340 likes | 753 Views
Elliptic Curve Cryptography ( ECC ). Mustafa Demirhan Bhaskar Anepu Ajit Kunjal. Contents. Introduction Addition Law Elliptic Curves Mod n Encryption Example Decryption Example General Diffie-Hellman Key Exchange Scheme Diffie Hellman Method with Elliptic Curves Conclusions.
E N D
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal
Contents • Introduction • Addition Law • Elliptic Curves Mod n • Encryption Example • Decryption Example • General Diffie-Hellman Key Exchange Scheme • Diffie Hellman Method with Elliptic Curves • Conclusions
Introduction • What is Elliptic Curve Cryptography (ECC)? • ECC is an encryption technique based on elliptic curve theory that can be used as faster, smaller, and more efficient cryptosystems • Who introduced it and when? • Miller and Koblitz in mid 1980s and Lenstra showed how to use elliptic curves to factor integers • What is the basic principle? • Obtain same level of security as conventional cryptosystems but with much smaller key sizes
General Form of Elliptic Curve • An elliptic curve E: y2 = x3 + ax + b • (a, b) belong to any of the appropriate sets namely rational numbers, complex numbers, integers etc. • More general form: y2+a1xy+a3y = x3+a2x2+a4x+a5
Addition Law • Given two points P1 and P2 on E, we can find P3 as follows: Let P1 = (2, 9) and P2 = (3, 10) and E: y2 = x3 + 73 Find the equation of the line passing through P1 and P2 Find a point Q such that it lies on the line through P1 and P2 and the curve E Q P2 P1 P3
Addition Law: Example • Equation of the line: y = x + 7 • For Q, substitute this eqn. in E.(x+7)2 = x3 + 73 • Roots of this cubic: P1,P2 and Q. • Rule: For a cubic polynomial of the form x3+a2x2+a1x+a0 the roots r1,r2 and r3 are related by: r1+r2+r3=-a2 • Applying this to our cubicx3-x2-14x+24 = 0, we obtain 2+3+xQ=1 xQ = -4 yQ=xQ+7 yQ = 3 Q = (-4,3) • P3 is the mirror image of Q. Thus P3 = (-4, -3)
Addition Law-Definition • Define a law of addition on E by:P1 + P2 = P3 • Addition Law: Let E: y2 = x3 + ax + b and let P1 = (x1, y1) & P2 = (x2, y2) Then P 1 + P2 = P3 = (x3, y3) where x3 = m2 - x1 - x2 y3 = m (x1 - x3) - y1 and m = (y2 - y1) / (x2 – x1) if P1≠ P2 m = (3x12 + a) / (2y1) if P1 = P2
Definition of P + P • Draw a tangent line through P, the point of intersection with the curve is defined as –R, then P+P = 2P = R
Definition of P + (-P) • P + (-P) = O
Multiplication • k.P = P + P + P + …. + P (k times) where k is an integer
Elliptic Curves Mod n • Let E: y2≡ x3 + 2x + 3 (mod 5) • The points on E are pairs (x, y) mod 5 that satisfy the equation • The possible values are x ≡ 0 y2≡ 3 (mod 5) no solutionsx ≡ 1 y2≡ 6 (mod 5) y ≡ 1, 4x ≡ 2 y2≡ 15 (mod 5) y ≡ 0x ≡ 3 y2≡ 36 (mod 5) y ≡ 1, 4x ≡ 4 y2≡ 75 (mod 5) y ≡ 0 • Therefore the points on E are (1,1), (1,4), (2,0), (3,1), (3,4), (4,0)
Encryption: Example • Let E: y2≡ x3 + 2x + 3 (mod 5) • P = (1, 4), K = (3, 1) • The cipher text is obtained as follows:m = (1–4)/(3-1) = 1 (mod 5)x3 = -1-1-3 = -3 (mod 5) = 2y3 = 1(1-2)-4 = 0 (mod 5) • Cipher Text = C = (2,0) Q K P C
Decryption: Example • Let E: y2≡ x3 + 2x + 3 (mod 5) • C = (2, 0); K = (3, 1) • The decryption is same as encrypting with –K • -K = (3,-1) (mod 5) = (3,4) • m = 4/1 = 4x3 = 16-2-3 = 1 (mod 5)y3 = 4(2-1)-0 = 4 • Hence, P = (1,4) Q K P C
An Example Usage of Elliptic Curves • The crucial property of an elliptic curve is that we can define a rule for "adding" two points which are on the curve, to obtain a third point which is also on the curve • Cryptography can be done as follows: • Alice, Bob, Cathy and David… agree on a (non-secret) elliptic curve and a (non-secret) fixed curve point F. Alice chooses a secret random integer KA which is her secret key, and publishes the curve point PA = KA*F as her public key. Bob, Cathy and David do the same • Now suppose Alice wishes to send a message to Bob. One method is for Alice to simply compute KA*PB and use the result as the secret key for a conventional symmetric block cipher (say DES) • Bob can compute the same number by calculating KB * PA, since KB*PA = KB*(KA*F) = (KB*KA)*F = KA*(KB*F) = KA*PB • The security of the scheme is based on the assumption that it is difficult to compute k given F and k*F.
General Diffie-Hellman Key Exchange (α, p) • Alice and Bob chooses a large prime number p and a primitive root α (mod p). Both p and α can be made public. • Alice chooses a secret random x and Bob chooses a secret random y. • Alice sends αx (mod p) to Bob, and Bob sends αy (mod p) to Alice. • Alice calculates key as K = (αy)x (mod p) and Bob calculates K = (αx)y (mod p) Alice Bob x αx (mod p) y αy (mod p) (αy)x(mod p) (αx)y(mod p)
DH Key Exchange with Elliptic Curves (E, P) • Diffie-Hellman key exchange- another example • Given elliptic curve E and a point P (public) • Alice selects an a, computes A=aP, send A to Bob • Bob selects a b, computes B=bP, sends B to Alice • Then Alice can compute the key K=aB=abP, similarly, Bob computes the key K=bA=abP Alice Bob a, A A = aP b, B B = bP abP abP
Using The Shared Keys • The key that we obtained using Diffie-Hellman with elliptic curves can be used either directly in another elliptic curve cryptosystem, or in a conventional cryptosystem such as DES, RSA etc. • However, for the latter, we need to convert the point in the elliptic curve system to a number. This can be done, but it is beyond the scope of this presentation
Conclusions • Elliptic Curves are just another way to map the data into another form. The power of the scheme comes from the fact that it is very hard to do the un-mapping without knowledge of the key • Elliptic Curve Cryptosystems provide same level of security as other conventional cryptosystems; but with a much smaller key size • Smaller the key size, lesser the hardware required