Successfully reported this slideshow.
Upcoming SlideShare
×

# Ecc2

• Full Name
Comment goes here.

Are you sure you want to Yes No

### Ecc2

1. 1. Elliptic Curve Cryptography
2. 2. Introduction • ECC was introduced by Victor Miller and Neal Koblitz in 1985. • For DSA, RSA we need larger key length. • ECC requires significantly smaller key size with same level of security. • Benefits of having smaller key sizes : faster computations, need less storage space. • ECC ideal for constrained environments : Pagers ; PDAs ; Cellular Phones ; Smart Cards 2
3. 3. Group A group is an algebric system consisting of a set G together with a binary operation * defined on G satisfying the following axioms : 1. Closure : for all x,y in G we have x * y ∈ G 2. Associativity : for all x,y and z in G we have (x * y) * z = x * (y * z) 3. Identity : there exists an e in G such that x * e = e * x = x for all x 4. Inverse : for all x in G there exists y in G such that x * y = y * x = e In addition if for x, y in G we have x * y = y * x then we say that group G is abelian. 3
4. 4. Finite Field A finite field is an algebric system consisting of a set F together with a binary operations + and * defined on F satisfying the following axioms : 1. F is an abelian group with respect to +. 2. F {0} is an abelian group with respect to *. 3. For all x, y and z in F we have x * ( y + z) = (x * y) + (x * z) (x + y) * z = (x * z) + (y * z) The order of the finite field is the number of elements in the field. 4
5. 5. Galois Fields The polynomials Zp[x] mod p(x) where p(x) ∈ Zp[x], p(x) is irreducible, and deg(p(x)) = n (i.e., n+1 coefficients) form a finite field. Such a field has pn elements. These fields are called Galois Fields or GF(pn ). The special case n = 1 reduces to the fields Zp The multiplicative group of GF(pn )/{0} is cyclic .
6. 6. Galois Field GF(p) It is a finite field and it consists of a set of integers {0,1,2,3….p-1} where p is a prime number. Additionally it satisfies the following arithmetic operations : 1. Addition : if a, b ∈ GF(p), then a + b = r where r is the remainder of the division of a + b by p and 0<= r <= p-1. This operation is called addition modulo p. 2. Multiplication : if a, b ∈ GF(p), then a . b = s where s is the remainder of the division of a . b by p and 0<= s <= p-1. This operation is called multiplication modulo p. 6
7. 7. Galois Field GF(2m ) It is a finite field and is called binary finite field. It is a vector space of dimension m over GF(2) i.e. there exists a set of m elements {αm- 1, …,α1, α0} each αi ∈ {0,1} in GF(2m ) such that each a ∈ GF(2m ) a = αm-1xm-1 + … + α1x + α0 Additionally it satisfies the following arithmetic operations : a = {am-1,..a1,a0} and b = {bm-1,..b1,b0} ∈ GF(2m ) • Addition : a + b = c = {cm-1,..c1,c0} where ci = (ai + bi) mod 2. c ∈ GF(2m ) • Multiplication : a . b = c = {cm-1,..c1,c0} where c is the remiander of the division of the polynomial a(x) . b(x) by an irreducible polynomial of degree m. c ∈ GF(2m ) 7
8. 8. Definition of Elliptic curves An elliptic curve over a field K is a nonsingular cubic curve in two variables, f(x,y) =0 with a rational point (which may be a point at infinity). The field K is usually taken to be the complex numbers, reals, rationals, algebraic extensions of rationals, p-adic numbers, or a finite field. Elliptic curves groups for cryptography are examined with the underlying fields of Fp (where p>3 is a prime) and F2 m (a binary representation with 2m elements).
9. 9. General form of a EC An elliptic curve is a plane curve defined by an equation of the form baxxy ++= 32 Examples
10. 10. Let GF(p) be a finite field, p > 3, and let a, b ∈ GF(p) are constant such that 4a3 + 27b2 ≡ 0 (mod p). An elliptic curve, E(a,b) (GF(p)), is defined as the set of points (x,y) ∈ GF(p) * GF(p) which satisfy the equation y2 ≡ x3 + ax + b (mod p) together with a special point, O, called the point at infinity. Elliptic Curve over GF(p) 10
