safecurves cryptography choosing safe curves for public
play

SafeCurves: Cryptography choosing safe curves for Public-key - PowerPoint PPT Presentation

Oct 17, 2022 •183 likes •1.85k views

SafeCurves: Cryptography choosing safe curves for Public-key signatures: elliptic-curve cryptography e.g., RSA, DSA, ECDSA. Daniel J. Bernstein Some uses: signed OS updates, University of Illinois at Chicago & SSL certificates,

  1. � � many smaller improvements: The clock Examples ✙ scientific papers. ② of these algorithms for reaking RSA-1024, RSA-2048: , 2 170 , CFRAC; ✙ , 2 160 , LS; ✙ ① , 2 150 , QS; ✙ 2 112 , NFS. ✙ Miller “Use of This is the curve ① 2 + ② 2 = 1. curves in cryptography”: Warning: extremely unlikely This is not an elliptic curve. an ‘index calculus’ attack “Elliptic curve” ✻ = “ellipse.” elliptic curve method ever be able to work.”

  2. � � smaller improvements: The clock Examples of points ✙ papers. ② algorithms for RSA-1024, RSA-2048: ✙ CFRAC; ✙ LS; ① ✙ QS; ✙ NFS. “Use of This is the curve ① 2 + ② 2 = 1. cryptography”: Warning: unlikely This is not an elliptic curve. calculus’ attack “Elliptic curve” ✻ = “ellipse.” curve method to work.”

  3. � � rovements: The clock Examples of points on this curve: ✙ ② for RSA-2048: ✙ ✙ ① ✙ ✙ This is the curve ① 2 + ② 2 = 1. cryptography”: Warning: This is not an elliptic curve. attack “Elliptic curve” ✻ = “ellipse.” d

  4. � � The clock Examples of points on this curve: ② ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  5. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  6. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  7. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  8. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  9. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  10. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ① This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  11. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  12. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  13. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. This is the curve ① 2 + ② 2 = 1. Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  14. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. This is the curve ① 2 + ② 2 = 1. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). Warning: This is not an elliptic curve. “Elliptic curve” ✻ = “ellipse.”

  15. � � The clock Examples of points on this curve: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ( � 1 ❀ 0) = “9:00”. ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ♣ ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. This is the curve ① 2 + ② 2 = 1. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). Warning: (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). This is not an elliptic curve. (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). “Elliptic curve” ✻ = “ellipse.” Many more.

  16. � � clock Examples of points on this curve: Addition (0 ❀ 1) = “12:00”. ② ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. ❀ ✎ P ① ❀ ② ( � 1 ❀ 0) = “9:00”. ✎ ☛ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P ① ❀ ② ✎ ♣ ① ① (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P ① ❀ ② ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. the curve ① 2 + ② 2 = 1. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). rning: ① = sin ☛ ② ☛ (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). not an elliptic curve. (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). “Elliptic curve” ✻ = “ellipse.” Many more.

  17. � � Examples of points on this curve: Addition on the clo (0 ❀ 1) = “12:00”. ② ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral ❀ ✎ P ① ❀ ② ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P ① ❀ ② ✎ ✂ ✂ ✐ ✐ ✂ ✐ ♣ ✐ ① ① ✂ ✐ P (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P ① ❀ ② ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. ① 2 + ② 2 = 1. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). elliptic curve. (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). ✻ = “ellipse.” Many more.

  18. � � ✻ Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ ✎ P 1 = ( ① ❀ ② ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ① ❀ ② ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ① ✐ P ✂ (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① ❀ ② ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① ② = 1. ① 2 + ② 2 = 1, parametrized b (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). e. (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). “ellipse.” Many more.

  19. � � Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ✐ P ✂ (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). Many more.

  20. � � Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ✐ ✂ P (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . Recall (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). Many more.

  21. � � Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ✐ ✂ P (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . Recall (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ Many more.

