Elliptic Curve Cryptography for Secure Communication

cryptography and security services mechanisms n.w
1 / 48
Embed
Share

Explore the concepts of Elliptic Curve Cryptography for enhancing security in digital communication. Learn about the basics, encryption mechanisms, and applications of ECC in modern cryptographic systems.

  • Cryptography
  • Security
  • Elliptic Curve
  • Encryption
  • Digital Signatures
rayaanacharya
denia Follow

Uploaded on | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Cryptography and Security Services: Mechanisms and Applications Chapter 8 Chapter 8 Elliptic Curve Cryptography Manuel Mogollon m_mogollon@verizon.net M. Mogollon 0

  2. Session 6 Contents Cryptography Basics Elliptic Curve (EC) Concepts Finite Fields Selecting an Elliptic Curve Cryptography Using EC Digital Signature 1 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 1

  3. Cryptography Basics 2 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 2

  4. Security Services Security Mechanisms Encryption Confidentiality Hash Functions Integrity Digital Signatures Authentication Security Tokens Access Non-Repudiation Digital Signatures 3 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 3

  5. Types of Crypto Systems Symmetric Cryptography Secret Key A single key serves as both the encryption and the decryption key. Initial arrangements need to be made for individuals to share the secret key. Stream Ciphers and Block Ciphers (DES, AES) Asymmetric Cryptography Public-Key One key is used to encipher and another to decipher. Privacy is achieved without having to keep the enciphering key secret because a different key is used for deciphering. Pohlig Hellman, Schnorr, RSA, ElGamal, and Elliptic Curve Cryptography (ECC) are popular asymmetric crypto systems. 4 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 4

  6. Symmetric Key Crypto System Secret Key Ciphertext Plaintext Plaintext Encryption Algorithm Encryption Algorithm As the market requirements for secure products has exponentially increased, our strategy will be to . As the market requirements for secure products has exponentially increased, our strategy will be to . Asdfe8i4*(74mjsd( 9&*nng654mKhna mshy75*72mnasja dif3%j*j^3cdf(#421 5kndh_!8g,kla/ 2a cd:{qien*38mnap4 *h&fk>0820&ma01 2M Encipher Decipher Security is based on the secret key, not on the encryption algorithm. The sharing of secret keys is necessary. Strengths: Fast, good for encrypting large amounts of data. Weakness: Key delivery. There are two types of symmetric crypto systems: Stream Cipher (RC4) and Block Ciphers (DES, AES, RC5, CAST, IDEA). 5 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 5

  7. Asymmetric Key Crypto System (Public Key Algorithm) One Key to Encipher Another Key to Decipher Ciphertext Plaintext Plaintext Encryption Algorithm Encryption Algorithm As the market requirements for secure products has exponentially increased, our strategy will be to . As the market requirements for secure products has exponentially increased, our strategy will be to . Asdfe8i4*(74mjsd( 9&*nng654mKhna mshy75*72mnasja dif3%j*j^3cdf(#421 5kndh_!8g,kla/ 2a cd:{qien*38mnap4 *h&fk>0820&ma01 2M Encipher Decipher Public key encryption involves two mathematically related keys. Either key can be used to encipher. One of the keys can be made public and the other kept private. Strengths: No key delivery issues, can be used for non-repudiation. Weakness: Slow, inefficient for large amounts of data, computationally expensive. Algorithms: RSA, ElGamal, Schnorr, Pohlig-Hellman, Elliptic Curve Cryptography. Used mainly for key exchange or digital signatures. 6 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 6

  8. Combining Symmetric and Asymmetric Ciphers Client Web Server Exchange (wrap / transport ) or agree (Diffie-Hellman) on a pre-master key. Pre- Pre- Master Key Master Key Master Key Generation Integrity (HMAC) Integrity (HMAC) Master Key Generation Encipher Decipher Cleartext Block Cleartext Block Cleartext Block Cleartext Block + + + + IV IV Use a symmetric algorithm to encipher and decipher a secure transaction. Symmetric Encryption Symmetric Encryption Symmetric Encryption Symmetric Encryption Secret Key Secret Key Ciphertext Block Ciphertext Block Ciphertext Block Ciphertext Block 7 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 7

  9. Types of Public-key Cryptography Exponentiation Ciphers RSA. Discrete logarithm systems ElGamal public-key encryption, Digital Signature Algorithm (DSA), Diffie-Hellman key exchange. Elliptic curve cryptography 8 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 8

