safecurves cryptography choosing safe curves for public
play

SafeCurves: Cryptography choosing safe curves for Public-key - PowerPoint PPT Presentation

Oct 17, 2022 •183 likes •1.85k views

SafeCurves: Cryptography choosing safe curves for Public-key signatures: elliptic-curve cryptography e.g., RSA, DSA, ECDSA. Daniel J. Bernstein Some uses: signed OS updates, University of Illinois at Chicago & SSL certificates,

  1. � � many smaller improvements: The clock Examples ✙ scientific papers. ② of these algorithms for reaking RSA-1024, RSA-2048: , 2 170 , CFRAC; ✙ , 2 160 , LS; ✙ ① , 2 150 , QS; ✙ 2 112 , NFS. ✙ Miller “Use of This is the curve ① 2 + ② 2 = 1. curves in cryptography”: Warning: extremely unlikely This is not an elliptic curve. an ‘index calculus’ attack “Elliptic curve” ✻ = “ellipse.” elliptic curve method ever be able to work.”

  2. � � smaller improvements: The clock Examples of points ✙ papers. ② algorithms for RSA-1024, RSA-2048: ✙ CFRAC; ✙ LS; ① ✙ QS; ✙ NFS. “Use of This is the curve ① 2 + ② 2 = 1. cryptography”: Warning: unlikely This is not an elliptic curve. calculus’ attack “Elliptic curve” ✻ = “ellipse.” curve method to work.”

  3. � � rovements: The clock Examples of points on this curve: ✙ ② for RSA-2048: ✙ ✙ ① ✙ ✙ This is the curve ① 2 + ② 2 = 1. cryptography”: Warning: This is not an elliptic curve. attack “Elliptic curve” ✻ = “ellipse.” d

  4. � � The clock Examples of points on this curve: ② ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  5. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  6. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  7. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  8. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  9. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  10. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  11. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  12. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  13. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  14. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. This is the curve ① 2 + ② 2 = 1. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  15. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. This is the curve ① 2 + ② 2 = 1. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). Warning: (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). This is not an elliptic curve. (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). “Elliptic curve” ✻ = “ellipse.” Many more.

  16. � � clock Examples of points on this curve: Addition (0 ❀ 1) = “12:00”. ② ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ❀ ✎ P ① ❀ ② ( � 1 ❀ 0) = “9:00”. ✎ ☛ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P ① ❀ ② ✎ ♣ ① ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P ① ❀ ② ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. the curve ① 2 + ② 2 = 1. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). rning: ① = sin ☛ ② ☛ (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). not an elliptic curve. (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). “Elliptic curve” ✻ = “ellipse.” Many more.

  17. � � Examples of points on this curve: Addition on the clo (0 ❀ 1) = “12:00”. ② ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral ❀ ✎ P ① ❀ ② ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P ① ❀ ② ✎ ✂ ✂ ✐ ✐ ✂ ✐ ♣ ✐ ① ① ✂ ✐ P (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P ① ❀ ② ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. ① 2 + ② 2 = 1. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). elliptic curve. (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). ✻ = “ellipse.” Many more.

  18. � � ✻ Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ ✎ P 1 = ( ① ❀ ② ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ① ❀ ② ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ① ✐ P ✂ (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① ❀ ② ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① ② = 1. ① 2 + ② 2 = 1, parametrized b (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). e. (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). “ellipse.” Many more.

  19. � � Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ✐ P ✂ (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). Many more.

  20. � � Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ✐ ✂ P (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . Recall (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). Many more.

  21. � � Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ✐ ✂ P (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . Recall (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ Many more.

