elliptic curve cryptography
play

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren - PowerPoint PPT Presentation

May 31, 2023 •163 likes •491 views

Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven 22 April 2008 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  1. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven 22 April 2008 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  2. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  3. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Cryptography Cryptography provides the technical means to secure information in electronic form. ◮ Confidentiality : protection of data from unauthorized disclosure. ◮ Data integrity : assurance that data received are exactly as sent by an authorized entity. ◮ Authentication : assurance that the communicating entity is the one that it claims to be. ◮ Non-repudiation : prevents an entity from denying previous commitments or actions. Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  4. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Symmetric Key Cryptography ����������SYMMETRIC�KEY�CRYPTOSYSTEM BOB ALICE PLAINTEXT PLAINTEXT 110100011100 110100011100 = ENCRYPTION�KEY DECRYPTION�KEY CIPHERTEXT ???????????? Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  5. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Public Key Cryptography ������PUBLIC�KEY�CRYPTOSYSTEM BOB ALICE ���PUBLIC�LIST CIPHERTEXT PLAINTEXT ???????????? 110100011100 PUBLIC�KEY OF�BOB PRIVATE KEY�OF�BOB DECRYPTION�KEY ENCRYPTION�KEY CIPHERTEXT PLAINTEXT ???????????? 110100011100 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  6. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Factoring and Discrete Logarithm Problem ◮ Rivest-Shamir-Adleman (1977): RSA based on factoring. ◮ Main idea: easy to find two large primes p and q , but very hard to find p and q from n = p · q . ◮ RSA still most popular public key cryptosystem. ◮ ElGamal (1984): discrete logarithm problem (DLP). ◮ Group G is set with operation · and each element has inverse. ◮ Main idea: very easy to compute h = g x for given x , but very hard to find x given h and g . ◮ Popular choices: finite fields and elliptic curves. Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  7. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Diffie-Hellman Key Agreement Choose a large prime number p and a generator α mod p Alice Bob x A ∈ R [ 1 , p − 1 ] , α x A α x A − − − − − − − − → − x B ∈ R [ 1 , p − 1 ] , α x B ← α x B − − − − − − − − − K BA = ( α x B ) x A K BA = ( α x A ) x B ◮ Note: all calculations mod p ◮ Security based on Diffie-Hellman problem: given α x A and α x B compute α x A x B Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  8. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curves Definition ◮ Elliptic curve E over field K is defined by y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6 , a i ∈ K ◮ The set of K -rational points E ( K ) is defined as E ( K ) = { ( x , y ) ∈ K × K | y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6 }∪{∞} ◮ ∞ is called point at infinity Theorem There exists an addition law on E and the set E ( K ) is a group Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  9. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curves over R 6 6 4 4 2 2 0 0 −2 −2 −4 −4 −6 −6 −8 −6 −4 −2 0 2 4 6 8 −6 −4 −2 0 2 4 6 8 y 2 = x 3 + 4 x 2 + 4 x + 3 y 2 = x 3 − 7 x + 6 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  10. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Addition Law on Elliptic Curves L R 4 4 Q P P L 2 2 R 0 0 2P −2 −2 L ′ L ′ −4 −4 P ⊕ Q −6 −4 −2 0 2 4 6 −6 −4 −2 0 2 4 6 Adding two points Doubling a point y 2 = x 3 − 7 x + 6 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  11. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Addition Law on Elliptic Curves By definition: three points on a line sum to zero! Let P 1 ⊕ P 2 = P 3 , with P i = ( x i , y i ) ∈ E ◮ If x 1 = x 2 and y 1 + y 2 + a 1 x 2 + a 3 = 0, then P 1 ⊕ P 2 = ∞ , ◮ Else � λ = ( y 2 − y 1 ) / ( x 2 − x 1 ) x 1 � = x 2 ν = ( y 1 x 2 − y 2 x 1 ) / ( x 2 − x 1 ) � λ ( 3 x 2 = 1 + 2 a 2 x 1 + a 4 − a 1 y 1 ) / ( 2 y 1 + a 1 x 1 + a 3 ) x 1 = x 2 ( − x 3 ν = 1 + a 4 x 1 + 2 a 6 − a 3 y 1 ) / ( 2 y 1 + a 1 x 1 + a 3 ) The point P 3 = P 1 ⊕ P 2 is given by λ 2 + a 1 λ − a 2 − x 1 − x 2 x 3 = y 3 = − ( λ + a 1 ) x 3 − ν − a 3 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  12. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Finite Fields ◮ Practical applications need exact arithmetic, so ◮ not R since not exact ◮ not Q since size of numbers involved grows too fast ◮ Consider elliptic curves over finite fields: ◮ F p with p prime: represented by Z mod p ◮ F 2 n with 2 n elements: represented by F 2 [ X ] mod P ( X ) , i.e. binary polynomials modulo an irreducible polynomial P ( X ) Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  13. Cryptography Elliptic Curves EC Cryptographic Primitives u u u 22 Pairings u 21 20 u Elliptic Curves over Finite Fields 19 u 18 u 17 u 16 u u u 15 u 14 u 13 12 11 u 10 u 9 u u u 8 u 7 u 6 u 5 u 4 3 u 2 u u u 1 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 The elliptic curve y 2 = x 3 + x + 3 mod 23 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  14. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Number of Points on Elliptic Curve ◮ Theorem: the cardinality # E ( F q ) satisfies # E ( F q ) = q + 1 − t with | t | ≤ 2 √ q . ◮ For gcd ( q , t ) = 1, all possibilities occur. Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  15. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve DLP ◮ Let G be an abelian group generated by P ∈ G ◮ Let Q = s · P , then the DLP is to compute s given P and Q ◮ Classically: G = F × q ◮ For G = E ( F q ) , the DLP is called ECDLP Note: can translate primitives based on DLP to ECDLP setting Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  16. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Security of ECDLP: General Attacks ◮ Exhaustive search: impossible if group order > 2 80 ◮ Pohlig-Hellman: suppose # E ( F q ) = p s 1 1 · p s 2 2 · · · p s k k , then can reduce ECDLP to subgroups of order p i ⇒ # E ( F q ) should have large prime divisor p ◮ Pollard rho & lambda: random walk, constant space, time complexity is O ( √ p ) Conclusion : ◮ # E ( F q ) > 2 160 and divisible by large prime p ◮ Best general attack is exponential in p ◮ DLP in F q is sub-exponential: L q [ 1 / 3 , b ] with � e ( b + O ( 1 ))( ln N ) a ( ln ln N ) 1 − a � L N [ a , b ] = O Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  17. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Comparison with RSA & DSA: Security 500 ECDSA 450 400 350 Keylength elliptic curve system 300 250 200 150 100 RSA & DSA 50 0 0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 Keylength conventional systems RSA and DSA Key lengths in bits for equivalent cryptographic strength Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  18. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Overview ◮ Key Agreement Primitives ◮ ECDH: EC Diffie-Hellman Secret Value Derivation ◮ ECMQV: EC Menezes-Qu-Vanstone Secret Value Derivation ◮ Signature Primitives ◮ ECNR: EC Nyberg-Rueppel Signatures ◮ ECDSA: EC Digital Signature Algorithm ◮ Encryption Primitives ◮ ECIES: EC Integrated Encryption Scheme Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  19. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Pairings ◮ Let G 1 , G 2 , G T be groups of prime order ℓ . A pairing is a non-degenerate bilinear map e : G 1 × G 2 → G T . ◮ Bilinearity: ◮ e ( g 1 + g 2 , h ) = e ( g 1 , h ) e ( g 2 , h ) , ◮ e ( g , h 1 + h 2 ) = e ( g , h 1 ) e ( g , h 2 ) . ◮ Non-degenerate: ◮ for all g � = 1: ∃ x ∈ G 2 such that e ( g , x ) � = 1 ◮ for all h � = 1: ∃ x ∈ G 1 such that e ( x , h ) � = 1 ◮ Examples: ◮ Scalar product on vectorspace over finite fields �· , ·� : F n q × F n q → F q . ◮ Weil- and Tate pairings on elliptic curves and abelian varieties. Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