  10. Public Key Encryption Receiver (Bob) Sender (Alice) Alice s Private Key Alice s Public Key Non-Repudiation of Origin (Authenticity) Anyone who has Alice s public key will be able to decipher the message. Alice cannot deny that she sent the message. Encipher Decipher Alice s Public Key Alice s Private Key Bob will not be able to decipher the message because he doesn t have Alice s private key. Encipher Decipher Bob s Public Key Bob s Private Key Confidentiality Bob will be the only one able to decipher the message because only he has his private key. Decipher Encipher Bob s Private Key Bob s Public Key Enciphering is not possible because Alice doesn t have Bob s private key. Encipher Decipher 9 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 9

  11. Elliptic Curve Concepts 10 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 10

  12. What is Elliptic Curve Cryptography? elliptic curve cryptography / (abbr. ECC)(1) an encryption system that uses the properties of elliptic curve and provides the same functionality of other public key cryptosystems; (2) A public key crypto system that provides, bit-by-bit key size, the highest strength of any cryptosystem known today. 11 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 11

  13. ECC Applications ECC with 160-bit key size offers the same level of security as RSA with 1024-bit key size. Smaller key size provides Storage efficiencies Bandwidth savings Computational efficiencies Which leads to Higher speeds Lower power consumptions Code size reductions ECC implementation is beneficial in applications where bandwidth, processing capacity, power availability, or storage are constrained. ECC includes key distribution, encryption, and digital signatures. 12 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 12

  14. ECC Applications Applications requiring intensive public-key operations. Web servers. Applications with limited power, computational power, speed transfer, memory storage, or bandwidth. Wireless communications PDAs Applications rigid constrains on processing power, parameter storage, and code space. Smart card and tokens. 13 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 13

  15. Elliptic Curves Elliptic Curve Cryptography uses plane curves, which are sets of points satisfying the equation F (x, y) = 0. Examples of plane curves are: Lines (2x + y = a) Conic sections (3x2 + 5y2 = a) Cubic curves (y2 + xy = x3 + ax2 + b), which include elliptic curves. 14 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 14

  16. Finite Fields Finite fields are fields that are finite. A field is a set F in which the usual mathematical operations (addition, subtraction, multiplication, and division by nonzero quantities) are possible; these operations follow the usual commutative, associative, and distributive laws. Rational numbers (fractions), real numbers, and complex numbers are elements of infinite fields. A discrete logarithm (DL) and elliptic curve (EC) cryptography schemes are always based on computations in a finite field in which there are only a finite number of quantities. For cryptography applications, the finite fields that are usually used are the field of characteristic (congruences). The finite field used in DL and EC are the field of prime characteristic Fp and the field of characteristic two F2m. The finite field is also denoted as GF(q). 15 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 15

  17. Finite Fields Characteristic Prime Finite Fields The finite field Fp is the prime finite field containing p elements. If p is an odd prime number, then there is a unique field Fp that consists of the set of integers {0, 1, 2 ,..., p 1}. Characteristic Two Finite Fields A characteristic two finite field (also known as a binary finite field) is a finite field whose number of elements is 2m. If m is a positive integer greater than 1, the binary finite field F2mconsists of the 2mpossible bit strings of length m. For example, F23 = {000, 001, 010, 011, 100, 101, 110, 111} 16 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 16

  18. Group Fields in EC There are two essential properties of group fields when they are used in elliptic curve cryptography: A group should have a finite number of points. An elliptic curve has infinite number of points, but an elliptic curve over Fq has a finite number of elements. The operation that is used should be easy to compute but very difficult and time consuming to reverse. The scalar integer multiplication of an elliptic curve point, P, which is defined as the repeated addition of the point with itself, Q = kP, is an operation that is easy to compute but very difficult and time consuming to reverse. 17 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 17

  19. Elliptic Curves and Points There are several ways of defining equations for elliptic curves, but the most common are the Weierstrass equations. ECC may be implemented over Fq, where q is an odd prime p, or 2m. If ECC is implemented over Fp, the following equation is used: x y + = + 2 3 ax b If ECC is implemented over F2m, the following equation is used: x xy y = + + + 2 3 2 ax b 18 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 18