  22. � � Examples of points on this curve: Addition on the clock: (0 ❀ 1) = “12:00”. ② (0 ❀ � 1) = “6:00”. (1 ❀ 0) = “3:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) ( � 1 ❀ 0) = “9:00”. ✎ ☛ 1 ✂ ✂ ♣ ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ✐ ✂ P (1 ❂ 2 ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) ♣ ♣ ( 1 ❂ 2 ❀ 1 ❂ 2) = “1:30”. (3 ❂ 5 ❀ 4 ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by (3 ❂ 5 ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). ① = sin ☛ , ② = cos ☛ . Recall (4 ❂ 5 ❀ 3 ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = (4 ❂ 5 ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ Many more. cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  23. � � Examples of points on this curve: Addition on the clock: Clock addition ❀ = “12:00”. ② ② ❀ � 1) = “6:00”. ❀ = “3:00”. neutral = (0 ❀ 1) ❀ ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P ① ❀ ② � ❀ 0) = “9:00”. ✎ ✎ ☛ 1 ✂ ✂ ♣ ❂ ❀ 1 ❂ 2) = “2:00”. ✂ P 2 = ( ① 2 ❀ ② 2 ) P ① ❀ ② ✎ ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ♣ ✐ ① ① ✐ ✂ P ❂ ❀ � 3 ❂ 4) = “5:00”. P P P P P P ♣ ✎ ✎ � ❂ ❀ � 3 ❂ 4) = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) P ① ❀ ② ♣ ♣ ❂ ❀ 1 ❂ 2) = “1:30”. ❂ ❀ ❂ 5). ( � 3 ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by Use Cartesian ❂ ❀ � 4 ❂ 5). ( � 3 ❂ 5 ❀ � 4 ❂ 5). addition. ① = sin ☛ , ② = cos ☛ . Recall ❂ ❀ ❂ 5). ( � 4 ❂ 5 ❀ 3 ❂ 5). for the clo ① ② (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = ❂ ❀ � 3 ❂ 5). ( � 4 ❂ 5 ❀ � 3 ❂ 5). sum of ( ① ❀ ② ① ❀ ② (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ more. ( ① 1 ② 2 + ② ① ❀ ② ② � ① ① cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  24. � � � oints on this curve: Addition on the clock: Clock addition without ❀ “12:00”. ② ② ❀ � “6:00”. ❀ neutral = (0 ❀ 1) neutral ❀ ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P ① ❀ ② � ❀ “9:00”. ✎ ✎ ☛ 1 ✂ ✂ ✂ ♣ “2:00”. ❂ ❀ ❂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P ① ❀ ② ✎ ✎ ✂ ✂ ✐ ✂ ✐ ✂ ✐ ✐ ✐ ✐ ✂ ✂ ✐ ✐ ♣ ✐ ✐ ① ① ✂ ✐ P ✂ P ✐ ❂ ❀ � ❂ “5:00”. P P P P P P P P P P ♣ ✎ ✎ � ❂ ❀ � ❂ = “7:00”. P 3 = ( ① 3 ❀ ② 3 ) P ① ❀ ② ♣ ♣ ❂ ❀ ❂ “1:30”. ❂ ❀ ❂ � ❂ 5 ❀ 4 ❂ 5). ① 2 + ② 2 = 1, parametrized by Use Cartesian coordinates ❂ ❀ � ❂ � 3 ❂ 5 ❀ � 4 ❂ 5). addition. Addition ① = sin ☛ , ② = cos ☛ . Recall ❂ ❀ ❂ � ❂ 5 ❀ 3 ❂ 5). for the clock ① 2 + ② (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = ❂ ❀ � ❂ � 4 ❂ 5 ❀ � 3 ❂ 5). sum of ( ① 1 ❀ ② 1 ) and ① ❀ ② (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① ① cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  25. � � � � this curve: Addition on the clock: Clock addition without sin, cos: ❀ ② ② ❀ � ❀ neutral = (0 ❀ 1) neutral = (0 ❀ ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P 1 = ( ① ❀ ② � ❀ ✎ ✎ ☛ 1 ✂ ✂ ✂ ✂ ♣ ❂ ❀ ❂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P 2 = ① ❀ ② ✎ ✎ ✂ ✂ ✐ ✐ ✂ ✐ ✂ ✐ ✐ ✐ ✐ ✐ ✂ ✂ ✐ ✐ ♣ ✐ ✐ ① ① P ✂ ✐ ✐ ✂ P ❂ ❀ � ❂ P P P P P P P P P P P P ♣ ✎ ✎ � ❂ ❀ � ❂ “7:00”. P 3 = ( ① 3 ❀ ② 3 ) P 3 = ( ① ❀ ② ♣ ♣ ❂ ❀ ❂ ❂ ❀ ❂ � ❂ ❀ ❂ ① 2 + ② 2 = 1, parametrized by Use Cartesian coordinates fo ❂ ❀ � ❂ � ❂ ❀ � ❂ 5). addition. Addition formula ① = sin ☛ , ② = cos ☛ . Recall ❂ ❀ ❂ � ❂ ❀ ❂ for the clock ① 2 + ② 2 = 1: (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = ❂ ❀ � ❂ � ❂ ❀ � ❂ 5). sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  26. � � � � Addition on the clock: Clock addition without sin, cos: ② ② neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P 1 = ( ① 1 ❀ ② 1 ) ✎ ✎ ☛ 1 ✂ ✂ ✂ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P 2 = ( ① 2 ❀ ② 2 ) ✎ ✎ ✂ ✂ ✐ ✐ ✂ ✐ ✂ ✐ ✐ ✐ ✐ ✐ ✂ ✂ ✐ ✐ ✐ ✐ ① ① ✂ P ✐ ✂ P ✐ P P P P P P P P P P P P ✎ ✎ P 3 = ( ① 3 ❀ ② 3 ) P 3 = ( ① 3 ❀ ② 3 ) ① 2 + ② 2 = 1, parametrized by Use Cartesian coordinates for addition. Addition formula ① = sin ☛ , ② = cos ☛ . Recall for the clock ① 2 + ② 2 = 1: (sin( ☛ 1 + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is (sin ☛ 1 cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). cos ☛ 1 cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  27. � � � � Addition on the clock: Clock addition without sin, cos: Examples “2:00” + ② ② ♣ ♣ = ( 3 ❂ 4 ❀ ❂ ❂ ❀ � ❂ ♣ = ( � 1 ❂ 2 ❀ � ❂ neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P 1 = ( ① 1 ❀ ② 1 ) “5:00” + ✎ ✎ ☛ 1 ✂ ✂ ✂ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � ❂ � ❀ ✎ ✎ ✂ ✂ ✐ ✐ ✂ ✐ ✂ ✐ ✐ ✐ ✐ ✐ ✂ ✂ ✐ ✐ ✐ ✐ ① ① P ✐ ✂ ✂ ✐ P P P ♣ = ( 3 ❂ 4 ❀ ❂ P P P P P P P P P P ✎ ✎ P 3 = ( ① 3 ❀ ② 3 ) P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ ✓ 5 ❀ 4 2 ❀ 5 ② 2 = 1, parametrized by Use Cartesian coordinates for ① addition. Addition formula ① sin ☛ , ② = cos ☛ . Recall for the clock ① 2 + ② 2 = 1: ☛ + ☛ 2 ) ❀ cos( ☛ 1 + ☛ 2 )) = sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ☛ cos ☛ 2 + cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ☛ cos ☛ 2 � sin ☛ 1 sin ☛ 2 ).

  28. � � � clock: Clock addition without sin, cos: Examples of clock “2:00” + “5:00” ② ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ ❀ � ❂ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✎ ☛ ✂ ✂ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + � ❀ ✎ ✎ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ✐ ✐ ✐ ✂ ✐ ✐ ① ① ✂ P ✐ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P P P P ✎ ✎ P 3 = ( ① 3 ❀ ② 3 ) P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 2 = 25 ❀ 5 Use Cartesian coordinates for ① ② rametrized by addition. Addition formula ① ☛ ② cos ☛ . Recall for the clock ① 2 + ② 2 = 1: ☛ ☛ ❀ cos( ☛ 1 + ☛ 2 )) = sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ☛ ☛ cos ☛ 1 sin ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ☛ ☛ � sin ☛ 1 sin ☛ 2 ).

  29. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ ( ① 1 ❀ ② 1 ) P 1 = ( ① 1 ❀ ② 1 ) P “5:00” + “9:00” ✎ ✎ ☛ ✂ ✂ ✂ P = ( ① 2 ❀ ② 2 ) P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ① ✐ P ✂ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ ✎ P ( ① 3 ❀ ② 3 ) P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 Use Cartesian coordinates for ① ② by addition. Addition formula ① ☛ ② ☛ ecall for the clock ① 2 + ② 2 = 1: ☛ ☛ ❀ ☛ ☛ )) = sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ☛ ☛ ☛ ☛ 2 ❀ ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ☛ ☛ � ☛ ☛ 2 ).

  30. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① P ✂ ✐ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 Use Cartesian coordinates for addition. Addition formula for the clock ① 2 + ② 2 = 1: sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  31. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✐ ✂ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  32. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✐ P ✂ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  33. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✐ ✂ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  34. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✐ ✂ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ).

  35. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✂ ✐ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) =