  22. � � Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ✐ ✂ P (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . Recall (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ Many more. cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  23. � � Examples of points on this curve: Addition on the clock: Clock addition ❀ = “12:00”. ② ② ❀ � 1) = “6:00”. ❀ = “3:00”. neutral = (0 ❀ 1) ❀ ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P ① ❀ ② � ❀ 0) = “9:00”. ✎ ✎ ☛ 1 ✂ ✂ ♣ ❂ ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) P ① ❀ ② ✎ ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ① ✐ ✂ P ❂ ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ✎ � ❂ ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) P ① ❀ ② ♣ ♣ ❂ ❀ 1 ❂ 2) = “1:30”. ❂ ❀ ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by Use Cartesian ❂ ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). addition. ① = sin ☛ , ② = cos ☛ . Recall ❂ ❀ ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). for the clo ① ② (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = ❂ ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). sum of ( ① ❀ ② ① ❀ ② (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ more. ( ① 1 ② 2 + ② ① ❀ ② ② � ① ① cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  24. � � � oints on this curve: Addition on the clock: Clock addition without ❀ “12:00”. ② ② ❀ � “6:00”. ❀ neutral = (0 ❀ 1) neutral ❀ ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P ① ❀ ② � ❀ “9:00”. ✎ ✎ ☛ 1 ✂ ✂ ✂ ♣ “2:00”. ❂ ❀ ❂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P ① ❀ ② ✎ ✎ ✂ ✂ ✐ ✂ ✐ ✂ ✐ ✐ ✐ ✐ ✂ ✂ ✐ ✐ ♣ ✐ ✐ ① ① ✂ ✐ P ✂ P ✐ ❂ ❀ � ❂ “5:00”. P P P P P P P P P P ♣ ✎ ✎ � ❂ ❀ � ❂ = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) P ① ❀ ② ♣ ♣ ❂ ❀ ❂ “1:30”. ❂ ❀ ❂ � ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by Use Cartesian coordinates ❂ ❀ � ❂ � 3 ❂ 5 ❀ � 4 ❂ 5). addition. Addition ① = sin ☛ , ② = cos ☛ . Recall ❂ ❀ ❂ � ❂ 5 ❀ 3 ❂ 5). for the clock ① 2 + ② (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = ❂ ❀ � ❂ � 4 ❂ 5 ❀ � 3 ❂ 5). sum of ( ① 1 ❀ ② 1 ) and ① ❀ ② (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① ① cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  25. � � � � this curve: Addition on the clock: Clock addition without sin, cos: ❀ ② ② ❀ � ❀ neutral = (0 ❀ 1) neutral = (0 ❀ ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P 1 = ( ① ❀ ② � ❀ ✎ ✎ ☛ 1 ✂ ✂ ✂ ✂ ♣ ❂ ❀ ❂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P 2 = ① ❀ ② ✎ ✎ ✂ ✂ ✐ ✐ ✂ ✐ ✂ ✐ ✐ ✐ ✐ ✐ ✂ ✂ ✐ ✐ ♣ ✐ ✐ ① ① P ✂ ✐ ✐ ✂ P ❂ ❀ � ❂ P P P P P P P P P P P P ♣ ✎ ✎ � ❂ ❀ � ❂ “7:00”. P 3 = ( ① 3 ❀ ② 3 ) P 3 = ( ① ❀ ② ♣ ♣ ❂ ❀ ❂ ❂ ❀ ❂ � ❂ ❀ ❂ ① 2 + ② 2 = 1, parametrized by Use Cartesian coordinates fo ❂ ❀ � ❂ � ❂ ❀ � ❂ 5). addition. Addition formula ① = sin ☛ , ② = cos ☛ . Recall ❂ ❀ ❂ � ❂ ❀ ❂ for the clock ① 2 + ② 2 = 1: (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = ❂ ❀ � ❂ � ❂ ❀ � ❂ 5). sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  26. � � � � Addition on the clock: Clock addition without sin, cos: ② ② neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P 1 = ( ① 1 ❀ ② 1 ) ✎ ✎ ☛ 1 ✂ ✂ ✂ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P 2 = ( ① 2 ❀ ② 2 ) ✎ ✎ ✂ ✂ ✐ ✐ ✂ ✐ ✂ ✐ ✐ ✐ ✐ ✐ ✂ ✂ ✐ ✐ ✐ ✐ ① ① ✂ P ✐ ✂ P ✐ P P P P P P P P P P P P ✎ ✎ P 3 = ( ① 3 ❀ ② 3 ) P 3 = ( ① 3 ❀ ② 3 ) ① 2 + ② 2 = 1, parametrized by Use Cartesian coordinates for addition. Addition formula ① = sin ☛ , ② = cos ☛ . Recall for the clock ① 2 + ② 2 = 1: (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  27. � � � � Addition on the clock: Clock addition without sin, cos: Examples “2:00” + ② ② ♣ ♣ = ( 3 ❂ 4 ❀ ❂ ❂ ❀ � ❂ ♣ = ( � 1 ❂ 2 ❀ � ❂ neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P 1 = ( ① 1 ❀ ② 1 ) “5:00” + ✎ ✎ ☛ 1 ✂ ✂ ✂ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � ❂ � ❀ ✎ ✎ ✂ ✂ ✐ ✐ ✂ ✐ ✂ ✐ ✐ ✐ ✐ ✐ ✂ ✂ ✐ ✐ ✐ ✐ ① ① P ✐ ✂ ✂ ✐ P P P ♣ = ( 3 ❂ 4 ❀ ❂ P P P P P P P P P P ✎ ✎ P 3 = ( ① 3 ❀ ② 3 ) P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ ✓ 5 ❀ 4 2 ❀ 5 ② 2 = 1, parametrized by Use Cartesian coordinates for ① addition. Addition formula ① sin ☛ , ② = cos ☛ . Recall for the clock ① 2 + ② 2 = 1: ☛ + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ☛ cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ☛ cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  28. � � � clock: Clock addition without sin, cos: Examples of clock “2:00” + “5:00” ② ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ ❀ � ❂ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✎ ☛ ✂ ✂ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + � ❀ ✎ ✎ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ✐ ✐ ✐ ✂ ✐ ✐ ① ① ✂ P ✐ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P P P P ✎ ✎ P 3 = ( ① 3 ❀ ② 3 ) P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 2 = 25 ❀ 5 Use Cartesian coordinates for ① ② rametrized by addition. Addition formula ① ☛ ② cos ☛ . Recall for the clock ① 2 + ② 2 = 1: ☛ ☛ ❀ cos( ☛ 1 + ☛ 2 )) = sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ☛ ☛ cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ☛ ☛ � sin ☛ 1 sin ☛ 2 ).

  29. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ ( ① 1 ❀ ② 1 ) P 1 = ( ① 1 ❀ ② 1 ) P “5:00” + “9:00” ✎ ✎ ☛ ✂ ✂ ✂ P = ( ① 2 ❀ ② 2 ) P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ① ✐ P ✂ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ ✎ P ( ① 3 ❀ ② 3 ) P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 Use Cartesian coordinates for ① ② by addition. Addition formula ① ☛ ② ☛ ecall for the clock ① 2 + ② 2 = 1: ☛ ☛ ❀ ☛ ☛ )) = sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ☛ ☛ ☛ ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ☛ ☛ � ☛ ☛ 2 ).

  30. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① P ✂ ✐ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 Use Cartesian coordinates for addition. Addition formula for the clock ① 2 + ② 2 = 1: sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  31. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✐ ✂ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  32. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✐ P ✂ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  33. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✐ ✂ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  34. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✐ ✂ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  35. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✂ ✐ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) =

