D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK

Slides:

Advertisements

Similar presentations

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Advertisements

Mathematics of Cryptography Part II: Algebraic Structures

Cryptography and Network Security

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.

Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.

Advanced Information Security 4 Field Arithmetic

Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.

Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.

Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.

Electronic Payment Systems Lecture 5: ePayment Security II

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©

Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.

ASYMMETRIC CIPHERS.

-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.

M. Khalily Dermany Islamic Azad University.  finite number of element  important in number theory, algebraic geometry, Galois theory, cryptography,

Elliptic Curve Cryptography

1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz

Lecture 10: Elliptic Curve Cryptography Wayne Patterson SYCS 653 Fall 2009.

Information Security and Management 4. Finite Fields 8

Copyright, Yogesh Malhotra, PhD, 2013www.yogeshmalhotra.com SPECIAL PURPOSE FACTORING ALGORITHMS Special Purpose Factoring Algorithms For special class.

CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.

Selecting Class Polynomials for the Generation of Elliptic Curves Elisavet Konstantinou joint work with Aristides Kontogeorgis Department of Information.

Strength of Cryptographic Systems Dr. C F Chong, Dr. K P Chow Department of Computer Science and Information Systems The University of Hong Kong.

Elliptical Curve Cryptography Manish Kumar Roll No - 43 CS-A, S-7 SOE, CUSAT.

Understanding Cryptography by Christof Paar and Jan Pelzl These slides were prepared by Tim Güneysu, Christof Paar and Jan Pelzl.

Elliptic Curve Cryptography

Faster Implementation of Modular Exponentiation in JavaScript

Cryptography and Network Security Chapter 4. Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic.

Cryptographic coprocessor

Lecture 9 Elliptic Curves. In 1984, Hendrik Lenstra described an ingenious algorithm for factoring integers that relies on properties of elliptic curves.

11 RSA Variants.  Scheme ◦ Select s.t. p and q = 3 mod 4 ◦ n=pq, public key =n, private key =p,q ◦ y= e k (x)=x (x+b) mod n ◦ x=d k (y)=  y mod n.

Multipartite Entanglement and its Role in Quantum Algorithms Special Seminar: Ph.D. Lecture by Yishai Shimoni.

Lecture 11: Elliptic Curve Cryptography Wayne Patterson SYCS 653 Fall 2008.

15-499Page :Algorithms and Applications Cryptography II – Number theory (groups and fields)

1 Network Security Dr. Syed Ismail Shah

Implementation of Public Key Encryption Algorithms

1 Cryptanalysis Lab Elliptic Curves. Cryptanalysis Lab Elliptic Curves 2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p) [3] Properties.

Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.

Motivation Basis of modern cryptosystems

Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.

Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public.

Giuseppe Bianchi Lecture 8: Elliptic Curve Crypto A (minimal) introduction.

Elliptic Curve Public Key Cryptography Why ? ● ECC offers greater security for a given key size. ● The smaller key size also makes possible much more compact.

CS480 Cryptography and Information Security

Elliptic Curve Public Key Cryptography

Chapter 9 – Elliptic Curve Cryptography ver. November 3rd, 2009

Network Security Design Fundamentals Lecture-13

On the Size of Pairing-based Non-interactive Arguments

PUBLIC-KEY ENCRYPTION Focusing on RSA

RSA and El Gamal Cryptosystems

Quick reviews / corrections

A low cost quantum factoring algorithm

Elliptic Curves.

Cryptographic protocols 2014, Lecture 2 assumptions and reductions

Elliptic Curve Cryptography over GF(2m) on a Reconfigurable Computer:

Elliptic Curve Cryptography (ECC)

Elliptic Curve Cryptography (ECC)

The Application of Elliptic Curves Cryptography in Embedded Systems

Lattices. Svp & cvp. lll algorithm. application in cryptography

Practical Aspects of Modern Cryptography

Introduction to Elliptic Curve Cryptography

Cryptology Design Fundamentals

Network Security Design Fundamentals Lecture-13

Mathematical Background: Extension Finite Fields

Presentation transcript:

D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK On the Design and Optimization of a Quantum Polynomial-Time Attack on Elliptic Curve Cryptography D. Cheung – IQC/UWaterloo, Canada D. Maslov (spkr) – IQC/UWaterloo, Canada J. Mathew – UBristol, UK D. K. Pradhan – UBristol, UK

Outline What is and why Elliptic Curve Cryptography (ECC)? Quantum algorithm for additive logarithm over elliptic curves Analysis and conclusion page 1/16

What is ECC? ECC is an approach to public key cryptography based on the algebraic structure of elliptic curves over finite fields. Its security is based on the possibility of efficient additive exponentiation and absence of efficient (classical) algorithms for additive logarithm. ECC is typically considered over one of two fields: GF(2m) or Fp, where p is prime. page 2/16

What is ECC? Elliptic curves Elliptic curve is a set of points satisfying equation where It is possible to define a cyclic Abelian group structure over the points on an elliptic curve, but for that we need to define a special addition such that page 3/16

What is ECC? Define addition operation over the points on an elliptic curve as follows when where when then page 4/16

What is ECC? For is defined as Finally, point O at infinity is defined as to conform the additive identity properties. According to Hasse’s theorem there are enough points on an elliptic curve for cryptographic purposes: page 5/16

What is ECC? Geometric intuition page 6/16

Why ECC? RSA can be broken with an integer factorization algorithm that scales as To break ECC, the best known classical algorithm requires search. page 7/16

Why ECC? Security (bits) RSA key size ECC key size 80 1024 160 112 2048 224 128 3072 256 192 7680 384 15360 512 HW: Mode RSA-3072 ECC-283 Space-optimized 184ms, 50K gates 29ms, 6660 gates Time-optimized 110ms, 189K gates 1.3ms, 80K gates page 8/16

Quantum Algorithm Quantum algorithm consists of two distinct stages: modular (additive) exponentiation and quantum Fourier transform. Modular exponentiation is done by the square (double)-and-(add)multiply algorithm. We optimize the circuit implementation for multiplication over GF(2m). The best previously known such circuit has depth O(m2), unrestricted architecture. page 9/16

Quantum Algorithm The problem is to multiply and Define Then, where Q depends on the choice of the primitive polynomial. page 10/16

Quantum Algorithm Example Multiplication over GF(24) with page 11/16

Quantum Algorithm page 12/16

Projective representation Quantum Algorithm Projective representation To avoid division, we store a point (x,y) on an elliptic curve as (X,Y,Z): (x,y)=(X/Z,Y/Z). In such representation, division can be thought of as multiplication of Z coordinate by the appropriate quantity. The total depth of our DL algorithm over points on an elliptic curve is O(m2). page 13/16

Analysis Quantum attack RSA ECC depth, but depth (best previously “requires small controlled rotations that may prove expensive” (best previously known is ) Otherwise, depth gates, ancillae. page 14/16

Analysis Classical security RSA ECC Slower data processing larger circuit Faster data processing Smaller circuit page 15/16

Conclusion Quantum algorithm for ECC breaking is a stronger practical argument for quantum computing. The possible reason for the efficiency of the quantum attack on ECC is no necessity to carry over the digits during the addition and multiplication of GF field elements. page 16/16

Thank you for your attention! END Thank you for your attention!