  20. Elliptic Curve Arithmetic Point Addition in Fp The group law is defined by P + Q R = 0; therefore, P + Q = R, where the negative of the point R(x, y) is the point R (x, y). Given two points on the curve P and Q, the line through them meets the curve at a third point R. The reflection of R gives the point R, which is equal to P + Q. The tangent line through P gives the point R. E: y2 = x3 - 9x + 6 E: y2 = x3 - 9x + 6 P (0.0, 2.45) -R (3.38, -3.76) R (3.38, 3.76) 2P = R = (3.38, 3.76) - R P (0.0, 2.45) Q (-3.24, -1.17) -R (4.49, 7.47) R (4.49, -7.49) P + Q = R = (4.49, -7.49) R P P Q - R R 19 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 19

  21. Elliptic Curve Arithmetic Doubling a Point in Fp Provided that then, ( P P y 0 + = x y P x y R x y , ) ( , ) ( , ) P P P P R R where 2 ( x y x p y 2 mod x R R P x p ) mod R P P 2+ x 2 ( a 3 ( ) P p mod and y ) P is the slope of the line through P(xP , yP). 20 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 20

  22. Elliptic Curves Arithmetic Point Addition in Fp Similar to the addition of two points in plane geometry. For then, , ( ) , ( Q P P y x Q y x P + P Q = R x y ) ( , ) Q R R 2 x x x p mod where R P Q y x x y p ( ) mod R P R P y y ( ) Q P and p mod x x ( ) Q P is the slope of the line through P(xP , yP) and Q(xQ , yQ ). 21 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 21

  23. Elliptic Curve Arithmetic Point Addition in Fp Adding P to -P. E: y2 = x3 - 9x + 6 P (-1.85, 4.05) -P (-1.85, -4.05) P + (-P) = O, the point at infinity P -P 22 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 22

  24. EC Points Points in the Elliptic Curve y^2 = x^3 + x + 1 (mod 23) 24 22 20 18 16 14 12 10 8 6 4 2 0 0 2 4 6 8 10 12 14 16 18 20 The points are symmetric because in elliptic curves, for every point P, there must exist another point P. The point P(0, 1) generates a maximal subgroup because it generates the maximum number of points, 28 (27 plus the point at infinity). The curve order is 28 and is denoted as #E(Fp). 23 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 23

  25. Point and Curve Order For any point in y2 = x3 + x + 1 (mod 23), the value of k such that kP = O is not always the same. The order of points varies; it can be 28, 14, 7 or 4. See next slide The maximum point order is the curve order. Point Order Point Order Point Order Point Order (0,1) (0,22) (1,7) (1,16) (3,10) 28 28 28 28 28 (9,16) (18,3) (18,20) (19,5) (19,18) 28 28 28 28 28 (7,11) (7,12) (12,4) (12,19) (5,4) 14 14 14 14 7 (13,16) (17,3) (17,20) (11,3) (11,20) 7 7 7 4 4 (3,13) 28 (6,4) 14 (5,19) 7 (4,0) 1 (infinity) (9,7) 28 (6,19) 14 (13,7) 7 24 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 24

  26. Point Order 25 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 25

  27. Selecting an EC for Cryptography There are several procedures to select an elliptic curve for cryptographic purposes. The following are some of the criteria: Select a large prime number, p, to be used as the module. Select the coefficients a and b randomly and define E Fp:y2 = x3 + ax + b. Calculate the curve order #E(Fq). Check that #E(Fq) is divisible by a large prime number. Check that the largest prime divisor of #E(Fq) does not divide qv-1 for v= 1, 2, 3, <large limit>. Another way to select the elliptic curve is by selecting the curve order first: Select a large prime number, p, to be used as the module. Select the curve order, #E(Fp), such that + + + p p E F p p 1 2 # ( ) 1 2 q Check that #E(Fp) is divisible by a large prime number, r. Check that r does not divide pv-1 for v= 1, 2, 3, 10. Use the Atkin-Morain algorithm to find parameters a and b in Fp such that the elliptic curve E has an order of #E(Fp). 26 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 26

  28. Selecting a Generator Point Select a random point G on E(Fp) and a large prime number n that divides #E(Fp). Check that the nG = O, n being the point order. The size of the odd prime modulus in bits is 15 Curve generated using Cryptomathic on line generator at http://www.cryptomathic.com/labs/ellipticcurved emo.html#Key-Generation 27 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 27

