1. Task 1: (2 points)
In your own words, explain how ECC works. Use at least one diagram
which is your own drawing. Explain the discrete log problem (DLP) in
ECC. Explain the differences of the DLP in ECC to the large integer
factorization problem in RSA. (Minimum 3 pages).
Working of ECC:
Elliptic curve cryptography (ECC) is a public key encryption technology that uses elliptic curve theory to
generate quicker, smaller, and more efficient cryptographic keys. Instead of the traditional approach of
generating keys as the product of extremely large prime numbers, ECC produces keys using the features
of the elliptic curve equation.
Most public key encryption methods, such as RSA and Diffie-Hellman, can be utilized in combination
with this technology. Some researchers believe that ECC can offer the same level of security with a 164-
bit key that other systems require with a 1,024-bit key. Because ECC allows for equal security while
consuming less computer resources and battery capacity, it is increasingly being employed in mobile
applications.
An elliptic curve is a collection of points that satisfy a mathematical equation. The equation for an elliptic
curve is y2=x3+ax+b. Elliptic Curve Cryptography (ECC) is not capable of encrypting data. ECC may be
used to negotiate keys for symmetric encryption using Elliptic Curve Diffie-Hellman key exchange, as
well as for digital signatures.
ECC operates on an elliptic curve over a finite field, which is a set of discrete points in 2D space rather
than a smooth line. These points have several intriguing qualities, such as the ability to add them in a
certain way, with the result being another point from the curve, or rather from the collection of discrete
points that is the elliptic curve over finite field.
This is how an elliptic curve may look over real numbers:
2. This is how it may look over a finite field - just a set of points:
When you deal with ordinary numbers and start adding 3 to itself, you get 6, 9, 12, 15... And so on. If I
told you that I added 3 to itself an unknown number of times and the result is 30, you'd quickly realize
that the unknown number is 10... Since 10 * 3 = 30.
If you deal with a set of points that is an elliptic curve over a finite field and conduct that specific addition
operation and add a point to itself an indefinite number of times, you will eventually arrive at some point.
But, unlike conventional numbers, it is now nearly difficult for anyone to determine how many times you
performed that addition when you tell them where you started and where you ended up - only you know
that.
ECDSA - elliptic curve digital signature algorithm - makes use of this characteristic. It cannot directly
encrypt data, but it may be used to demonstrate your knowledge of the secret - the number of times you
completed the particular elliptic curve addition. You can digitally sign a communication to establish that
it came from you and could not have been falsified by someone else.
Discrete log problem (DLP) in ECC:
Public key cryptography and key exchange protocols are frequently based on functions that are simple to
compute but difficult to reverse. The goal is to employ such a function to generate a shared secret or
another value that may be used in encryption.
In the Diffie-Hellman key exchange protocol, for example, the two sides publicly agree on a pair of
integers, g,p, such that p is prime. They next each choose a number a,b that the other side does not know.
One sends ga, while the other sends gb (all numbers modulo p ). Gabmodp may now be calculated by both
parties as a shared secret.
3. Given g,a,p, it is simple to compute c=gamodp. It is difficult to compute a given c,g,p. The "discrete
logarithm problem" is the challenge of determining the exponent. Nobody knows how to accomplish it
quickly.
The discrete logarithm problem in ECC is based on the assumption that all points on an elliptic curve form
a cyclic group under specific circumstances. The public key on an elliptic curve is a random multiple of
the generator point, whereas the private key is a randomly determined integer used to produce the multiple.
In other words, a private key is an integer picked at random, and a public key is a point on the curve. The
discrete logarithm problem is used to discover the private key (an integer) that lies between all points on
the elliptic curve. A subsequent equation demonstrates this accurately. Consider the following elliptic
curve E, which has two constituents P and T.
The discrete logarithmic problem is to find the integer d, where 1 <= d <= #E, such that: P + P + . . . +P
= d P = T.
T denotes the public key (a point on the curve), and d denotes the private key. To put it another way, the
public key is a random multiple of the generator, but the private key is the integer used to produce the
multiple. #E denotes the elliptic curve's order, which essentially signifies the number of points in the
elliptic curve's cyclic group. A cyclic group is made up of points on the elliptic curve and points at infinity.
A key pair is associated with elliptic curve domain parameters. Domain parameters include field size,
field representation, two field elements a and b, two field elements Xg and Yg, order n of point G
determined as G=(Xg, Yg), and the co-factor h = #E(Fq)/n.
DLP in ECC and Large integer factorization in RSA.
DLP in ECC:
Set of rational points satisfying some cubic equation
Group structure given by chord and tangent rule
Given E over a finite field K,
Given P 2 E(K), given Q 2 G :=< P >,
Find k 2 Z such that Q = kP.
In practice K is often a prime field, a binary field with
prime extension, or Fpn with n relatively small.
Common belief : best algorithms are generic ones
(at least for the parameters used in practice)
160-bit ECDLP ≈ 2048-bit DLP or factoring
Transferring ECDLP to a simpler" DLP problem through a group
homorphism:
MOV reduction if jGj divides qm - 1 [MOV93]
Use pairings to transfer ECDLP to DLP on Km
I Polynomial time for anomalous curves [SA98,S98,S99]
Transfer ECDLP to a p-adic elliptic logarithm if jGj = jKj
4. Weil descent for some curves over Fpn [GS99,GHS00]
Transfer ECDLP to the Jacobian of an hyper elliptic curve
Only work for specific families
Generalmethod to solve discrete logarithm problems:
Define a factor basis F ⊂ G
Relation search : find about jFj relations
aiP + biQ = X
Pj2F
eijPj
Do linear algebra modulo jGj on the relations to get
aP + bQ = 0
Define F s.t. there is an efficient" algorithm for Step 2
Balance relation search and linear algebra
Large integerfactorization in RSA:
Given a composite number n, compute its (unique)
factorization n = Q pi^ei where pi are prime numbers
Equivalently : compute one non-trivial factor pi
We will assume n = pq, where p and q are primes
Factorizationvs discrete logarithms:
Discrete logarithm and factoring algorithms are similar
Exceptions:
- Quasi-polynomial time algorithm for discrete logarithms
in small to medium characteristic
- Elliptic curve factorization method
Hardness of large characteristic field discrete logarithms
and integer factorization is comparable today