Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal

Contents Introduction Addition Law Elliptic Curves Mod n Encryption Example Decryption Example General Diffie-Hellman Key Exchange Scheme Diffie Hellman Method with Elliptic Curves Conclusions

Introduction What is Elliptic Curve Cryptography (ECC)?  ECC is an encryption technique based on elliptic curve theory that can be used as faster, smaller, and more efficient cryptosystems Who introduced it and when?  Miller and Koblitz in mid 1980s and Lenstra showed how to use elliptic curves to factor integers What is the basic principle?  Obtain same level of security as conventional cryptosystems but with much smaller key sizes

General Form of Elliptic Curve An elliptic curve E: y 2 = x 3 + ax + b (a, b) belong to any of the appropriate sets namely rational numbers, complex numbers, integers etc. More general form: y 2 +a 1 xy+a 3 y = x 3 +a 2 x 2 +a 4 x+a 5

Addition Law Given two points P1 and P2 on E, we can find P3 as follows: Let P1 = (2, 9) and P2 = (3, 10) and E: y 2 = x Find the equation of the line passing through P1 and P2 Find a point Q such that it lies on the line through P1 and P2 and the curve E Q P3P3 P2P2 P1P1

Addition Law: Example Equation of the line: y = x + 7 For Q, substitute this eqn. in E. (x+7) 2 = x Roots of this cubic: P 1,P 2 and Q. Rule: For a cubic polynomial of the form x 3 +a 2 x 2 +a 1 x+a 0 the roots r 1,r 2 and r 3 are related by: r 1 +r 2 +r 3 =-a 2 Applying this to our cubic x 3 -x 2 -14x+24 = 0, we obtain 2+3+x Q =1  x Q = -4 y Q =x Q +7  y Q = 3  Q = (-4,3) P 3 is the mirror image of Q. Thus P 3 = (-4, -3)

Addition Law-Definition Define a law of addition on E by: P1 + P2 = P3 Addition Law: Let E: y 2 = x 3 + ax + b and let P 1 = (x 1, y 1 ) & P 2 = (x 2, y 2 ) Then P 1 + P 2 = P 3 = (x 3, y 3 ) where x 3 = m 2 - x 1 - x 2 y 3 = m (x 1 - x 3 ) - y 1 and m = (y 2 - y 1 ) / (x 2 – x 1 ) if P 1 ≠ P 2 m = (3x a) / (2y 1 ) if P 1 = P 2

Definition of P + P Draw a tangent line through P, the point of intersection with the curve is defined as –R, then P+P = 2P = R

Definition of P + (-P) P + (-P) = O

Multiplication k.P = P + P + P + …. + P (k times) where k is an integer

Elliptic Curves Mod n Let E: y 2 ≡ x 3 + 2x + 3 (mod 5) The points on E are pairs (x, y) mod 5 that satisfy the equation The possible values are x ≡ 0  y 2 ≡ 3 (mod 5)  no solutions x ≡ 1  y 2 ≡ 6 (mod 5)  y ≡ 1, 4 x ≡ 2  y 2 ≡ 15 (mod 5)  y ≡ 0 x ≡ 3  y 2 ≡ 36 (mod 5)  y ≡ 1, 4 x ≡ 4  y 2 ≡ 75 (mod 5)  y ≡ 0 Therefore the points on E are (1,1), (1,4), (2,0), (3,1), (3,4), (4,0)

Encryption: Example Let E: y 2 ≡ x 3 + 2x + 3 (mod 5) P = (1, 4), K = (3, 1) The cipher text is obtained as follows: m = (1–4)/(3-1) = 1 (mod 5) x 3 = = -3 (mod 5) = 2 y 3 = 1(1-2)-4 = 0 (mod 5) Cipher Text = C = (2,0) P K Q C

Decryption: Example Let E: y 2 ≡ x 3 + 2x + 3 (mod 5) C = (2, 0); K = (3, 1) The decryption is same as encrypting with –K -K = (3,-1) (mod 5) = (3,4) m = 4/1 = 4 x3 = = 1 (mod 5) y3 = 4(2-1)-0 = 4 Hence, P = (1,4) P K Q C

An Example Usage of Elliptic Curves The crucial property of an elliptic curve is that we can define a rule for "adding" two points which are on the curve, to obtain a third point which is also on the curve Cryptography can be done as follows:  Alice, Bob, Cathy and David… agree on a (non-secret) elliptic curve and a (non-secret) fixed curve point F. Alice chooses a secret random integer K A which is her secret key, and publishes the curve point P A = K A *F as her public key. Bob, Cathy and David do the same  Now suppose Alice wishes to send a message to Bob. One method is for Alice to simply compute K A *P B and use the result as the secret key for a conventional symmetric block cipher (say DES)  Bob can compute the same number by calculating K B * P A, since K B *P A = K B *(K A *F) = (K B *K A )*F = K A *(K B *F) = K A *P B  The security of the scheme is based on the assumption that it is difficult to compute k given F and k*F.

General Diffie-Hellman Key Exchange Alice and Bob chooses a large prime number p and a primitive root α (mod p). Both p and α can be made public. Alice chooses a secret random x and Bob chooses a secret random y. Alice sends α x (mod p) to Bob, and Bob sends α y (mod p) to Alice. Alice calculates key as K = (α y ) x (mod p) and Bob calculates K = (α x ) y (mod p) AliceBob (α, p) x y α x (mod p) α y (mod p) (α y ) x (mod p) (α x ) y (mod p)

DH Key Exchange with Elliptic Curves Diffie-Hellman key exchange- another example  Given elliptic curve E and a point P (public)  Alice selects an a, computes A=aP, send A to Bob  Bob selects a b, computes B=bP, sends B to Alice  Then Alice can compute the key K=aB=abP, similarly, Bob computes the key K=bA=abP AliceBob (E, P) a, A b, B A = aP B = bP abP

Using The Shared Keys The key that we obtained using Diffie-Hellman with elliptic curves can be used either directly in another elliptic curve cryptosystem, or in a conventional cryptosystem such as DES, RSA etc. However, for the latter, we need to convert the point in the elliptic curve system to a number. This can be done, but it is beyond the scope of this presentation

Conclusions Elliptic Curves are just another way to map the data into another form. The power of the scheme comes from the fact that it is very hard to do the un- mapping without knowledge of the key Elliptic Curve Cryptosystems provide same level of security as other conventional cryptosystems; but with a much smaller key size Smaller the key size, lesser the hardware required