  29. Discrete Logarithmic Problem In the multiplicative group Zp* discrete logarithm (Diffie-Hellman, ElGamal, DSS), the following is the discrete logarithm problem: Given elements y and x of the group, and a prime p, find a number k such that y = xkmod p. For example, if y = 2, x = 8, and p = 341, then find ksuch that 2 8k mod 341. In the Diffie-Hellman discrete logarithm, y is the public key, g is a large random number, p is the modulo, and k is the private key that the cryptanalyst is trying to find out. Which one is the correct Private Key? 28 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 28

  30. EC Discrete Logarithmic Problem Given an elliptic curve , a point of an order n, and a point , determine the integer k, 0 k n-1, such that Q = kP, provided that such integer k exists. P ( ) E F ( ) E F p p Q ( ) E F p Q is the public key and k is the private key. The scalar integer multiplication of an elliptic curve point, P is defined as the process of adding P to itself k times. Q = kP is analogous to exponentiation in a discrete logarithm cryptosystem, i.e., it is an operation that is easy to compute but very difficult and time consuming to reverse. 29 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 29

  31. Elliptic Curve Public-Key Cryptography The scalar integer multiplication of an elliptic curve point, P is defined as the process of adding P to itself k times. Q = k P. When the point (0,1) is added to itself 13 times the result is the point (9, 16). Q = k P = 13 * (0,1) = (9,16) Select Q = Public Key = (9,16) k = Private Key = 13 30 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 30

  32. Brute Force Attack There is not a known algorithm to attack ECC Brute force attack Starting with point (0,1), add (0,1) to itself until (9,16) is found. Stop when Q = d P = (9, 16) The size of the odd prime modulus in bits is 5. The order of the base point is 28 It would take a system doing a million addition/sec, 14 microseconds to try 50% of all possible points. 31 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 31

  33. Brute Force Attack There is not a known algorithm to attack ECC Brute force attack Starting with point P, add P to itself until Q is found. Stop when kP = Q The size of the odd prime modulus in bits is 161. Equivalent to RSA 1024 The order of the base point is 1.73*1046 It would take a system doing a million addition/sec (3.15*1018 additions/year) 1032 years to try 50% of all possible points. 32 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 32

  34. Breaking the Code April 27, 2004 Certicom Corp. (TSX: CIC), the authority for strong, efficient cryptography, today announced that Chris Monico, an assistant professor at Texas Tech University, and his team of mathematicians have successfully solved the Certicom Elliptic Curve Cryptography (ECC) 109-bit Challenge. The effort required 2600 computers and took 17 months. For comparison purposes, the gross CPU time used would be roughly equivalent to that of an Athlon XP 3200+ working nonstop for about 1200 years. 33 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 33

  35. Public Key Systems Key Size Comparisons Blake, Seroussi, and Smart (1999, p9) compared the two algorithms known to break ECC and discrete algorithms. Simplifying the formulas and making several approximations, they arrived at the following formula comparing key-length for similar levels of security: 3 / 1 (log N N n = 2 / 3 ( log 2 )) where 4.91. The parameters n and N are the key sizes of ECC and DL cryptosystems. Minimum Size of Public keys (Bits) Symmetric Encryption Algorithm Security (Bits) Hash Algorithm ECC Diffie-Hellman and RSA Modulus Size 80 112 128 192 256 SKIPJACK 3DES AES-128 AES-192 AES-256 SHA-1 1024 2048 3072 7680 15360 1024 2048 3072 7680 15360 160 224 256 384 512 SHA-256 SHA-384 SHA-512 34 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 34

  36. Elliptic Curve Cryptography 35 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 35

  37. Domain Parameters Parties using elliptic curve cryptography need to share certain parameter, the Elliptic Curve Domain Parameters . The EC domain parameters may be public; the security of the system does not rely on these parameters being secret. The domain consists of six parameters which are calculated differently for Fpand F2m . It precisely specify an elliptic curve and base point. The six domain parameters are the following: T = (q; FR; a, b; G; n; h), in which, q Defines the underlying finite field Fq. The field size is defined by the module, so, q = p or q = 2m ; p>3 should be a prime number. FR Field representation of the method used for representing field elements in , either or . a, b The coefficients defining the elliptic curve E, elements of Fq. G A distinguished point, G=(xG ,yG), on an elliptic curve called the base point or generating point defined by two field elements xG and yG in Fq. n The order of the base point G. h Called the cofactor, h = #E(Fq)/n, where n is the order of the base point G. h is normally a small number. F E F ( ) ( ) E F q 2m p 36 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 36

