SlideShare a Scribd company logo

Elliptic curve cryptography explained

Entrust Datacard
Entrust Datacard

Elliptic curve cryptography uses points on elliptic curves as a basis for public-key cryptography. The document discusses: 1) Elliptic curves take the form y^2 = x^3 + ax + b and have certain geometric properties that allow points on the curve to be combined via an "addition" operation. 2) To perform computations, points must have discrete coordinates from a finite field rather than continuous real numbers. Commonly the field of integers modulo a prime p is used. 3) The set of points on the curve forms an abelian group under the addition operation, with the point at infinity as the identity element. Certain points can generate all other points on the curve.

Technology
1 of 23
Download to read offline
1© Entrust Inc. All Rights Reserved. 1 Zero to ECC in 30 Minutes A primer on elliptic curve cryptography © Entrust Inc. All Rights Reserved.
2© Entrust Inc. All Rights Reserved. 2 Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. You should not act or abstain from acting based upon such information without first consulting a professional. ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS O F THE INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED "AS IS" WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A SPECIFIC PURPOSE. © 2014 Entrust. All rights reserved.
3© Entrust Inc. All Rights Reserved. 3 Table of Contents What is Elliptic Curve Cryptography?.................4 Elliptic Curves .......................................................5 Arithmetic on Elliptic Curves...............................7 Discrete Points on an Elliptic Curve ...................9 Elliptic Curve Points Form a Group ..................13 The Group Operation..........................................17 Integer Multiplication of Elliptic Curve Points..20 Real-World Elliptic-Curve Cryptography ..........21 One-Way Function Based on Elliptic Curves ...22 Entrust & You ......................................................23
4© Entrust Inc. All Rights Reserved. 4 What is Elliptic Curve Cryptography? Elliptic curve cryptography, or ECC, is one of several public-key cryptosystems that depend, for their security, on the difficulty of the discrete logarithm problem. Public-key cryptosystems of this type are based upon a one-way function; a function for which the output corresponding to a particular input is easy to calculate, but for which the input corresponding to a particular output is computationally infeasible to calculate. The required one-way function is created by repeatedly applying an operation to one element in a group of elements. The input to the one- way function is the number of times the operation is to be applied, and this is computationally infeasible to determine by someone who only knows the element to which the operation is applied and the resulting output. In the earliest form of public-key cryptosystem, the chosen group comprised the set of integers from 1 … p-1, where p was a large prime number, and the group operation was multiplication of two integers modulo p. In elliptic-curve cryptosystems, the chosen group elements are points on an elliptic curve. And, the group operation is addition of two points.
5© Entrust Inc. All Rights Reserved. 5 Elliptic Curves The most common elliptic curve equation for cryptographic applications takes the following form: y2 = x3 + ax + b But, for those of us whose knowledge of mathematics is a bit rusty, it provides little insight into why this particular form of curve is useful in cryptographic applications. First, the fact that the term in y is squared means that the curve is symmetrical about the x axis; i.e., for every positive value of y, there is a corresponding negative value with the same x coordinate. Also, the fact that the highest order term in x is x-cubed means that, for certain values of a and b, there is exactly one point of inflection in the line on each side of the x axis. The inflection points are located where the line crosses the y axis. An inflection point is a point on a curve where the curvature switches sign; the line curves one way on one side of the point and the other way on the other side. In other words, the curve has a wobble in it. Figure 1 shows an example curve for particular values of a and b (a = 3, b = 1). The symmetry about the x axis is clear to see. Elliptic curve cryptography, or ECC, is one of several public-key cryptosystems that depend, for their security, on the difficulty of the discrete logarithm problem. ” “ Figure 1: Example elliptic curve.
6© Entrust Inc. All Rights Reserved. 6 Figure 2: Points of inflection. Figure 3: Straight line intersects the curve in three places. And, we can also see the points of inflection in Figure 2. A necessary consequence for curves with these two properties is that a straight line that crosses the curve in two places also crosses the curve in exactly one other place, Figure 3. There is a notable exception to this rule for vertical lines, which either cross the curve in just two places or in one place (in the case where the line is the vertical tangent). We will be coming back to this later on.
7© Entrust Inc. All Rights Reserved. 7 Figure 4: Calculating the result of point addition. Arithmetic on Elliptic Curves The fact of three intersection points raises the intriguing possibility of doing arithmetic using points on the curve; two points could be combined in an operation that results in a third point. We call the operation of finding the resulting point "addition" (addition of the two other points), although it bears no resemblance to the familiar operation of addition with numbers. The operation of adding two points involves finding the third point of intersection between the curve and the straight line passing through the two points that are being added, then reflecting the result in the x axis. This produces another point on the curve, see Figure 4. The reflection step is included so that a point can be added to itself repeatedly (i.e., multiplied by an integer) without falling into a short repeating cycle. The mathematics involved in understanding and implementing point addition on an elliptic curve are taught in the high-school curriculum, see Figure 4. In the diagram, s is the slope of the straight line, and (x3,y3) are the coordinates of the point that is the sum of the two points (x1,y1) and (x2,y2). Calculating s and y3 uses elementary results in the geometry of triangles, whereas calculating x3 depends on finding the roots of a cubic equation. Both of these topics should be familiar to the high-school math student.
8© Entrust Inc. All Rights Reserved. 8 Figure 5: Calculating the result of point doubling. Adding a point to itself is also known as doubling the point, and it involves finding a second point where the tangent at the first point intersects the curve, and then reflecting that point in the x-axis, as in Figure 5. As above, calculating s and y2 uses elementary results in the geometry of triangles, and calculating x2 involves solving a cubic equation.
9© Entrust Inc. All Rights Reserved. 9 Discrete Points on an Elliptic Curve Performing mathematics with points whose coordinates are real numbers is of little value in cryptographic applications, because computer systems don't deal predictably with real numbers. What we need is a large, but finite, set of discrete values, such as the elements of a "field." A field is a set of elements that is "closed" under the operations of addition, subtraction, multiplication and division that we require for the point addition calculations. Closure means that, after applying any of the field operations to elements of the field, the result is also an element of the field. By choosing to use a field, we preserve the additive property possessed by real points on the elliptic curve, but the field elements are discrete and finite, and therefore they are amenable to manipulation by a computer with repeatable results. Mathematical identities (i.e., equations) are preserved when field elements and operations are substituted for real numbers and the corresponding real operations. In this way, calculating the third intersection point of a line, for which the coordinates of the other two intersection points are field elements, results in a third point whose coordinates are also field elements. Therefore, the result of adding discrete points is predictable and precise; just what we need for a cryptographic primitive. The integers modulo a prime, p, form a suitable field. Polynomials with binary coefficients modulo an irreducible polynomial also form a suitable field. But, we won't discuss that possibility any further here; we'll limit our discussion to the more common case of fields over the integers modulo p.
10© Entrust Inc. All Rights Reserved. 10 The set of points inherits the properties of the elliptic curve, such as straight lines intersecting in three places. So, in order to add two points, all we need do is perform the geometric calculations required for point addition in the set of integers mod p. Operations mod p are similar, but not quite identical to the equivalent and familiar operations over the integers. Addition, for instance is the same, except that, in the event the result is greater than or equal to p, p is subtracted, so that the result falls in the range 0 .. p - 1. Similarly for subtraction, if the result of subtraction is less than 0, then p is added, so the result, again, falls in the range 0 .. p - 1. In the case of multiplication, the two numbers are multiplied and then the remainder is taken after division by p. Again, the result falls in the range 0 .. p - 1. Division is a bit more complicated. Every number in the range 1 .. p-1 has a “multiplicative inverse.” When a number is multiplied by its multiplicative inverse, the result is 1 mod p. For instance, the inverse of 13 mod 23 is 16, because 13 x 16 is 208, which is 9 x 23 + 1. So, instead of directly dividing one number by another, the first number has to be multiplied by the multiplicative inverse of the second number. For example, 12 / 13 mod 23 = 12 x 16 mod 23 = 8 mod 23. That is, in the field of integers mod 23, 12 divided by 13 is 8. As with real numbers, division by zero is undefined.
11© Entrust Inc. All Rights Reserved. 11 Figure 6: Discrete points on the curve. Figure 6 shows all of the points that satisfy the elliptic curve equation: y2 = x3 + 3x + 1 with coordinates over the integers mod p, where p is 23. To illustrate: when x is 11, y2 = (1331 + 3 x 11 + 1) mod 23 = 8, and so y = √8 = 10 or 13 since 10 x 10 mod 23 = 8, and 13 x 13 mod 23 = 8