11. 11. P and Q be two points on E(a,b) (GF(p)) and O is the point at infinity. • P+O = O+P = P • If P = (x1 ,y1 ) then -P = (x1 ,-y1 ) and P + (-P) = O. • If P = (x1 ,y1 ) and Q = (x2 ,y2 ), and P and Q are not O. then P +Q = (x3 ,y3 ) where   x3 = λ2 - x1 - x2 y3 = λ(x1 - x2 ) - y1 and λ = (y2 -y1 )/(x2 -x1 ) if P ≠ Q Elliptic Curve over GF(p) 11
12. 12. Task 1 - Multiplication c = a.b in GF11  Compile a multiplication table for c = a . b mod 11  Determine the solutions of the equation x2 = 5 mod 11  You have about 10 minutes for this task
13. 13. Solution 1 : Multiplication c = a.b in GF11  x2 = 5 mod 11 ?  x1 = 4, x2 = 7
14. 14. Task 2 : Iterate a Point on the Elliptic Curve  Iterate the point P(2,4) lying on y2 = x3 + x + 6 mod 11:  Compute P2 = P  P by doubling the point P  Compute P3 = P  P  P = P2  P by point addition  All operations are computed in GF11
15. 15. • Elliptic curve E(a,b) (GF(2m )) is defined to be the set of points (x,y) ∈ GF(2m ) * GF(2m ) which satisfy the equation y2 + xy = x3 + ax2 + b; where a, b ∈ GF(2m ) and b≠0, together with the point on the curve at infinity, O. • The points on an elliptic curve form an abelian group under a well defined group operation. The identity of the group operation is the point O. Elliptic Curve over GF(2m ) for some m ≥ 1. 15
16. 16. Elliptic Curve over GF(2m ) for some m ≥ 1. P and Q be two points on E(a,b) (GF(2m )) and O is the point at infinity. • P+O = O+P = P • If P = (x1 ,y1 ) then -P = (x1 ,-y1 ) and P + (-P) = O. • If P = (x1 ,y1 ) and Q = (x2 ,y2 ), and P and Q are not O, then P +Q = (x3 ,y3 ): if P ≠ Q x3 = λ2 + λ + x1 + x2 + a y3 = λ(x1 + x3 ) + x3 + y1 and λ = (y1 +y2 )/(x1 +x2 ) if P = Q x3 = λ2 + λ + a y3 = x1 2 + (λ + 1)x 1 16
17. 17. What Is Elliptic Curve Cryptography (ECC)? Elliptic curve cryptography [ECC] is a public-key cryptosystem just like RSA, Rabin, and El Gamal. Every user has a public and a private key.  Public key is used for encryption/signature verification.  Private key is used for decryption/signature generation. Elliptic curves are used as an extension to other current cryptosystems.  Elliptic Curve Diffie-Hellman Key Exchange  Elliptic Curve Digital Signature Algorithm
18. 18. Using Elliptic Curves In Cryptography The central part of any cryptosystem involving elliptic curves is the elliptic group. All public-key cryptosystems have some underlying mathematical operation. RSA has exponentiation (raising the message or ciphertext to the public or private values) ECC has point multiplication (repeated addition of two points).
19. 19. Elliptic Curve Discrete Logarithm Problem (ECDLP)  Given an elliptic curve y2 = x3 + ax + b mod p and a basis point P, we can compute Q = Pk through k-1 iterative point additions.  Fast algorithms for this task exist.  Question: Is it possible to compute k when the point Q is known?  Answer: This is a hard problem known as the Elliptic Curve Discrete Logarithm.
20. 20. ECC Domain Parameters ECC domain parameters over GF(q), are a six tuple:  T = (q, a, b, G, n, h) • q = p or q = 2m • a and b ∈ GF(q) y2 ≡ x3 + ax + b (mod p) for q = p > 3 y2 + xy = x3 + ax2 + b for q = 2m ≥ 1 • a base point G = (xG ,yG ) on E(a,b)( GF(q)), • a number n which is the order of G (The order of a point P on an elliptic curve is the smallest positive integer n such that nP = O.) • h = #E/n. where #E represents number of points on elliptic curve and is called the curve order. 20
21. 21. Key Generation  Agree on the following (public):  Curve parameters (a, b)  The modulus p  Base point G (on the curve)  Pick a random integer n as private key  Calculate public key P = n*G 21
22. 22. Diffie-Hellman (DH) Key Exchange
