Gamal Alice chooses another random integer, k from the interval [1, p-1] The ciphertext is a pair of points CM = [ (kG), (PM + kPB) ] To decrypt, Bob computes the product of the first point from PC and his private key, b b * (kG) Bob then takes this product and subtracts it from the second point from PC (PM + kPB) – [b(kG)] = PM + k(bG) – b(kG) = PM Bob then decodes PM to get the message, M.
- 28. Example – Compare to El Gamal The ciphertext is a pair of points CM = [ (kG), (PM + kPB) ] The ciphertext in El Gamal is also a pair. C = (gk mod p, mPB k mod p) ------------------------------------------------------------------ -Bob then takes this product and subtracts it from the second point from PC (PM + kPB) – [b(kG)] = PM + k(bG) – b(kG) = PM In El Gamal, Bob takes the quotient of the second value and the first value raised to Bob’s private value m = mPB k / (gk )b = mgk*b / gk*b = m
- 29. Why use ECC? How do we analyze Cryptosystems? How difficult is the underlying problem that it is based upon RSA – Integer Factorization DH – Discrete Logarithms ECC - Elliptic Curve Discrete Logarithm problem How do we measure difficulty? We examine the algorithms used to solve these problems
- 30. Security of ECC The difficult mathematical problem is called the elliptic curve discrete logarithm problem That is, given P and G, (and P= n*G), find n not susceptible to common attacks Runs in exponential time RSA runs in sub-exponential time
- 31. Applications of ECC Many devices are small and have limited storage and computational power Where can we apply ECC? Wireless communication devices Smart cards Web servers that need to handle many encryption sessions Any application where security is needed but lacks the power, storage and computational power that is necessary for our current cryptosystems
- 32. Benefits of ECC Same benefits of the other cryptosystems: confidentiality, integrity, authentication and non- repudiation but… Shorter key lengths Encryption, Decryption and Signature Verification speed up Storage and bandwidth savings
- 33. Summary of ECC “Hard problem” analogous to discrete log Q=kP, where Q,P belong to a prime curve given k,P “easy” to compute Q given Q,P “hard” to find k known as the elliptic curve logarithm problem k must be large enough ECC security relies on elliptic curve logarithm problem compared to factoring, can use much smaller key sizes than with RSA etc for similar security ECC offers significant computational advantages

No public clipboards found for this slide

Login to see the comments