12© Entrust Inc. All Rights Reserved. 12 The continuous line in Figure 6 is the original curve through this region of the x-y plane. Note that, with the exception of the point (0,1), none of the points are congruent with a solution of the curve equation over the real numbers, either in this region or any other region of the curve for that matter. Also note that not every x value has a solution; for these values of x the right-hand side of the curve equation is not a perfect square. Further note that the points form pairs arranged symmetrically about the horizontal line, y = p/2. So, there must be an even number of points. This is because, for every x that has a solution on the curve, there are two solutions: y and –y, and taken mod p, -y = p - y. In what follows, we will use uppercase bold characters to indicate curve points and lowercase normal characters to indicate integers.
13© Entrust Inc. All Rights Reserved. 13 Elliptic Curve Points Form a Group The curve over the real numbers serves no further purpose at this point, so our discussion will be limited to points with integer coordinates in the range 0 .. p-1. With one caveat, these points form a finite ‘group.’ Like a field, a group contains a set of elements. But, unlike a field, which defines four operations, a group defines just one operation (the group operation). And, under this operation, the group is closed (i.e., when two group elements are combined by the group operation, the result is another group element). In order for the set of points to form a group, it must have an "identity element.” This is also known as the notional "point at infinity," designated by 0. Remember that the points come in pairs, arranged symmetrically about the horizontal y = p/2 line. Each element of the pair is the additive inverse of its partner (i.e., when they are added together, the result is 0). When we join a point P to its additive inverse (-P), we get a vertical line, which also goes through the "point at infinity." By including the "point at infinity" (or identity element) in the set of points, we complete the group with order (i.e., the number of group elements) 'q.' In our example, q has the value fifteen. P + (-P) = O and P + O = P Because the coordinates of a point are field elements, the operation of adding curve points still works. But, the formulae from Figure 4 have to be modified as follows in order to calculate the coordinates of the point that is the sum of two points. s = (y2 – y1).(x2 – x1)-1 mod p x3 = s2 – x2 – x1 mod p y3 = -y2 + s.(x2 – x3) mod p
14© Entrust Inc. All Rights Reserved. 14 Figure 7: Points are multiples of a "generator." Similarly, the formulae of Figure 5 have to be modified as follows to calculate the coordinates of the point that is the double of another point: s = (3x1 2 + a).(2y1)-1 mod p x2 = s2 – 2x1 mod p y2 = -y1 + s.(x1 – x2) mod p No matter which two points are chosen as input, the result is always another point. Note that b does not appear in these formulae, and a only appears in the formulae for point doubling. Certain points are called "generators," because their multiples generate every point in the group (see Figure 7). Points in the group are generated by successively applying the group operation (point addition) to a point called a generator (alternatively called a base point). For instance, if we choose the point (11,13), its multiples generate fifteen points.
15© Entrust Inc. All Rights Reserved. 15 Figure 8: Not all points are generators. Beyond 15, the cycle of points repeats such that 16G = G, 17G = 2G, etc. Not all points are generators, however (see Figure 8). If we choose the point (0,1), for instance, its multiples generate five points, so the order of the sub-group generated by the point (0,1) is only five. Even if p is large, it is not guaranteed that a particular sub-group will be large too.
16© Entrust Inc. All Rights Reserved. 16 Figure 9: Points of the curve: y 2 = x 3 + 5x + 1 mod 23. But, if the order of the group is a prime number, then every point is a multiple of every other point except the point at infinity. As an example, in Figure 9 this curve has fifteen pairs of points, plus the point at infinity, making a total of 31, which is a prime number. Hence, all points, with the exception of the point at infinity, are generators; generating a group of order 31, and there are no smaller sub-groups.
17© Entrust Inc. All Rights Reserved. 17 The Group Operation When points are expressed as multiples of a generator, they can be added by adding the multiples modulo q. So, going back to our example from Figure 6, for instance: 11G + 3G = 14G 13G + 12G = 10G See Figure 10 and Figure 11. Figure 10: Point addition: 11G + 3G = 14G.
18© Entrust Inc. All Rights Reserved. 18 From these examples, we can see that point addition displays the 'distributive' property, in that iG + jG = (i + j)G The order of the group, q, is determined by the parameters of the curve and the field modulus, and it is the group order that determines the security of any cryptographic schemes based on the curve. In our simple example, it would be possible to hold all of the points in computer memory, and perform operations on the points directly. But, in real-world cryptographic applications, there are so many points that this isn't possible. Instead, the points have to be calculated as they are needed. Figure 11: Point addition: 13G + 12G = 10G.
19© Entrust Inc. All Rights Reserved. 19 And because there are q-squared ways of choosing pairs of points, and only q possible results, many combinations produce the same result. For instance: 8G + 10G = 3G, and 6G + 12G =3G A point can also be doubled by adding it to itself: 2 x 9G = 9G + 9G = 3G Figure 12: Point addition: 8G + 10G = 3G. Figure 13: Point doubling: 2 x 9G = 3G.
20© Entrust Inc. All Rights Reserved. 20 Integer Multiplication of Elliptic Curve Points The primitive operation used in all elliptic-curve public-key cryptographic applications is multiplication of a point by an integer. This involves repeated application of the point-doubling and point- addition operations; the number of operations being determined by the number of bits in the binary representation of the integer multiplier. Each bit of the multiplier is processed separately and sequentially. The outcome of processing each bit of the multiplier results from a doubling of the outcome of processing the previous bit and an optional addition of the base point, depending on the value of the current bit of the multiplier. Representing n in binary form with m+1 bits, then: n = n0 + n1.2 + n2.22 + ... + nm.2m where [n0 .. nm] are bits {0,1} The algorithm for calculating P = nG is: P := 0 for i from m to 0 do P := 2P if ni == 1 then P := P + G return P If, for example, n were a 256-bit number, then this algorithm would require a maximum of 512 elliptic-curve operations, whereas the naïve approach of adding G to itself n-1 times would require (at least) an impossible 2255 -1 operations. Because the “if” statement depends on the value of one bit from n, the uncertainty in the path leading to the final result is 2m . For m of sufficient size, it becomes impossible in practice to figure out the value of n required to multiply G in order to obtain P. Attempting to calculate n from P and G is known as the elliptic-curve discrete logarithm problem.
21© Entrust Inc. All Rights Reserved. 21 Real-World Elliptic-Curve Cryptography Of course, the example curve we have been using, with a = 3 and b = 1, is too trivial for use in real cryptographic applications. For comparison, here is the parameter set for a real-world cryptographic elliptic-curve: the P-256 curve specified by NIST. a = -3 b = 5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b p = 115792089210356248762697446949407573530086143415290314195533631308867097853951 The x and y coordinates of the base point are: gx = 6b17d1f2 e12c4247 f8bce6e5 77037d81 2deb33a0 f4a13945 d898c296 gy = 4fe342e2 fe1a7f9b 8ee7eb4a 2bce3357 6b315ece cbb64068 37bf51f5 p is expressed as a decimal number, whereas a, b and G are expressed in hexadecimal. In order to ensure that the designers have not deliberately specified a curve with a hard-to-detect weakness, a known one-way function was used in the calculation of the curve parameter b, and the input to the function has been published as part of the design documentation. In this way, the designers were not able to fix the parameter directly in order to incorporate a weakness.
22© Entrust Inc. All Rights Reserved. 22 One-Way Function Based on Elliptic Curves From the foregoing we see how points on an elliptic-curve with coordinates over a field modulo a prime, p, can form a group, and how a group can be used to construct a one-way function suitable for use in cryptographic applications. Graphically, we can depict the one way function as shown in Figure 17. Here, the thick lines represent curve points, and thin lines represent integers. While it is straightforward to calculate nG, given n and G, it is computationally infeasible to find n, given G and nG. These are just the properties we need in a practical cryptographic primitive with which we can build strong cryptographic mechanisms. Figure 14: One-way function
23© Entrust Inc. All Rights Reserved. 23 Company Facts Website: www.entrust.com Employees: 359 Customers: 5,000 Offices: 10 Globally Headquarters Three Lincoln Centre 5430 LBJ Freeway, Suite 1250 Dallas, Texas 75240 Sales North America: 1-888-690-2424 EMEA: +44 (0) 118 953 3000 Email: entrust@entrust.com Entrust & You More than ever, Entrust understands your organization’s security pain points. Whether it’s the protection of information, securing online customers, regulatory compliance or large-scale government projects, Entrust provides identity-based security solutions that are not only proven in real-world environments, but cost-effective in today’s uncertain economic climate. Entrust offers software authentication platforms that strengthen security in a wide range of identity and transaction ecosystems. Government agencies, financial institutions and other enterprises rely on Entrust solutions to strengthen trust and reduce complexity for consumers, citizens and employees. Now, as part of Datacard Group, Entrust offers an expanded portfolio of solutions across more than 150 countries. Together, Datacard Group and Entrust issue more than 10 million secure identities every day, manage billions of secure transactions annually and issue a majority of the world’s financial cards. For more information about Entrust products and services, call 888-690-2424, email entrust@entrust.com or visit entrust.com. 30066-1-0314