  36. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✂ ✐ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  37. � � addition without sin, cos: Examples of clock addition: Clocks over “2:00” + “5:00” ② ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ① ✂ P ✐ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Cartesian coordinates for 3 = . ✟ ✠ ( ①❀ ② ) ✷ ✂ ① ② 5 125 addition. Addition formula Here F 7 ❢ ❀ ❀ ❀ ❀ ❀ ❀ ❣ clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . = ❢ 0 ❀ 1 ❀ 2 ❀ ❀ � ❀ � ❀ � ❣ 5 625 of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is with arit ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ① ② + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). e.g. 2 ✁ 5 ❂ ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  38. � without sin, cos: Examples of clock addition: Clocks over finite fields “2:00” + “5:00” ② ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✐ ✐ ✐ ✐ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ① ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P ✎ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ) = ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 ordinates for 3 = . ✟ ✠ ( ①❀ ② ) ✷ F 7 ✂ F 7 ① ② 5 125 Addition formula Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ ❀ ❀ ❀ ❣ ① + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � ❀ � ❣ 5 625 ① ❀ ② and ( ① 2 ❀ ② 2 ) is with arithmetic mo ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ② ① ❀ ② ② 2 � ① 1 ① 2 ). ① ② e.g. 2 ✁ 5 = 3 and ❂ ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  39. sin, cos: Examples of clock addition: Clocks over finite fields “2:00” + “5:00” ② ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. (0 ❀ 1) ✎ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ( ① 1 ❀ ② 1 ) P “5:00” + “9:00” ✎ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ P = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ① ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✎ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ P ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ) = ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 for 3 = . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 ✟ ✠ 5 125 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 ① ② 4 = . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ 5 625 ① ❀ ② ① ❀ ② 2 ) is with arithmetic modulo 7. ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ② ① ❀ ② ② � ① ① ). ① ② e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  40. Examples of clock addition: Clocks over finite fields “2:00” + “5:00” ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ “5:00” + “9:00” ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ) = ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 3 = . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . 5 125 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ 5 625 with arithmetic modulo 7. ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 . ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  41. Examples of clock addition: Clocks over finite fields Larger exa + “5:00” Examples ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) on Clock( ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ � ❂ 2 ❀ � 3 ❂ 4) = “7:00”. 2(1000 ❀ 2) ❀ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ + “9:00” ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ♣ ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ♣ 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✒ ✓ ✒ 24 ✓ ❀ 4 25 ❀ 7 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ) = ✒ ✓ ✒ 117 ✓ ❀ 4 125 ❀ � 44 = . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . 5 125 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ ✓ ✒ 336 ✓ ❀ 4 625 ❀ � 527 = . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ 5 625 with arithmetic modulo 7. ① ❀ ② ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 . ① ❀ ② ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  42. ck addition: Clocks over finite fields Larger example: Clo Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ ❂ ❀ ❂ (1 ❂ 2 ❀ � 3 ❂ 4) on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ � ❂ ❀ � ❂ 4) = “7:00”. 2(1000 ❀ 2) = (4000 ❀ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ♣ ❂ ❀ � ❂ 4) + ( � 1 ❀ 0) ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ♣ ❂ ❀ ❂ “2:00”. ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✒ ✓ ✒ 24 ✓ 25 ❀ 7 ❀ . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 25 Clock( F 7 ) = ✒ ✓ ✒ 117 ✓ 125 ❀ � 44 ❀ . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . 125 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ ✓ ✒ 336 ✓ 625 ❀ � 527 ❀ . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ 625 with arithmetic modulo 7. ① ❀ ② ❀ = ( ① 1 ❀ ② 1 ). e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 . ① ❀ ② � ① ❀ ② 1 ) = (0 ❀ 1).

  43. addition: Clocks over finite fields Larger example: Clock( F 1000003 Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ ❂ ❀ ❂ ❂ ❀ � 3 ❂ 4) on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ � ❂ ❀ � ❂ “7:00”. 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ♣ ❂ ❀ � ❂ � ❀ 0) ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ♣ ❂ ❀ ❂ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✒ ✓ ✒ ✓ ❀ ❀ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ✒ ✓ ✒ ✓ ❀ � ❀ . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ ✓ ✒ ✓ ❀ � ❀ . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. ① ❀ ② ❀ ① ❀ ② ). e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 . ① ❀ ② � ① ❀ ② ❀ 1).

  44. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  45. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  46. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  47. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  48. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  49. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ “Scalar multiplication” Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 on a clock: ✟ ✠ . Given integer ♥ ✕ 0 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ and clock point ( ①❀ ② ), = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ compute ♥ ( ①❀ ② ). with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  50. over finite fields Larger example: Clock( F 1000003 ). “Binary If ♥ is even, ♥ ①❀ ② Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ by doubling ♥❂ ①❀ ② on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ Otherwise ♥ ①❀ ② 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ by adding ①❀ ② ♥ � ①❀ ② 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ This is very 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ “Scalar multiplication” F 7 ) = ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 on a clock: ✟ ✠ . Given integer ♥ ✕ 0 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ and clock point ( ①❀ ② ), ❢ ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ compute ♥ ( ①❀ ② ). rithmetic modulo 7. ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  51. ite fields Larger example: Clock( F 1000003 ). “Binary method”: If ♥ is even, compute ♥ ①❀ ② Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ by doubling ( ♥❂ 2)( ①❀ ② on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ Otherwise compute ♥ ①❀ ② 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ by adding ( ①❀ ② ) to ♥ � ①❀ ② 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ This is very fast. 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ “Scalar multiplication” 7 : ① 2 + ② 2 = 1 on a clock: ✟ ✠ ①❀ ② ✷ ✂ . Given integer ♥ ✕ 0 ❢ ❀ ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ and clock point ( ①❀ ② ), ❢ ❀ ❀ ❀ ❀ � ❀ � 2 ❀ � 1 ❣ compute ♥ ( ①❀ ② ). modulo 7. ✁ and 3 ❂ 2 = 5 in F 7 .

  52. Larger example: Clock( F 1000003 ). “Binary method”: If ♥ is even, compute ♥ ( ①❀ ② Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ by doubling ( ♥❂ 2)( ①❀ ② ). on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ Otherwise compute ♥ ( ①❀ ② ) 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ This is very fast. 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ “Scalar multiplication” ② 2 = 1 on a clock: ✟ ✠ ①❀ ② ✷ ✂ ① . Given integer ♥ ✕ 0 ❢ ❀ ❀ ❀ ❀ ❀ ❀ 6 ❣ and clock point ( ①❀ ② ), ❢ ❀ ❀ ❀ ❀ � ❀ � ❀ � ❣ compute ♥ ( ①❀ ② ). ✁ ❂ in F 7 .

  53. Larger example: Clock( F 1000003 ). “Binary method”: If ♥ is even, compute ♥ ( ①❀ ② ) Examples of addition by doubling ( ♥❂ 2)( ①❀ ② ). on Clock( F 1000003 ): Otherwise compute ♥ ( ①❀ ② ) 2(1000 ❀ 2) = (4000 ❀ 7). by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). 4(1000 ❀ 2) = (56000 ❀ 97). This is very fast. 8(1000 ❀ 2) = (863970 ❀ 18817). 16(1000 ❀ 2) = (549438 ❀ 156853). 17(1000 ❀ 2) = (951405 ❀ 877356). “Scalar multiplication” on a clock: Given integer ♥ ✕ 0 and clock point ( ①❀ ② ), compute ♥ ( ①❀ ② ).

  54. Larger example: Clock( F 1000003 ). “Binary method”: If ♥ is even, compute ♥ ( ①❀ ② ) Examples of addition by doubling ( ♥❂ 2)( ①❀ ② ). on Clock( F 1000003 ): Otherwise compute ♥ ( ①❀ ② ) 2(1000 ❀ 2) = (4000 ❀ 7). by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). 4(1000 ❀ 2) = (56000 ❀ 97). This is very fast. 8(1000 ❀ 2) = (863970 ❀ 18817). 16(1000 ❀ 2) = (549438 ❀ 156853). But figuring out ♥ 17(1000 ❀ 2) = (951405 ❀ 877356). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. “Scalar multiplication” on a clock: With 30 clock additions Given integer ♥ ✕ 0 we computed and clock point ( ①❀ ② ), ♥ (1000 ❀ 2) = (947472 ❀ 736284) compute ♥ ( ①❀ ② ). for some 6-digit ♥ . Can you figure out ♥ ?

