A Brief Introduction to Elliptic Curve Cryptography A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March 21 st , 2016 1/13
A Brief Introduction to Elliptic Curve Cryptography Elliptic Curve 2/13
A Brief Introduction to Elliptic Curve Cryptography Elliptic Curve Cryptography (ECC) ◮ More energy efficient than legacy asymmetric cryptosystems, such as RSA ◮ Smaller keys ◮ Smaller signatures ◮ Easier keygen Due to sub-exponential attacks on RSA, ECC requires smaller keys for equivalent security Key Length (Bits) RSA 1024 2048 3072 8192 15360 ECC 160 224 256 384 512 3/13
A Brief Introduction to Elliptic Curve Cryptography ECC Basics ◮ ECC uses Finite Field Arithmetic and the geometry of elliptic curves built on finite fields to create an asymmetric cryptosystem. ◮ The Elliptic Curve Discrete Logarithm Problem (ECDLP) is considered hard . ◮ ECDLP: Given points Q , P , find an integer d such that Q = d ∗ P 4/13
A Brief Introduction to Elliptic Curve Cryptography ECC Building Blocks: Point Double 5 4 3 2 P 1 0 0 1 2 3 -1 2P -2 -3 -4 -5 Curve: y 2 = x 3 + ax + b x 3 = ( 3 ∗ x 2 1 + a 2 ∗ y 1 ) − 2 ∗ x 1 y 3 = ( 3 ∗ x 2 1 + a 2 ∗ y 1 )( x 1 − x 3 ) − y 1 5/13
A Brief Introduction to Elliptic Curve Cryptography ECC Building Blocks: Point Add 5 4 3 2 1 Q 0 0 1 2 3 P -1 -2 P+Q -3 -4 -5 Curve: y 2 = x 3 + ax + b x 2 − x 1 ) 2 − x 1 − x 2 x 3 = ( y 2 − y 1 y 3 = ( y 2 − y 1 x 2 − x 1 )( x 1 − x 3 ) − y 1 6/13
A Brief Introduction to Elliptic Curve Cryptography Finite-field Arithmetic ◮ a.k.a modular arithmetic ◮ ECC can utilize both GF ( p ) and GF (2 m ) ◮ Multi-precision computations such that key-size ≫ machine width ◮ Add, subtract, multiply, and inversion ◮ Requires a reduction step to map result back into field 7/13
A Brief Introduction to Elliptic Curve Cryptography Prime Fields, GF ( p ) The following are examples of GF(7) computations: ◮ Addition: (2 + 5) modulo 7 = 0 ◮ Subtraction: (3 − 6) modulo 7 = 4 ◮ Multiplication: (5 × 4) modulo 7 = 6 ◮ Division: (2 ÷ 4) modulo 7 = 4 These operations, in conjunction with the geometric definitions of point double and add, can form more complex algorithms like point multiplication. 8/13
A Brief Introduction to Elliptic Curve Cryptography Crypto Operations: Keygen Given a standardized curve ◮ Pick a random integer d between 1 , n − 1 ◮ Compute Q = d ∗ P ◮ Q = Public Key ◮ d = Private Key 9/13
A Brief Introduction to Elliptic Curve Cryptography Crypto Operations: ECDSA Given a standardized curve, private key d, message m ◮ Select k randomly between 1 , n − 1 ◮ Compute k ∗ P = ( x 1 , y 1 ) ◮ Compute r = x 1 mod n ◮ If r = 0, start again. ◮ Compute e = Hash ( m ) ◮ Compute s = k − 1 ( e + d ∗ r )mod n ◮ If s = 0, start again. ◮ Signature = ( r , s ) 10/13
A Brief Introduction to Elliptic Curve Cryptography Crypto Operations: EC Diffie-Hellman Given a standardized curve, Alice’s keys d A , Q A , Bob’s keys d B , Q B ◮ Alice computes d A ∗ Q B ◮ Bob computes d B ∗ Q A ◮ shared secret = d A Q B = d A d B G = d B d A G = d B Q A 11/13
A Brief Introduction to Elliptic Curve Cryptography Crypto Operations: EC ElGamal Given a standardized curve ◮ Map message m into a point M on curve. ◮ Pick a random integer k between 1 , n − 1 ◮ Compute C 1 = k ∗ P ◮ Compute C 2 = M + k ∗ Q ◮ Ciphertext = C 1 , C 2 12/13
A Brief Introduction to Elliptic Curve Cryptography Standards ◮ NIST FIPS 186-4: Defines ECDSA and 10 Curves + Parameters ◮ NSA Suite B: P-384 used for US Gov. ◮ Curve25519: A non-government-affiliated, widely-used curve ◮ ...and others 13/13
Recommend
More recommend