  20. Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Pairings in cryptography ◮ Exploit bilinearity: original schemes G 1 = G 2 ◮ MOV: DLP reduction from G 1 to G T DLP in G 1 : ( g , xg ) ⇒ DLP in G T : ( e ( g , g ) , e ( g , g ) x ) ◮ Decision DH easy in G 1 DDH : ( g , ag , bg , cg ) test if e ( g , cg ) = e ( ag , bg ) ◮ Identity based crypto, short signatures, . . . Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

1.07k views • 76 slides
Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curves Suppose F is a field and a 1 , . . . , a 6 F . Elliptic Curve Cryptography Definition 1. An elliptic curve E over a field F is a curve given by an equation: Jim Royer Y 2 + a 1 XY + a 3 Y X 3 + a 2 X 2 + a 4 X + a 6 = (1)

337 views • 5 slides
Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Twenty-Three Years of Elliptic Curve Cryptography Alfred Menezes University of Waterloo September 3 2008 1 Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm

300 views • 18 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018 Introduction y 2 = x 3 + ax + b en.wikipedia.org/wiki/Elliptic curve Elliptic Curve Addition P = ( x p .y p ), Q = ( x q , y q ), R = ( x r .y r ) =

187 views • 16 slides
Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm

587 views • 30 slides
A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March 21 st , 2016 1/13 A Brief Introduction to Elliptic Curve Cryptography Elliptic Curve 2/13 A

385 views • 13 slides
Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic Implementations group: eindhoven.cr.yp.to working closely with the Coding Theory and Cryptology group: www.win.tue.nl/cc/ Next-generation elliptic-curve

456 views • 18 slides
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S. Miller IDA Center for Communications Research Princeton, NJ 08540 USA 24 May, 2007 Victor S. Miller (CCR) Elliptic Curve Cryptography 24 May,