  55. example: Clock( F 1000003 ). “Binary method”: Clock cryptography If ♥ is even, compute ♥ ( ①❀ ② ) Examples of addition Standardize ♣ by doubling ( ♥❂ 2)( ①❀ ② ). ck( F 1000003 ): and some ①❀ ② ✷ ♣ Otherwise compute ♥ ( ①❀ ② ) ❀ 2) = (4000 ❀ 7). Alice cho ❛ by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). ❀ 2) = (56000 ❀ 97). Computes ❛ ①❀ ② This is very fast. ❀ 2) = (863970 ❀ 18817). Bob cho ❜ 16(1000 ❀ 2) = (549438 ❀ 156853). But figuring out ♥ Computes ❜ ①❀ ② 17(1000 ❀ 2) = (951405 ❀ 877356). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. Alice computes ❛ ❜ ①❀ ② r multiplication” Bob computes ❜ ❛ ①❀ ② clock: With 30 clock additions They use integer ♥ ✕ 0 we computed to encrypt clock point ( ①❀ ② ), ♥ (1000 ❀ 2) = (947472 ❀ 736284) compute ♥ ( ①❀ ② ). for some 6-digit ♥ . Warning Can you figure out ♥ ? Many choices ♣

  56. Clock( F 1000003 ). “Binary method”: Clock cryptography If ♥ is even, compute ♥ ( ①❀ ② ) addition Standardize a large ♣ by doubling ( ♥❂ 2)( ①❀ ② ). 1000003 ): and some ( ①❀ ② ) ✷ ♣ Otherwise compute ♥ ( ①❀ ② ) ❀ (4000 ❀ 7). Alice chooses big secret ❛ by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). ❀ (56000 ❀ 97). Computes her public ❛ ①❀ ② This is very fast. ❀ (863970 ❀ 18817). Bob chooses big secret ❜ ❀ (549438 ❀ 156853). But figuring out ♥ Computes his public ❜ ①❀ ② ❀ (951405 ❀ 877356). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. Alice computes ❛ ( ❜ ①❀ ② multiplication” Bob computes ❜ ( ❛ ①❀ ② With 30 clock additions They use this shared ♥ ✕ 0 we computed to encrypt with AES-GCM ( ①❀ ② ), ♥ (1000 ❀ 2) = (947472 ❀ 736284) ♥ ①❀ ② ). for some 6-digit ♥ . Warning #1: Can you figure out ♥ ? Many choices of ♣

  57. 1000003 ). “Binary method”: Clock cryptography If ♥ is even, compute ♥ ( ①❀ ② ) Standardize a large prime ♣ by doubling ( ♥❂ 2)( ①❀ ② ). and some ( ①❀ ② ) ✷ Clock( F ♣ ). Otherwise compute ♥ ( ①❀ ② ) ❀ ❀ Alice chooses big secret ❛ . by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). ❀ ❀ Computes her public key ❛ ( ①❀ ② This is very fast. ❀ ❀ 18817). Bob chooses big secret ❜ . ❀ ❀ 156853). But figuring out ♥ Computes his public key ❜ ( ①❀ ② ❀ ❀ 877356). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). With 30 clock additions They use this shared secret ♥ ✕ we computed to encrypt with AES-GCM etc. ♥ (1000 ❀ 2) = (947472 ❀ 736284) ①❀ ② ♥ ①❀ ② for some 6-digit ♥ . Warning #1: Can you figure out ♥ ? Many choices of ♣ are bad!

  58. “Binary method”: Clock cryptography If ♥ is even, compute ♥ ( ①❀ ② ) Standardize a large prime ♣ by doubling ( ♥❂ 2)( ①❀ ② ). and some ( ①❀ ② ) ✷ Clock( F ♣ ). Otherwise compute ♥ ( ①❀ ② ) Alice chooses big secret ❛ . by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). Computes her public key ❛ ( ①❀ ② ). This is very fast. Bob chooses big secret ❜ . But figuring out ♥ Computes his public key ❜ ( ①❀ ② ). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). With 30 clock additions They use this shared secret we computed to encrypt with AES-GCM etc. ♥ (1000 ❀ 2) = (947472 ❀ 736284) for some 6-digit ♥ . Warning #1: Can you figure out ♥ ? Many choices of ♣ are bad!

  59. � � ry method”: Clock cryptography Alice’s secret ❛ ❜ ♥ even, compute ♥ ( ①❀ ② ) Standardize a large prime ♣ bling ( ♥❂ 2)( ①❀ ② ). and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s Otherwise compute ♥ ( ①❀ ② ) public Alice chooses big secret ❛ . ding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). ❛ ( ①❀ ② ❜ ①❀ ② Computes her public key ❛ ( ①❀ ② ). very fast. Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ❢ ❀ ❣ figuring out ♥ shared Computes his public key ❜ ( ①❀ ② ). ( ①❀ ② ) and ♥ ( ①❀ ② ) ❛❜ ( ①❀ ② ❜❛ ①❀ ② much more difficult. Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). 30 clock additions They use this shared secret computed to encrypt with AES-GCM etc. ♥ (1000 ❀ 2) = (947472 ❀ 736284) ome 6-digit ♥ . Warning #1: ou figure out ♥ ? Many choices of ♣ are bad!

  60. � � d”: Clock cryptography Alice’s secret key ❛ ❜ ♥ compute ♥ ( ①❀ ② ) Standardize a large prime ♣ ♥❂ 2)( ①❀ ② ). and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s mpute ♥ ( ①❀ ② ) public key Alice chooses big secret ❛ . ①❀ ② to ( ♥ � 1)( ①❀ ② ). ❛ ( ①❀ ② ) ❜ ①❀ ② ▲ ▲ Computes her public key ❛ ( ①❀ ② ). ▲ fast. ▲ ▲ � rrrr ▲ Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ ❀ ❣ ♥ = shared secret Computes his public key ❜ ( ①❀ ② ). ①❀ ② ♥ ( ①❀ ② ) ❛❜ ( ①❀ ② ) ❜❛ ①❀ ② difficult. Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). additions They use this shared secret to encrypt with AES-GCM etc. (947472 ❀ 736284) ♥ ❀ ♥ . Warning #1: out ♥ ? Many choices of ♣ are bad!

