A Brief Introduction to Elliptic Curve Cryptography Or: A headache - - PowerPoint PPT Presentation

A Brief Introduction to Elliptic Curve Cryptography

A Brief Introduction to Elliptic Curve Cryptography

Or: A headache in 15 minutes Don Owen March 21st, 2016

1/13

A Brief Introduction to Elliptic Curve Cryptography

Elliptic Curve

2/13

A Brief Introduction to Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC)

◮ More energy efficient than legacy asymmetric

cryptosystems, such as RSA

◮ Smaller keys ◮ Smaller signatures ◮ Easier keygen

Due to sub-exponential attacks on RSA, ECC requires smaller keys for equivalent security Key Length (Bits) RSA 1024 2048 3072 8192 15360 ECC 160 224 256 384 512

3/13

A Brief Introduction to Elliptic Curve Cryptography

ECC Basics

◮ ECC uses Finite Field Arithmetic and the

geometry of elliptic curves built on finite fields to create an asymmetric cryptosystem.

◮ The Elliptic Curve Discrete Logarithm Problem

(ECDLP) is considered hard.

◮ ECDLP: Given points Q, P, find an integer d

such that Q = d ∗ P

4/13

A Brief Introduction to Elliptic Curve Cryptography

ECC Building Blocks: Point Double

• 5
• 4
• 3
• 2
• 1

1 2 3 4 5 1 2 3 P 2P

Curve: y 2 = x3 + ax + b x3 = ( 3∗x2

1 +a

2∗y1 ) − 2 ∗ x1

y3 = ( 3∗x2

1 +a

2∗y1 )(x1 − x3) − y1

5/13

A Brief Introduction to Elliptic Curve Cryptography

ECC Building Blocks: Point Add

• 5
• 4
• 3
• 2
• 1

1 2 3 4 5 1 2 3 P Q P+Q

Curve: y 2 = x3 + ax + b x3 = ( y2−y1

x2−x1)2 − x1 − x2

y3 = ( y2−y1

x2−x1)(x1 − x3) − y1

6/13

A Brief Introduction to Elliptic Curve Cryptography

Finite-field Arithmetic

◮ a.k.a modular arithmetic ◮ ECC can utilize both GF(p) and GF(2m) ◮ Multi-precision computations such that

key-size ≫ machine width

◮ Add, subtract, multiply, and inversion ◮ Requires a reduction step to map result back

into field

7/13

A Brief Introduction to Elliptic Curve Cryptography

Prime Fields, GF(p)

The following are examples of GF(7) computations:

◮ Addition: (2 + 5) modulo 7 = 0 ◮ Subtraction: (3 − 6) modulo 7 = 4 ◮ Multiplication: (5 × 4) modulo 7 = 6 ◮ Division: (2 ÷ 4) modulo 7 = 4

These operations, in conjunction with the geometric definitions of point double and add, can form more complex algorithms like point multiplication.

8/13

A Brief Introduction to Elliptic Curve Cryptography

Crypto Operations: Keygen

Given a standardized curve

◮ Pick a random integer d between 1, n − 1 ◮ Compute Q = d ∗ P ◮ Q = Public Key ◮ d = Private Key

9/13

A Brief Introduction to Elliptic Curve Cryptography

Crypto Operations: ECDSA

Given a standardized curve, private key d, message m

◮ Select k randomly between 1, n − 1 ◮ Compute k ∗ P = (x1, y1) ◮ Compute r = x1 mod n ◮ If r = 0, start again. ◮ Compute e = Hash(m) ◮ Compute s = k−1(e + d ∗ r)mod n ◮ If s = 0, start again. ◮ Signature = (r, s)

10/13

A Brief Introduction to Elliptic Curve Cryptography

Crypto Operations: EC Diffie-Hellman

Given a standardized curve, Alice’s keys dA, QA, Bob’s keys dB, QB

◮ Alice computes dA ∗ QB ◮ Bob computes dB ∗ QA ◮ shared secret

= dAQB = dAdBG = dBdAG = dBQA

11/13

A Brief Introduction to Elliptic Curve Cryptography

Crypto Operations: EC ElGamal

Given a standardized curve

◮ Map message m into a point M on curve. ◮ Pick a random integer k between 1, n − 1 ◮ Compute C1 = k ∗ P ◮ Compute C2 = M + k ∗ Q ◮ Ciphertext = C1, C2

12/13

A Brief Introduction to Elliptic Curve Cryptography

Standards

◮ NIST FIPS 186-4: Defines ECDSA and 10

Curves + Parameters

◮ NSA Suite B: P-384 used for US Gov. ◮ Curve25519: A non-government-affiliated,

widely-used curve

◮ ...and others

13/13