1 / 34

Vorapong Suppakitpaisarn www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/

Discrete Methods in Mathematical Informatics Lecture 3 : Other Applications of Elliptic Curve 23 h October 2012. Vorapong Suppakitpaisarn http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/ vorapong@mist.i.u-tokyo.ac.jp , Eng. 6 Room 363

teague
Download Presentation

Vorapong Suppakitpaisarn www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Discrete Methods in Mathematical InformaticsLecture 3: Other Applications of Elliptic Curve23h October 2012 Vorapong Suppakitpaisarn http://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/ vorapong@mist.i.u-tokyo.ac.jp, Eng. 6 Room 363 Download: Lecture 1: http://misojiro.t.u-tokyo.ac.jp/~vorapong/Lecture1.pptx Lecture 2: http://misojiro.t.u-tokyo.ac.jp/~vorapong/Lecture2.pptx Lecture 3: http://misojiro.t.u-tokyo.ac.jp/~vorapong/Lecture3.pptx

  2. Course Information (Many Changes from Last Week) Schedule Grading 10/9 – Elliptic Curve I (2 Exercises) (What is Elliptic Curve?) 10/16 – Elliptic Curve II (1 Exercises) (Elliptic Curve Cryptography[1]) 10/23 – Elliptic Curve III (3 Exercises) (Elliptic Curve Cryptography[2]) 10/30 – Cancelled 11/7 – Online Algorithm I (Prof. Han) 11/14 – Online Algorithm II (Prof. Han) 11/21 – Elliptic Curve IV (2 Exercises) (ECC Implementation I) 11/28 – Elliptic Curve V (2 Exercises) (ECC Implementation II) 12/4 – Cancelled From 12/11 – To be Announced • For my part, you need to submit 2 Reports. • Report 1:Select 3 from 6 exercises in Elliptic Curve I – IIISubmission Deadline: 14 November • Report 2:Select 2 from 4 exercises in Elliptic Curve IV – VSubmission Deadline: TBD • Submit your report at Department of Mathematical Informatics’ office • [1st floor of this building]

  3. From Last Lecture… • Scalar Multiplication on Elliptic Curve S = P + P + … + P = rP when r1 is positive integer, S,P is a member of the curve • Double-and-add method • Let r = 14 = (01110)2 Compute rP = 14Pr = 14 = (0 1 1 1 0)2 r times P 3P 7P 14P O 2P 6P 14P 3 – 1 =2Point Additions 4 – 1 = 3 Point Doubles Discrete Logarithm Problem Given P,aP - Compute a.

  4. Overview Discrete Logarithm Problem Massey-OmuraEncryption ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamalDigital Signatures

  5. Overview Discrete Logarithm Problem Massey-Omura Encryption ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

  6. Pollard’s Method [Pollard 1978] (Semi-)Objective [Teske, 1998] (Real-)Algorithm (Semi-) Algorithm (Real-)Objective Function f for Discrete Log

  7. Examples Algorithm Example

  8. Exercise Exercise 4

  9. The Pohlig-Hellman Method [Pohlig, Hellman 1978]

  10. The Pohlig-Hellman Method [cont.] Algorithm (Real-)Problem Given P, Q = aP - Compute a. (Semi-)Problem Given P, Q = aP - Compute a mod pkek Properties

  11. The Pohlig-Hellman Method [cont.] Given P, Q = aP - Compute a mod pkek Algorithm

  12. Chinese Remainder Theorem Chinese Remainder Theorem (Semi-)Problem Given P, Q = aP - Compute a mod pkek

  13. Overview Discrete Logarithm Problem Massey-OmuraEncryption ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

  14. Three-Pass Protocol[Shamir 1980] Private Key Cryptography Three-pass Protocol k1 k2 M Key Agreement Protocol Encryption Algorithm k k Ek1 (M) Ek1(M) Super-Encryption Algorithm M Dk(Ek(M)) = M Ek2 ( Ek1 (M)) Ek2 ( Ek1 (M)) Encryption Algorithm Decryption Algorithm Decryption Algorithm Ek(M) Ek(M) Ek2 (M)=Dk1 ( Ek2 ( Ek1 (M))) Ek2(M) Super-Decryption Algorithm M

  15. Massey-Omura Protocol[Massey, Omura 1986] Three-pass Protocol Massey-Omura Protocol k1 k2 M Encryption Algorithm Encryption Algorithm Ek1 (M) Ek1(M) Super-Encryption Algorithm Super-Encryption Algorithm Ek2 ( Ek1 (M)) Ek2 ( Ek1 (M)) Decryption Algorithm Decryption Algorithm Ek2(M) Ek2(M) Super-Decryption Algorithm Super-Decryption Algorithm M

  16. Massey-Omura Protocol [cont.] Massey-Omura Protocol Example Encryption Algorithm Encryption Algorithm Super-Encryption Algorithm Super-Encryption Algorithm Decryption Algorithm Decryption Algorithm Ek2(M) Super-Decryption Algorithm Super-Decryption Algorithm

  17. Massey-Omura Protocol [cont.] Integer  Point on Elliptic Curve Point on Elliptic Curve  Integer Exercise 4 Exercise 5