  61. � � � � Clock cryptography Alice’s Bob’s secret key ❛ secret k ❜ ♥ ♥ ①❀ ② ) Standardize a large prime ♣ ♥❂ ①❀ ② and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s Bob’s ♥ ①❀ ② ) public key public Alice chooses big secret ❛ . ①❀ ② ♥ � 1)( ①❀ ② ). ❛ ( ①❀ ② ) ❜ ( ①❀ ② ▲ ▲ � rrrrrrr Computes her public key ❛ ( ①❀ ② ). ▲ ▲ ▲ ▲ ▲ Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ♥ = shared secret shared s Computes his public key ❜ ( ①❀ ② ). ①❀ ② ♥ ①❀ ② ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). They use this shared secret to encrypt with AES-GCM etc. ❀ 736284) ♥ ❀ ♥ Warning #1: ♥ Many choices of ♣ are bad!

  62. � � � � � Clock cryptography Alice’s Bob’s secret key ❛ secret key ❜ Standardize a large prime ♣ and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s Bob’s public key public key Alice chooses big secret ❛ . ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr Computes her public key ❛ ( ①❀ ② ). ▲ ▲ ▲ ▲ ▲ Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s = shared secret shared secret Computes his public key ❜ ( ①❀ ② ). ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). They use this shared secret to encrypt with AES-GCM etc. Warning #1: Many choices of ♣ are bad!

  63. � � � � � Clock cryptography Alice’s Bob’s secret key ❛ secret key ❜ Standardize a large prime ♣ and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s Bob’s public key public key Alice chooses big secret ❛ . ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr Computes her public key ❛ ( ①❀ ② ). ▲ ▲ ▲ ▲ ▲ Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s = shared secret shared secret Computes his public key ❜ ( ①❀ ② ). ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) Alice computes ❛ ( ❜ ( ①❀ ② )). Warning #2: Bob computes ❜ ( ❛ ( ①❀ ② )). Clocks aren’t elliptic! They use this shared secret Can use index calculus to encrypt with AES-GCM etc. to attack clock cryptography. Warning #1: To match RSA-3072 security Many choices of ♣ are bad! need ♣ ✙ 2 1536 .

  64. � � � � � cryptography Timing attacks Alice’s Bob’s secret key ❛ secret key ❜ Standardize a large prime ♣ Attacker some ( ①❀ ② ) ✷ Clock( F ♣ ). ❛ ( ①❀ ② ) and ❜ ①❀ ② Alice’s Bob’s public key public key chooses big secret ❛ . Attacker ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr Computes her public key ❛ ( ①❀ ② ). Alice to ❛ ❜ ①❀ ② ▲ ▲ ▲ ▲ ▲ Often attack chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s time for = shared secret shared secret Computes his public key ❜ ( ①❀ ② ). performed ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) computes ❛ ( ❜ ( ①❀ ② )). not just Warning #2: computes ❜ ( ❛ ( ①❀ ② )). This reveals ❛ Clocks aren’t elliptic! use this shared secret Fix: constant-time Can use index calculus encrypt with AES-GCM etc. to attack clock cryptography. performing rning #1: no matter To match RSA-3072 security choices of ♣ are bad! need ♣ ✙ 2 1536 .

  65. � � � � � cryptography Timing attacks Alice’s Bob’s secret key ❛ secret key ❜ rge prime ♣ Attacker sees more ①❀ ② ✷ Clock( F ♣ ). ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Alice’s Bob’s public key public key big secret ❛ . Attacker sees time ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr public key ❛ ( ①❀ ② ). Alice to compute ❛ ❜ ①❀ ② ▲ ▲ ▲ ▲ ▲ Often attacker can secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s time for each operation = shared secret shared secret public key ❜ ( ①❀ ② ). performed by Alice, ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) ❛ ( ❜ ( ①❀ ② )). not just total time. Warning #2: ❜ ( ❛ ( ①❀ ② )). This reveals secret ❛ Clocks aren’t elliptic! shared secret Fix: constant-time Can use index calculus AES-GCM etc. to attack clock cryptography. performing same op no matter what scala To match RSA-3072 security ♣ are bad! need ♣ ✙ 2 1536 .

  66. � � � � � Timing attacks Alice’s Bob’s secret key ❛ secret key ❜ ♣ Attacker sees more than ①❀ ② ✷ ♣ ). ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Alice’s Bob’s public key public key ❛ . Attacker sees time for ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr ❛ ( ①❀ ② ). Alice to compute ❛ ( ❜ ( ①❀ ② )). ▲ ▲ ▲ ▲ ▲ Often attacker can see ❜ ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s time for each operation = shared secret shared secret ❜ ( ①❀ ② ). performed by Alice, ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) ❛ ❜ ①❀ ② )). not just total time. Warning #2: ❜ ❛ ①❀ ② This reveals secret ❛ . Clocks aren’t elliptic! cret Fix: constant-time code, Can use index calculus etc. to attack clock cryptography. performing same operations no matter what scalar is. To match RSA-3072 security ad! ♣ need ♣ ✙ 2 1536 .

  67. � � � � � Timing attacks Alice’s Bob’s secret key ❛ secret key ❜ Attacker sees more than ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Alice’s Bob’s public key public key Attacker sees time for ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr Alice to compute ❛ ( ❜ ( ①❀ ② )). ▲ ▲ ▲ ▲ ▲ Often attacker can see ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s time for each operation = shared secret shared secret performed by Alice, ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) not just total time. Warning #2: This reveals secret ❛ . Clocks aren’t elliptic! Fix: constant-time code, Can use index calculus to attack clock cryptography. performing same operations no matter what scalar is. To match RSA-3072 security need ♣ ✙ 2 1536 .

  68. � � � � Timing attacks Addition Alice’s Bob’s secret key ❛ secret key ❜ Attacker sees more than ② ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Alice’s Bob’s ❀ ✎ public key public key Attacker sees time for P ① ❀ ② ❛ ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr ✎ Alice to compute ❛ ( ❜ ( ①❀ ② )). ▲ ▲ ▲ P ① ❀ ② ▲ ✎ ▲ Often attacker can see ① ✎ ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s P ① ❀ ② time for each operation = red secret shared secret performed by Alice, ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) not just total time. ① 2 + ② 2 � ① ② rning #2: This reveals secret ❛ . Sum of ( ① ❀ ② ① ❀ ② aren’t elliptic! (( ① 1 ② 2 + ② ① ❂ � ① ① ② ② Fix: constant-time code, use index calculus ( ② 1 ② 2 � ① ① ❂ ① ① ② ② attack clock cryptography. performing same operations no matter what scalar is. match RSA-3072 security ♣ ✙ 2 1536 .

