bitcoin ii introduction to elliptic curve cryptography
play

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. - PowerPoint PPT Presentation

Dec 25, 2023 •456 likes •992 views

Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019 Overview Bitcoin Transactions Elliptic Curve Cryptography Introduction Arithmetics Signature Bitcoin, the protocol A blockchain Each

  1. Bitcoin II & Introduction to Elliptic Curve Cryptography Sep. 11, 2019

  2. Overview • Bitcoin • Transactions • Elliptic Curve Cryptography • Introduction • Arithmetics • Signature

  3. Bitcoin, the protocol • A blockchain • Each block has a definite history • Nonce • Proof-of-work to make block building hard • The Merkle tree stores a set of transactions

  4. Bitcoin, the currency • A Bitcoin (the currency, ₿ ) is a number • Created when mining blocks (finding nonce) • The person finding a nonce so that H(block) < � adds a Coinbase ε transaction • Adding 12.5 ₿ to his wallet (!?!) • amount used to larger, will decrease to 6.25 in May 2020 • 21 million ₿ in total • 17.9M in existence • Cap will be reached by 2140 • Afterwards, miners get rewarded in transaction fees only

  5. Bitcoin, the currency • A Bitcoin (the currency, ₿ ) is a number • Created when mining blocks (finding nonce) • The person finding a nonce so that H(block) < � adds a Coinbase ε transaction • Adding 12.5 ₿ to his wallet (!?!) • amount used to larger, will decrease to 6.25 in May 2020 • 21 million ₿ in total What does this mean? • 17.9M in existence • Cap will be reached by 2140 • Afterwards, miners get rewarded in transaction fees only

  6. Bitcoin Ownership • Ownership is implemented via cryptographic signatures • Every person own a public key and a private key • Ownership means • You have the private key of a signature

  7. Bitcoin Transactions • To transfer money to another person, one needs to show • Point to (a set of) input amount • Demonstrate that you own the input amounts • Know private key of input • Publish a set of outputs ₿ ₿ ₿ Tx ₿ ₿ ₿ ₿ inputs outputs

  8. Bitcoin Transactions • All inputs are completely consumed • If output is larger than needed, return the rest to you ₿ ₿ ₿ Tx ₿ ₿ ₿ ₿ inputs outputs

  9. � Bitcoin Transaction transactions where Bitcoin outputs come from tx 0xa435… Out 0 In 0 Out 1 tx 0x285d… In 3 Out 2 ID of this transaction is its hash ∑ inputs − ∑ outputs is fee to miner

  10. Bitcoin Transactions • Output field: • Value • Some requirement that has to be fulfilled to claim the output • Can be complicated script or open to anyone • Input fields: • Transaction ID • Which output in that transaction • Proof that the conditions are fulfilled

  11. Transfer money A -> B • Input � has information about � , public key of A In 1 pk A • A creates a new script, saying that only someone who knows the secret key corresponding to the hash of � pk B (public key of B) can spend the money • provide message + public key

  12. Transactions Input : Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6 Index: 0 scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446618c4571d10 90db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6cc8d25c6 b241501 Output : Value: 5000000000 scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d OP_EQUALVERIFY OP_CHECKSIG

  13. Transactions Transaction ID showing the funding source Input : Output 0 within that transaction Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6 Index: 0 Proof of meeting the requirements of that output scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446618c4571d10 90db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6cc8d25c6 b241501 Output value (in 1/100,000,000 ₿ ) Output : Script to unlock the output value Value: 5000000000 scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d OP_EQUALVERIFY OP_CHECKSIG • This transaction is funded by tx f5d8… output 0, use inputs 3045… and 90db00… as inputs to that script • Pay 5.00 ₿ to whoever can run the “ OP_DUP… ” script successfully.