23. 23. ECC Diffie-Hellman Public: Elliptic curve and point G=(x,y) on curve Secret: Alice’s a and Bob’s b Alice, A Bob, B a(x,y) b(x,y) • Alice computes a(b(x,y)) • Bob computes b(a(x,y)) • These are the same since ab = ba
24. 24. Example – Elliptic Curve Diffie-Hellman Exchange  Alice and Bob want to agree on a shared key.  Alice and Bob compute their public and private keys.  Alice  Private Key = nA  Public Key = PA = nA* G  Bob  Private Key = nB  Public Key = PB = nB * G  Alice and Bob send each other their public keys.  Both take the product of their private key and the other user’s public key.  Alice  KAB = PB*nA = (nB * G)*nA  Bob  KAB = PA* nB = (nA* G)*nB  Shared Secret Key = KAB = nA *nB * G
25. 25. Encryption/Decryption  Alice represents her text or data to send as a point Pm  Alice sends Bob a pair of points: Cm= {k*G, Pm + k*PB} where k = randomly chosen integer  Bob decrypts the message using his private key: Pm + k*P – nB (k*G) = Pm + k(nB *G) - nB (k*G) = Pm 25
26. 26. Example – Elliptic Curve Cryptosystem Analog to El Gamal Suppose Alice wants to send to Bob an encrypted message.  Both agree on a base point, G.  Alice and Bob create public/private keys.  Alice  Private Key = a  Public Key = PA = a* G  Bob  Private Key = b  Public Key = PB = b * G  Alice takes plaintext message, M, and encodes it onto a point, PM, from the elliptic group
27. 27. Example – Elliptic Curve Cryptosystem Analog to El Gamal Alice chooses another random integer, k from the interval [1, p-1] The ciphertext is a pair of points  CM = [ (kG), (PM + kPB) ] To decrypt, Bob computes the product of the first point from PC and his private key, b  b * (kG) Bob then takes this product and subtracts it from the second point from PC  (PM + kPB) – [b(kG)] = PM + k(bG) – b(kG) = PM Bob then decodes PM to get the message, M.
28. 28. Example – Compare to El Gamal The ciphertext is a pair of points  CM = [ (kG), (PM + kPB) ] The ciphertext in El Gamal is also a pair.  C = (gk mod p, mPB k mod p) ------------------------------------------------------------------ -Bob then takes this product and subtracts it from the second point from PC  (PM + kPB) – [b(kG)] = PM + k(bG) – b(kG) = PM In El Gamal, Bob takes the quotient of the second value and the first value raised to Bob’s private value  m = mPB k / (gk )b = mgk*b / gk*b = m
29. 29. Why use ECC? How do we analyze Cryptosystems?  How difficult is the underlying problem that it is based upon  RSA – Integer Factorization  DH – Discrete Logarithms  ECC - Elliptic Curve Discrete Logarithm problem  How do we measure difficulty?  We examine the algorithms used to solve these problems
30. 30. Security of ECC  The difficult mathematical problem is called the  elliptic curve discrete logarithm problem  That is, given P and G, (and P= n*G), find n  not susceptible to common attacks  Runs in exponential time  RSA runs in sub-exponential time
31. 31. Applications of ECC Many devices are small and have limited storage and computational power Where can we apply ECC?  Wireless communication devices  Smart cards  Web servers that need to handle many encryption sessions  Any application where security is needed but lacks the power, storage and computational power that is necessary for our current cryptosystems
32. 32. Benefits of ECC Same benefits of the other cryptosystems: confidentiality, integrity, authentication and non- repudiation but… Shorter key lengths  Encryption, Decryption and Signature Verification speed up  Storage and bandwidth savings
33. 33. Summary of ECC “Hard problem” analogous to discrete log  Q=kP, where Q,P belong to a prime curve given k,P  “easy” to compute Q given Q,P  “hard” to find k  known as the elliptic curve logarithm problem  k must be large enough ECC security relies on elliptic curve logarithm problem  compared to factoring, can use much smaller key sizes than with RSA etc  for similar security ECC offers significant computational advantages