  18. Overview Discrete Logarithm Problem Massey-Omura Encryption ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

  19. Public Key Cryptography Private Key Cryptography Public Key Cryptography Certificate Authority (CA) Key Agreement Protocol kpub,kpri kpub k k Dkpri(Ekpub(M)) = M M M Dk(Ek(M)) = M Encryption Algorithm Decryption Algorithm Encryption Algorithm Decryption Algorithm Ekpub(M) Ekpub(M) Ek(M) Ek(M)

  20. ElGamal Public Key Encryption [ElGamal 1985] Public Key Cryptography ElGamal PKE Certificate Authority (CA) Certificate Authority (CA) kpub,kpri kpub Dkpri(Ekpub(M)) = M2-sM1 = M Dkpri(Ekpub(M)) = M M Encryption Algorithm Encryption Algorithm Decryption Algorithm Decryption Algorithm Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 Ekpub(M) Ekpub(M) M1 = kP, M2 = M + kB

  21. ElGamal Public Key Encryption (cont.) Example ElGamal PKE Certificate Authority (CA) Dkpri(Ekpub(M)) = M2-sM1 = M Dkpri(Ekpub(M)) = M2-sM1 = (0,1)-5(4,3) = (4,2) Encryption Algorithm Encryption Algorithm Decryption Algorithm Decryption Algorithm Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 M1 = (4,3) M2 = (0,1) M1 = kP, M2 = M + kB M1 = kP = 7(0,1) = (4,3), M2 = M + kB= (4,2)+7(3,1) = (0,1)

  22. ElGamal Public Key Encryption (cont.) ElGamal PKE ElGamal Problem Ver. I Given P, sP (public key), kP, M + skP, Find M. Certificate Authority (CA) Dkpri(Ekpub(M)) = M2-sM1 = M Discrete Log. Given P, sP Find s. Encryption Algorithm Decryption Algorithm Ekpub(M) = M1,M2 Ekpub(M) = M1,M2 M1 = kP, M2 = M + kB

  23. Overview Discrete Logarithm Problem Massey-Omura Encryption ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamalDigital Signatures

  24. Digital Signature [Diffie, Hellman 1976] Public Key Cryptography Digital Signature Certificate Authority (CA) Certificate Authority (CA) kpub,kpri kpub kpri,kpub kpub Dkpri(Ekpub(M)) = M M Encryption Algorithm Decryption Algorithm Vkpub(Skpri(M)) = M ? M Ekpub(M) Ekpub(M) Signing Algorithm Objective Verification Algorithm Alice is sending a message M to Bob Bob can be sure that the sender is really Alice. Alice cannot refuse that she did send the message No one can send a message claiming that they are Alice. M,Skpri(M) M, Skpri(M)

  25. ElGamal Digital Signatures [ElGamal 1985] Digital Signature ElGamal’s Protocol Certificate Authority (CA) Certificate Authority (CA) kpub=(A,B) kpri,kpub kpub Signing Algorithm Skpri(M)) is signed by Alice??? M Signing Algorithm Verification Algorithm Verification Algorithm M,Skpri(M) M, Skpri(M)

  26. ElGamal Digital Signatures (cont.) Example ElGamal’s Protocol Certificate Authority (CA) kpub=(A,B) Signing Algorithm Signing Algorithm Verification Algorithm Verification Algorithm

  27. ElGamal Digital Signatures (cont.) ElGamal’s Protocol ElGamal Problem Ver. II Given A, B=aA (public key), m (message), m‘ (forged message) Find R,s such that Certificate Authority (CA) kpub=(A,B) Signing Algorithm Discrete Log. Given P, sP Find s. Verification Algorithm

  28. Exercise ElGamal Problem Ver. II Given A, B=aA (public key), m (message), m‘ (forged message) Find R,s such that Discrete Log. Given P, sP Find s. Exercise 6

  29. Overview Discrete Logarithm Problem Massey-Omura Encryption ElGamal Public Key Encryption Digital Signature Algorithm (DSA) ElGamal Digital Signatures

  30. Digital Signature Algorithm [Vanstone 1992] ElGamal’s Protocol DSA’s Protocol Certificate Authority (CA) Certificate Authority (CA) kpub=(A,B) kpub=(A,B) 2 Scalar Multiplications 3 Scalar Multiplications Signing Algorithm Signing Algorithm Verification Algorithm Verification Algorithm

  31. Exercise Exercise 4 Exercise 4 Exercise 5

  32. Exercise Exercise 6

  33. Pairing-Based Cryptography Three-Parties DHE Diffie-Hellman Exchange Protocol P ALICE 1. Generate P2 E(F) 2. Generate positive integers a 3. Receive Q = bP 4. Compute aQ = abP 1. Receive P 2. Receive S = aP 3. Generate positive integer b 4. Compute bS = abP B O B A L I C E aP a, aP bP C H A L I E aP bP B O B cP b, bP c, cP Bilinear Function ALICE Three-Parties DHE with Pairing a, aP, bP C H A L I E abP ALICE bcP a, aP B O B C H A L I E acP b, bP cP c, cP aP aP aP bP cP B O B cP b, bP c, cP bP

  34. Thank you for your attention Please feel free to ask questions or comment.

More Related