Elliptic Curve Cryptography Amit Markel Leonid Nemirovskiy Supervisor : Barukh Ziv 13 / 05 / 2013
Introduction to ECC • Usage of ECC is becoming more popular hence our attention on this subject. • Unlike previous standards which use simple prime fields for cryptography, elliptic curves with good cryptographic properties surpass the former in terms of security and use much smaller key sizes. • ECC surely has appropriate attributes for crypto-systems because of the impossibility of solving the ECDLP (elliptic curve discrete logarithm problem) with sub-exponential algorithms – therefore the ability of using keys of smaller size. Technion - Israel Institute of Technology and Science 13/05/2013
What is an EC over a finite field?
Basic EC over finite fields • Elliptic curves may be defined over large prime fields or either binary extension fields. • Due to performance issues we shall concentrate on Binary Extension Fields so we can get a simple form of the curve, taking the advantages the way Hardware is built - over the binary field. Definition . An elliptic curve E over F q such that q = 2 p (where • we set p to be prime for enhanced security) is defined by the equation: E : y 2 + xy = x 3 + a 2 x 2 + a 6 where a 2 ∈ F q and a 6 ∈ F ∗ q . • For better performance we use curves where a 2 = 0 (doing so does not impact any cryptographic quality), hence we get even the simpler form E : y 2 + xy = x 3 + a 6 . Technion - Israel Institute of Technology and Science 13/05/2013
EC-point group Definition . Let E be an EC. The point P = ( x, y ) ∈ F 2 • q is defined to be on E when it satisfies E ’s equation. • In order to build a group of points of the curve, the point of infinity we must define, marked by O . • The set of all points on the curve along with O form a group with O as its zero element . • Inverse . Let P = ( x, y ) ∈ E then Q = ( x, x + y ) = − P . • Addition . There is also an appropriate definition of an addition operator which satisfies the group requirements. • Next we show an example of points on an EC which form a cyclic group, in which its elements are obtained by multiplies of a generator element. Technion - Israel Institute of Technology and Science 13/05/2013
Example of an EC-point group We use a representation of GF (8) as F [ ξ ] / ( ξ 3 + ξ + 1) , which means polynomials mod ξ 3 + ξ + 1 . E : Y 2 + XY = X 3 + ξ 4 # E ( GF (8)) = 8 ( ξ 3 , ξ ) g = (110 , 010) ( ξ, ξ 2 ) 2 g = (010 , 001) ( ξ 6 , ξ 6 ) 3 g = (101 , 101) (0 , ξ 2 ) 4 g = (000 , 001) ( ξ 6 , 0) 5 g = (101 , 000) ( ξ, ξ 4 ) 6 g = (010 , 011) ( ξ 3 , 1) 7 g = (110 , 100) 8 g = O O Technion - Israel Institute of Technology and Science 13/05/2013
The projective plane • To implement addition of two points represented by standard affine coordinates, one must use inversions over F q which greatly halve performance than multiplications and additions. • We then can use projective coordinates in order to substitute the mentioned inversions with multiplications and additions. • Matching affine points to projective coordinates is defined herein (affixing the additional coordinate, Z = 1 ), ( x, y ) �→ X : Y : 1 . • Lopez-Dahab’s projective coordinates provide the best results in terms of performance when used over Binary Fields. • A point X : Y : Z in Lopez-Dahab coordinates corresponds to its affine form ( X/Z, Y/Z 2 ) . Technion - Israel Institute of Technology and Science 13/05/2013
Goals
Goals • Implementation of EC arithmetic: Point addition, doubling, powering. Finding a cryptographically strong random curve 1 : • • Implementation of the SATOH-FGH algorithm for counting the number of points on a given curve, denoted by # E . • Checking that # E is divisible by a large prime number q and finding a point P such that Order ( P ) = q . Using a cyclic group defined by � P � for ECDH 2 -oriented • protocols. • Implementing ECDSA (Elliptic Curve Digital Signature Algorithm) and if time allows then more. 1 a random a 6 . 2 Elliptic Curve Diffie-Hellman. Technion - Israel Institute of Technology and Science 13/05/2013
Secondary Goals • Implementing a different counting algorithm such as AGM , and comparing it to SATOH-FGH , in terms of global result performance times. • Parallelize the generation of random curves using multiple processor systems with MPI (Message Passing Interface) . • Comparison between our implementations over Binary Fields and others over Large Prime Characteristic Fields. Technion - Israel Institute of Technology and Science 13/05/2013
Implementation
Used Libraries • Language . All is implemented in C++. Compiler . Most recent stable GCC 4.7.3_0. • For field operations and large number processing we use the NTL library, combined with GF2X to improve performance of Polynomial handling, along with GMP for the large number performance tweaking. • SMALLSHA1 for computing SHA-1 hashes within the ECDSA protocol implementation. • These surely should be sufficient for our purpose, although more libraries could always be potentially added. Technion - Israel Institute of Technology and Science 13/05/2013
First achievements and results • We implemented an initially stable version of EC arithmetics. Average Time Results for 10 5 operations Random curve and point Order ( Point ) > 10 5 # Bits P + Q 2 P random · P 127 0 . 068 s 0 . 022 s 7 . 41 s 0 . 069 s 239 0 . 082 s 0 . 029 s 18 . 02 s 0 . 084 s 271 0 . 098 s 0 . 035 s 25 . 35 s 0 . 10 s 487 0 . 13 s 0 . 047 s 59 . 65 s 0 . 13 s • It’s easy to see that the third column gives us first performance results for generating EC DH Key pairs ( d, d P ) . • The benchmarking had been conducted on an Intel Dual Core i7 2.66 GHz (L2 cache per core: 256 KB, L3 cache: 4 MB) with 8GB RAM. Technion - Israel Institute of Technology and Science 13/05/2013
Thank you.
Recommend
More recommend
