Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02

Published byJudah Callow Modified over 9 years ago

Similar presentations

Presentation on theme: "Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02"— Presentation transcript:

1 Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02 mcgrew@cisco.com kmigoe@nsa.gov

2 Elliptic Curve Cryptography Alternative to integer-based Key Exchange and Signature algorithms Smaller keys and signatures More efficient at higher security levels

3 Diffie Hellman AliceBob x = random g x mod p g y mod p y = random (g x ) y mod p(g y ) x mod p= g is number < p

4 EC Diffie Hellman AliceBob x = random gxgx gygy y = random (gx)y(gx)y (gy)x(gy)x = g is element of EC group G

5 Cryptographic Groups Prime Group Element is number x < p Prime modulus p Generator g < p Order n EC Group Element is (x, y) with x, y < p with y 2 = x 3 + ax + b mod p Prime modulus p Parameters a, b < p Generator (g x, g y ) Order n ECC Parameter Set

6 Public Key Sizes From RFC3766, Determining Strengths For Public Keys Used For Exchanging Symmetric Keys 30x

7 ECC Efficient at High Security Security Computational Cost ECC Integer

8 fECC draft-mcgrew-fundamental-ecc – Informational – First published 7/09 – Comments received and incorporated in -02 Closely based on pre-1994 references – Security: survived > 16 years of review – IPR: simplifies analysis

9 Timeline 19851986198719881989199019911992199319941995…… ECC invented ECDH [M1985] EC ElGamal [K1987] ECC Implementation [BC1989] Homogeneous Coordinates [KMOV1991] EC ElGamal Signatures [A1992] Meta ElGamal Signatures [HMP1994] Abbreviated EC ElGamal Signatures [KT1994]

10 Layers Crypto Algorithms Elliptic Curve Arithmetic Modular Arithmetic Key Exchange, Signatures Coordinates, Representation +, -, *, / fECC Scope

11 fECC Diffie-Hellman Miller 1985 Compatible with IKE (RFC 4753) Compatible with ECDH (IEEE 1363, ANSI X9.62) – Curves over GF(p) with cofactor=1 – ECSVDP-DH primitive – Key Derivation Function is identity function

12 fECC Signatures Koyama and Tsuruoka, 1994 Horster, Michels, and Petersen, 1994 KT-IV Signatures – Compatible with ECDSA (IEEE 1363, ANSI X9.62) KT-I Signatures – Not interoperable with standard

13 ECC Parameter Sets Compatible – Suite B USG Cryptographic Interoperability Strategy Uses NIST P256, P384, P521 – Other NIST curves over GF(p) – RFC 5639 Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation – WAPI ISO/IEC JTC 1/SC 6 Proposal Not compatible – DJB’s Curve25519 protocol

14 Not in Scope EC Group Parameter Generation Identity-based crypto Edwards’ coordinates GF(2 m ) curves Mod p arithmetic optimizations Certificate details Exotic groups (hyperelliptic, braids, …) …

15 Possible Future Drafts Optimizations – Modular arithmetic Efficient primes – Elliptic Curve arithmetic Priority: preserve interoperability and compatibility with standards

16 Conclusions Draft ready for RFC ECC deserves serious consideration – fECC is secure and performs well Recommendation: IETF work using ECC should explicitly allow fECC –… implementations MAY use [fECC] …

17 Questions?

18 (x3,y3) = (x1,y1) × (x2,y2) x3 = ((y2-y1)/(x2-x1)) 2 - x1 – x2 y3 = (x1-x3)(y2-y1)/(x2-x1) – y1

19 A Group ×123456 1123456 2246135 3362514 4415263 5531642 6654321 5, 5 2 =4, 5 3 =6, 5 4 =2, 5 5 =3, 5 6 =1 Multiplication modulo 7

Download ppt "Fundamental Elliptic Curve Cryptography Algorithms draft-mcgrew-fundamental-ecc-02"

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
PAR for P1363.3 Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P1363.3.

PAR for P Title: Standard for Pairing based Cryptographic Techniques June 4, 2005 PAR for IEEE P
Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Key Establishment Schemes Workshop Document October 2001.

Key Establishment Schemes Workshop Document October 2001.
SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.

SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.
A One Round Protocol for Tripartite Diffie Hellman By Dane Vanden Berg.

A One Round Protocol for Tripartite Diffie Hellman By Dane Vanden Berg.
Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.

Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.

Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.
Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.

Elliptic Curve Cryptography Shane Almeida Saqib Awan Dan Palacio.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from Foundations of Security: What Every Programmer Needs To Know by Neil Daswani, Christoph Kern,

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
DSA (Digital Signature Algorithm) Tahani Aljehani.

DSA (Digital Signature Algorithm) Tahani Aljehani.
By Abhijith Chandrashekar and Dushyant Maheshwary.

By Abhijith Chandrashekar and Dushyant Maheshwary.
A. Steffen, 14.09.2013 1-CryptoStrength.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

A. Steffen, CryptoStrength.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Similar presentations

Ads by Google