Recommended

Chapter3 hundred page machine learning
Chapter3 hundred page machine learningChapter3 hundred page machine learning
Chapter3 hundred page machine learningmustafa sarac
 
Master of Computer Application (MCA) – Semester 4 MC0079
Master of Computer Application (MCA) – Semester 4 MC0079Master of Computer Application (MCA) – Semester 4 MC0079
Master of Computer Application (MCA) – Semester 4 MC0079Aravind NC
 
Mc0079 computer based optimization methods--phpapp02
Mc0079 computer based optimization methods--phpapp02Mc0079 computer based optimization methods--phpapp02
Mc0079 computer based optimization methods--phpapp02Rabby Bhatt
 
Mathematical Modeling for Practical Problems
Mathematical Modeling for Practical ProblemsMathematical Modeling for Practical Problems
Mathematical Modeling for Practical ProblemsLiwei Ren任力偉
 
Unit 7.2
Unit 7.2Unit 7.2
Unit 7.2Mark Ryder
 
Solving Inequalities (Algebra 2)
Solving Inequalities (Algebra 2)Solving Inequalities (Algebra 2)
Solving Inequalities (Algebra 2)rfant
 
Unit .5
Unit .5Unit .5
Unit .5Mark Ryder
 
mathematical model
mathematical modelmathematical model
mathematical modelKt Silva
 

Recommended

Chapter3 hundred page machine learning
Chapter3 hundred page machine learningChapter3 hundred page machine learning
Chapter3 hundred page machine learningmustafa sarac
 
