Presentation is loading. Please wait.

Presentation is loading. Please wait.

Elliptic Curves.

Published byEmmeline Robbins Modified over 6 years ago

Similar presentations

Presentation on theme: "Elliptic Curves."— Presentation transcript:

1 Elliptic Curves

2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p)
[3] Properties of Elliptic Curves [4] Point Compression and the ECIES [5] Computing Point Multiples on Elliptic Curves [6] GF(2m) [7] Elliptic Curves over GF(2m)

3 [1] Elliptic curves over R
Definition Let Example:

4 Group operation + The point of infinity, O, will be the identity element Given

5 Group operation + Given Compute
Addition Doubling

6 Example (addition): Given

7 Example (doubling): Given

8 [2] Elliptic Curves over GF(p)
Definition Let Example:

9 Example: Find all (x, y) and O:
Fix x and determine y O is an artificial point 12 (x, y) pairs plus O, and have #E=13

10 Example (continue): There are 13 points on the group E(Z11) and so any non-identity point (i.e. not the point at infinity, noted as O) is a generator of E(Z11). Choose generator Compute

11 Example (continue): Compute So, we can compute

12 Example (continue): Let’s modify ElGamal encryption by using the elliptic curve E(Z11). Suppose that and Bob’s private key is 7, so Thus the encryption operation is where and , and the decryption operation is

13 Example (continue): Suppose that Alice wishes to encrypt the plaintext x = (10,9) (which is a point on E). If she chooses the random value k = 3, then Hence Now, if Bob receives the ciphertext y, he decrypts it as follows:

14 [3] Properties of Elliptic Curves
Over a finite field Zp, the order of E(Zp) is denoted by #E(Zp). Hasse’s theorem Group structure of E(Zp) Let E be an elliptic curve defined over Zp, and p>3. Then there exists positive integers n1 and n2 such that Further,

15 [4] Point Compression and the ECIES
Point compression Since p is odd, given a value for x, one of the two possible values of y mod p is even and the other is odd. Define point compression as follow

16 Example: As in the previous example,
Point compression Point decompression So, POINTDECOMPRESS(7,1)=(7,9)

17 Elliptic Curve Integrated Encryption Scheme (ECIES) Cryptosystem 6.2
Let E be an elliptic curve defined over Zp, and p>3 such that E contains a cyclic subgroup H = <P> of prime order n. Let and define The values P,Q and n are the public key, and is the private key.

18 ECIES (continue) For K = (E, P, m, Q, n), for a (secret) random number , and for , define where For a ciphertext , where and , define where

19 Example: As in the previous example, suppose that and Bob’s private key is 7, so Suppose Alice wants to encrypt the plaintext x = 9, and she chooses the random value k = 6, Then so

20 Example (continue): Next, she calculates The ciphertext she sends to Bob is When Bob receives the ciphertext y, he computes Hence, the decryption yields the correct plaintext, 9.

21 [5] Computing Point Multiples on Elliptic Curves
Use Double-and-Add (similar to square-and-multiply) Algorithm: DOUBLE-AND-ADD

22 Example: Compute 3895P

23 Use Double-and-(Add or Subtract)
Elliptic curve has the property that additive inverses are very easy to compute. Signed binary representation Example: so are both signed binary representation of 11.

24 Non-adjacent form (NAF) A signed binary representation (cl-1, …, c0) of an integer c is said to be in non-adjacent form provided that no two consecutive ci’s are non-zero. The NAF representation of an integer is unique. A NAF representation contains more zeros than the traditional binary representation of a positive integer.

25 Transform a binary representation of a positive integer c into a NAF representation Example: Hence the NAF representation of (1,1,1,1,0,0,1,1,0,1,1,1) is (1,0,0,0,-1,0,1,0,0,-1,0,0,-1)

26 Double-and-(Add or Subtract) Algorithm 6
Double-and-(Add or Subtract) Algorithm 6.5: DOUBLE-AND-(ADD OR SUBTRACT)

27 Example: Compute 3895P

28 [6] GF(2m) GF(2m) in polynomial form Galois Field GF(2m) where Z2[x] is the set of polynomials with coefficient over Z2 and p(x) is an irreducible polynomial of degree m in Z2[x]. Example:

29 Example (continue): The elements of Z2[x]/(x4+x+1) :

30 GF(2m) in vector form Rewrite am-1xm-1+ am-2xm-2+…+ a0x0 in vector form (am-1 am-2 …a0)
Example: As previous example, g=x is a generator.

31 [7] Elliptic Curves over GF(2m)
Over GF(2m), elliptic curves can be written in the form Points on elliptic curve E/GF(2m)

32 Example: We can find that

33 Group operation + The point of infinity, O, will be the identity element Given
where

34 Check –P is on curve

35 Slope for P = Q

36 Calculate P+Q

37 Example:

38 Example (continue):

Download ppt "Elliptic Curves."

Similar presentations

Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.

Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.
BCH Codes Hsin-Lung Wu NTPU.

BCH Codes Hsin-Lung Wu NTPU.
Mathematics of Cryptography Part II: Algebraic Structures

Mathematics of Cryptography Part II: Algebraic Structures
1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.
Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r 175753411947 p q p q p q p and q prime.

Public Key Cryptosystems - RSA Receiver Sender Eavesdroppe r p q p q p q p and q prime.
7. Asymmetric encryption-

7. Asymmetric encryption-
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’

1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Codes, Ciphers, and Cryptography-RSA Encryption

Codes, Ciphers, and Cryptography-RSA Encryption
1 CIS 5371 Cryptography 8. Asymmetric encryption-.

1 CIS 5371 Cryptography 8. Asymmetric encryption-.
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, A Public-Key Cryptosystem and a Signature Scheme.

ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
10.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 10 Symmetric-Key Cryptography.

10.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 10 Symmetric-Key Cryptography.
FINITE FIELDS 7/30 陳柏誠.

FINITE FIELDS 7/30 陳柏誠.
CPSC 3730 Cryptography and Network Security

CPSC 3730 Cryptography and Network Security
Cryptography and Network Security Introduction to Finite Fields.

Cryptography and Network Security Introduction to Finite Fields.

Similar presentations

Ads by Google