Presentation is loading. Please wait.

Presentation is loading. Please wait.

D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK

Published byAndrew Hart Modified over 6 years ago

Similar presentations

Presentation on theme: "D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK"— Presentation transcript:

1 D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK
On the Design and Optimization of a Quantum Polynomial-Time Attack on Elliptic Curve Cryptography D. Cheung – IQC/UWaterloo, Canada D. Maslov (spkr) – IQC/UWaterloo, Canada J. Mathew – UBristol, UK D. K. Pradhan – UBristol, UK

2 Outline What is and why Elliptic Curve Cryptography (ECC)?
Quantum algorithm for additive logarithm over elliptic curves Analysis and conclusion page 1/16

3 What is ECC? ECC is an approach to public key cryptography based on the algebraic structure of elliptic curves over finite fields. Its security is based on the possibility of efficient additive exponentiation and absence of efficient (classical) algorithms for additive logarithm. ECC is typically considered over one of two fields: GF(2m) or Fp, where p is prime. page 2/16

4 What is ECC? Elliptic curves Elliptic curve is a set of points
satisfying equation where It is possible to define a cyclic Abelian group structure over the points on an elliptic curve, but for that we need to define a special addition such that page 3/16

5 What is ECC? Define addition operation over the points on an elliptic curve as follows when where when then page 4/16

6 What is ECC? For is defined as
Finally, point O at infinity is defined as to conform the additive identity properties. According to Hasse’s theorem there are enough points on an elliptic curve for cryptographic purposes: page 5/16

7 What is ECC? Geometric intuition page 6/16

8 Why ECC? RSA can be broken with an integer factorization
algorithm that scales as To break ECC, the best known classical algorithm requires search. page 7/16

9 Why ECC? Security (bits) RSA key size ECC key size 80 1024 160 112
2048 224 128 3072 256 192 7680 384 15360 512 HW: Mode RSA-3072 ECC-283 Space-optimized 184ms, 50K gates 29ms, 6660 gates Time-optimized 110ms, 189K gates 1.3ms, 80K gates page 8/16

10 Quantum Algorithm Quantum algorithm consists of two distinct stages: modular (additive) exponentiation and quantum Fourier transform. Modular exponentiation is done by the square (double)-and-(add)multiply algorithm. We optimize the circuit implementation for multiplication over GF(2m). The best previously known such circuit has depth O(m2), unrestricted architecture. page 9/16

11 Quantum Algorithm The problem is to multiply and Define Then,
where Q depends on the choice of the primitive polynomial. page 10/16

12 Quantum Algorithm Example Multiplication over GF(24) with page 11/16

13 Quantum Algorithm page 12/16

14 Projective representation
Quantum Algorithm Projective representation To avoid division, we store a point (x,y) on an elliptic curve as (X,Y,Z): (x,y)=(X/Z,Y/Z). In such representation, division can be thought of as multiplication of Z coordinate by the appropriate quantity. The total depth of our DL algorithm over points on an elliptic curve is O(m2). page 13/16

15 Analysis Quantum attack RSA ECC depth, but depth (best previously
“requires small controlled rotations that may prove expensive” (best previously known is ) Otherwise, depth gates, ancillae. page 14/16

16 Analysis Classical security RSA ECC
Slower data processing larger circuit Faster data processing Smaller circuit page 15/16

17 Conclusion Quantum algorithm for ECC breaking is a stronger practical argument for quantum computing. The possible reason for the efficiency of the quantum attack on ECC is no necessity to carry over the digits during the addition and multiplication of GF field elements. page 16/16

18 Thank you for your attention!
END Thank you for your attention!

Download ppt "D. Cheung – IQC/UWaterloo, Canada D. K. Pradhan – UBristol, UK"

Similar presentations

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?

Are standards compliant Elliptic Curve Cryptosystems feasible on RFID?
Mathematics of Cryptography Part II: Algebraic Structures

Mathematics of Cryptography Part II: Algebraic Structures
Cryptography and Network Security

Cryptography and Network Security
1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.
Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.

Umesh V. Vazirani U. C. Berkeley Quantum Algorithms: a survey.
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.

Efficient generation of cryptographically strong elliptic curves Shahar Papini Michael Krel Instructor : Barukh Ziv 1.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.

1 Efficient Algorithms for Elliptic Curve Cryptosystems Original article by Jorge Guajardo and Christof Paar Of WPI ECE Department Presentation by Curtis.
Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.

Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.
Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.

Factoring 1 Factoring Factoring 2 Factoring  Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and.
Electronic Payment Systems Lecture 5: ePayment Security II

Electronic Payment Systems Lecture 5: ePayment Security II
Anuj Dawar.

Anuj Dawar.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2007 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.

Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.

-Anusha Uppaluri.  ECC- A set of algorithms for key generation, encryption and decryption (public key encryption technique)  ECC was introduced by Victor.
M. Khalily Dermany Islamic Azad University.  finite number of element  important in number theory, algebraic geometry, Galois theory, cryptography,

M. Khalily Dermany Islamic Azad University.  finite number of element  important in number theory, algebraic geometry, Galois theory, cryptography,
Elliptic Curve Cryptography

Elliptic Curve Cryptography
1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz

1 Network Security Lecture 6 Public Key Algorithms Waleed Ejaz

Similar presentations

Ads by Google