Master of Computer Application (MCA) – Semester 4 MC0079
Master of Computer Application (MCA) – Semester 4 MC0079Master of Computer Application (MCA) – Semester 4 MC0079
Master of Computer Application (MCA) – Semester 4 MC0079Aravind NC
 
Mc0079 computer based optimization methods--phpapp02
Mc0079 computer based optimization methods--phpapp02Mc0079 computer based optimization methods--phpapp02
Mc0079 computer based optimization methods--phpapp02Rabby Bhatt
 
Mathematical Modeling for Practical Problems
Mathematical Modeling for Practical ProblemsMathematical Modeling for Practical Problems
Mathematical Modeling for Practical ProblemsLiwei Ren任力偉
 
Unit 7.2
Unit 7.2Unit 7.2
Unit 7.2Mark Ryder
 
Solving Inequalities (Algebra 2)
Solving Inequalities (Algebra 2)Solving Inequalities (Algebra 2)
Solving Inequalities (Algebra 2)rfant
 
Unit .5
Unit .5Unit .5
Unit .5Mark Ryder
 
mathematical model
mathematical modelmathematical model
mathematical modelKt Silva
 
Application of interpolation in CSE
Application of interpolation in CSEApplication of interpolation in CSE
Application of interpolation in CSEMd. Tanvir Hossain
 
P
PP
PMark Ryder
 
Unit 1.1
Unit 1.1Unit 1.1
Unit 1.1Mark Ryder
 
Unit 1.3
Unit 1.3Unit 1.3
Unit 1.3Mark Ryder
 
Unit .4
Unit .4Unit .4
Unit .4Mark Ryder
 
Unit 2.7
Unit 2.7Unit 2.7
Unit 2.7Mark Ryder
 
M141 midtermreviewch2ch3su10
M141 midtermreviewch2ch3su10M141 midtermreviewch2ch3su10
M141 midtermreviewch2ch3su10Jessica Conner
 
Unit 2.1
Unit 2.1Unit 2.1
Unit 2.1Mark Ryder
 
Unit 1.6
Unit 1.6Unit 1.6
Unit 1.6Mark Ryder
 
Unit 7.3
Unit 7.3Unit 7.3
Unit 7.3Mark Ryder
 
Unit 1.5
Unit 1.5Unit 1.5
Unit 1.5Mark Ryder
 
Linear functions and modeling
Linear functions and modelingLinear functions and modeling
Linear functions and modelingIVY SOLIS
 
Roots of equations
Roots of equations Roots of equations
Roots of equations shopnohinami
 
Unit 2.5
Unit 2.5Unit 2.5
Unit 2.5Mark Ryder
 
Unit .2
Unit .2Unit .2
Unit .2Mark Ryder
 
Distributive Property (Algebra 1)
Distributive Property (Algebra 1)Distributive Property (Algebra 1)
Distributive Property (Algebra 1)rfant
 
Unit 7.4
Unit 7.4Unit 7.4
Unit 7.4Mark Ryder
 
Unit .7
Unit .7Unit .7
Unit .7Mark Ryder
 
Ch01 se
Ch01 seCh01 se
Ch01 separulian
 
MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...
MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...
MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...gerogepatton
 
Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationVittorio Giovara
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardtarekiceiuk
 

More Related Content

What's hot

Application of interpolation in CSE
Application of interpolation in CSEApplication of interpolation in CSE
Application of interpolation in CSEMd. Tanvir Hossain
 
M141 midtermreviewch2ch3su10
M141 midtermreviewch2ch3su10M141 midtermreviewch2ch3su10
M141 midtermreviewch2ch3su10Jessica Conner
 
Linear functions and modeling
Linear functions and modelingLinear functions and modeling
Linear functions and modelingIVY SOLIS
 
Roots of equations
Roots of equations Roots of equations
Roots of equations shopnohinami
 
Distributive Property (Algebra 1)
Distributive Property (Algebra 1)Distributive Property (Algebra 1)
Distributive Property (Algebra 1)rfant
 
MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...
MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...
MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...gerogepatton
 

What's hot (20)

Application of interpolation in CSE
Application of interpolation in CSEApplication of interpolation in CSE
Application of interpolation in CSE
 
P
PP
P
 
Unit 1.1
Unit 1.1Unit 1.1
Unit 1.1
 
Unit 1.3
Unit 1.3Unit 1.3
Unit 1.3
 
Unit .4
Unit .4Unit .4
Unit .4
 
Unit 2.7
Unit 2.7Unit 2.7
Unit 2.7
 
M141 midtermreviewch2ch3su10
M141 midtermreviewch2ch3su10M141 midtermreviewch2ch3su10
M141 midtermreviewch2ch3su10
 
Unit 2.1
Unit 2.1Unit 2.1
Unit 2.1
 
Unit 1.6
Unit 1.6Unit 1.6
Unit 1.6
 
Unit 7.3
Unit 7.3Unit 7.3
Unit 7.3
 
Unit 1.5
Unit 1.5Unit 1.5
Unit 1.5
 
Linear functions and modeling
Linear functions and modelingLinear functions and modeling
Linear functions and modeling
 
Roots of equations
Roots of equations Roots of equations
Roots of equations
 
Unit 2.5
Unit 2.5Unit 2.5
Unit 2.5
 
Unit .2
Unit .2Unit .2
Unit .2
 
Distributive Property (Algebra 1)
Distributive Property (Algebra 1)Distributive Property (Algebra 1)
Distributive Property (Algebra 1)
 
Unit 7.4
Unit 7.4Unit 7.4
Unit 7.4
 
Unit .7
Unit .7Unit .7
Unit .7
 
Ch01 se
Ch01 seCh01 se
Ch01 se
 
MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...
MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...
MIXTURES OF TRAINED REGRESSION CURVES MODELS FOR HANDWRITTEN ARABIC CHARACTER...
 

