Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Cryptanalysis Lab Elliptic Curves. Cryptanalysis Lab Elliptic Curves 2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p) [3] Properties.

Published byGriselda Austin Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Cryptanalysis Lab Elliptic Curves. Cryptanalysis Lab Elliptic Curves 2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p) [3] Properties."— Presentation transcript:

1 1 Cryptanalysis Lab Elliptic Curves

2 Cryptanalysis Lab Elliptic Curves 2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p) [3] Properties of Elliptic Curves [4] Computing Point Multiples on Elliptic Curves [5] ECDLP [6] ECDSA

3 Cryptanalysis Lab Elliptic Curves 3 [1] Elliptic curves over R Definition Let Example:

4 Cryptanalysis Lab Elliptic Curves 4 Group operation + The point of infinity, O, will be the identity element Given

5 Cryptanalysis Lab Elliptic Curves 5 Group operation + Given Compute  Addition  Doubling

6 Cryptanalysis Lab Elliptic Curves 6 Example (addition): Given 

7 Cryptanalysis Lab Elliptic Curves 7 Example (doubling): Given 

8 Cryptanalysis Lab Elliptic Curves 8 [2] Elliptic Curves over GF(p) Definition Let Example:

9 Cryptanalysis Lab Elliptic Curves 9 Example: Find all (x, y) and O:  Fix x and determine y  O is an artificial point 12 (x, y) pairs plus O, and have #E=13

10 Cryptanalysis Lab Elliptic Curves 10 Example (continue): There are 13 points on the group E(Z 11 ) and so any non- identity point (i.e. not the point at infinity, noted as O) is a generator of E(Z 11 ). Choose generator Compute

11 Cryptanalysis Lab Elliptic Curves 11 Example (continue): Compute So, we can compute

12 Cryptanalysis Lab Elliptic Curves 12 Example (continue): Let’s modify ElGamal encryption by using the elliptic curve E(Z 11 ). Suppose that and Bob’s private key is 7, so Thus the encryption operation is where and, and the decryption operation is

13 Cryptanalysis Lab Elliptic Curves 13 Example (continue): Suppose that Alice wishes to encrypt the plaintext x = (10,9) (which is a point on E). If she chooses the random value k = 3, then Hence. Now, if Bob receives the ciphertext y, he decrypts it as follows:

14 Cryptanalysis Lab Elliptic Curves 14 [3] Properties of Elliptic Curves Over a finite field Z p, the order of E(Z p ) is denoted by #E(Z p ). Hasse’s theorem Group structure of E(Z p ) Let E be an elliptic curve defined over Z p, and p>3. Then there exists positive integers n 1 and n 2 such that Further,

15 Cryptanalysis Lab Elliptic Curves 15 [4] Computing Point Multiples on Elliptic Curves Use Double-and-Add (similar to square-and-multiply) Algorithm: DOUBLE-AND-ADD

16 Cryptanalysis Lab Elliptic Curves 16 Example: Compute 3895P

17 Cryptanalysis Lab Elliptic Curves 17 Use Double-and-(Add or Subtract)  Elliptic curve has the property that additive inverses are very easy to compute.  Signed binary representation Example: so are both signed binary representation of 11.

18 Cryptanalysis Lab Elliptic Curves 18 Non-adjacent form (NAF) A signed binary representation (c l-1, …, c 0 ) of an integer c is said to be in non-adjacent form provided that no two consecutive ci’s are non-zero.  The NAF representation of an integer is unique.  A NAF representation contains more zeros than the traditional binary representation of a positive integer.