  36. � � Clock addition without sin, cos: Examples of clock addition: “2:00” + “5:00” ② ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ① ✂ ✐ P P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . 5 25 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Use Cartesian coordinates for 3 = . 5 125 addition. Addition formula for the clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . 5 625 sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ( ① 1 ② 2 + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  37. � � addition without sin, cos: Examples of clock addition: Clocks over “2:00” + “5:00” ② ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ✂ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ ✐ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ① ✂ P ✐ P ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P P P ✎ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 Cartesian coordinates for 3 = . ✟ ✠ ( ①❀ ② ) ✷ ✂ ① ② 5 125 addition. Addition formula Here F 7 ❢ ❀ ❀ ❀ ❀ ❀ ❀ ❣ clock ① 2 + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . = ❢ 0 ❀ 1 ❀ 2 ❀ ❀ � ❀ � ❀ � ❣ 5 625 of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is with arit ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ① ② + ② 1 ① 2 ❀ ② 1 ② 2 � ① 1 ① 2 ). e.g. 2 ✁ 5 ❂ ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  38. � without sin, cos: Examples of clock addition: Clocks over finite fields “2:00” + “5:00” ② ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. neutral = (0 ❀ 1) ✎ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ P 1 = ( ① 1 ❀ ② 1 ) “5:00” + “9:00” ✎ ✂ ✂ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ P 2 = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✐ ✐ ✐ ✐ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ① ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. P P P ✎ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ P 3 = ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ) = ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 ordinates for 3 = . ✟ ✠ ( ①❀ ② ) ✷ F 7 ✂ F 7 ① ② 5 125 Addition formula Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ ❀ ❀ ❀ ❣ ① + ② 2 = 1: ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � ❀ � ❣ 5 625 ① ❀ ② and ( ① 2 ❀ ② 2 ) is with arithmetic mo ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ② ① ❀ ② ② 2 � ① 1 ① 2 ). ① ② e.g. 2 ✁ 5 = 3 and ❂ ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  39. sin, cos: Examples of clock addition: Clocks over finite fields “2:00” + “5:00” ② ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. (0 ❀ 1) ✎ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ( ① 1 ❀ ② 1 ) P “5:00” + “9:00” ✎ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ P = ( ① 2 ❀ ② 2 ) ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✎ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ① ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✎ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ P ( ① 3 ❀ ② 3 ) ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ) = ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 for 3 = . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 ✟ ✠ 5 125 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 ① ② 4 = . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ 5 625 ① ❀ ② ① ❀ ② 2 ) is with arithmetic modulo 7. ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). ② ① ❀ ② ② � ① ① ). ① ② e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  40. Examples of clock addition: Clocks over finite fields “2:00” + “5:00” ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ = ( � 1 ❂ 2 ❀ � 3 ❂ 4) = “7:00”. ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ “5:00” + “9:00” ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ♣ = (1 ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ♣ = ( 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✒ 3 ✓ ✒ 24 ✓ 5 ❀ 4 25 ❀ 7 2 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ) = ✒ 3 ✓ ✒ 117 ✓ 5 ❀ 4 125 ❀ � 44 3 = . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . 5 125 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ 3 ✓ ✒ 336 ✓ 5 ❀ 4 625 ❀ � 527 4 = . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ 5 625 with arithmetic modulo 7. ( ① 1 ❀ ② 1 ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 . ( ① 1 ❀ ② 1 ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  41. Examples of clock addition: Clocks over finite fields Larger exa + “5:00” Examples ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ 3 ❂ 4 ❀ 1 ❂ 2) + (1 ❂ 2 ❀ � 3 ❂ 4) on Clock( ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ � ❂ 2 ❀ � 3 ❂ 4) = “7:00”. 2(1000 ❀ 2) ❀ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ + “9:00” ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ♣ ❂ 2 ❀ � 3 ❂ 4) + ( � 1 ❀ 0) ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ♣ 3 ❂ 4 ❀ 1 ❂ 2) = “2:00”. ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✒ ✓ ✒ 24 ✓ ❀ 4 25 ❀ 7 = . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 5 25 Clock( F 7 ) = ✒ ✓ ✒ 117 ✓ ❀ 4 125 ❀ � 44 = . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . 5 125 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ ✓ ✒ 336 ✓ ❀ 4 625 ❀ � 527 = . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ 5 625 with arithmetic modulo 7. ① ❀ ② ) + (0 ❀ 1) = ( ① 1 ❀ ② 1 ). e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 . ① ❀ ② ) + ( � ① 1 ❀ ② 1 ) = (0 ❀ 1).

  42. ck addition: Clocks over finite fields Larger example: Clo Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ ❂ ❀ ❂ (1 ❂ 2 ❀ � 3 ❂ 4) on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ � ❂ ❀ � ❂ 4) = “7:00”. 2(1000 ❀ 2) = (4000 ❀ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ♣ ❂ ❀ � ❂ 4) + ( � 1 ❀ 0) ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ♣ ❂ ❀ ❂ “2:00”. ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✒ ✓ ✒ 24 ✓ 25 ❀ 7 ❀ . ✁ ✁ ✁ ✁ ✁ ✁ ✁ 25 Clock( F 7 ) = ✒ ✓ ✒ 117 ✓ 125 ❀ � 44 ❀ . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . 125 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ ✓ ✒ 336 ✓ 625 ❀ � 527 ❀ . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ 625 with arithmetic modulo 7. ① ❀ ② ❀ = ( ① 1 ❀ ② 1 ). e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 . ① ❀ ② � ① ❀ ② 1 ) = (0 ❀ 1).

  43. addition: Clocks over finite fields Larger example: Clock( F 1000003 Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ ♣ ♣ ❂ ❀ ❂ ❂ ❀ � 3 ❂ 4) on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ♣ � ❂ ❀ � ❂ “7:00”. 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ♣ ❂ ❀ � ❂ � ❀ 0) ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ♣ ❂ ❀ ❂ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✒ ✓ ✒ ✓ ❀ ❀ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ✒ ✓ ✒ ✓ ❀ � ❀ . ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ ✒ ✓ ✒ ✓ ❀ � ❀ . = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. ① ❀ ② ❀ ① ❀ ② ). e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 . ① ❀ ② � ① ❀ ② ❀ 1).

  44. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  45. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  46. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  47. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  48. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 ✟ ✠ . Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  49. Clocks over finite fields Larger example: Clock( F 1000003 ). Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ “Scalar multiplication” Clock( F 7 ) = ( ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 on a clock: ✟ ✠ . Given integer ♥ ✕ 0 Here F 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ and clock point ( ①❀ ② ), = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ compute ♥ ( ①❀ ② ). with arithmetic modulo 7. e.g. 2 ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  50. over finite fields Larger example: Clock( F 1000003 ). “Binary If ♥ is even, ♥ ①❀ ② Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ by doubling ♥❂ ①❀ ② on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ Otherwise ♥ ①❀ ② 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ by adding ①❀ ② ♥ � ①❀ ② 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ This is very 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ “Scalar multiplication” F 7 ) = ①❀ ② ) ✷ F 7 ✂ F 7 : ① 2 + ② 2 = 1 on a clock: ✟ ✠ . Given integer ♥ ✕ 0 7 = ❢ 0 ❀ 1 ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ and clock point ( ①❀ ② ), ❢ ❀ 1 ❀ 2 ❀ 3 ❀ � 3 ❀ � 2 ❀ � 1 ❣ compute ♥ ( ①❀ ② ). rithmetic modulo 7. ✁ 5 = 3 and 3 ❂ 2 = 5 in F 7 .

  51. ite fields Larger example: Clock( F 1000003 ). “Binary method”: If ♥ is even, compute ♥ ①❀ ② Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ by doubling ( ♥❂ 2)( ①❀ ② on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ Otherwise compute ♥ ①❀ ② 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ by adding ( ①❀ ② ) to ♥ � ①❀ ② 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ This is very fast. 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ “Scalar multiplication” 7 : ① 2 + ② 2 = 1 on a clock: ✟ ✠ ①❀ ② ✷ ✂ . Given integer ♥ ✕ 0 ❢ ❀ ❀ 2 ❀ 3 ❀ 4 ❀ 5 ❀ 6 ❣ and clock point ( ①❀ ② ), ❢ ❀ ❀ ❀ ❀ � ❀ � 2 ❀ � 1 ❣ compute ♥ ( ①❀ ② ). modulo 7. ✁ and 3 ❂ 2 = 5 in F 7 .