  69. � � � � Timing attacks Addition on an elliptic Bob’s ❛ secret key ❜ Attacker sees more than ② ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Bob’s neutral ❀ ✎ public key Attacker sees time for P ① ❀ ② ❜ ( ①❀ ② ) ❛ ①❀ ② rrrr ✎ Alice to compute ❛ ( ❜ ( ①❀ ② )). ☞ ▲ P ① ❀ ② ▲ ☞ ✎ ▲ ☞ ❢ ❢ Often attacker can see ❢ ① ❢ ❬ ☞ ❬ ❬ ❬ ✎ ❢ ❀ ❣ ❢ Bob ❀ Alice ❣ ’s P ① ❀ ② time for each operation = shared secret performed by Alice, ❛❜ ①❀ ② ❜❛ ( ①❀ ② ) not just total time. ① 2 + ② 2 = 1 � 30 ① ② This reveals secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ① ❀ ② elliptic! (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � ① ① ② ② Fix: constant-time code, calculus ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① ① ② ② cryptography. performing same operations no matter what scalar is. RSA-3072 security ♣ ✙

  70. � � � � Timing attacks Addition on an elliptic curve Bob’s ❛ secret key ❜ Attacker sees more than ② ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Bob’s neutral = (0 ❀ ✎ public key Attacker sees time for P 1 = ( ① 1 ❀ ② ❜ ①❀ ② ) ❛ ①❀ ② ✎ Alice to compute ❛ ( ❜ ( ①❀ ② )). ☞ P 2 = ( ① ❀ ② ☞ ✎ ❢ ☞ ❢ ❢ Often attacker can see ❢ ① ❢ ❬ ☞ ❬ ❬ ❬ ❬ ✎ ❬ ❢ ❀ ❣ ❢ ❀ Alice ❣ ’s P 3 = ( ① ❀ ② time for each operation secret performed by Alice, ❛❜ ①❀ ② ❜❛ ①❀ ② ) not just total time. ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . This reveals secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② Fix: constant-time code, ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② cryptography. performing same operations no matter what scalar is. security ♣ ✙

  71. � � Timing attacks Addition on an elliptic curve Attacker sees more than ② ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). neutral = (0 ❀ 1) ✎ Attacker sees time for P 1 = ( ① 1 ❀ ② 1 ) ✎ Alice to compute ❛ ( ❜ ( ①❀ ② )). ☞ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✎ ❢ ☞ ❢ ❢ Often attacker can see ❢ ① ❬ ☞ ❢ ❬ ❬ ❬ ❬ ✎ ❬ P 3 = ( ① 3 ❀ ② 3 ) time for each operation performed by Alice, not just total time. ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . This reveals secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), Fix: constant-time code, ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). performing same operations no matter what scalar is.

  72. � � Timing attacks Addition on an elliptic curve The clock er sees more than ② ② ❛ ①❀ ② ) and ❜ ( ①❀ ② ). neutral = (0 ❀ 1) ❀ ✎ ✎ er sees time for P ① ❀ ② ✎ P 1 = ( ① 1 ❀ ② 1 ) ✎ to compute ❛ ( ❜ ( ①❀ ② )). P ① ❀ ② ☞ ✎ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✎ ❢ ☞ ❢ ❢ attacker can see ❢ ① ① ❬ ❢ ☞ ❬ ❬ ❬ ❬ ✎ ❬ P 3 = ( ① 3 ❀ ② 3 ) for each operation ✎ P ① ❀ ② rmed by Alice, just total time. ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 reveals secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① ❀ ② ① ❀ ② (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② ① constant-time code, ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① ① rming same operations matter what scalar is.

  73. � � � Addition on an elliptic curve The clock again, fo more than ② ② ❛ ①❀ ② ❜ ①❀ ② ). neutral = (0 ❀ 1) neutral ❀ ✎ ✎ time for P ① ❀ ② ✎ P 1 = ( ① 1 ❀ ② 1 ) ✎ ✂ compute ❛ ( ❜ ( ①❀ ② )). ✂ P ① ❀ ② ☞ ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✂ ✎ ✐ ❢ ✐ ☞ ✂ ❢ ✐ ❢ can see ✐ ❢ ① ① ❬ ☞ ❢ ✐ ✂ P ❬ ❬ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P eration ✎ P ① ❀ ② Alice, time. ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 = 1. secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ① ❀ ② (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , constant-time code, ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). operations scalar is.

  74. � � � � Addition on an elliptic curve The clock again, for comparison: ② ② ❛ ①❀ ② ❜ ①❀ ② neutral = (0 ❀ 1) neutral = (0 ❀ ✎ ✎ P 1 = ( ① ❀ ② ✎ P 1 = ( ① 1 ❀ ② 1 ) ✂ ✎ ✂ ❛ ❜ ①❀ ② )). ✂ P 2 = ① ❀ ② ☞ ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✐ ☞ ✂ ✐ ✎ ✐ ❢ ✐ ☞ ✂ ❢ ✐ ❢ ✐ ❢ ① ① ❢ ☞ ❬ ✐ P ✂ ❬ ❬ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① ❀ ② ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 = 1. ❛ Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). erations

  75. � � � � Addition on an elliptic curve The clock again, for comparison: ② ② neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) ✎ P 1 = ( ① 1 ❀ ② 1 ) ✂ ✎ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✐ ☞ ✂ ✐ ✎ ✐ ❢ ✐ ☞ ✂ ❢ ✐ ❢ ✐ ❢ ① ① ☞ ❬ ❢ ✂ ✐ P ❬ ❬ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 = 1. Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ).