1.08k views • 69 slides
Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview Bitcoin Transactions Elliptic Curve Cryptography Introduction Arithmetics Signature Bitcoin, the protocol A blockchain Each

992 views • 52 slides
Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May

Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May

Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May 19, 2017 university-logo-isi Rana Barua Introduction to Elliptic Curve Cryptography ElGamal Public Key Cryptosystem, 1984 Key Generation: Choose

417 views • 16 slides
elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

A gentle introduction to elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 11, 2018 ibenik , Croatia Part 1: Motivation Part 2: Elliptic Curves Part 3: Elliptic Curve Cryptography Part 4:

1.38k views • 48 slides
Should Elliptic Curve Cryptography Really be Deprecated? Connor Adsit cda8519@rit.edu May 13,

Should Elliptic Curve Cryptography Really be Deprecated? Connor Adsit cda8519@rit.edu May 13,

Should Elliptic Curve Cryptography Really be Deprecated? Connor Adsit cda8519@rit.edu May 13, 2016 Objectives Suite B Cryptography The controversial NSA statement A brief history of ECC (and the NSAs involvement) Why would

351 views • 17 slides
June 12, 2020 Start of Transcript David Kerr: Tena Koutou Katoa. Good morning, everyone and

June 12, 2020 Start of Transcript David Kerr: Tena Koutou Katoa. Good morning, everyone and

June 12, 2020 Start of Transcript David Kerr: Tena Koutou Katoa. Good morning, everyone and welcome to Ryman Healthcares full year results presentation for the year to 31 March 2020. My names David Kerr. I am currently the Chairman of

716 views • 27 slides
How can you get more economic growth out of your ICT? Take care of your digital divide Alain

How can you get more economic growth out of your ICT? Take care of your digital divide Alain

How can you get more economic growth out of your ICT? Take care of your digital divide Alain BOURDEAU de FONTENAY Columbia Institute for Tele-Information (CITI) Fernando BELTRAN University of Auckland ACORN/REDECOM Conference2009, Mexico

568 views • 32 slides
Bank of Cyprus Group Group Financial Results For the quarter ended 31 March 2020 Group Financial

Bank of Cyprus Group Group Financial Results For the quarter ended 31 March 2020 Group Financial

Group Financial Results for the quarter ended 31 March 2020 Bank of Cyprus Group Group Financial Results For the quarter ended 31 March 2020 Group Financial Results for the quarter ended 31 March 2020 DISCLAIMER This presentation has not been

1.17k views • 77 slides
Faculty of Business and Economics IBUS20007 International Business Experience Summer 2020 Delhi

Faculty of Business and Economics IBUS20007 International Business Experience Summer 2020 Delhi

Faculty of Business and Economics IBUS20007 International Business Experience Summer 2020 Delhi - INDIA 1 Erin Willis Global Engagement Coordinator Outline Why study overseas? IBUS20007 International Business Experience (Delhi, India)

324 views • 15 slides
Atsuko Miyaji JAIST Thank you very much for giving an opportunity to talk. Hope this opportunity

Atsuko Miyaji JAIST Thank you very much for giving an opportunity to talk. Hope this opportunity

Cryptographic Approach to Enhance the Security Against Recent Threats Atsuko Miyaji JAIST Thank you very much for giving an opportunity to talk. Hope this opportunity becomes the first step of good collaboration between Taiwan and Japan

448 views • 22 slides
Algorithmique arithmtique, N1MA9W11 Jean-Marc Couveignes 5 septembre 2011 Jean-Marc Couveignes

Algorithmique arithmtique, N1MA9W11 Jean-Marc Couveignes 5 septembre 2011 Jean-Marc Couveignes

Algorithmique arithmtique, N1MA9W11 Jean-Marc Couveignes 5 septembre 2011 Jean-Marc Couveignes Algorithmique arithmtique Motivation I Effective methods and issues play an important role in number theory : Diophantine equations, Agorithmic

284 views • 7 slides
The Blockchain Propagation Process Aapeli Vuorinen May 31, 2019 1 In this talk What is

The Blockchain Propagation Process Aapeli Vuorinen May 31, 2019 1 In this talk What is

The Blockchain Propagation Process Aapeli Vuorinen May 31, 2019 1 In this talk What is Bitcoin? What are blockchains and how do they work? What is the blockchain propagation process? Why does the propagation delay matter? 2

703 views • 53 slides
Team 8 - Crayowulf Philip Holmes, Peter Oostema, Noah Pirrotta 1/14 Who Are We? Peter Oostema

Team 8 - Crayowulf Philip Holmes, Peter Oostema, Noah Pirrotta 1/14 Who Are We? Peter Oostema

Team 8 - Crayowulf Philip Holmes, Peter Oostema, Noah Pirrotta 1/14 Who Are We? Peter Oostema Philip Holmes Noah Pirrotta Ben Kastner EE and CS ME ME CS 2/14 PC: Josh Tempelman Problem Design a computer cluster with mechanical

276 views • 14 slides

More recommend