Viewers also liked

Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationVittorio Giovara
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardtarekiceiuk
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Mazin Alwaaly
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
CNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsCNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsSam Bowne
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptographysubhradeep mitra
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
Information and data security block cipher operation
Information and data security block cipher operationInformation and data security block cipher operation
Information and data security block cipher operationMazin Alwaaly
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 

Viewers also liked (20)

Block Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For AuthenticationBlock Cipher Modes of Operation And Cmac For Authentication
Block Cipher Modes of Operation And Cmac For Authentication
 
Ch03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standardCh03 block-cipher-and-data-encryption-standard
Ch03 block-cipher-and-data-encryption-standard
 
Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...Information and data security block cipher and the data encryption standard (...
Information and data security block cipher and the data encryption standard (...
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101
 
Ecc2
Ecc2Ecc2
Ecc2
 
Cryptography
CryptographyCryptography
Cryptography
 
Substitution Cipher
Substitution CipherSubstitution Cipher
Substitution Cipher
 
CNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsCNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve Cryptosystems
 
Substitution cipher
Substitution cipher Substitution cipher
Substitution cipher
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
 
Information and data security block cipher operation
Information and data security block cipher operationInformation and data security block cipher operation
Information and data security block cipher operation
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 

Similar to Elliptic curve cryptography explained

Plane-and-Solid-Geometry. introduction to proving
Plane-and-Solid-Geometry. introduction to provingPlane-and-Solid-Geometry. introduction to proving
Plane-and-Solid-Geometry. introduction to provingReyRoluna1
 
Mathematical blog #1
Mathematical blog #1Mathematical blog #1
Mathematical blog #1Steven Pauly
 
6_nome_e_numero_Chapra_Canale_1998_Numerical_Differentiation_and_Integration.pdf
6_nome_e_numero_Chapra_Canale_1998_Numerical_Differentiation_and_Integration.pdf6_nome_e_numero_Chapra_Canale_1998_Numerical_Differentiation_and_Integration.pdf
6_nome_e_numero_Chapra_Canale_1998_Numerical_Differentiation_and_Integration.pdfOke Temitope
 
Complex number, polar form , rectangular form
Complex number, polar form , rectangular formComplex number, polar form , rectangular form
Complex number, polar form , rectangular formalok25kumar
 
Beginning direct3d gameprogrammingmath02_logarithm_20160324_jintaeks
Beginning direct3d gameprogrammingmath02_logarithm_20160324_jintaeksBeginning direct3d gameprogrammingmath02_logarithm_20160324_jintaeks
Beginning direct3d gameprogrammingmath02_logarithm_20160324_jintaeksJinTaek Seo
 
C H A P T E R 3DATA REPRESENTATIONC H A P T E R G O A L .docx
C H A P T E R 3DATA REPRESENTATIONC H A P T E R G O A L .docxC H A P T E R 3DATA REPRESENTATIONC H A P T E R G O A L .docx
C H A P T E R 3DATA REPRESENTATIONC H A P T E R G O A L .docxRAHUL126667
 
Cs229 notes10
Cs229 notes10Cs229 notes10
Cs229 notes10VuTran231
 
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...ijcga
 
An Efficient Line Clipping Algorithm for Circular Windows Using Vector Calcul...
An Efficient Line Clipping Algorithm for Circular Windows Using Vector Calcul...An Efficient Line Clipping Algorithm for Circular Windows Using Vector Calcul...
An Efficient Line Clipping Algorithm for Circular Windows Using Vector Calcul...ijcga
 
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...ijcga
 
Calculus Application Problem #3 Name _________________________.docx
Calculus Application Problem #3 Name _________________________.docxCalculus Application Problem #3 Name _________________________.docx
Calculus Application Problem #3 Name _________________________.docxhumphrieskalyn
 
Bt0080 fundamentals of algorithms1
Bt0080 fundamentals of algorithms1Bt0080 fundamentals of algorithms1
Bt0080 fundamentals of algorithms1Techglyphs
 
Linear Data Structures_SSD.pdf
Linear Data Structures_SSD.pdfLinear Data Structures_SSD.pdf
Linear Data Structures_SSD.pdfssuser37b0e0
 
elliptic-curves-modern
elliptic-curves-modernelliptic-curves-modern
elliptic-curves-modernEric Seifert
 
Chapter 13.1.2
Chapter 13.1.2Chapter 13.1.2
Chapter 13.1.2patcha535
 
IRJET - Application of Linear Algebra in Machine Learning
IRJET - Application of Linear Algebra in Machine LearningIRJET - Application of Linear Algebra in Machine Learning
IRJET - Application of Linear Algebra in Machine LearningIRJET Journal
 

Similar to Elliptic curve cryptography explained (20)

Plane-and-Solid-Geometry. introduction to proving
Plane-and-Solid-Geometry. introduction to provingPlane-and-Solid-Geometry. introduction to proving
Plane-and-Solid-Geometry. introduction to proving
 
Mathematical blog #1
Mathematical blog #1Mathematical blog #1
Mathematical blog #1
 
6_nome_e_numero_Chapra_Canale_1998_Numerical_Differentiation_and_Integration.pdf
6_nome_e_numero_Chapra_Canale_1998_Numerical_Differentiation_and_Integration.pdf6_nome_e_numero_Chapra_Canale_1998_Numerical_Differentiation_and_Integration.pdf
6_nome_e_numero_Chapra_Canale_1998_Numerical_Differentiation_and_Integration.pdf
 
Complex number, polar form , rectangular form
Complex number, polar form , rectangular formComplex number, polar form , rectangular form
Complex number, polar form , rectangular form
 
Beginning direct3d gameprogrammingmath02_logarithm_20160324_jintaeks
Beginning direct3d gameprogrammingmath02_logarithm_20160324_jintaeksBeginning direct3d gameprogrammingmath02_logarithm_20160324_jintaeks
Beginning direct3d gameprogrammingmath02_logarithm_20160324_jintaeks
 
C H A P T E R 3DATA REPRESENTATIONC H A P T E R G O A L .docx
C H A P T E R 3DATA REPRESENTATIONC H A P T E R G O A L .docxC H A P T E R 3DATA REPRESENTATIONC H A P T E R G O A L .docx
C H A P T E R 3DATA REPRESENTATIONC H A P T E R G O A L .docx
 
working with python
working with pythonworking with python
working with python
 
Cs229 notes10
Cs229 notes10Cs229 notes10
Cs229 notes10
 
Simplex algorithm
Simplex algorithmSimplex algorithm
Simplex algorithm
 
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
 
An Efficient Line Clipping Algorithm for Circular Windows Using Vector Calcul...
An Efficient Line Clipping Algorithm for Circular Windows Using Vector Calcul...An Efficient Line Clipping Algorithm for Circular Windows Using Vector Calcul...
An Efficient Line Clipping Algorithm for Circular Windows Using Vector Calcul...
 
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
AN EFFICIENT LINE CLIPPING ALGORITHM FOR CIRCULAR WINDOWS USING VECTOR CALCUL...
 
