ECC Curve Selection By Edward Yin CS 265 Project Spring 2005.

Slides:



Advertisements
Similar presentations
Lecture 8: Lattices and Elliptic Curves
Advertisements

The XTR public key system (extended version of Crypto 2000 presentation) Arjen K. Lenstra Citibank, New York Technical University Eindhoven Eric R. Verheul.
Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Mid-term Review Network Security. Gene Itkis: CS558 Network Security2 Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted.
Mid-term Review Network Security. Secure channel SSL SSL (and many others: incl. IPSEC) Shared key establishing Trusted party (Kerberos, etc. - to be.
Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.
CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Elliptic Curve Cryptography Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown Ref: RSA Security ’ s Official Guide to Cryptography.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Electronic Payment Systems Lecture 5: ePayment Security II
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.
CPE5021 Advanced Network Security --- Advanced Cryptography: Elliptic Curve Cryptography --- Lecture 3 CPE5021 Advanced Network Security --- Advanced Cryptography:
ECE578: Cryptography 6: Primes, Galois Fields, ECC, and the Discrete Logarithm Problem Professor Richard A. Stanley, P.E. Spring 2010 © , Richard.
Digital Signatures Presented by Olga Shishenina. 2 Outline  Cryptographic goals  Message Authentication Codes (MACs)  Digital signatures RSA digital.
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.
-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.
By Abhijith Chandrashekar and Dushyant Maheshwary.
Elliptic Curve Cryptography
Lecture 10: Elliptic Curve Cryptography Wayne Patterson SYCS 653 Fall 2009.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Application of Elliptic Curves to Cryptography
Research on the Discrete Logarithm Problem Wang Ping Meng Xuemei
CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.
Thursday, October 15, 2015 Securing the Wireless World.
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.
Advanced Information Security 1 INTRODUCTION TO ECC Dr. Turki F. Al-Somani
Chapter 21 Public-Key Cryptography and Message Authentication.
Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell.
Scott CH Huang COM5336 Cryptography Lecture 10 Elliptic Curve Cryptography Scott CH Huang COM 5336 Cryptography Lecture 10.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Basic Elliptic Curve Cryptography 1Lt Peter Hefley 90 OSS Instructor Fall ‘06.
General Attacks on Elliptic Curve Based Cryptosystems Merabi Chicvashvili Ron Ryvchin Project Advisor: Barukh Ziv Spring 2014.
Some Perspectives on Smart Card Cryptography
Research on the Discrete Logarithm Problem Wang Ping Meng Xuemei
Understanding Cryptography by Christof Paar and Jan Pelzl These slides were prepared by Christof Paar and Jan Pelzl Chapter 8 –
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Cryptography and Network Security Chapter 10
Cryptography and Network Security Key Management and Other Public Key Cryptosystems.
Elliptic curve cryptography ECC is an asymmetric cryptosystem based on the elliptic curve discrete log problem. The ECDLP arises in Abelian groups defined.
Cryptography and Network Security
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
11 RSA Variants.  Scheme ◦ Select s.t. p and q = 3 mod 4 ◦ n=pq, public key =n, private key =p,q ◦ y= e k (x)=x (x+b) mod n ◦ x=d k (y)=  y mod n.
DIGITAL SIGNATURE ALGORITHM. The National Institute of Standards and Technology (NIST) has published Federal Information Processing Standard FIPS 186,
Lecture 11: Elliptic Curve Cryptography Wayne Patterson SYCS 653 Fall 2008.
1 Network Security Dr. Syed Ismail Shah
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
1 Cryptanalysis Lab Elliptic Curves. Cryptanalysis Lab Elliptic Curves 2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p) [3] Properties.
RSA Data Security, Inc. PKCS #13: Elliptic Curve Cryptography Standard Burt Kaliski RSA Laboratories PKCS Workshop October 7, 1998.
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Motivation Basis of modern cryptosystems
Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key.
Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.
Information Security Lab. Dept. of Computer Engineering 251/ 278 PART II Asymmetric Ciphers Key Management; Other CHAPTER 10 Key Management; Other Public.
Elliptic Curve Public Key Cryptography Why ? ● ECC offers greater security for a given key size. ● The smaller key size also makes possible much more compact.
Number-Theoretic Algorithms
Network Security Design Fundamentals Lecture-13
Diffie-Hellman Key Exchange
El Gamal and Diffie Hellman
CSCE 715: Network Systems Security
Cryptology Design Fundamentals
Network Security Design Fundamentals Lecture-13
Presentation transcript:

ECC Curve Selection By Edward Yin CS 265 Project Spring 2005

Why ECC? Key Size, Speed, and Scalability NIST guidelines for equivalent strengths: Bits of Security Symmetric key algs. Hash algs. Discrete Logs (DSA, DH, MQV) RSA Elliptic Curves 80SHA-1L = 1024 N = 160k = 1024f = TDESL = 2048 N = 224k = 2048f = AES-128SHA-256L = 3072 N = 256k = 3072f = AES-192SHA-384L = 7680 N = 384k = 7680f = AES-256SHA-512L = N = 512k = 15360f = 512

ECC Basics Prime: GF(p) Y 2 = X 3 + aX + b with 4a b 2 ≠ 0 Binary: GF(2 m ) Y 2 + XY = X 3 + aX 2 + b with b ≠ 0 An “elliptic curve” means points on the curve plus the point at infinity. Private: integer k Public: a, b, point P, point Q=kP

Discrete Logs Discrete Log Problem (DLP) –Given p, g, and y, find x such that g x = y (mod p). ECDLP –Given P, Q, find k such that kP = Q. Diffie-Hellman Problem (DHP) –Given p, g, g a, g b, find g ab (mod p). ECDHP –Given P, sP, tP, find stP.

DLP and ECDLP Regular DL (e.g. Diffie-Hellman) ECC with prime field ECC with binary field FieldGF(p) GF(2 m ) Field representation0,1,…,p-1 Polynomial basis or normal basis Field order (size)pp2m2m Group elementsGF(p)* E(GF(p)) = curve E over GF(p) E(GF(2 m )) = curve E over GF(2 m ) Basic operation Multiplication in GF(p) Addition of points on E Base elementGenerator gBase point P Main operationExponentiationScalar multiplication Group order (size)p-1 p+1-2p 1/2 ≤ #E(GF(p)) ≤ p+1+2p 1/2 2 m +1-2 m/2+1 ≤ #E(GF(2 m )) ≤ 2 m +1+2 m/2+1

Known Attacks Best general attack is the Pollard rho method, taking O(n 1/2 ) curve additions, where n is the order of the base point P (smallest positive integer such that nP = 0). Shortcuts: 1.The Pohlig-Hellman algorithm reduces the size of the problem.  ECDLP reduced to ECDLP modulo each prime factor of n 2.ECDLP for anomalous curves in a prime field is solvable in polynomial time.  Prime-field-anomalous if group order = field order = n 3.ECDLP for some curves (e.g. supersingular curves) is solvable in subexponential time  MOV reduction possible if (field order) k = 1 (mod n) for some k

Avoiding Weak Curves 1.#E(GF(q)) = hn with large prime n, small h and nP=0. 2.#E(GF(q)) ≠ q. 3.The order n of point P should not divide q k -1 for all 1 ≤ k ≤ C, C≥20 in practice.

Approaches to Curve Selection Choose the group order first –Use the Complex Multiplication method (CM) Construct curve from another known curve Choose a random curve –Count points with Schoof’s algorithm or the Schoof- Elkies-Atkin (SEA) algorithm Use a published curve Algorithms: see e.g. IEEE P1363 Annex A. Implementation: see e.g. MIRACL at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.