19 Cryptanalysis Lab Elliptic Curves 19 Transform a binary representation of a positive integer c into a NAF representation Example: Hence the NAF representation of (1,1,1,1,0,0,1,1,0,1,1,1) is (1,0,0,0,-1,0,1,0,0,-1,0,0,-1)

20 Cryptanalysis Lab Elliptic Curves 20 Double-and-(Add or Subtract) Algorithm 6.5: DOUBLE-AND-(ADD OR SUBTRACT)

21 Cryptanalysis Lab Elliptic Curves 21 Example: Compute 3895P

22 Cryptanalysis Lab Elliptic Curves 22 [5] Elliptic Curve DLP Basic computation of ECC  Q = kP = where P is a curve point, k is an integer Strength of ECC  Given curve, the point P, and kP It is hard to recover k - Elliptic Curve Discrete Logarithm Problem (ECDLP)

23 Cryptanalysis Lab Elliptic Curves 23 Security of ECC versus RSA/ElGamal Elliptic curve cryptosystems give the most security per bit of any known public-key scheme. The ECDLP problem appears to be much more difficult than the integer factorisation problem and the discrete logarithm problem of Z p. (no index calculus algo!) The strength of elliptic curve cryptosystems grows much faster with the key size increases than does the strength of RSA.

24 Cryptanalysis Lab Elliptic Curves 24 Elliptic Curve Security Symmetric Key Size (bits) RSA and Diffie-Hellman Key Size (bits) Elliptic Curve Key Size (bits) 801024160 1122048224 1283072256 1927680384 25615360521 NIST Recommended Key Sizes

25 Cryptanalysis Lab Elliptic Curves 25 ECC Benefits ECC is particularly beneficial for application where: computational power is limited (wireless devices, PC cards) integrated circuit space is limited (wireless devices, PC cards) high speed is required. intensive use of signing, verifying or authenticating is required. signed messages are required to be stored or transmitted (especially for short messages). bandwidth is limited (wireless communications and some computer networks).

26 Cryptanalysis Lab Elliptic Curves 26 [6] Signature Scheme: ECDSA Digital Signature Algorithm (DSA)  Proposed in 1991  Was adopted as a standard on December 1, 1994 Elliptic Curve DSA (ECDSA)  FIPS 186-2 in 2000

27 Cryptanalysis Lab Elliptic Curves 27 Digital Signature Algorithm (DSA) Let p be a L-bit prime such that the DL problem in Z p * is intractable, and let q be a 160-bit prime that divides p-1. Let α be a q th root of 1 modulo p. Define K={ (p,q,α,a,β): β=α a mod p } p,q,α,β are the public key, a is private L=0 mod 64, 512≤L≤1024

28 Cryptanalysis Lab Elliptic Curves 28 For a (secret) random number k, define sig (x,k)=(γ,δ), where γ=(α k mod p) mod q and δ=(SHA-1(x)+aγ)k -1 mod q For a message (x,(γ,δ)), verification is done by performing the following computations: e 1 =SHA-1(x)*δ -1 mod q e 2 =γ*δ -1 mod q ver(x,(γ,δ))=true iff. (α e 1 β e 2 mod p) mod q=γ

29 Cryptanalysis Lab Elliptic Curves 29 Elliptic Curve DSA Let p be a prime, and let E be an elliptic curve defined over F p. Let A be a point on E having prime order q, such that DL problem in is infeasible. Define K={ (p,q,E,A,m,B): B=mA } p,q,E,A,B are the public key, m is private

30 Cryptanalysis Lab Elliptic Curves 30 For a (secret) random number k, define sig k (x,k)=(r,s), where kA=(u,v), r=u mod q and s=k -1 (SHA-1(x)+mr) mod q For a message (x,(r,s)), verification is done by performing the following computations: i=SHA-1(x)*s -1 mod q j=r*s -1 mod q (u,v)=iA+jB ver(x,(r,s))=true if and only if u mod q=r

Download ppt "1 Cryptanalysis Lab Elliptic Curves. Cryptanalysis Lab Elliptic Curves 2 Outline [1] Elliptic Curves over R [2] Elliptic Curves over GF(p) [3] Properties."

Similar presentations

Public Key Cryptosystem

Public Key Cryptosystem
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security

Cryptography and Network Security
7. Asymmetric encryption-

7. Asymmetric encryption-
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )

Elliptic Curve. p2. Outline EC over Z p EC over GF(2 n )
1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’

1 Cryptosystems Based on Discrete Logarithms. 2 Outline [1] Discrete Logarithm Problem [2] Algorithms for Discrete Logarithm –A trivial algorithm –Shanks’
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukElGamal Cryptosystem1 ElGamal Cryptosystem and variants CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Similar presentations

Ads by Google