Calculus Application Problem #3 Name _________________________.docx
Calculus Application Problem #3 Name _________________________.docxCalculus Application Problem #3 Name _________________________.docx
Calculus Application Problem #3 Name _________________________.docx
 
Bt0080 fundamentals of algorithms1
Bt0080 fundamentals of algorithms1Bt0080 fundamentals of algorithms1
Bt0080 fundamentals of algorithms1
 
Curves
CurvesCurves
Curves
 
Linear Data Structures_SSD.pdf
Linear Data Structures_SSD.pdfLinear Data Structures_SSD.pdf
Linear Data Structures_SSD.pdf
 
elliptic-curves-modern
elliptic-curves-modernelliptic-curves-modern
elliptic-curves-modern
 
Chapter 13.1.2
Chapter 13.1.2Chapter 13.1.2
Chapter 13.1.2
 
IRJET - Application of Linear Algebra in Machine Learning
IRJET - Application of Linear Algebra in Machine LearningIRJET - Application of Linear Algebra in Machine Learning
IRJET - Application of Linear Algebra in Machine Learning
 
AoK Math
AoK MathAoK Math
AoK Math
 

More from Entrust Datacard

INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesEntrust Datacard
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
INFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of ThingsINFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of ThingsEntrust Datacard
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareEntrust Datacard
 
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? Entrust Datacard
 
Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesEntrust Datacard
 
Advanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionEntrust Datacard
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEntrust Datacard
 
Entrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Datacard
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Datacard
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust Datacard
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Datacard
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Datacard
 

More from Entrust Datacard (14)

INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
 
INFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of ThingsINFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of Things
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser Malware
 
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
 
Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutes
 
Advanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure Protection
 
Easing the Pains of Certificate Management
Easing the Pains of Certificate ManagementEasing the Pains of Certificate Management
Easing the Pains of Certificate Management
 
Entrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Solutions Portfolio
Entrust Solutions Portfolio
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard Mobile
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security Solutions
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Elliptic curve cryptography explained

