1 / 16

CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes

CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate. Background in elliptic curves If p is a prime greater than 3 and

hermione-christensen
Download Presentation

CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate

  2. Background in elliptic curves If p is a prime greater than 3 and Zp is group of non-zero elements under the operation of multiplication modulo p. Zp = {1, 2, …, p-1} Then an elliptic curve E over ZP is defined by the equation: y2 = x3 + ax + b where, a, b ∊ Zp and 4a3 + 27b2  0 (mod p), together with special point O, called as point at infinity.

  3. Example of elliptic curve Let p = 23, a = 1, b = 1 Note: 4a3 + 27b2 = 8 (mod 23)  0 E : y2 = x3 + x + 1 The points on E(Z23) are O and following: (0,1) (6,4) (12,19) (0,22) (6,19) (13,7) (1,7) (7,11) (13,16) (1,16) (7,12) (17,3) (3,10) (9,7) (17,20) (3,13) (9,16) (18,3) (4,0) (11,3) (18,20) (5,4) (11,20) (19,5) (5,19) (12,4) (19,18)

  4. Elliptic curve addition • If P, Q ∊ E(Zp) then, • P + O = O + P = P • If P = (x,y) then –P = (x,-y) • and P + (-P) = O • If P = (x1, y1) and Q = (x2, y2) and P  -Q then, • P + Q = (x3, y3) where, • x3 = 2 – x1 – x2 and y3 = (x1 – x3) – y1 •  = y2 – y1 if P  Q,  = 3x12+ a if P = Q • x2 – x1 2y1

  5. Elliptic curve discrete logarithm problem Select elliptic curve E(Zp) such that the number of points in E are divisible by a large prime n. Then, The “hard” mathematical problem is: Given an elliptic curve E defined over Zp, a point P ∊ E(Zp) of order n, and a point Q ∊ E(Zp), determine the integer d, 0 <= d <= n-1, such that Q = dP, provided that d exists.

  6. Digital Signature Algorithm (DSA)

  7. Elliptic Curve Digital Signature Algorithm (ECDSA) • ECDSA key pair generation: • Entity A selects an elliptic curve E defined over Zp. The number of points in E(Zp) should be divisible by a large prime n. • Select a point P = E(Zp) of order n. • Select a statistically unique and unpredictable integer d in the interval [1, n-1]. • Compute Q = dP. • A’s public key is (E, P, n, Q). A’s private key is d.

  8. ECDSA…contd. • ECDSA signature generation: • Entity A selects a statistically unique and unpredictable integer k in the interval [1, n-1]. • Compute kP = (x1, y1) and r = x1 mod n. To avoid a security condition, r should not equal 0. If r = 0 go to step 1. • Compute k-1 mod n. • Compute s = k-1 {h(m) + dr} mod n. h is the Secure Hash Algorithm (SHA-1). • If s = 0, then go to Step 1. If s = 0, then s-1 mod n does not exist and s-1 is required in the signature verification process. • The signature for the message m is the pair of integers (r, s).

  9. ECDSA…contd. • ECDSA signature verification: • Entity B obtains an authentic copy of Entity A’s public key (E, P, n, Q). • Verify that r and s are integers in the interval [1, n-1]. • Compute w = s-1 mod n and h(m). • Compute u1 = h(m)w mod n and u2 = rw mod n. • Compute u1P + u2Q = (x0, y0) and v = x0 mod n. • Entity B accepts the signature if and only if v =r.

  10. Security Issues • The best algorithm known to date is Pollard rho-method which takes about  n / 2 steps, where a step is an elliptic curve addition. • Software attacks • Hardware attacks • Build a hardware for a parallel search using Pollard rho-method.

  11. Advantages of ECC • Equivalent ECC key size is 160 bits as compared to 1024 bit size of RSA • ECC does not require prime numbers and exponential processing for encryption. • ECC offers considerable bandwidth savings when being used to transform short messages. • Disadvantages of ECC • Hyper-elliptic cryptosystems offer even smaller key sizes • ECC is mathematically more difficult to explain to client • Confidence level in ECC is not as high as RSA

  12. Applications • Elliptic curves are used in: • Factoring integers • Primality proving • Public key cryptography • Implementations of ECC are particularly beneficial in applications where bandwidth, processing capacity, power availability, or storage is constrained. • Such applications include: • Wireless transactions • Handheld computing • Broadcast and • Smart card applications.

  13. Conclusion • Elliptic Curves should receive rigorous testing before it is actually implemented in large networks, but it should provide a solution to many of the problems facing public-key encryption in general.

  14. Thank you!

More Related