  38. ECC Cryptography Encryption EC Integrated Encryption Scheme (ECIES) Variant of ElGamal public-key encryption Proposed by Bellare and Rogaway Variant of ElGamal public-key encryption schme ANSI X9.63, ISO/IEC 15946-3, and IEEE P1363a draft Provably Secure Encryption Curve (PSEC) Fujisaki and Okamoto Evaluated by NESSIE and CRYPTREC Key Exchange Station-to-Station Protocol Diffie, van Oorschot, and Wiener Discrete logarithm-base key agreement ANSI X9.63 ECMQV Meneses, Qu, and Vanstone ANSI X9.63, IEEE 1363-2000, and ISO/IEC 15946-3 37 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 37

  39. ECC Cryptography Digital Signature Elliptic Curve Digital Signature Algorithm (ECDSA) Analog to the Digital Signature Algorithm (DSA) Secure Hash Algorithm (SHS-1) ANSI X9.62, FIPS 186-2, IEEE1363-2000 and ISO/IEC 15946-2 EC Korean Certificate-based Digital Signature Algorithm (EC-KCDSA) Lim and Lee ISO/IEC 15946-2. 38 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 38

  40. Key Generation The public and private keys of an entity A are associated with a particular set of elliptic curve domain parameters (q; FR; a; b; G; n; h). To generate a key pair, entity Alice does the following: Selects a random or pseudo-random integer d in the interval [1, n - 1]. Computes Q = d * G. Has Q as public key, PubA, and d as private key, PrivA. Checks that xG and yG are elements of the elliptic curve equation by calculating or . Example: For E(F23): y2 = x3 + x + 1, #E(F23) =28. Then, n=7, since n should be a prime factor of 28. The cofactor h is equal to 28 / 7 = 4. A point with an order of 7 should be selected. The point G could be (5, 19), one of several points with n = 7. The domain parameter T = (p; a; b; G; n; h) is T = [23; 1; 1; (5,19); 7, 4 ]. Select d = 4, so Q = 4 (5, 19). (13, 16). Alice s public key is PubA = Q = (13, 16) and her private key is PrivA = 4. 2 3 + = + + 2 3 y x y x ax b in F + + y x ax b p mod Q Q Q Q Q m Q Q Q 2 39 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 39

  41. ECC ElGamal Encryption Alice Bob Bob selects a random number as his private key and generates his public key using the same elliptic curve and G point. Let T = (p; a; b; G; n; h) and be Alice s public key. T and PubA do not need to be secret. Pub Priv G p mod A A Bob enciphers the message, M, by doing Alice deciphers the message by Multiplying her private key PrivA by (PrivB . G). Subtracting the above result from M + PrivB . PubA. CM, PubB CM = [{PrivB* G}, {M + PrivB*PubA}] Bob sends his PubB and cipher message to Alice. CM = [{PrivB* G}, {M + PrivB*PubA}] M = {M + PrivB * PubA} { PrivA * PrivB * G} Since PubA= PrivA * G, then, M = {M + PrivB * (PrivA . G)} { PrivA * (PrivB * G)} 40 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 40

  42. ECC ElGamal Encryption Alice Bob Let T = [23; 1; 1; (5,19); 7; 4 ] and select 4 as the PrivA, , 5 ( 4 A Pub Bob selects 4 as his private key. T and PubA do not need to be secret The message is the point (8,20). Pub 19 ) mod 23 A Bob enciphers the message by 13 ( , 16 ) mod 23 CM = [{5*(5, 19)}, {(8, 20) + 5* (13, 16)}] Bob sends his PubB and cipher message CM = [(17, 20), (18,11)] to Alice. as the public key. Alice deciphers the message by Multiplying her private key 4by (18,11) = (5, 4). Subtracting the above result from (17, 20) M = (17,20) (5, 4) M = (17,20) + (5, -4) = (8, 20) CM, PubB Note: The cofactor h =4 in T is not related to the PrivA, which was selected at random and happens to be 4, also. 41 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 41