  14. Transactions Output of funding transaction Input of new transaction provides specifies script to execute data for that script scriptPubKey scriptSig

  15. Transaction scripts OP_PLUS 2 • Scripts are executed as a stack machine • Last In - First Out 5 7 • E.g. OP_PLUS : “Take last to element on the stack, add them, -2 -2 and put the result back on the stack” 3 3 1 1

  16. Transaction scripts Stack machine • scriptPubKey: OP_DUP Duplicate element on top of stack OP_HASH160 Hash element on top of stack Push these 20 numbers onto the stack PUSHDATA(20)404371705fa9bd789a2f Verify that the top 2 numbers on the stack are identical OP_EQUALVERIFY Check that the signature is correctly signed by public key OP_CHECKSIG

  17. Transaction scripts Stack machine • scriptPubKey OP_DUP OP_HASH160 PUSHDATA(20)404371705fa9bd789a2f OP_EQUALVERIFY OP_CHECKSIG • scriptSig ae0e854281abd38bacd1aeed3ee3e5tadf73 0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6c

  18. Transaction scripts Stack machine • scriptPubKey OP_DUP OP_HASH160 PUSHDATA(20)404371705fa9bd789a2f OP_EQUALVERIFY OP_CHECKSIG ae0e854281abd38bacd1aeed3ee3e5tadf73 0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6c

  19. Transaction scripts Stack machine • scriptPubKey OP_DUP OP_HASH160 PUSHDATA(20)404371705fa9bd789a2f OP_EQUALVERIFY OP_CHECKSIG ae0e854281abd38bacd1aeed3ee3e5tadf73 ae0e854281abd38bacd1aeed3ee3e5tadf73 0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6c

  20. Transaction scripts Stack machine • scriptPubKey OP_DUP OP_HASH160 PUSHDATA(20)404371705fa9bd789a2f OP_EQUALVERIFY OP_CHECKSIG 404371705fa9bd789a2f ae0e854281abd38bacd1aeed3ee3e5tadf73 0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6c

  21. Transaction scripts Stack machine • scriptPubKey OP_DUP OP_HASH160 PUSHDATA(20)404371705fa9bd789a2f OP_EQUALVERIFY OP_CHECKSIG 404371705fa9bd789a2f 404371705fa9bd789a2f ae0e854281abd38bacd1aeed3ee3e5tadf73 0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6c

  22. Transaction scripts Stack machine • scriptPubKey OP_DUP OP_HASH160 PUSHDATA(20)404371705fa9bd789a2f OP_EQUALVERIFY OP_CHECKSIG ae0e854281abd38bacd1aeed3ee3e5tadf73 0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6c

  23. Transaction scripts Stack machine • scriptPubKey OP_DUP OP_HASH160 PUSHDATA(20)404371705fa9bd789a2f OP_EQUALVERIFY OP_CHECKSIG OK if signature - public key = ae0e… - message = Hash(this transaction) - signature = 0e88ff… is correct

  24. Transaction Chain

  25. Transactions • Pay-to-Pubkey-Hash • Provide a public key and a signature to claim money • Pay-to-Script-Hash • Provide input to arbitrary script • preimage (given y, pay to whoever knows x with y=H(x)) • Long list of other operators Code Description OP_1ADD 1 is added to the input. OP_1SUB 1 is subtracted from the input. The input is multiplied by 2.disabled. OP_2MUL The input is hashed two times with SHA-256. OP_HASH256 The signature must be a valid signature hash(tx) and public key. OP_CHECKSIG Compares the first signature against each public key OP_CHECKMULTISIG

  26. Elliptic Curve Cryptography A basic introduction

  27. What is an elliptic curve • Consider the polynom � x 3 + ax + b

  28. � What is an elliptic curve • Consider the polynom x 3 + ax + b • For � and � we get a = − 2 b = 2 y = x 3 − 2 a + 2 �

  29. What is an elliptic curve • For which points on the xy-plane do we have y 2 = x 3 + ax + b � • For � and � we get a = − 2 b = 2 y 2 = x 3 − 2 a + 2 �

  30. Points on an elliptic curve y 2 = x 3 + ax + b • Any point � for which � is a point p = ( x , y ) • Easy to verify

  31. Adding points • Given 2 points � and � p = ( x , y ) q = ( u , v )

  32. Adding points • Given 2 points � and � p = ( x , y ) q = ( u , v ) • Draw a line crossing those points

  33. Adding points • Given 2 points � and � p = ( x , y ) q = ( u , v ) • Draw a line crossing those points • Mark the 3 point of intersection with the curve

  34. Adding points • Given 2 points � and � p = ( x , y ) q = ( u , v ) • Draw a line crossing those points • Mark the 3 point of intersection with the curve • Flip the point up/down

  35. Adding points • Given 2 points � and � p = ( x , y ) q = ( u , v ) • Draw a line crossing those points • Mark the 3 point of intersection with the curve • Flip the point up/down + =