  52. Larger example: Clock( F 1000003 ). “Binary method”: If ♥ is even, compute ♥ ( ①❀ ② Examples of addition ✁ ✁ ✁ ✁ ✁ ✁ ✁ by doubling ( ♥❂ 2)( ①❀ ② ). on Clock( F 1000003 ): ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ Otherwise compute ♥ ( ①❀ ② ) 2(1000 ❀ 2) = (4000 ❀ 7). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② 4(1000 ❀ 2) = (56000 ❀ 97). ✁ ✁ ✎ ✁ ✁ ✎ ✁ ✁ ✁ This is very fast. 8(1000 ❀ 2) = (863970 ❀ 18817). ✁ ✁ ✁ ✎ ✁ ✁ ✁ ✁ 16(1000 ❀ 2) = (549438 ❀ 156853). ✁ ✎ ✁ ✁ ✁ ✁ ✎ ✁ ✁ 17(1000 ❀ 2) = (951405 ❀ 877356). ✁ ✁ ✁ ✁ ✁ ✁ ✁ “Scalar multiplication” ② 2 = 1 on a clock: ✟ ✠ ①❀ ② ✷ ✂ ① . Given integer ♥ ✕ 0 ❢ ❀ ❀ ❀ ❀ ❀ ❀ 6 ❣ and clock point ( ①❀ ② ), ❢ ❀ ❀ ❀ ❀ � ❀ � ❀ � ❣ compute ♥ ( ①❀ ② ). ✁ ❂ in F 7 .

  53. Larger example: Clock( F 1000003 ). “Binary method”: If ♥ is even, compute ♥ ( ①❀ ② ) Examples of addition by doubling ( ♥❂ 2)( ①❀ ② ). on Clock( F 1000003 ): Otherwise compute ♥ ( ①❀ ② ) 2(1000 ❀ 2) = (4000 ❀ 7). by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). 4(1000 ❀ 2) = (56000 ❀ 97). This is very fast. 8(1000 ❀ 2) = (863970 ❀ 18817). 16(1000 ❀ 2) = (549438 ❀ 156853). 17(1000 ❀ 2) = (951405 ❀ 877356). “Scalar multiplication” on a clock: Given integer ♥ ✕ 0 and clock point ( ①❀ ② ), compute ♥ ( ①❀ ② ).

  54. Larger example: Clock( F 1000003 ). “Binary method”: If ♥ is even, compute ♥ ( ①❀ ② ) Examples of addition by doubling ( ♥❂ 2)( ①❀ ② ). on Clock( F 1000003 ): Otherwise compute ♥ ( ①❀ ② ) 2(1000 ❀ 2) = (4000 ❀ 7). by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). 4(1000 ❀ 2) = (56000 ❀ 97). This is very fast. 8(1000 ❀ 2) = (863970 ❀ 18817). 16(1000 ❀ 2) = (549438 ❀ 156853). But figuring out ♥ 17(1000 ❀ 2) = (951405 ❀ 877356). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. “Scalar multiplication” on a clock: With 30 clock additions Given integer ♥ ✕ 0 we computed and clock point ( ①❀ ② ), ♥ (1000 ❀ 2) = (947472 ❀ 736284) compute ♥ ( ①❀ ② ). for some 6-digit ♥ . Can you figure out ♥ ?

  55. example: Clock( F 1000003 ). “Binary method”: Clock cryptography If ♥ is even, compute ♥ ( ①❀ ② ) Examples of addition Standardize ♣ by doubling ( ♥❂ 2)( ①❀ ② ). ck( F 1000003 ): and some ①❀ ② ✷ ♣ Otherwise compute ♥ ( ①❀ ② ) ❀ 2) = (4000 ❀ 7). Alice cho ❛ by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). ❀ 2) = (56000 ❀ 97). Computes ❛ ①❀ ② This is very fast. ❀ 2) = (863970 ❀ 18817). Bob cho ❜ 16(1000 ❀ 2) = (549438 ❀ 156853). But figuring out ♥ Computes ❜ ①❀ ② 17(1000 ❀ 2) = (951405 ❀ 877356). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. Alice computes ❛ ❜ ①❀ ② r multiplication” Bob computes ❜ ❛ ①❀ ② clock: With 30 clock additions They use integer ♥ ✕ 0 we computed to encrypt clock point ( ①❀ ② ), ♥ (1000 ❀ 2) = (947472 ❀ 736284) compute ♥ ( ①❀ ② ). for some 6-digit ♥ . Warning Can you figure out ♥ ? Many choices ♣

  56. Clock( F 1000003 ). “Binary method”: Clock cryptography If ♥ is even, compute ♥ ( ①❀ ② ) addition Standardize a large ♣ by doubling ( ♥❂ 2)( ①❀ ② ). 1000003 ): and some ( ①❀ ② ) ✷ ♣ Otherwise compute ♥ ( ①❀ ② ) ❀ (4000 ❀ 7). Alice chooses big secret ❛ by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). ❀ (56000 ❀ 97). Computes her public ❛ ①❀ ② This is very fast. ❀ (863970 ❀ 18817). Bob chooses big secret ❜ ❀ (549438 ❀ 156853). But figuring out ♥ Computes his public ❜ ①❀ ② ❀ (951405 ❀ 877356). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. Alice computes ❛ ( ❜ ①❀ ② multiplication” Bob computes ❜ ( ❛ ①❀ ② With 30 clock additions They use this shared ♥ ✕ 0 we computed to encrypt with AES-GCM ( ①❀ ② ), ♥ (1000 ❀ 2) = (947472 ❀ 736284) ♥ ①❀ ② ). for some 6-digit ♥ . Warning #1: Can you figure out ♥ ? Many choices of ♣

  57. 1000003 ). “Binary method”: Clock cryptography If ♥ is even, compute ♥ ( ①❀ ② ) Standardize a large prime ♣ by doubling ( ♥❂ 2)( ①❀ ② ). and some ( ①❀ ② ) ✷ Clock( F ♣ ). Otherwise compute ♥ ( ①❀ ② ) ❀ ❀ Alice chooses big secret ❛ . by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). ❀ ❀ Computes her public key ❛ ( ①❀ ② This is very fast. ❀ ❀ 18817). Bob chooses big secret ❜ . ❀ ❀ 156853). But figuring out ♥ Computes his public key ❜ ( ①❀ ② ❀ ❀ 877356). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). With 30 clock additions They use this shared secret ♥ ✕ we computed to encrypt with AES-GCM etc. ♥ (1000 ❀ 2) = (947472 ❀ 736284) ①❀ ② ♥ ①❀ ② for some 6-digit ♥ . Warning #1: Can you figure out ♥ ? Many choices of ♣ are bad!

  58. “Binary method”: Clock cryptography If ♥ is even, compute ♥ ( ①❀ ② ) Standardize a large prime ♣ by doubling ( ♥❂ 2)( ①❀ ② ). and some ( ①❀ ② ) ✷ Clock( F ♣ ). Otherwise compute ♥ ( ①❀ ② ) Alice chooses big secret ❛ . by adding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). Computes her public key ❛ ( ①❀ ② ). This is very fast. Bob chooses big secret ❜ . But figuring out ♥ Computes his public key ❜ ( ①❀ ② ). given ( ①❀ ② ) and ♥ ( ①❀ ② ) is much more difficult. Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). With 30 clock additions They use this shared secret we computed to encrypt with AES-GCM etc. ♥ (1000 ❀ 2) = (947472 ❀ 736284) for some 6-digit ♥ . Warning #1: Can you figure out ♥ ? Many choices of ♣ are bad!