  43. Diffie-Hellman Key Exchange System Sender and receiver agree on the same domain parameters. T = (p; a; b; G; n; h), does not need to be secret. Bob Alice T = (p; a; b; G; n; h) PrivB = Random large prime integer T = (p; a; b; G; n; h) PrivA = Random large prime integer P P Pub P riv G p mod Pub P riv G p mod ubA A A ubB B B ZZ Pub Priv ZZ Pub Priv A B B A Alice and Bob convert the shared secret value z to an octet string Z and use Z as the shared secret key for symmetric encryption algorithms to secure their communications. 42 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 42

  44. Diffie-Hellman Key Exchange System Bob Alice T = [23; 1; 1; (5,19); 7; 4] T = [23; 1; 1; (5,19); 7; 4] , 5 ( Pub 2 19 ) mod 23 17 ( , 23 ) mod 23 , 5 ( Pub 4 19 ) mod 23 13 ( , 16 ) mod 23 B A P P ubA Pub P riv G p mod ubB Pub P riv G p mod A A B B z Pub Priv z Pub Priv A B B A , 5 ( z 17 ( ) 3 , 4 mod 23 19 ) mod 23 , 5 ( z 13 ( , 16 ) 2 mod 23 19 ) mod 23 Note: The cofactor h =4 in T is not related to the PrivA, which was selected at random and happens to be 4, also. 43 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 43

  45. ECCDSA Signature Generation Alice Bob T = (p; a; b; G; n; h) and Priv Pub A T and PubA do not need to be secret. Verifies Alice s signature (r, s) on the message m as follows: G p mod A is Alice s public key. Selects a random integer , 2 [ k Computes H(m) and ] 2 n 1 c s n mod Computes Computes (r, s) = k G 1 y x mod * r ( , ) 1 1 u H m c n ( . ) mod x n 1 2 u r c n . mod Computes 1 k n mod Computes x ( 0 Computes k s = = + y u G u Pub , ) * * o A 1 2 + 1 H m Priv r n { ( ) . } mod A v x n mod 0 The signature for the message m is the pair of integers (r, s). Accepts the signature if v = r. 44 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 44

  46. ECCDSA Signature Generation Alice Bob Let T = [23; 1; 1; (5,19); 7; 4] and mod ) 19 , 5 ( 4 A Pub Bob verifies Alice s signature (6, 2) on the message m as follows: Compute H(m) and 7 mod 2 c 23 13 ( , 16 ) mod 23 1 c s 7 n mod 4 Select k = 3 Compute ) , ( 1 1 y x r 1 3 mod mod 7 Compute 1 2 4 u u . 4 . H r m c 7 7 c n ( . ) mod 3 mod n mod mod = 13 = = k G . mod , 5 ( . 3 7 19 mod ) 13 ( 7 , ) 7 . 6 u u 10 6 mod mod 5 7 7 1 1 Compute mod 3 k n mod 2 1 7 2 mod 7 5 mod 7 Compute ( = 19 + 13 x y u ) + G u , Pub ( = , , 5 ( . 5 ) * ( . 3 + * o A 0 1 2 16 = Compute s x y , ) ) o 0 = + 1 k H m Priv r n { ( ) . } mod = x y ( , ) 17 ( , 20 ) 17 ( , 20 ) 13 ( , ) 7 A o 0 + s 5 10 ( 4 ) 6 . mod 7 175 mod 7 2 mod 7 Compute v The signature for the message m is the pair of integers (r, s), (6, 2). = x p mod 13 mod 7 6 mod 7 0 Accept the signature because v = 6 mod 7 = r . 45 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 45

  47. Cipher Suite There are many algorithms that can be used for encryption, key exchange, message digest, and authentication; the level of security for each of these algorithms varies. Establishing a connection between two entities requires that they tell each other what crypto algorithms they understand. Normally one of the entities involved in the communication proposes a list of algorithms, and the other entity selects the algorithms supported by both. The selected algorithms may not have matching levels of security, reducing the overall security of the communication. A cipher suite is a collection of cryptographic algorithms that matches the level of security of all the algorithms listed in the cipher suite. To enable secure communications between two entities, they exchange information about which cipher suites they have in common, and they then use the cipher suite that offers the highest level of security. 46 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 46