  • 1. 1© Entrust Inc. All Rights Reserved. 1 Zero to ECC in 30 Minutes A primer on elliptic curve cryptography © Entrust Inc. All Rights Reserved.
  • 2. 2© Entrust Inc. All Rights Reserved. 2 Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. Entrust is a registered trademark of Entrust Limited in Canada. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. You should not act or abstain from acting based upon such information without first consulting a professional. ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS O F THE INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED "AS IS" WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A SPECIFIC PURPOSE. © 2014 Entrust. All rights reserved.
  • 3. 3© Entrust Inc. All Rights Reserved. 3 Table of Contents What is Elliptic Curve Cryptography?.................4 Elliptic Curves .......................................................5 Arithmetic on Elliptic Curves...............................7 Discrete Points on an Elliptic Curve ...................9 Elliptic Curve Points Form a Group ..................13 The Group Operation..........................................17 Integer Multiplication of Elliptic Curve Points..20 Real-World Elliptic-Curve Cryptography ..........21 One-Way Function Based on Elliptic Curves ...22 Entrust & You ......................................................23
  • 4. 4© Entrust Inc. All Rights Reserved. 4 What is Elliptic Curve Cryptography? Elliptic curve cryptography, or ECC, is one of several public-key cryptosystems that depend, for their security, on the difficulty of the discrete logarithm problem. Public-key cryptosystems of this type are based upon a one-way function; a function for which the output corresponding to a particular input is easy to calculate, but for which the input corresponding to a particular output is computationally infeasible to calculate. The required one-way function is created by repeatedly applying an operation to one element in a group of elements. The input to the one- way function is the number of times the operation is to be applied, and this is computationally infeasible to determine by someone who only knows the element to which the operation is applied and the resulting output. In the earliest form of public-key cryptosystem, the chosen group comprised the set of integers from 1 … p-1, where p was a large prime number, and the group operation was multiplication of two integers modulo p. In elliptic-curve cryptosystems, the chosen group elements are points on an elliptic curve. And, the group operation is addition of two points.
  • 5. 5© Entrust Inc. All Rights Reserved. 5 Elliptic Curves The most common elliptic curve equation for cryptographic applications takes the following form: y2 = x3 + ax + b But, for those of us whose knowledge of mathematics is a bit rusty, it provides little insight into why this particular form of curve is useful in cryptographic applications. First, the fact that the term in y is squared means that the curve is symmetrical about the x axis; i.e., for every positive value of y, there is a corresponding negative value with the same x coordinate. Also, the fact that the highest order term in x is x-cubed means that, for certain values of a and b, there is exactly one point of inflection in the line on each side of the x axis. The inflection points are located where the line crosses the y axis. An inflection point is a point on a curve where the curvature switches sign; the line curves one way on one side of the point and the other way on the other side. In other words, the curve has a wobble in it. Figure 1 shows an example curve for particular values of a and b (a = 3, b = 1). The symmetry about the x axis is clear to see. Elliptic curve cryptography, or ECC, is one of several public-key cryptosystems that depend, for their security, on the difficulty of the discrete logarithm problem. ” “ Figure 1: Example elliptic curve.
  • 6. 6© Entrust Inc. All Rights Reserved. 6 Figure 2: Points of inflection. Figure 3: Straight line intersects the curve in three places. And, we can also see the points of inflection in Figure 2. A necessary consequence for curves with these two properties is that a straight line that crosses the curve in two places also crosses the curve in exactly one other place, Figure 3. There is a notable exception to this rule for vertical lines, which either cross the curve in just two places or in one place (in the case where the line is the vertical tangent). We will be coming back to this later on.
  • 7. 7© Entrust Inc. All Rights Reserved. 7 Figure 4: Calculating the result of point addition. Arithmetic on Elliptic Curves The fact of three intersection points raises the intriguing possibility of doing arithmetic using points on the curve; two points could be combined in an operation that results in a third point. We call the operation of finding the resulting point "addition" (addition of the two other points), although it bears no resemblance to the familiar operation of addition with numbers. The operation of adding two points involves finding the third point of intersection between the curve and the straight line passing through the two points that are being added, then reflecting the result in the x axis. This produces another point on the curve, see Figure 4. The reflection step is included so that a point can be added to itself repeatedly (i.e., multiplied by an integer) without falling into a short repeating cycle. The mathematics involved in understanding and implementing point addition on an elliptic curve are taught in the high-school curriculum, see Figure 4. In the diagram, s is the slope of the straight line, and (x3,y3) are the coordinates of the point that is the sum of the two points (x1,y1) and (x2,y2). Calculating s and y3 uses elementary results in the geometry of triangles, whereas calculating x3 depends on finding the roots of a cubic equation. Both of these topics should be familiar to the high-school math student.
  • 8. 8© Entrust Inc. All Rights Reserved. 8 Figure 5: Calculating the result of point doubling. Adding a point to itself is also known as doubling the point, and it involves finding a second point where the tangent at the first point intersects the curve, and then reflecting that point in the x-axis, as in Figure 5. As above, calculating s and y2 uses elementary results in the geometry of triangles, and calculating x2 involves solving a cubic equation.
  • 9. 9© Entrust Inc. All Rights Reserved. 9 Discrete Points on an Elliptic Curve Performing mathematics with points whose coordinates are real numbers is of little value in cryptographic applications, because computer systems don't deal predictably with real numbers. What we need is a large, but finite, set of discrete values, such as the elements of a "field." A field is a set of elements that is "closed" under the operations of addition, subtraction, multiplication and division that we require for the point addition calculations. Closure means that, after applying any of the field operations to elements of the field, the result is also an element of the field. By choosing to use a field, we preserve the additive property possessed by real points on the elliptic curve, but the field elements are discrete and finite, and therefore they are amenable to manipulation by a computer with repeatable results. Mathematical identities (i.e., equations) are preserved when field elements and operations are substituted for real numbers and the corresponding real operations. In this way, calculating the third intersection point of a line, for which the coordinates of the other two intersection points are field elements, results in a third point whose coordinates are also field elements. Therefore, the result of adding discrete points is predictable and precise; just what we need for a cryptographic primitive. The integers modulo a prime, p, form a suitable field. Polynomials with binary coefficients modulo an irreducible polynomial also form a suitable field. But, we won't discuss that possibility any further here; we'll limit our discussion to the more common case of fields over the integers modulo p.
  • 10. 10© Entrust Inc. All Rights Reserved. 10 The set of points inherits the properties of the elliptic curve, such as straight lines intersecting in three places. So, in order to add two points, all we need do is perform the geometric calculations required for point addition in the set of integers mod p. Operations mod p are similar, but not quite identical to the equivalent and familiar operations over the integers. Addition, for instance is the same, except that, in the event the result is greater than or equal to p, p is subtracted, so that the result falls in the range 0 .. p - 1. Similarly for subtraction, if the result of subtraction is less than 0, then p is added, so the result, again, falls in the range 0 .. p - 1. In the case of multiplication, the two numbers are multiplied and then the remainder is taken after division by p. Again, the result falls in the range 0 .. p - 1. Division is a bit more complicated. Every number in the range 1 .. p-1 has a “multiplicative inverse.” When a number is multiplied by its multiplicative inverse, the result is 1 mod p. For instance, the inverse of 13 mod 23 is 16, because 13 x 16 is 208, which is 9 x 23 + 1. So, instead of directly dividing one number by another, the first number has to be multiplied by the multiplicative inverse of the second number. For example, 12 / 13 mod 23 = 12 x 16 mod 23 = 8 mod 23. That is, in the field of integers mod 23, 12 divided by 13 is 8. As with real numbers, division by zero is undefined.
  • 11. 11© Entrust Inc. All Rights Reserved. 11 Figure 6: Discrete points on the curve. Figure 6 shows all of the points that satisfy the elliptic curve equation: y2 = x3 + 3x + 1 with coordinates over the integers mod p, where p is 23. To illustrate: when x is 11, y2 = (1331 + 3 x 11 + 1) mod 23 = 8, and so y = √8 = 10 or 13 since 10 x 10 mod 23 = 8, and 13 x 13 mod 23 = 8