  59. � � ry method”: Clock cryptography Alice’s secret ❛ ❜ ♥ even, compute ♥ ( ①❀ ② ) Standardize a large prime ♣ bling ( ♥❂ 2)( ①❀ ② ). and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s Otherwise compute ♥ ( ①❀ ② ) public Alice chooses big secret ❛ . ding ( ①❀ ② ) to ( ♥ � 1)( ①❀ ② ). ❛ ( ①❀ ② ❜ ①❀ ② Computes her public key ❛ ( ①❀ ② ). very fast. Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ❢ ❀ ❣ figuring out ♥ shared Computes his public key ❜ ( ①❀ ② ). ( ①❀ ② ) and ♥ ( ①❀ ② ) ❛❜ ( ①❀ ② ❜❛ ①❀ ② much more difficult. Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). 30 clock additions They use this shared secret computed to encrypt with AES-GCM etc. ♥ (1000 ❀ 2) = (947472 ❀ 736284) ome 6-digit ♥ . Warning #1: ou figure out ♥ ? Many choices of ♣ are bad!

  60. � � d”: Clock cryptography Alice’s secret key ❛ ❜ ♥ compute ♥ ( ①❀ ② ) Standardize a large prime ♣ ♥❂ 2)( ①❀ ② ). and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s mpute ♥ ( ①❀ ② ) public key Alice chooses big secret ❛ . ①❀ ② to ( ♥ � 1)( ①❀ ② ). ❛ ( ①❀ ② ) ❜ ①❀ ② ▲ ▲ Computes her public key ❛ ( ①❀ ② ). ▲ fast. ▲ ▲ � rrrr ▲ Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ ❀ ❣ ♥ = shared secret Computes his public key ❜ ( ①❀ ② ). ①❀ ② ♥ ( ①❀ ② ) ❛❜ ( ①❀ ② ) ❜❛ ①❀ ② difficult. Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). additions They use this shared secret to encrypt with AES-GCM etc. (947472 ❀ 736284) ♥ ❀ ♥ . Warning #1: out ♥ ? Many choices of ♣ are bad!

  61. � � � � Clock cryptography Alice’s Bob’s secret key ❛ secret k ❜ ♥ ♥ ①❀ ② ) Standardize a large prime ♣ ♥❂ ①❀ ② and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s Bob’s ♥ ①❀ ② ) public key public Alice chooses big secret ❛ . ①❀ ② ♥ � 1)( ①❀ ② ). ❛ ( ①❀ ② ) ❜ ( ①❀ ② ▲ ▲ � rrrrrrr Computes her public key ❛ ( ①❀ ② ). ▲ ▲ ▲ ▲ ▲ Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ♥ = shared secret shared s Computes his public key ❜ ( ①❀ ② ). ①❀ ② ♥ ①❀ ② ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). They use this shared secret to encrypt with AES-GCM etc. ❀ 736284) ♥ ❀ ♥ Warning #1: ♥ Many choices of ♣ are bad!

  62. � � � � � Clock cryptography Alice’s Bob’s secret key ❛ secret key ❜ Standardize a large prime ♣ and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s Bob’s public key public key Alice chooses big secret ❛ . ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr Computes her public key ❛ ( ①❀ ② ). ▲ ▲ ▲ ▲ ▲ Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s = shared secret shared secret Computes his public key ❜ ( ①❀ ② ). ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) Alice computes ❛ ( ❜ ( ①❀ ② )). Bob computes ❜ ( ❛ ( ①❀ ② )). They use this shared secret to encrypt with AES-GCM etc. Warning #1: Many choices of ♣ are bad!

  63. � � � � � Clock cryptography Alice’s Bob’s secret key ❛ secret key ❜ Standardize a large prime ♣ and some ( ①❀ ② ) ✷ Clock( F ♣ ). Alice’s Bob’s public key public key Alice chooses big secret ❛ . ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr Computes her public key ❛ ( ①❀ ② ). ▲ ▲ ▲ ▲ ▲ Bob chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s = shared secret shared secret Computes his public key ❜ ( ①❀ ② ). ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) Alice computes ❛ ( ❜ ( ①❀ ② )). Warning #2: Bob computes ❜ ( ❛ ( ①❀ ② )). Clocks aren’t elliptic! They use this shared secret Can use index calculus to encrypt with AES-GCM etc. to attack clock cryptography. Warning #1: To match RSA-3072 security Many choices of ♣ are bad! need ♣ ✙ 2 1536 .

  64. � � � � � cryptography Timing attacks Alice’s Bob’s secret key ❛ secret key ❜ Standardize a large prime ♣ Attacker some ( ①❀ ② ) ✷ Clock( F ♣ ). ❛ ( ①❀ ② ) and ❜ ①❀ ② Alice’s Bob’s public key public key chooses big secret ❛ . Attacker ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr Computes her public key ❛ ( ①❀ ② ). Alice to ❛ ❜ ①❀ ② ▲ ▲ ▲ ▲ ▲ Often attack chooses big secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s time for = shared secret shared secret Computes his public key ❜ ( ①❀ ② ). performed ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) computes ❛ ( ❜ ( ①❀ ② )). not just Warning #2: computes ❜ ( ❛ ( ①❀ ② )). This reveals ❛ Clocks aren’t elliptic! use this shared secret Fix: constant-time Can use index calculus encrypt with AES-GCM etc. to attack clock cryptography. performing rning #1: no matter To match RSA-3072 security choices of ♣ are bad! need ♣ ✙ 2 1536 .

  65. � � � � � cryptography Timing attacks Alice’s Bob’s secret key ❛ secret key ❜ rge prime ♣ Attacker sees more ①❀ ② ✷ Clock( F ♣ ). ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Alice’s Bob’s public key public key big secret ❛ . Attacker sees time ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr public key ❛ ( ①❀ ② ). Alice to compute ❛ ❜ ①❀ ② ▲ ▲ ▲ ▲ ▲ Often attacker can secret ❜ . ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s time for each operation = shared secret shared secret public key ❜ ( ①❀ ② ). performed by Alice, ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) ❛ ( ❜ ( ①❀ ② )). not just total time. Warning #2: ❜ ( ❛ ( ①❀ ② )). This reveals secret ❛ Clocks aren’t elliptic! shared secret Fix: constant-time Can use index calculus AES-GCM etc. to attack clock cryptography. performing same op no matter what scala To match RSA-3072 security ♣ are bad! need ♣ ✙ 2 1536 .

  66. � � � � � Timing attacks Alice’s Bob’s secret key ❛ secret key ❜ ♣ Attacker sees more than ①❀ ② ✷ ♣ ). ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Alice’s Bob’s public key public key ❛ . Attacker sees time for ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr ❛ ( ①❀ ② ). Alice to compute ❛ ( ❜ ( ①❀ ② )). ▲ ▲ ▲ ▲ ▲ Often attacker can see ❜ ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s time for each operation = shared secret shared secret ❜ ( ①❀ ② ). performed by Alice, ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) ❛ ❜ ①❀ ② )). not just total time. Warning #2: ❜ ❛ ①❀ ② This reveals secret ❛ . Clocks aren’t elliptic! cret Fix: constant-time code, Can use index calculus etc. to attack clock cryptography. performing same operations no matter what scalar is. To match RSA-3072 security ad! ♣ need ♣ ✙ 2 1536 .

  67. � � � � � Timing attacks Alice’s Bob’s secret key ❛ secret key ❜ Attacker sees more than ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Alice’s Bob’s public key public key Attacker sees time for ❛ ( ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr Alice to compute ❛ ( ❜ ( ①❀ ② )). ▲ ▲ ▲ ▲ ▲ Often attacker can see ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s time for each operation = shared secret shared secret performed by Alice, ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) not just total time. Warning #2: This reveals secret ❛ . Clocks aren’t elliptic! Fix: constant-time code, Can use index calculus to attack clock cryptography. performing same operations no matter what scalar is. To match RSA-3072 security need ♣ ✙ 2 1536 .

