APPLICATION OF ELLIPTIC APPLICATION OF ELLIPTIC CURVES TO CRYPTOGRAPHY CURVES TO CRYPTOGRAPHY Debdeep Mukhopadhyay Chester Rebeiro Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 23-27 May 2011 1 Anurag Labs, DRDO
23
Embed
APPLICATION OF ELLIPTIC CURVES TO CRYPTOGRAPHY Debdeep Mukhopadhyay Chester Rebeiro Department of Computer Science and Engineering Indian Institute of.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
APPLICATION OF ELLIPTIC APPLICATION OF ELLIPTIC
CURVES TO CURVES TO
CRYPTOGRAPHYCRYPTOGRAPHYDebdeep Mukhopadhyay
Chester Rebeiro
Department of Computer Science and Engineering
Indian Institute of Technology Kharagpur
INDIA -721302
23-27 May 2011 1Anurag Labs, DRDO
ObjectivesObjectives
Elliptic Curves and Cryptography
ECC Procedures – ElGamal type
Encoding of a message onto the EC
ECC D-H key exchange
Why use ECC?
Hard Problem underlying ECC.
23-27 May 2011 2Anurag Labs, DRDO
Public-Key CryptosystemsPublic-Key Cryptosystems
Secrecy: Only B can Decrypt the message
Authentication: Only A can generate the encrypted message 23-27 May 2011 3Anurag Labs, DRDO
Public-Key Cryptography RingPublic-Key Cryptography Ring
23-27 May 2011 4Anurag Labs, DRDO
Public-Key Cryptography RingPublic-Key Cryptography Ring
23-27 May 2011 5Anurag Labs, DRDO
What Is Elliptic Curve What Is Elliptic Curve Cryptography (ECC)?Cryptography (ECC)?
Elliptic curve cryptography [ECC] is a public-key cryptosystem just like RSA and El Gamal.
Every user has a public and a private key.◦ Public key is used for encryption/signature
verification.◦ Private key is used for decryption/signature
generation.Elliptic curves are used as an extension to
other current cryptosystems.◦ Elliptic Curve Diffie-Hellman Key Exchange◦ Elliptic Curve Digital Signature Algorithm
23-27 May 2011 6Anurag Labs, DRDO
Using Elliptic Curves In Using Elliptic Curves In CryptographyCryptography
The central part of any cryptosystem involving elliptic curves is the elliptic group.
All public-key cryptosystems have some underlying mathematical operation.◦ RSA has exponentiation (raising the message or
ciphertext to the public or private values)◦ ECC has point multiplication (repeated addition
of two points).
23-27 May 2011 7Anurag Labs, DRDO
Generic Procedures of Generic Procedures of ECCECC
Both parties agree to some publicly-known data items◦ The elliptic curve equation
values of a and b prime, p
◦ The elliptic group computed from the elliptic curve equation
◦ A base point, B, taken from the elliptic group Similar to the generator used in current
cryptosystems Each user generates their public/private key pair
◦ Private Key = an integer, x, selected from the interval [1, p-1]
◦ Public Key = product, Q, of private key and base point (Q = x*B)
23-27 May 2011 8Anurag Labs, DRDO
Example – Elliptic Curve Example – Elliptic Curve Cryptosystem Analog to El Cryptosystem Analog to El GamalGamal
Suppose Alice wants to send to Bob an encrypted message.◦ Both agree on a base point, B.◦ Alice and Bob create public/private keys.
Alice Private Key = a Public Key = PA = a * B
Bob Private Key = b Public Key = PB = b * B
◦ Alice takes plaintext message, M, and encodes it onto a point, PM, from the elliptic group
23-27 May 2011 9Anurag Labs, DRDO
Encoding of a message onto Encoding of a message onto the Elliptic Curvethe Elliptic Curve
Consider a curve: y2=x3+ax+bThe plaintexts are say numbers and
English Characters (0-9 and 10-35).◦ ‘B’ is encoded as m=11.
Choose a public variable, k=20.◦ compute, x=mk+i. Vary i from 1 to k-1 and
try to get an integral value of y.Thus, m is encoded as (x,y).The decoding is simple: m=floor((x-
1)/k).
23-27 May 2011 10Anurag Labs, DRDO
ExampleExample
p=751, a=-1, b=188 and k=20.Let m=11 Choose, x=mk+1. Thus, x=222. But
correspondingly, there is no solution for y.
So, we continue until x=mk+4. x=224. Thus, y=248 and hence m=11 is encoded as (224,248).
Decoding: m=floor((224-1)/20)=11
23-27 May 2011 11Anurag Labs, DRDO
Example – Elliptic Curve Example – Elliptic Curve Cryptosystem Analog to El Cryptosystem Analog to El GamalGamal
◦ Alice chooses another random integer, k from the interval [1, p-1]
◦ The ciphertext is a pair of points PC = [ (kB), (PM
+ kPB) ]
◦ To decrypt, Bob computes the product of the first point from PC and his private key, b b * (kB)
◦ Bob then takes this product and subtracts it from the second point from PC
curve discrete logarithm of with respect to . Pn n
Q P
23-27 May 2011 20Anurag Labs, DRDO
Points about ECDLPPoints about ECDLP
logP(Q) may not be defined: there may be points P and Q, such that Q is not a scalar multiple of P.
There is not one value, n st. Q=nP.◦ there exists s such that sP=O.◦ Since there are finite points on the EC, from the
points in list P, 2P, 3P, 4P, … there must be i and j st. iP=jP, i>j. Let s=(i-j) and the smallest such s is called order of P.
◦ Thus, if n0 is an integer such that Q=n0P, then for any integer i, n=n0+is, satisfies the equation Q=nP.
◦ We choose, the value of logP(Q) to be in Z/sZ.
23-27 May 2011 21Anurag Labs, DRDO
How hard is ECDLP?How hard is ECDLP?
Consider 2 lists, generated by choosing random integers j1,…,jr and k1,…,kr between 1 and p.◦ List L1: j1P, j2P, …, jrP◦ List L2: k1P+Q, k2P+Q, …, krP+Q◦ Any collision between the 2 lists imply, juP=kvP+Q,
thus Q=(ju-kv)P. ◦ From B. Paradox, with r=O(p1/2) there is a good
chance of a collision. ◦ The fastest algorithm to solve ECDLP is O(p1/2).◦ The ECDLP is harder than the DLP in Fp
*
The DLP problem has faster algorithms.
23-27 May 2011 22Anurag Labs, DRDO
ReferencesReferences
Books: ◦ Elliptic Curves: Number Theory and
Cryptography, by Lawrence C. Washington ◦ Guide to Elliptic Curve Cryptography, Alfred
J. Menezes ◦ Guide to Elliptic Curve Cryptography, Darrel
R. Hankerson, A. Menezes and A. Vanstone◦ http://cr.yp.to/ecdh.html ( Daniel Bernstein)