Number Theory and Advanced Cryptography 5. Elliptic Curves

1
Number Theory and Advanced Cryptography 5.
Elliptic Curves
Part I Introduction to Number Theory Part II
Advanced Cryptography

• Chih-Hung Wang
• Feb. 2006

2
Elliptic Curve Cryptography

• Majority of public-key crypto (RSA, D-H) use
  either integer or polynomial arithmetic with very
  large numbers/polynomials
• Imposes a significant load in storing and
  processing keys and messages
• An alternative is to use elliptic curves
• In the mid-1980s, Miller and Koblitz introduced
  elliptic curves into cryptography.
• Offers same security with smaller bit sizes
• 4096-bit key size can be replaced by 313-bit
  elliptic curve system

3
Real Elliptic Curves

• An elliptic curve is defined by an equation in
  two variables x y, with coefficients
• Consider a cubic elliptic curve of form
• y2 x3 ax b
• where x,y,a,b are all real numbers
• also define zero point O
• Have addition operation for elliptic curve
• geometrically sum of QR is reflection of
  intersection R

4
Real Elliptic Curve Example 1
5
Real Elliptic Curve Example 2
6
Geometric Description of Addition
7
Algebraic Description of Addition
?(yQ-yP)/(xQ-xP)
PQ R
PP 2P R
8
Addition Law
9
Example of Addition (1)
10
Example of Addition (2)
11
Example of Addition (3)
12
Elliptic Curves Mod p
13
Example 1
14
Example 2-1
15
Example 2-2
16
Example 3
17
Example 4
18
Law 1
19
Law 2
20
Number of points Mod p
21
Hasses Theorem
22
Discrete Logarithms on EC
23
Representing plaintext (1)
24
Representing plaintext (2)
25
Elliptic Curve Cryptography

• ECC addition is analog of modulo multiply
• ECC repeated addition is analog of modulo
  exponentiation
• need hard problem equiv to discrete log
• QkP, where Q,P belong to a prime curve
• is easy to compute Q given k,P
• but hard to find k given Q,P
• known as the elliptic curve logarithm problem
• Certicom example E23(9,17)

26
ECC Diffie-Hellman (1)

• can do key exchange analogous to D-H
• users select a suitable curve Ep(a,b)
• select base point G(x1,y1) with large order n
  s.t. nGO
• A B select private keys nAltn, nBltn
• compute public keys PAnAG, PBnBG
• compute shared key KnAPB, KnBPA
• same since KnAnBG

27
ECC Diffie-Hellman (2)
28
ECC Diffie-Hellman (3)
29
ECC Diffie-Hellman (4)

• Page 365

30
ECC Encryption/Decryption (1)

• several alternatives, will consider simplest
• must first encode any message M as a point on the
  elliptic curve Pm
• select suitable curve point G as in D-H
• each user chooses private key nAltn
• and computes public key PAnAG
• to encrypt Pm CmkG, Pmk Pb, k random
• decrypt Cm compute
• PmkPbnB(kG) Pmk(nBG)nB(kG) Pm

31
ECC Encryption/Decryption (2)

• Page 363-364

32
ECC Encryption/Decryption (3)
33
ECC Security (1)

• Relies on elliptic curve logarithm problem
• Fastest method is Pollard rho method
• Compared to factoring, can use much smaller key
  sizes than with RSA etc
• For equivalent key lengths computations are
  roughly equivalent
• Hence for similar security ECC offers significant
  computational advantages

34
ECC Security (2)
35
ECC Digital Signature (page 365-366)
Signing
36
ECC Digital Signature (page 365-366)II
Verification
37
ECC Digital Signature (1)
38
ECC Digital Signature (2)
39
ECC Digital Signature (3)