  68. � � � � Timing attacks Addition Alice’s Bob’s secret key ❛ secret key ❜ Attacker sees more than ② ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Alice’s Bob’s ❀ ✎ public key public key Attacker sees time for P ① ❀ ② ❛ ①❀ ② ) ❜ ( ①❀ ② ) ▲ ▲ � rrrrrrr ✎ Alice to compute ❛ ( ❜ ( ①❀ ② )). ▲ ▲ ▲ P ① ❀ ② ▲ ✎ ▲ Often attacker can see ① ✎ ❢ Alice ❀ Bob ❣ ’s ❢ Bob ❀ Alice ❣ ’s P ① ❀ ② time for each operation = red secret shared secret performed by Alice, ❛❜ ( ①❀ ② ) ❜❛ ( ①❀ ② ) not just total time. ① 2 + ② 2 � ① ② rning #2: This reveals secret ❛ . Sum of ( ① ❀ ② ① ❀ ② aren’t elliptic! (( ① 1 ② 2 + ② ① ❂ � ① ① ② ② Fix: constant-time code, use index calculus ( ② 1 ② 2 � ① ① ❂ ① ① ② ② attack clock cryptography. performing same operations no matter what scalar is. match RSA-3072 security ♣ ✙ 2 1536 .

  69. � � � � Timing attacks Addition on an elliptic Bob’s ❛ secret key ❜ Attacker sees more than ② ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Bob’s neutral ❀ ✎ public key Attacker sees time for P ① ❀ ② ❜ ( ①❀ ② ) ❛ ①❀ ② rrrr ✎ Alice to compute ❛ ( ❜ ( ①❀ ② )). ☞ ▲ P ① ❀ ② ▲ ☞ ✎ ▲ ☞ ❢ ❢ Often attacker can see ❢ ① ❢ ❬ ☞ ❬ ❬ ❬ ✎ ❢ ❀ ❣ ❢ Bob ❀ Alice ❣ ’s P ① ❀ ② time for each operation = shared secret performed by Alice, ❛❜ ①❀ ② ❜❛ ( ①❀ ② ) not just total time. ① 2 + ② 2 = 1 � 30 ① ② This reveals secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ① ❀ ② elliptic! (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � ① ① ② ② Fix: constant-time code, calculus ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① ① ② ② cryptography. performing same operations no matter what scalar is. RSA-3072 security ♣ ✙

  70. � � � � Timing attacks Addition on an elliptic curve Bob’s ❛ secret key ❜ Attacker sees more than ② ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). Bob’s neutral = (0 ❀ ✎ public key Attacker sees time for P 1 = ( ① 1 ❀ ② ❜ ①❀ ② ) ❛ ①❀ ② ✎ Alice to compute ❛ ( ❜ ( ①❀ ② )). ☞ P 2 = ( ① ❀ ② ☞ ✎ ❢ ☞ ❢ ❢ Often attacker can see ❢ ① ❢ ❬ ☞ ❬ ❬ ❬ ❬ ✎ ❬ ❢ ❀ ❣ ❢ ❀ Alice ❣ ’s P 3 = ( ① ❀ ② time for each operation secret performed by Alice, ❛❜ ①❀ ② ❜❛ ①❀ ② ) not just total time. ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . This reveals secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② Fix: constant-time code, ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② cryptography. performing same operations no matter what scalar is. security ♣ ✙

  71. � � Timing attacks Addition on an elliptic curve Attacker sees more than ② ❛ ( ①❀ ② ) and ❜ ( ①❀ ② ). neutral = (0 ❀ 1) ✎ Attacker sees time for P 1 = ( ① 1 ❀ ② 1 ) ✎ Alice to compute ❛ ( ❜ ( ①❀ ② )). ☞ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✎ ❢ ☞ ❢ ❢ Often attacker can see ❢ ① ❬ ☞ ❢ ❬ ❬ ❬ ❬ ✎ ❬ P 3 = ( ① 3 ❀ ② 3 ) time for each operation performed by Alice, not just total time. ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . This reveals secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), Fix: constant-time code, ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). performing same operations no matter what scalar is.

  72. � � Timing attacks Addition on an elliptic curve The clock er sees more than ② ② ❛ ①❀ ② ) and ❜ ( ①❀ ② ). neutral = (0 ❀ 1) ❀ ✎ ✎ er sees time for P ① ❀ ② ✎ P 1 = ( ① 1 ❀ ② 1 ) ✎ to compute ❛ ( ❜ ( ①❀ ② )). P ① ❀ ② ☞ ✎ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✎ ❢ ☞ ❢ ❢ attacker can see ❢ ① ① ❬ ❢ ☞ ❬ ❬ ❬ ❬ ✎ ❬ P 3 = ( ① 3 ❀ ② 3 ) for each operation ✎ P ① ❀ ② rmed by Alice, just total time. ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 reveals secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① ❀ ② ① ❀ ② (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② ① constant-time code, ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① ① rming same operations matter what scalar is.

  73. � � � Addition on an elliptic curve The clock again, fo more than ② ② ❛ ①❀ ② ❜ ①❀ ② ). neutral = (0 ❀ 1) neutral ❀ ✎ ✎ time for P ① ❀ ② ✎ P 1 = ( ① 1 ❀ ② 1 ) ✎ ✂ compute ❛ ( ❜ ( ①❀ ② )). ✂ P ① ❀ ② ☞ ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✂ ✎ ✐ ❢ ✐ ☞ ✂ ❢ ✐ ❢ can see ✐ ❢ ① ① ❬ ☞ ❢ ✐ ✂ P ❬ ❬ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P eration ✎ P ① ❀ ② Alice, time. ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 = 1. secret ❛ . Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ① ❀ ② (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , constant-time code, ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). operations scalar is.

  74. � � � � Addition on an elliptic curve The clock again, for comparison: ② ② ❛ ①❀ ② ❜ ①❀ ② neutral = (0 ❀ 1) neutral = (0 ❀ ✎ ✎ P 1 = ( ① ❀ ② ✎ P 1 = ( ① 1 ❀ ② 1 ) ✂ ✎ ✂ ❛ ❜ ①❀ ② )). ✂ P 2 = ① ❀ ② ☞ ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✐ ☞ ✂ ✐ ✎ ✐ ❢ ✐ ☞ ✂ ❢ ✐ ❢ ✐ ❢ ① ① ❢ ☞ ❬ ✐ P ✂ ❬ ❬ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① ❀ ② ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 = 1. ❛ Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). erations

  75. � � � � Addition on an elliptic curve The clock again, for comparison: ② ② neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ P 1 = ( ① 1 ❀ ② 1 ) ✎ P 1 = ( ① 1 ❀ ② 1 ) ✂ ✎ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✐ ☞ ✂ ✐ ✎ ✐ ❢ ✐ ☞ ✂ ❢ ✐ ❢ ✐ ❢ ① ① ☞ ❬ ❢ ✂ ✐ P ❬ ❬ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) ① 2 + ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 = 1. Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is (( ① 1 ② 2 + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , ( ② 1 ② 2 � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ).