  36. Adding points • Given 2 points � and � p = ( x , y ) q = ( u , v ) • Draw a line crossing those points • Mark the 3 point of intersection with the curve • Flip the point up/down

  37. Adding points • Given 2 points � and � p = ( x , y ) q = ( u , v ) • Draw a line crossing those points • Mark the 3 point of intersection with the curve • Flip the point up/down

  38. Adding points • Definition not complete

  39. Adding points • Definition not complete • => add � ± ∞

  40. Adding points • Definition not complete ?

  41. Adding points • Definition not complete • Limit of getting closer and closer to that point ?

  42. Adding points • Definition not complete • Limit of getting closer and closer to that point ?

  43. Adding points • To add a point to itself, take the limit of 2 points getting closer and closer (the tangent of the curve at that point) The same point twice

  44. Adding points • Let’s add a point � 2 times to itself p = ( x , y ) � p � 2 p

  45. Adding points • Let’s add a point � 3 times to itself p = ( x , y ) � p � 3 p � 2 p

Recommend

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve

Cryptography Elliptic Curve Cryptography Overview of Elliptic Curve Cryptography Elliptic Curve Cryptography Applications of Elliptic Curve Cryptography Elliptic Curve Cryptography Cryptography in OpenSSL School of Engineering and

857 views • 17 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago &amp; Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Elliptic Curve Cryptography in Bitcoin Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of

Elliptic Curve Cryptography in Bitcoin Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of

Elliptic Curve Cryptography in Bitcoin Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 8, 2019 1 / 31 Group Theory Recap Groups Definition A set G with a binary

447 views • 31 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago &amp; energy (gas

1.07k views • 76 slides
Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven

Cryptography Elliptic Curves EC Cryptographic Primitives Pairings Elliptic Curve Cryptography An Introduction Dr. F . Vercauteren Katholieke Universiteit Leuven 22 April 2008 Dr. F. Vercauteren Elliptic Curve Cryptography An Introduction

491 views • 32 slides
A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March

A Brief Introduction to Elliptic Curve Cryptography A Brief Introduction to Elliptic Curve Cryptography Or: A headache in 15 minutes Don Owen March 21 st , 2016 1/13 A Brief Introduction to Elliptic Curve Cryptography Elliptic Curve 2/13 A

385 views • 13 slides
Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May

Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May

Introduction to Elliptic Curve Cryptography Rana Barua Indian Statistical Institute Kolkata May 19, 2017 university-logo-isi Rana Barua Introduction to Elliptic Curve Cryptography ElGamal Public Key Cryptosystem, 1984 Key Generation: Choose

417 views • 16 slides
Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curves Suppose F is a field and a 1 , . . . , a 6 F . Elliptic Curve Cryptography Definition 1. An elliptic curve E over a field F is a curve given by an equation: Jim Royer Y 2 + a 1 XY + a 3 Y X 3 + a 2 X 2 + a 4 X + a 6 = (1)

337 views • 5 slides
Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018

Elliptic Curve Cryptography Meghana Doddapaneni University of Maryland 5 December 2018 Introduction y 2 = x 3 + ax + b en.wikipedia.org/wiki/Elliptic curve Elliptic Curve Addition P = ( x p .y p ), Q = ( x q , y q ), R = ( x r .y r ) =

187 views • 16 slides
Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The

Twenty-Three Years of Elliptic Curve Cryptography Alfred Menezes University of Waterloo September 3 2008 1 Further Reading A. H. Koblitz, N. Koblitz, A. Menezes, Elliptic curve cryptography: The serpentine course of a paradigm

300 views • 18 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

A gentle introduction to elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 11, 2018 ibenik , Croatia Part 1: Motivation Part 2: Elliptic Curves Part 3: Elliptic Curve Cryptography Part 4:

1.38k views • 48 slides
Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm Problem

Counting points on elliptic curves over F q Christiane Peters DIAMANT-Summer School on Elliptic and Hyperelliptic Curve Cryptography September 17, 2008 Motivation Given an elliptic curve E over a finite field F q . Is the Discrete Logarithm

587 views • 30 slides
Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic

Next-generation elliptic-curve cryptography (ECC) Daniel J. Bernstein Cryptographic Implementations group: eindhoven.cr.yp.to working closely with the Coding Theory and Cryptology group: www.win.tue.nl/cc/ Next-generation elliptic-curve

