Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
19 views16 pages

Elliptic Curve Cryptography

Uploaded by

Shilpashree Srinivas Rao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
19 views16 pages

Elliptic Curve Cryptography

Uploaded by

Shilpashree Srinivas Rao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Module-3

Elliptic Curve Arithmetic

Department of CSE- Data Science


Elliptic Curve Arithmetic

 Majority of public-key crypto (RSA, D-H) use either integer or polynomial arithmetic with very large
numbers/polynomials
 Imposes a significant load in storing and processing keys and messages

 An alternative is to use elliptic curves

 Offers same security with smaller bit sizes


Abelian Groups

 Abelian group G, denoted by {G, • }, is a set of elements with a binary operation, denoted by •, that
associates to each ordered pair (a, b) of elements in G an element (a • b) in G, such that the following
axioms are obeyed:
(A1) Closure: If a and b belong to G, then a • b is also in G.
(A2) Associative: a • (b • c) = (a • b) • c for all a, b, c in G.
(A3) Identity element: There is an element e in G such that a • e = e
• a = a for all a in G.
(A4) Inverse element: For each a in G there is an element a'
in G such that a • a' = a' • a = e.
(A5) Commutative: a • b = b • a for all a, b in G.

 The operator • is generic and can refer to addition, multiplication, or some other mathematical
operation.
• A number of public-key ciphers are based on the use of an abelian group.

• For example, Diffie-Hellman key exchange involves multiplying pairs of nonzero integers modulo a prime
number q.

• Keys are generated by exponentiation over the group, with exponentiation defined as repeated
multiplication.

• For example, ak mod q =

• To attack Diffie-Hellman, the attacker must determine k given a and ak; this is the discrete log problem.

• For elliptic curve cryptography, an operation over elliptic curves, called addition, is used. Multiplication
is defined by repeated addition.

• For example, where the addition is performed over an elliptic curve.

• Cryptanalysis involves determining k given a and (a x k).


Elliptic Curves over Real Numbers

 an elliptic curve is defined by an equation in two variables x & y, with coefficients

 consider a cubic elliptic curve of form

y2 = x3 + ax + b

where x, y, a, b are all real numbers


Elliptic Curves over Zp
 Elliptic curve cryptography uses curves whose variables & coefficients are finite
 have two families commonly used:

• prime curves Ep(a,b) defined over Zp

− Use a cubic equation in which variables and coefficients take on values in the set of
integers from 0 through p-1 and calculations are performed modulo p
− best for software applications

• binary curves E2m(a,b) defined over GF(2n)

− use polynomials with binary coefficients

− best for hardware applications


Elliptic Curve Cryptography

 ECC addition is analog of modulo multiply

 ECC repeated addition is analog of modulo exponentiation

 need “hard” problem equiv to discrete log

• Q=kP, where Q,P belong to a prime curve

• is “easy” to compute Q given k,P

• but “hard” to find k given Q,P

• known as the elliptic curve logarithm problem


ECC Diffie-Hellman

 can do key exchange analogous to D-H

 users select a suitable curve Eq(a,b)

 select base point G=(x1,y1)


with large order n s.t. nG=O

 A & B select private keys nA<n, nB<n

 compute public keys: PA=nAG, PB=nBG

 compute shared key: k=nAPB, k=nBPA

 same since K=nAnBG

 attacker would need to find k, hard


ECC Encryption/Decryption

 several alternatives, will consider simplest


 must first encode any message M as a point on the elliptic curve Pm
 select suitable curve & point G as in D-H
 each user chooses private key nA<n

 and computes public key PA=nAG

 to encrypt Pm : Cm={kG, Pm+kPb}, k random

 decrypt Cm compute:
 P +kP –n (kG) = P +k(n G)–n (kG) = P
m b B m B B m
Security of Elliptic Curve Cryptography

 depends on how difficult it is to determine k given kP and P. This is referred to as the elliptic curve
logarithm problem

 The fastest known technique for taking the elliptic curve logarithm is known as the Pollard rho
method.

 Considerably smaller key size can be used for ECC compared to RSA.

 Thus, there is a computational advantage to using ECC with a shorter key length than a comparably
secure RSA.
Pseudorandom Number Generation (PRNG) based on
Asymmetric Ciphers

 asymmetric encryption algorithm produce apparently random output

 hence can be used to build a pseudorandom number generator (PRNG)

 much slower than symmetric algorithms

 hence only use to generate a short pseudorandom bit sequence (eg. key)
PRNG Based on RSA

 For a sufficient key length, the RSA algorithm


is considered secure and is a good

 candidate to form the basis of a PRNG. Such a


PRNG, known as the Micali-Schnorr PRNG
PRNG based on ECC
 dual elliptic curve PRNG

NIST SP 800-9, ANSI X9.82 and ISO 18031
 some controversy on security /inefficiency
 algorithm

for i = 1 to k do

set si = x(si-1 P )

set ri = lsb240 (x(si Q))

end for

return r1 , . . . , rk

 only use if just have ECC

You might also like