  76. � � � � Addition on an elliptic curve The clock again, for comparison: More elliptic Choose an ♣ ② ② Choose a ❞ ✷ ♣ neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ ❢ ( ①❀ ② ) ✷ ♣ ✂ P 1 = ( ① 1 ❀ ② 1 ) ♣ ✎ P 1 = ( ① 1 ❀ ② 1 ) ✂ ① 2 + ② ✎ ✂ ❞① ② ❣ ✂ P 2 = ( ① 2 ❀ ② 2 ) ☞ ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✐ ☞ ✂ ✐ ✎ ✐ ❢ ✐ ☞ ✂ ❢ ✐ ❢ is a “complete ✐ ❢ ① ① ☞ ❬ ❢ P ✐ ✂ ❬ ❬ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edw ( ① 1 ❀ ② 1 ) + ① ❀ ② ① ❀ ② ② 2 = 1 � 30 ① 2 ② 2 . ① 2 + ② 2 = 1. ① where of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① ② ② ① ① 3 = ① ② + ② 1 ① 2 ) ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , 1 + ❞① ① ② ② ② ② � ① 1 ① 2 ) ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). ② 1 ② � ① ① ② 3 = 1 � ❞① ① ② ②

  77. � � � elliptic curve The clock again, for comparison: More elliptic curves Choose an odd prime ♣ ② ② Choose a non-squa ❞ ✷ ♣ neutral = (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ P 1 = ( ① 1 ❀ ② 1 ) ✎ P 1 = ( ① 1 ❀ ② 1 ) ✂ ① 2 + ② 2 = 1 + ❞① ② ❣ ✎ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✐ ✂ ✐ ✎ ✐ ❢ ✐ ✂ ❢ ✐ is a “complete Edw ✐ ① ① ✐ P ✂ ❬ P ❬ ✎ ❬ P P P 3 = ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) ① ❀ ② ① 2 + ② 2 = 1. � 30 ① 2 ② 2 . ① ② where ① ❀ ② and ( ① 2 ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① ① 3 = ① ② ② ① ❂ (1 � 30 ① 1 ① 2 ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , 1 + ❞① 1 ① 2 ② 1 ② ② ② � ① ① ❂ (1+30 ① 1 ① 2 ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). ② 1 ② 2 � ① 1 ① ② 3 = 1 � ❞① 1 ① 2 ② 1 ②

  78. � � curve The clock again, for comparison: More elliptic curves Choose an odd prime ♣ . ② ② Choose a non-square ❞ ✷ F ♣ (0 ❀ 1) neutral = (0 ❀ 1) ✎ ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : P 1 = ( ① 1 ❀ ② 1 ) ✎ P ① ❀ ② 1 ) ✂ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ ✎ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ P ( ① 2 ❀ ② 2 ) ✐ ✂ ✐ ✎ ✐ ✐ ✂ ✐ is a “complete Edwards curve”. ✐ ① ① P ✂ ✐ P ✎ P P P ( ① 3 ❀ ② 3 ) P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ① 2 + ② 2 = 1. ① ② � ① ② where ① ❀ ② ① ❀ ② 2 ) is Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ① ② ② ① ❂ � ① ① ② 1 ② 2 ), ( ① 1 ② 2 + ② 1 ① 2 , 1 + ❞① 1 ① 2 ② 1 ② 2 ② ② � ① ① ❂ ① ① ② 1 ② 2 )). ② 1 ② 2 � ① 1 ① 2 ). ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  79. � � The clock again, for comparison: More elliptic curves Choose an odd prime ♣ . ② Choose a non-square ❞ ✷ F ♣ . neutral = (0 ❀ 1) ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : P 1 = ( ① 1 ❀ ② 1 ) ✎ ✂ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ is a “complete Edwards curve”. ✐ ① ✐ ✂ P P P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) ① 2 + ② 2 = 1. where Sum of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ( ① 1 ② 2 + ② 1 ① 2 , 1 + ❞① 1 ① 2 ② 1 ② 2 ② 1 ② 2 � ① 1 ① 2 ). ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  80. � � clock again, for comparison: More elliptic curves “Hey, there in the Edw Choose an odd prime ♣ . ② What if Choose a non-square ❞ ✷ F ♣ . neutral = (0 ❀ 1) ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : P 1 = ( ① 1 ❀ ② 1 ) ✎ ✂ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ ✂ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✂ ✐ ✂ ✐ ✐ ✐ ✂ ✐ is a “complete Edwards curve”. ✐ ① P ✐ ✂ P P P P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) ② 2 = 1. ① where of ( ① 1 ❀ ② 1 ) and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ① ② + ② 1 ① 2 , 1 + ❞① 1 ① 2 ② 1 ② 2 ② ② � ① 1 ① 2 ). ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  81. � again, for comparison: More elliptic curves “Hey, there are divisions in the Edwards addition Choose an odd prime ♣ . ② What if the denominato Choose a non-square ❞ ✷ F ♣ . neutral = (0 ❀ 1) ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : P 1 = ( ① 1 ❀ ② 1 ) ✎ ✂ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ ✂ P 2 = ( ① 2 ❀ ② 2 ) ✎ ✐ ✐ ✐ ✐ is a “complete Edwards curve”. ① P P P ✎ P 3 = ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) ① ② where ① ❀ ② and ( ① 2 ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ① ② ② ① 1 + ❞① 1 ① 2 ② 1 ② 2 ② ② � ① ① ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  82. comparison: More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . ② What if the denominators are Choose a non-square ❞ ✷ F ♣ . (0 ❀ 1) ✎ ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : ( ① 1 ❀ ② 1 ) P ✎ ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ P = ( ① 2 ❀ ② 2 ) ✎ is a “complete Edwards curve”. ① ✎ P ( ① 3 ❀ ② 3 ) “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) ① ② where ① ❀ ② ① ❀ ② 2 ) is ① 1 ② 2 + ② 1 ① 2 ① 3 = , ① ② ② ① 1 + ❞① 1 ① 2 ② 1 ② 2 ② ② � ① ① ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  83. More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . What if the denominators are 0?” Choose a non-square ❞ ✷ F ♣ . ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ is a “complete Edwards curve”. “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) where ① 1 ② 2 + ② 1 ① 2 ① 3 = , 1 + ❞① 1 ① 2 ② 1 ② 2 ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  84. More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . What if the denominators are 0?” Choose a non-square ❞ ✷ F ♣ . Answer: Can prove that ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : the denominators are never 0. ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ Addition law is complete . is a “complete Edwards curve”. “The Edwards addition law”: ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) where ① 1 ② 2 + ② 1 ① 2 ① 3 = , 1 + ❞① 1 ① 2 ② 1 ② 2 ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  85. More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . What if the denominators are 0?” Choose a non-square ❞ ✷ F ♣ . Answer: Can prove that ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : the denominators are never 0. ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ Addition law is complete . is a “complete Edwards curve”. This proof relies on “The Edwards addition law”: choosing non-square ❞ . ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) where ① 1 ② 2 + ② 1 ① 2 ① 3 = , 1 + ❞① 1 ① 2 ② 1 ② 2 ② 1 ② 2 � ① 1 ① 2 ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2

  86. More elliptic curves “Hey, there are divisions in the Edwards addition law! Choose an odd prime ♣ . What if the denominators are 0?” Choose a non-square ❞ ✷ F ♣ . Answer: Can prove that ❢ ( ①❀ ② ) ✷ F ♣ ✂ F ♣ : the denominators are never 0. ① 2 + ② 2 = 1 + ❞① 2 ② 2 ❣ Addition law is complete . is a “complete Edwards curve”. This proof relies on “The Edwards addition law”: choosing non-square ❞ . ( ① 1 ❀ ② 1 ) + ( ① 2 ❀ ② 2 ) = ( ① 3 ❀ ② 3 ) where If we instead choose square ❞ : ① 1 ② 2 + ② 1 ① 2 curve is still elliptic, and ① 3 = , 1 + ❞① 1 ① 2 ② 1 ② 2 addition seems to work, ② 1 ② 2 � ① 1 ① 2 but there are failure cases, ② 3 = . 1 � ❞① 1 ① 2 ② 1 ② 2 often exploitable by attackers. Safe code is more complicated.

