1 / 25

Introduction to Elliptic Curves

Introduction to Elliptic Curves. An Elliptic Curve is a curve given by an equation E : y 2 = f(x) Where f(x) is a square-free (no double roots) cubic or a quartic polynomial After a change of variables it takes a simpler form: E : y 2 = x 3 + Ax + B . What is an Elliptic Curve?.

binah
Download Presentation

Introduction to Elliptic Curves

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to Elliptic Curves

  2. An Elliptic Curve is a curve given by an equation E : y2 = f(x) Where f(x) is a square-free (no double roots) cubic or a quartic polynomial After a change of variables it takes a simpler form: E : y2 = x3 + Ax + B What is an Elliptic Curve? So y2 = x3 is not an elliptic curve but y2 = x3-1 is

  3. Why is it called Elliptic? Arc Length of an ellipse = Let k2 = 1 – b2/a2 and change variables x ax. Then the arc length of an ellipse is with y2 = (1 – x2) (1 – k2x2) = quartic in x

  4. Graph of y2 = x3-5x+8

  5. E : Y2 = X3 – 9X Elliptic curves can have separate components

  6. P+Q R Q P Addition of two Points P+Q

  7. Tangent Line to E at P R P 2*P Doubling of Point P

  8. P Q O Point at Infinity

  9. Addition of Points on E 1. Commutativity. P1+P2 = P2+P1 2.Existence of identity. P + O = P 3. Existence of inverses. P + (-P) = O 4. Associativity. (P1+P2) + P3 = P1+(P2+P3)

  10. Addition Formula Suppose that we want to add the points P1 = (x1,y1) and P2 = (x2,y2) on the elliptic curve E : y2 = x3 + Ax + B. If If Note that when P1, P2 have rational coordinates and A and B are rational, then P1+P2 and 2P also have rational coordinates

  11. Important Result Theorem (Poincaré, 1900): Suppose that an elliptic curve E is given by an equation of the form y2 = x3 + A x + B with A,B rational numbers. Let E(Q) be the set of points of E with rational coordinates, E(Q) = { (x,y)  E : x,y are rational numbers }  { O }. Then sums of points in E(Q)remain in E(Q).

  12. The many uses of elliptic curves.

  13. Really Complicated first… Elliptic curves were used to prove Fermat’s Last Theorem Ea,b,c : y2 = x (x – ap) (x + bp) Suppose that ap + bp = cp with abc 0. Ribet proved that Ea,b,cisnot modular Wiles proved that Ea,b,cis modular. Conclusion: The equation ap + bp = cp has no solutions.

  14. Elliptic Curves and String Theory In string theory, the notion of a point-like particle is replaced by a curve-like string. As a string moves through space-time, it traces out a surface. For example, a single string that moves around and returns to its starting position will trace a torus. So the path traced by a string looks like an elliptic curve! Points of E with coordinates in the complex numbers C form a torus, that is, the surface of a donut.

  15. Congruent Number Problem • Which positive rational n can occur as areas of right triangles with rational sides? • Ex: 5 is a congruent number because it is the area of 20/3, 3/2, 41/6 triangle This question appears in 900A.D. in Arab manuscripts A theorem exists to test the numbers but it relies on an unproven conjecture.

  16. Congruent Number Problem cont…. Suppose a, b and c satisfy Then set A Calculation shows that Conversely: A positive rational number n is congruent if and only if the elliptic curve has a rational point with y not equal to 0

  17. Congruent Number Problem cont… Continuing with n = 5 We have Point (-4,6) on the curve We can now find a, b and c

  18. Factoring Using Elliptic Curves Ex: We want to factor 4453 Step 1. Generate an elliptic curve with point P mod n Step 2. Compute BP for some integer B.

  19. Factoring Continued.. Step 3. If step 2 fails because some slope does not exist mod n, the we have found a factor of n.

  20. The Elliptic Curve Discrete Logarithm Problem (ECDLP) is to find an integer m satisfying Q = P + P + … + P = mP. m summands Cryptography Suppose that you are given two points P and Q in E(Fp). • If the prime p is large, it is very very difficult to find m. • The extreme difficulty of the ECDLP yields highly efficient cryptosystems that are in widespread use protecting everything from your bank account to your government’s secrets.

  21. Send QBobto Alice to Bob Send QAlice Elliptic Curve Diffie-Hellman Key Exchange Public Knowledge: A group E(Fp) and a point P of order n. BOB ALICE Choose secret 0 < b < n Choose secret 0 < a < n Compute QBob = bP Compute QAlice = aP Compute bQAlice Compute aQBob Bob and Alice have the shared value bQAlice = abP = aQBob

  22. Can you solve this? Suppose a collection of cannonballs is piled in a square pyramid with one ball on the top layer, four on the second layer, nine on the third layer, etc.. If the pile collapses, is it possible to rearrange the balls into a square array (how many layers)? Hint:

  23. Solution This is an elliptic curve We know two points The line through these points is y = x

  24. Solution cont…

  25. References • Elliptic Curves Number Theory and Cryptography Lawrence C. Washington • http://www.math.vt.edu/people/brown/doc.html • http://www.math.brown.edu/~jhs/

More Related