Introduction to Elliptic Curves CSCI 5857: Encoding and Encryption

Outline Encryption as points on elliptic curves in space – “Adding” points on an elliptic curve Elliptic curves and modular arithmetic – Finding points on a modular elliptic curve Mathematical operations on modular elliptic curves – Addition – Multiplication

Elliptic Curve Definition General mathematical form (Weierstraus equation) : y 2 = x 3 + ax + b For some a, b (curve parameters)

Elliptic Curve Encryption Encryption: Transforming points on curve (P, K PU ) into another point (C) on same curve as C = P + K PU Need a definition of “+” so that “sum” of two points on a curve is also on the same curve R = P + Q where P = (x P, y P ) Q = (x Q, y Q ) R = (x R, y R )

Elliptic Curve Addition Case 1 Case 1: R based on line formed by P, Q (x P ≠ x Q, y P ≠ y Q ) Equations:  = (y Q – y P ) / (x Q – x P ) x R =  2 – x P – x Q y R =  (x P – x R ) – y P

Elliptic Curve Addition Case 2 Case 2: P = Q, R based on tangent to curve (x P = x Q, y P = y Q ) Equations: x R = ((3x P 2 + a) / 2y P ) 2 - 2x P y R = ((3x P 2 + a) / 2y P ) 2 (x P – x R ) – y P

Elliptic Curve Addition Case 3 Case 3: P = -Q, line does not intercept curve (x P = x Q, y P ≠ y Q ) R = “0” (additive identity) – Point at infinity – 0 = -0

Elliptic Curves over Z p Encryption requires modular arithmetic – Must be difficult to recover original points from sum (original plaintext P from K PU and C) – Modular arithmetic prevents “working backward” Define “curve” as E p (a, b) where p is the modulus, a, b are the coefficients of y 2 = x 3 + ax + b Looking for (x, y) such that y 2 = (x 3 + ax + b) mod p – Note: “points” on curve are integers

Finding Points on a Z p Curve Points on elliptic curve y 2 = x 3 + x + 1 for GF(13): – Must find integer values for x, y < 13 such that (y 2 ) mod 13 = (x 3 + x + 1) mod 13 x = 0: y 2 mod 13 = 1 mod 13 y =  1 y = 1, 12 (-1 mod 13 = 12) x = 1: y 2 mod 13 = 3 mod 13 y =  4 (16 mod 13 = 3) y = 4, 9

Finding Points on a Z p Curve (cont.) Note: Not all values of x have a corresponding y x = 2: y 2 mod 13 = 11 mod 13 No solution for y (Can test all y < 13) x = 3: y 2 mod 13 = 31 mod 13 = 5 No solution for y (Can test all y < 13) x = 4: y 2 mod 13 = = 69 mod 13 = 4 y =  2 y = 2, 11

Resulting Points on a Z p Curve Points on elliptic curve y 2 = x 3 + x + 1 over GF(13): (12, 5)(12, 8)

Elliptic Curve Addition Computing (x R, y R ) = (x P, y P ) + (x Q, y Q ) – Necessary to turn 2 points corresponding to key, plaintext into point corresponding to ciphertext Use same equations for “+” as curves in space Main ideas: – Addition/subtraction/multiplication in mod p – Division = multiplication by inverse mod p

Example: (4, 2) + (10, 6) on E 13 (1, 1) step 1: compute  = (y Q – y P ) / (x Q – x P )  = (6 – 2) x (10 – 4) -1 mod 13 = 4 x 6 -1 mod mod 13 = 11 = 4 x 11 mod 13 = 5 step 2: compute x R =  2 – x P – x Q x R = 25 – 4 – 10 mod 13 = 11 step 3: compute y R =  (x P – x R ) – y P y R = 5 x (4 – 11) – 2 mod 13 = -37 mod 13 = 2 (4, 2) + (10, 6) = (11, 2) note: also on curve!

Multiplication on an Elliptic Curve Multiplication = addition multiple times – Necessary for some forms of elliptic curve cryptography – Must use formula where P = Q for first addition Example: 3 x (1, 4) on E 13 (1, 1) 3 x (1, 4) = ((1, 4) + (1, 4)) + (1, 4) = (8, 1) + (1, 4) = (1, 9)

What’s Next Let me know if you have any questions Continue on to the next lecture on Elliptic Curve Cryptography