Recommend

New Curves in DNSSEC Ond ej Sur, CZ.NIC SafeCurves(.cr.yp.to) Work by Daniel J. Bernstein

New Curves in DNSSEC Ond ej Sur, CZ.NIC SafeCurves(.cr.yp.to) Work by Daniel J. Bernstein

New Curves in DNSSEC Ond ej Sur, CZ.NIC SafeCurves(.cr.yp.to) Work by Daniel J. Bernstein and Tanja Lange Difference between security of: Elliptic-Curve Cryptography (ECC) Elliptic-Curve Discrete-Logarithm Problem (ECDLP)

384 views • 6 slides
Choosing curves D. J. Bernstein University of Illinois at Chicago Traditional algorithm design:

Choosing curves D. J. Bernstein University of Illinois at Chicago Traditional algorithm design:

Choosing curves D. J. Bernstein University of Illinois at Chicago Traditional algorithm design: f . Have a function Want fastest algorithm f . that computes Cryptographic algorithm design: Have gigantic collection of f . apparently-safe

250 views • 24 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent slow speed of the public key

442 views • 14 slides
Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia

Cryptography Public Key Cryptography Concepts of Public Key Cryptography Public Key Cryptography Cryptography School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 20 Feb 2020, public.tex, r1803 1

421 views • 7 slides
Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

810 views • 42 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

256 views • 22 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption: with

445 views • 17 slides
Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key

Public-Key Cryptography Public-Key Cryptography Lecture 8 Public-Key Encryption Public-Key Cryptography Lecture 8 Public-Key Encryption Diffie-Hellman Key-Exchange PKE scheme PKE scheme SKE: Syntax KeyGen outputs K K Enc: M K R

1.18k views • 104 slides
Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography

Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography

Elliptic curves and cryptography Jan Willemson September 2019 Intro: some ancient cryptography 2 September 2019 Diffie-Hellman key exchange Prime p , g Z p g a g b a Z b Z ( g b ) a = ( g a ) b 3 September 2019 Security of

748 views • 62 slides
Outline CPSC 418/MATH 318 Introduction to Cryptography Public Key Cryptography, RSA Public-Key

Outline CPSC 418/MATH 318 Introduction to Cryptography Public Key Cryptography, RSA Public-Key

Outline CPSC 418/MATH 318 Introduction to Cryptography Public Key Cryptography, RSA Public-Key Cryptography 1 Renate Scheidler The RSA Cryptosystem 2 Department of Mathematics & Statistics Department of Computer Science University of

372 views • 7 slides
Constructing cryptographic curves with complex multiplication Reinier Br oker

Constructing cryptographic curves with complex multiplication Reinier Br oker

Constructing cryptographic curves with complex multiplication Reinier Br oker Microsoft Research Fields Institute May 2009 Curves and crypto Curve cryptography comes in 2 flavours: standard : we want curves of prime order;

594 views • 36 slides
Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao

Quantum-resistant Cryptography based on Isogenies between Elliptic Curves A Brief Survey Jo ao Paulo da Silva , Ricardo Dahab, Julio L opez Institute of Computing University of Campinas Latin American Week on Coding and Information

558 views • 32 slides
Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar

Laconic Zero Knowledge to Public Key Cryptography Public Key Cryptography Akshay Degwekar (MIT) Public Key Encryption (PKE) [Diffie-Hellman76, Rivest-Shamir-Adelman78, Goldwasser-Micali82] pk sk Public Key Encryption Public Key Encryption

296 views • 25 slides
Sato-Tate and notions of generality in cryptography David R. Kohel Institut de Math ematiques

Sato-Tate and notions of generality in cryptography David R. Kohel Institut de Math ematiques

Sato-Tate and notions of generality in cryptography David R. Kohel Institut de Math ematiques de Luminy Geocrypt 2011, Corsica, 20 June 2011 Families of curves in cryptography We consider C S a family of curves, such that each fiber over

334 views • 22 slides
Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 15 November, 2012 Handout 8 Summary of this handout: Asymmetric Cryptography Public Key Cryptography Diffie-Hellman Key

208 views • 8 slides
Public key cryptography: a practical Public key cryptography: a practical approach approach

Public key cryptography: a practical Public key cryptography: a practical approach approach

Public key cryptography: a practical Public key cryptography: a practical approach approach Israel Herraiz <isra@herraiz.org> <israel.herraiz@upm.es> KeyID FE0A7AF3 Fingerprint D0DA E915 BFDD E5CD 8BA0 B159 7E97 2ACB FE0A 7AF3

996 views • 43 slides
Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn

Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn

CSS441 Public Key Crypto Principles RSA Public Key Cryptography Diffie-Hellman Others CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

461 views • 29 slides
Cryptography Public-Key Cryptography Uwe Egly Vienna University of Technology Institute of

Cryptography Public-Key Cryptography Uwe Egly Vienna University of Technology Institute of

Cryptography Public-Key Cryptography Uwe Egly Vienna University of Technology Institute of Information Systems Knowledge-Based Systems Group 1 / 18 Overview Problem of symmetric procedures: Exchange of secret key Solution: public-key

884 views • 18 slides
Isogeny-based cryptography, a quantum-safe alternative Annamaria Iezzi University of South

Isogeny-based cryptography, a quantum-safe alternative Annamaria Iezzi University of South

Isogeny-based cryptography, a quantum-safe alternative Annamaria Iezzi University of South Florida FWIMD - February 9, 2019 The key exchange problem ALICE and BELLE, communicating over a public channel, want to agree on a common secret

499 views • 18 slides
High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma

High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma

Preliminaries FPGA Implementation Results, Comparisons and Conclusions High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves Kimmo J arvinen Jorma Skytt a Helsinki University of Technology Department of Signal

528 views • 36 slides
An introduction to supersingular isogeny-based cryptography Craig Costello November 10 ECC 2017

An introduction to supersingular isogeny-based cryptography Craig Costello November 10 ECC 2017

An introduction to supersingular isogeny-based cryptography Craig Costello November 10 ECC 2017 Nijmegen, The Netherlands W. Castryck (GIF): Elliptic curves are dead: long live elliptic curves https://www.esat.kuleuven.be/cosic/?p=7404

1.07k views • 78 slides
Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Secure Communication Earlier we discussed the problems

202 views • 18 slides
Elliptic Curves, Cryptography and Computation Victor S. Miller IDA Center for Communications

Elliptic Curves, Cryptography and Computation Victor S. Miller IDA Center for Communications

Elliptic Curves, Cryptography and Computation Victor S. Miller IDA Center for Communications Research Princeton, NJ 08540 USA 18 Oct, 2010 Victor S. Miller (CCR) Elliptic Curve Cryptography 18 Oct, 2010 1 / 73 Victor S. Miller (CCR)

1.25k views • 73 slides

More recommend