  • 12. 12© Entrust Inc. All Rights Reserved. 12 The continuous line in Figure 6 is the original curve through this region of the x-y plane. Note that, with the exception of the point (0,1), none of the points are congruent with a solution of the curve equation over the real numbers, either in this region or any other region of the curve for that matter. Also note that not every x value has a solution; for these values of x the right-hand side of the curve equation is not a perfect square. Further note that the points form pairs arranged symmetrically about the horizontal line, y = p/2. So, there must be an even number of points. This is because, for every x that has a solution on the curve, there are two solutions: y and –y, and taken mod p, -y = p - y. In what follows, we will use uppercase bold characters to indicate curve points and lowercase normal characters to indicate integers.
  • 13. 13© Entrust Inc. All Rights Reserved. 13 Elliptic Curve Points Form a Group The curve over the real numbers serves no further purpose at this point, so our discussion will be limited to points with integer coordinates in the range 0 .. p-1. With one caveat, these points form a finite ‘group.’ Like a field, a group contains a set of elements. But, unlike a field, which defines four operations, a group defines just one operation (the group operation). And, under this operation, the group is closed (i.e., when two group elements are combined by the group operation, the result is another group element). In order for the set of points to form a group, it must have an "identity element.” This is also known as the notional "point at infinity," designated by 0. Remember that the points come in pairs, arranged symmetrically about the horizontal y = p/2 line. Each element of the pair is the additive inverse of its partner (i.e., when they are added together, the result is 0). When we join a point P to its additive inverse (-P), we get a vertical line, which also goes through the "point at infinity." By including the "point at infinity" (or identity element) in the set of points, we complete the group with order (i.e., the number of group elements) 'q.' In our example, q has the value fifteen. P + (-P) = O and P + O = P Because the coordinates of a point are field elements, the operation of adding curve points still works. But, the formulae from Figure 4 have to be modified as follows in order to calculate the coordinates of the point that is the sum of two points. s = (y2 – y1).(x2 – x1)-1 mod p x3 = s2 – x2 – x1 mod p y3 = -y2 + s.(x2 – x3) mod p
  • 14. 14© Entrust Inc. All Rights Reserved. 14 Figure 7: Points are multiples of a "generator." Similarly, the formulae of Figure 5 have to be modified as follows to calculate the coordinates of the point that is the double of another point: s = (3x1 2 + a).(2y1)-1 mod p x2 = s2 – 2x1 mod p y2 = -y1 + s.(x1 – x2) mod p No matter which two points are chosen as input, the result is always another point. Note that b does not appear in these formulae, and a only appears in the formulae for point doubling. Certain points are called "generators," because their multiples generate every point in the group (see Figure 7). Points in the group are generated by successively applying the group operation (point addition) to a point called a generator (alternatively called a base point). For instance, if we choose the point (11,13), its multiples generate fifteen points.
  • 15. 15© Entrust Inc. All Rights Reserved. 15 Figure 8: Not all points are generators. Beyond 15, the cycle of points repeats such that 16G = G, 17G = 2G, etc. Not all points are generators, however (see Figure 8). If we choose the point (0,1), for instance, its multiples generate five points, so the order of the sub-group generated by the point (0,1) is only five. Even if p is large, it is not guaranteed that a particular sub-group will be large too.
  • 16. 16© Entrust Inc. All Rights Reserved. 16 Figure 9: Points of the curve: y 2 = x 3 + 5x + 1 mod 23. But, if the order of the group is a prime number, then every point is a multiple of every other point except the point at infinity. As an example, in Figure 9 this curve has fifteen pairs of points, plus the point at infinity, making a total of 31, which is a prime number. Hence, all points, with the exception of the point at infinity, are generators; generating a group of order 31, and there are no smaller sub-groups.
  • 17. 17© Entrust Inc. All Rights Reserved. 17 The Group Operation When points are expressed as multiples of a generator, they can be added by adding the multiples modulo q. So, going back to our example from Figure 6, for instance: 11G + 3G = 14G 13G + 12G = 10G See Figure 10 and Figure 11. Figure 10: Point addition: 11G + 3G = 14G.
  • 18. 18© Entrust Inc. All Rights Reserved. 18 From these examples, we can see that point addition displays the 'distributive' property, in that iG + jG = (i + j)G The order of the group, q, is determined by the parameters of the curve and the field modulus, and it is the group order that determines the security of any cryptographic schemes based on the curve. In our simple example, it would be possible to hold all of the points in computer memory, and perform operations on the points directly. But, in real-world cryptographic applications, there are so many points that this isn't possible. Instead, the points have to be calculated as they are needed. Figure 11: Point addition: 13G + 12G = 10G.
  • 19. 19© Entrust Inc. All Rights Reserved. 19 And because there are q-squared ways of choosing pairs of points, and only q possible results, many combinations produce the same result. For instance: 8G + 10G = 3G, and 6G + 12G =3G A point can also be doubled by adding it to itself: 2 x 9G = 9G + 9G = 3G Figure 12: Point addition: 8G + 10G = 3G. Figure 13: Point doubling: 2 x 9G = 3G.
  • 20. 20© Entrust Inc. All Rights Reserved. 20 Integer Multiplication of Elliptic Curve Points The primitive operation used in all elliptic-curve public-key cryptographic applications is multiplication of a point by an integer. This involves repeated application of the point-doubling and point- addition operations; the number of operations being determined by the number of bits in the binary representation of the integer multiplier. Each bit of the multiplier is processed separately and sequentially. The outcome of processing each bit of the multiplier results from a doubling of the outcome of processing the previous bit and an optional addition of the base point, depending on the value of the current bit of the multiplier. Representing n in binary form with m+1 bits, then: n = n0 + n1.2 + n2.22 + ... + nm.2m where [n0 .. nm] are bits {0,1} The algorithm for calculating P = nG is: P := 0 for i from m to 0 do P := 2P if ni == 1 then P := P + G return P If, for example, n were a 256-bit number, then this algorithm would require a maximum of 512 elliptic-curve operations, whereas the naïve approach of adding G to itself n-1 times would require (at least) an impossible 2255 -1 operations. Because the “if” statement depends on the value of one bit from n, the uncertainty in the path leading to the final result is 2m . For m of sufficient size, it becomes impossible in practice to figure out the value of n required to multiply G in order to obtain P. Attempting to calculate n from P and G is known as the elliptic-curve discrete logarithm problem.
  • 21. 21© Entrust Inc. All Rights Reserved. 21 Real-World Elliptic-Curve Cryptography Of course, the example curve we have been using, with a = 3 and b = 1, is too trivial for use in real cryptographic applications. For comparison, here is the parameter set for a real-world cryptographic elliptic-curve: the P-256 curve specified by NIST. a = -3 b = 5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b p = 115792089210356248762697446949407573530086143415290314195533631308867097853951 The x and y coordinates of the base point are: gx = 6b17d1f2 e12c4247 f8bce6e5 77037d81 2deb33a0 f4a13945 d898c296 gy = 4fe342e2 fe1a7f9b 8ee7eb4a 2bce3357 6b315ece cbb64068 37bf51f5 p is expressed as a decimal number, whereas a, b and G are expressed in hexadecimal. In order to ensure that the designers have not deliberately specified a curve with a hard-to-detect weakness, a known one-way function was used in the calculation of the curve parameter b, and the input to the function has been published as part of the design documentation. In this way, the designers were not able to fix the parameter directly in order to incorporate a weakness.
  • 22. 22© Entrust Inc. All Rights Reserved. 22 One-Way Function Based on Elliptic Curves From the foregoing we see how points on an elliptic-curve with coordinates over a field modulo a prime, p, can form a group, and how a group can be used to construct a one-way function suitable for use in cryptographic applications. Graphically, we can depict the one way function as shown in Figure 17. Here, the thick lines represent curve points, and thin lines represent integers. While it is straightforward to calculate nG, given n and G, it is computationally infeasible to find n, given G and nG. These are just the properties we need in a practical cryptographic primitive with which we can build strong cryptographic mechanisms. Figure 14: One-way function
  • 23. 23© Entrust Inc. All Rights Reserved. 23 Company Facts Website: www.entrust.com Employees: 359 Customers: 5,000 Offices: 10 Globally Headquarters Three Lincoln Centre 5430 LBJ Freeway, Suite 1250 Dallas, Texas 75240 Sales North America: 1-888-690-2424 EMEA: +44 (0) 118 953 3000 Email: entrust@entrust.com Entrust & You More than ever, Entrust understands your organization’s security pain points. Whether it’s the protection of information, securing online customers, regulatory compliance or large-scale government projects, Entrust provides identity-based security solutions that are not only proven in real-world environments, but cost-effective in today’s uncertain economic climate. Entrust offers software authentication platforms that strengthen security in a wide range of identity and transaction ecosystems. Government agencies, financial institutions and other enterprises rely on Entrust solutions to strengthen trust and reduce complexity for consumers, citizens and employees. Now, as part of Datacard Group, Entrust offers an expanded portfolio of solutions across more than 150 countries. Together, Datacard Group and Entrust issue more than 10 million secure identities every day, manage billions of secure transactions annually and issue a majority of the world’s financial cards. For more information about Entrust products and services, call 888-690-2424, email entrust@entrust.com or visit entrust.com. 30066-1-0314