456 views • 18 slides
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Math ematiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1

1.72k views • 143 slides
Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S. Miller IDA Center for Communications Research Princeton, NJ 08540 USA 24 May, 2007 Victor S. Miller (CCR) Elliptic Curve Cryptography 24 May,

1.08k views • 69 slides
Should Elliptic Curve Cryptography Really be Deprecated? Connor Adsit cda8519@rit.edu May 13,

Should Elliptic Curve Cryptography Really be Deprecated? Connor Adsit cda8519@rit.edu May 13,

Should Elliptic Curve Cryptography Really be Deprecated? Connor Adsit cda8519@rit.edu May 13, 2016 Objectives Suite B Cryptography The controversial NSA statement A brief history of ECC (and the NSAs involvement) Why would

351 views • 17 slides
ECC mod 8^91+5 especially elliptic curve 2y^2=x^3+x for cryptography Andrew Allen and Dan Brown,

ECC mod 8^91+5 especially elliptic curve 2y^2=x^3+x for cryptography Andrew Allen and Dan Brown,

ECC mod 8^91+5 especially elliptic curve 2y^2=x^3+x for cryptography Andrew Allen and Dan Brown, BlackBerry CFRG, Prague, 2017 July 18 2y 2 =x 3 +x/GF(8 91 +5) Simplest secure and fast ECC ? Benefits of Galois field size 8 91 +5 for ECC Feature

285 views • 12 slides
Introduction to Elliptic Curve Cryptography Benjamin Smith Team GRACE INRIA + Laboratoire

Introduction to Elliptic Curve Cryptography Benjamin Smith Team GRACE INRIA + Laboratoire

Introduction to Elliptic Curve Cryptography Benjamin Smith Team GRACE INRIA + Laboratoire dInformatique de l Ecole polytechnique (LIX) ECC School, Nijmegen, November 9 2017 Problems We want to solve some important everyday problems in

1.01k views • 48 slides
The AGM- X 0 ( N ) Algorithm Heegner point lifting with application to elliptic curve point

The AGM- X 0 ( N ) Algorithm Heegner point lifting with application to elliptic curve point

The AGM- X 0 ( N ) Algorithm Heegner point lifting with application to elliptic curve point counting David R. Kohel School of Mathematics and Statistics University of Sydney I Elliptic Curves in Cryptography An elliptic curve E/ F p r for

415 views • 18 slides
Exploiting dummy codes in Elliptic Curve Cryptography Andy Russon 4 June 2020 2/20 About me

Exploiting dummy codes in Elliptic Curve Cryptography Andy Russon 4 June 2020 2/20 About me

Exploiting dummy codes in Elliptic Curve Cryptography Andy Russon 4 June 2020 2/20 About me PhD thesis on elliptic curves Orange, and Universit de Rennes 1 Risk assessment and audit Interest: challenges (root-me, CryptoHack), korean

1.15k views • 54 slides
SafeCurves: Cryptography choosing safe curves for Public-key signatures: elliptic-curve

SafeCurves: Cryptography choosing safe curves for Public-key signatures: elliptic-curve

SafeCurves: Cryptography choosing safe curves for Public-key signatures: elliptic-curve cryptography e.g., RSA, DSA, ECDSA. Daniel J. Bernstein Some uses: signed OS updates, University of Illinois at Chicago &amp; SSL certificates,

1.85k views • 165 slides
Elliptic Curve Cryptography Amit Markel Leonid Nemirovskiy Supervisor : Barukh Ziv 13 / 05 / 2013

Elliptic Curve Cryptography Amit Markel Leonid Nemirovskiy Supervisor : Barukh Ziv 13 / 05 / 2013

Elliptic Curve Cryptography Amit Markel Leonid Nemirovskiy Supervisor : Barukh Ziv 13 / 05 / 2013 Introduction to ECC Usage of ECC is becoming more popular hence our attention on this subject. Unlike previous standards which use

312 views • 14 slides
Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on

Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on

Elliptic Curves over Q Peter Birkner Technische Universiteit Eindhoven DIAMANT Summer School on Elliptic and Hyperelliptic Curve Cryptography 16 September 2008 What is an elliptic curve? (1) An elliptic curve E over a field k in Weierstra

298 views • 25 slides

More recommend