1. Elliptic Curve Cryptography - An Introduction
Marisa Paryasto
33207002
27 October 2011
Friday, October 28, 2011 1
2. What is Elliptic Curve Cryptography?
‣ Originally
proposed
by
Victor
Miller
and
Neal
Koblitz
independently
from
one
another
in
1985
‣ ECC
proposed
an
alterna@ve
to
other
public-‐key
encryp@on
algorithms,
such
as
RSA
Friday, October 28, 2011 2
3. Elliptic Curve
Called
“ellip@c”
because
of
its
rela@onship
with
ellip@c
integrals,
which
are
natural
expressions
for
the
arc
length
of
an
ellipse
y2
=
x3
+
ax
+
b
Ellip@c
curve
is
not
an
ellipse!
Friday, October 28, 2011 3
8. Elliptic Curve Cryptography
‣ Point
mul@plica@on
Q
=
kP
‣ Repeated
point
addi@on
and
doubling:
9P
=
2(2(2P))
+
P
‣ Public
key
opera@on:
Q(x,y)
=
kP(x,y)
Q
=
public
key
P
=
base
point
(curve
parameter)
k
=
private
key
n
=
order
of
P
‣ Ellip@c
curve
discrete
logarithm
Given
public
key
kP,
find
private
key
k
Friday, October 28, 2011 8
18. ‣ There
are
12
points
lying
on
the
ellip@c
curve.
Together
with
the
point
O
at
infinity,
the
points
on
the
ellip@c
curve
form
a
group
with
n
=
13
elements.
‣ n
is
called
the
order
of
the
ellip@c
curve
group
and
depends
on
the
choice
of
the
curve
parameters
a
and
b.
Friday, October 28, 2011 18
22. Representing plaintext
‣ Let E : y 2 ≡ x3 + bx + c(mod p)
‣ Message m (representated as a number) will be embedded in the x-
coordinate of a point
‣ Adjoin a few bits at the end of m and adjust until we get a number x such that
x3 + bx + c is square mod p
Friday, October 28, 2011 22
23. Representing plaintext (example)
‣ Let p = 179 and E : y 2 = x3 + 2x + 7
1
‣ If failure rate of 10 then we may take K = 10
2
‣ We need m.K + K < 179 , we need 0 ≤ m ≤ 16
‣ Suppose our message is m = 5. We consider x of the form
m.K + j = 50 + j
‣ The possible choices for x are 50, 51, .., 59. For x = 51 we get
x3 + 2x + 7 ≡ 121(mod 179) 112 = 121(mod 179)
‣ Thus, we represent the message m = 5 by the point (insert encryption process)
Pm = (51, 11)
51
‣ The message m can be recovered by m= 10 =5
Friday, October 28, 2011 23
24. Basic ElGamal
ElGamal Encryption ElGamal Decryption
INPUT: Elliptic curve domain INPUT: Domain parameters,(p, E, P, n)
parameters (p, E, P, n) ,public private key d , ciphertext (C1 , C2 )
key Q , plaintext m
OUTPUT: Plaintext m
OUTPUT: Ciphertext (C1 , C2 )
1. Compute M = C2 − dC1 , and
1.Represent the message m as a extract m from M
point M in E(Fp ) 2. Return( m)
2.Select k ∈R [1, n − 1]
3.Compute C1 = kP
4.Compute C2 = M + kQ
5.Return (C1 , C2 )
Friday, October 28, 2011 24
25. poly_prime = Time of execution: 0.013889 seconds
80000000 3 =====IN send_elgamal=====
NUMBITS = 63 data (in send_gamal function) :
NUMWORD = 1 0 123
setting up curve Base point
x: 2e7cf965 63323eab
the curve after setting up: y: 730a0498 5b456f7d
form: 1 Base curve
a2: 0 2 form: 1
a6: 0 1 a2: 0 2
a6: 0 1
counter = 0
inc = 1 random value:
Base point 52d518f2 9979dd24
x: 2e7cf965 63323eab Random point C1
y: 730a0498 5b456f7d x: 5458cfc 12efc03c
y: 52d6eb3 a6af454b
create side 2's private key counter = 0
inc = 0
Side 2 secret: raw point M (after poly_embed)
10fc68f8 254d4d11 x: 0 123
y: 628f64a8 105671e3
Generate side 2's public key Their_public:
x: 47a20fe7 9afa870f
Side 2 public key y: 3c871ef9 9f291729
x: 47a20fe7 9afa870f hidden point (after poly_elptic_mul)
y: 3c871ef9 9f291729 x: 3e2ca01d e1b52870
data = y: 523fa9bd ab463883
0 123 Hidden data (C2):
x: 23f5fe99 de42125d
Hide data on curve and send from side 1 to side 2 y: 68420248 dfab3f44
Random point (C1):
curve before send_elgamal: x: 5458cfc 12efc03c
form: 1 y: 52d6eb3 a6af454b
a2: 0 2 =====OUT send_elgamal
a6: 0 1
Their_public before send_elgamal:
x: 47a20fe7 9afa870f
y: 3c871ef9 9f291729
Friday, October 28, 2011 25
26. x: 0 123
y: 628f64a8 105671e3
raw_point.x
AFTER send_elgamal 0 123
curve after send_elgamal: raw_data (point):
form: 1 x: bffff5ac bffff5e8
a2: 0 2 y: 8fe018b1 0
a6: 0 1 raw_data (point):
x: 0 123
Hidden data (C2) y: 0 123
x: 23f5fe99 de42125d raw_data (field):
y: 68420248 dfab3f44 bffff5ac bffff5e8
Random point (C1) raw_data (field):
x: 5458cfc 12efc03c 0 123
y: 52d6eb3 a6af454b =====OUT receive elgamal
Recover transmitted message sent data
0 123
IN receive_elgamal received data (field)
Base curve in receive_elgamal 0 123
form: 1
a2: 0 2
a6: 0 1
Hidden_data (in receive_elgamal) :
x: 23f5fe99 de42125d
y: 68420248 dfab3f44
Random point
x: 5458cfc 12efc03c
y: 52d6eb3 a6af454b
hidden_point (d*C1):
x: 3e2ca01d e1b52870
y: 523fa9bd ab463883
raw_point:
Friday, October 28, 2011 26