  76. � � � � Addition on an elliptic curve The clock again, for comparison: More elliptic Choose an ♣ ② ② Choose a ❞ ✷ ♣ neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ ❢ ( ①❀ ② ) ✷ ♣ ✂ P 1 = ( ① 1 ❀ ② 1 ) ♣ ✎ P 1 = ( ① 1 ❀ ② 1 ) ✂ ① 2 + ② ✎ ✂ ❞① ② ❣ ✂ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✐ ☞ ✂ ✐ ✎ ✐ ❢ ✐ ☞ ✂ ❢ ✐ ❢ is a “complete ✐ ❢ ① ① ☞ ❬ ❢ P ✐ ✂ ❬ ❬ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edw ( ① 1 ❀ ② 1 ) + ① ❀ ② ① ❀ ② ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 = 1. ① where of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① ② ② ① ① 3 = ① ② + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , 1 + ❞① ① ② ② ② ② � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). ② 1 ② � ① ① ② 3 = 1 � ❞① ① ② ②

  77. � � � elliptic curve The clock again, for comparison: More elliptic curves Choose an odd prime ♣ ② ② Choose a non-squa ❞ ✷ ♣ neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ P 1 = ( ① 1 ❀ ② 1 ) ✎ P 1 = ( ① 1 ❀ ② 1 ) ✂ ① 2 + ② 2 = 1 + ❞① ② ❣ ✎ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✐ ✂ ✐ ✎ ✐ ❢ ✐ ✂ ❢ ✐ is a “complete Edw ✐ ① ① ✐ P ✂ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) ① ❀ ② ① 2 + ② 2 = 1. � 30 ① 2 ② 2 . ① ② where ① ❀ ② and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① ① 3 = ① ② ② ① ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , 1 + ❞① 1 ① 2 ② 1 ② ② ② � ① ① ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). ② 1 ② 2 � ① 1 ① ② 3 = 1 � ❞① 1 ① 2 ② 1 ②

  78. � � curve The clock again, for comparison: More elliptic curves Choose an odd prime ♣ . ② ② Choose a non-square ❞ ✷ F ♣ (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : P 1 = ( ① 1 ❀ ② 1 ) ✎ P ① ❀ ② 1 ) ✂ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ ✎ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ P ( ① 2 ❀ ② 2 ) ✐ ✂ ✐ ✎ ✐ ✐ ✂ ✐ is a “complete Edwards curve”. ✐ ① ① P ✂ ✐ P ✎ P P P ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ① 2 + ② 2 = 1. ① ② � ① ② where ① ❀ ② ① ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ① ② ② ① ❂ � ① ① ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , 1 + ❞① 1 ① 2 ② 1 ② 2 ② ② � ① ① ❂ ① ① ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  79. � � The clock again, for comparison: More elliptic curves Choose an odd prime ♣ . ② Choose a non-square ❞ ✷ F ♣ . neutral = (0 ❀ 1) ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : P 1 = ( ① 1 ❀ ② 1 ) ✎ ✂ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ is a “complete Edwards curve”. ✐ ① ✐ ✂ P P P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) ① 2 + ② 2 = 1. where Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ( ① 1 ② 2 + ② 1 ① 2 , 1 + ❞① 1 ① 2 ② 1 ② 2 ② 1 ② 2 � ① 1 ① 2 ). ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  80. � � clock again, for comparison: More elliptic curves “Hey, there in the Edw Choose an odd prime ♣ . ② What if Choose a non-square ❞ ✷ F ♣ . neutral = (0 ❀ 1) ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : P 1 = ( ① 1 ❀ ② 1 ) ✎ ✂ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ is a “complete Edwards curve”. ✐ ① P ✐ ✂ P P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) ② 2 = 1. ① where of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ① ② + ② 1 ① 2 , 1 + ❞① 1 ① 2 ② 1 ② 2 ② ② � ① 1 ① 2 ). ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  81. � again, for comparison: More elliptic curves “Hey, there are divisions in the Edwards addition Choose an odd prime ♣ . ② What if the denominato Choose a non-square ❞ ✷ F ♣ . neutral = (0 ❀ 1) ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : P 1 = ( ① 1 ❀ ② 1 ) ✎ ✂ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✐ ✐ ✐ ✐ is a “complete Edwards curve”. ① P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) ① ② where ① ❀ ② and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ① ② ② ① 1 + ❞① 1 ① 2 ② 1 ② 2 ② ② � ① ① ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  82. comparison: More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . ② What if the denominators are Choose a non-square ❞ ✷ F ♣ . (0 ❀ 1) ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : ( ① 1 ❀ ② 1 ) P ✎ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ P = ( ① 2 ❀ ② 2 ) ✎ is a “complete Edwards curve”. ① ✎ P ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) ① ② where ① ❀ ② ① ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ① ② ② ① 1 + ❞① 1 ① 2 ② 1 ② 2 ② ② � ① ① ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  83. More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . What if the denominators are 0?” Choose a non-square ❞ ✷ F ♣ . ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ is a “complete Edwards curve”. “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) where ① 1 ② 2 + ② 1 ① 2 ① 3 = , 1 + ❞① 1 ① 2 ② 1 ② 2 ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  84. More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . What if the denominators are 0?” Choose a non-square ❞ ✷ F ♣ . Answer: Can prove that ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : the denominators are never 0. ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ Addition law is complete . is a “complete Edwards curve”. “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) where ① 1 ② 2 + ② 1 ① 2 ① 3 = , 1 + ❞① 1 ① 2 ② 1 ② 2 ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  85. More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . What if the denominators are 0?” Choose a non-square ❞ ✷ F ♣ . Answer: Can prove that ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : the denominators are never 0. ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ Addition law is complete . is a “complete Edwards curve”. This proof relies on “The Edwards addition law”: choosing non-square ❞ . ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) where ① 1 ② 2 + ② 1 ① 2 ① 3 = , 1 + ❞① 1 ① 2 ② 1 ② 2 ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  86. More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . What if the denominators are 0?” Choose a non-square ❞ ✷ F ♣ . Answer: Can prove that ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : the denominators are never 0. ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ Addition law is complete . is a “complete Edwards curve”. This proof relies on “The Edwards addition law”: choosing non-square ❞ . ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) where If we instead choose square ❞ : ① 1 ② 2 + ② 1 ① 2 curve is still elliptic, and ① 3 = , 1 + ❞① 1 ① 2 ② 1 ② 2 addition seems to work, ② 1 ② 2 � ① 1 ① 2 but there are failure cases, ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2 often exploitable by attackers. Safe code is more complicated.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New Curves in DNSSEC Ond ej Sur, CZ.NIC SafeCurves(.cr.yp.to) Work by Daniel J. Bernstein

New Curves in DNSSEC Ond ej Sur, CZ.NIC SafeCurves(.cr.yp.to) Work by Daniel J. Bernstein

New Curves in DNSSEC Ond ej Sur, CZ.NIC SafeCurves(.cr.yp.to) Work by Daniel J. Bernstein and Tanja Lange Difference between security of: Elliptic-Curve Cryptography (ECC) Elliptic-Curve Discrete-Logarithm Problem (ECDLP)

384 views • 6 slides
Choosing curves D. J. Bernstein University of Illinois at Chicago Traditional algorithm design:

Choosing curves D. J. Bernstein University of Illinois at Chicago Traditional algorithm design:

Choosing curves D. J. Bernstein University of Illinois at Chicago Traditional algorithm design: f . Have a function Want fastest algorithm f . that computes Cryptographic algorithm design: Have gigantic collection of f . apparently-safe

250 views • 24 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent slow speed of the public key

442 views • 14 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

810 views • 42 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

256 views • 22 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption: with

445 views • 17 slides
Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key Cryptography Lecture 8 Public-Key Encryption Diffie-Hellman Key-Exchange PKE scheme PKE scheme SKE: Syntax KeyGen outputs K K Enc: M K R

1.18k views • 104 slides
Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography

Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography

Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography 2 September 2019 Diffie-Hellman key exchange Prime p , g Z p g a g b a Z b Z ( g b ) a = ( g a ) b 3 September 2019 Security of

748 views • 62 slides
Outline CPSC 418/MATH 318 Introduction to Cryptography Public Key Cryptography, RSA Public-Key

Outline CPSC 418/MATH 318 Introduction to Cryptography Public Key Cryptography, RSA Public-Key

Outline CPSC 418/MATH 318 Introduction to Cryptography Public Key Cryptography, RSA Public-Key Cryptography 1 Renate Scheidler The RSA Cryptosystem 2 Department of Mathematics & Statistics Department of Computer Science University of

372 views • 7 slides
Constructing cryptographic curves with complex multiplication Reinier Br oker

Constructing cryptographic curves with complex multiplication Reinier Br oker

Constructing cryptographic curves with complex multiplication Reinier Br oker Microsoft Research Fields Institute May 2009 Curves and crypto Curve cryptography comes in 2 flavours: standard : we want curves of prime order;

594 views • 36 slides
Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao Paulo da Silva , Ricardo Dahab, Julio L opez Institute of Computing University of Campinas Latin American Week on Coding and Information

558 views • 32 slides
Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar (MIT) Public Key Encryption (PKE) [Diffie-Hellman76, Rivest-Shamir-Adelman78, Goldwasser-Micali82] pk sk Public Key Encryption Public Key Encryption

296 views • 25 slides
Sato-Tate and notions of generality in cryptography David R. Kohel Institut de Math ematiques

Sato-Tate and notions of generality in cryptography David R. Kohel Institut de Math ematiques

Sato-Tate and notions of generality in cryptography David R. Kohel Institut de Math ematiques de Luminy Geocrypt 2011, Corsica, 20 June 2011 Families of curves in cryptography We consider C S a family of curves, such that each fiber over

334 views • 22 slides
Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 15 November, 2012 Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography Diffie-Hellman Key

207 views • 8 slides
Disclosures The speaker has no conflicts of interest to disclose Learning Objectives Upon

Disclosures The speaker has no conflicts of interest to disclose Learning Objectives Upon

APNA 30th Annual Conference Session 2026: October 20, 2016 The Newest Risk Factor for Pediatric Depression, Anxiety, and Suicidal Ideation: Cyberbullying Elizabeth Hutson PMHNP-BC Disclosures The speaker has no conflicts of interest to

82 views • 7 slides
Extending Scalability of Collective IO Through Nessie and Staging Parallel Data Storage Workshop

Extending Scalability of Collective IO Through Nessie and Staging Parallel Data Storage Workshop

Extending Scalability of Collective IO Through Nessie and Staging Parallel Data Storage Workshop November 13, 2011 Jay Lofstead (SNL) Ron Oldfield (SNL) Todd Kordenbrock (HP) Charles Reiss (UCB) Sandia National Laboratories is a

649 views • 15 slides
Epidemics on random graphs with a given degree sequence Malwina Luczak 1 2 School of Mathematical

Epidemics on random graphs with a given degree sequence Malwina Luczak 1 2 School of Mathematical

Introduction The model Results Results about near-criticality Epidemics on random graphs with a given degree sequence Malwina Luczak 1 2 School of Mathematical Sciences Queen Mary, University of London e-mail: m.luczak@qmul.ac.uk 14 April

795 views • 40 slides
Architecting HBM as a High Bandwidth, High Capacity, Self-Managed Last-Level Cache Tyler

Architecting HBM as a High Bandwidth, High Capacity, Self-Managed Last-Level Cache Tyler

Architecting HBM as a High Bandwidth, High Capacity, Self-Managed Last-Level Cache Tyler Stocksdale Advisor: Frank Mueller Mentor: Mu-Tien Chang Manager: Hongzhong Zheng 11/13/2017 Background Commodity DRAM is hitting the memory/bandwidth

957 views • 63 slides
Growi rowing ng resea research whi rch which com ch comput putes es Nick Jones Director

Growi rowing ng resea research whi rch which com ch comput putes es Nick Jones Director

Growi rowing ng resea research whi rch which com ch comput putes es Nick Jones Director New Zealand eScience Infrastructure New Zealand eScience Infrastructure eScience in a national context New Zealand eScience Infrastructure New

247 views • 20 slides
Improvements to the Co-simulation Interface for Geographically Distributed Real-time Simulation

Improvements to the Co-simulation Interface for Geographically Distributed Real-time Simulation

Improvements to the Co-simulation Interface for Geographically Distributed Real-time Simulation 45th Annual Conference of the IEEE Industrial Electronics Society (IECON) 15th 17th October 2019, Lisbon Paper: LD-029874 1 Improvements to the

317 views • 20 slides
Transit Database June 2018 Transit Asset Management First compliant plans Oct 1, 2018

Transit Database June 2018 Transit Asset Management First compliant plans Oct 1, 2018

Updates on Asset Management and the National Transit Database June 2018 Transit Asset Management First compliant plans Oct 1, 2018 Group Plan Sponsor Workbook Plan development eligible activity (5307, 5310, 5311, and 5337)

264 views • 10 slides
Cost Allocation 101 Webinar June 6, 2018, 2:00-3:30 PM ET U.S. Department of Transportation

Cost Allocation 101 Webinar June 6, 2018, 2:00-3:30 PM ET U.S. Department of Transportation

Cost Allocation 101 Webinar June 6, 2018, 2:00-3:30 PM ET U.S. Department of Transportation Federal Transit Administration Presenters Todd Hansen Assistant Research Scientist, Transit Mobility Program, Texas A&M Transportation Institute

611 views • 60 slides

More recommend