  48. To Probe Further Hankerson, D., Meneses, A., Vanstone S. (2004). Guide to Elliptic Curve Cryptography. New York: Springer-Verlag. Blake, I., Seroussi G., Smart, N. (1999). Elliptic Curves in Cryptography. Cambridge, United Kingdom: Cambridge University Press. Rosing, M. (1999). Implementing Curve Cryptography. Greenwich, CT: Manning Publications. Lopez, J., Dahab, R., An overview of Elliptic Curve Cryptography, Institute of computting , State University of Campinas, sao Paulo Brazil, may 2, 2000. (Retrieved September 26, 2003 from http://citeseer.nj.nec.com/lop00overview.html) Brown, M., Cheung, D., Hankerson, D., Lopez, J., Kirkup, M., Menezes, A., PGP in Constrained Wireless Devices, Proceedings of the 9th USENIX Security Symposium, August 2000. Certicom Research, Standard for Efficient Cryptograph (SEC 1): Elliptic Curve Cryptograph, September 20, 2000. (Retrieved September 26, 2003 from http://www.secg.org/secg_docs.htm) Certicom Research, Current Public-Key Crypto Systems, April 1997. (Retrieved on September 20, 2000 from ) Cryptomathic, Ellipt Curve Online Key Generation at http://www.cryptomathic.com/labs/ellipticcurvedemo.html#Key-Generation Certicom Elliptic Curve Tutorial at http://www.certicom.com/index.php?action=ecc,ecc_tutorial IEEE P1363, Standard Specifications for Public key Cryptography, draft 2000 47 Elliptic Curve Elliptic Curve Cryptography M. Mogollon 47

Related


Cryptography,.Quantum-safe Cryptography& Quantum Cryptography

Cryptography,.Quantum-safe Cryptography& Quantum Cryptography

pendragon
Introduction to Cryptography: Basics, Terminology, and Significance

Introduction to Cryptography: Basics, Terminology, and Significance

lucius
The Fascinating World of Cryptography

The Fascinating World of Cryptography

solveig
Formal Verification of Quantum Cryptography by Dominique Unruh

Formal Verification of Quantum Cryptography by Dominique Unruh

aslan
Production Possibilities Curve and Economic Growth

Production Possibilities Curve and Economic Growth

abcde
Curve Fitting Techniques

Curve Fitting Techniques

dominykas
Evolution of Cryptography: From Ancient Techniques to Modern Security Mechanisms

Evolution of Cryptography: From Ancient Techniques to Modern Security Mechanisms

damari
Monetary Policy Effectiveness in the IS-LM Framework

Monetary Policy Effectiveness in the IS-LM Framework

shani
Cloud Cryptography for Secure Data Processing

Cloud Cryptography for Secure Data Processing

vespera
The Normal Probability Curve

The Normal Probability Curve

mekhi
Strength-Duration Curve in Neuromuscular Stimulation

Strength-Duration Curve in Neuromuscular Stimulation

valo
Overview of Basic Security Properties and Cryptography Fundamentals

Overview of Basic Security Properties and Cryptography Fundamentals

kawhi
Introduction to Cryptography: The Science of Secure Communication

Introduction to Cryptography: The Science of Secure Communication

catt504
Foundations of Cryptography: MIT Course Overview and Key Concepts

Foundations of Cryptography: MIT Course Overview and Key Concepts

dherb
Basic Concepts in Number Theory and Finite Fields for Cryptography

Basic Concepts in Number Theory and Finite Fields for Cryptography

laurissa
The Phillips Curve and Its Implications

The Phillips Curve and Its Implications

anjam
Nonlinear Curve Fitting Techniques in Engineering

Nonlinear Curve Fitting Techniques in Engineering

shri
Overview of Public-Key Cryptography and Knapsack Problem in Cryptology

Overview of Public-Key Cryptography and Knapsack Problem in Cryptology

dhrn907
STM32WB BLE Secure Connections Overview

STM32WB BLE Secure Connections Overview

jeffreys_n
Efficient Verified Cryptography in F* by Jean-Karim Zinzindohou

Efficient Verified Cryptography in F* by Jean-Karim Zinzindohou

rago_a
Cryptographic Center in Novosibirsk: Advancements in Cryptography and Research

Cryptographic Center in Novosibirsk: Advancements in Cryptography and Research

lott995
Faster Implementation of Modular Exponentiation in JavaScript

Faster Implementation of Modular Exponentiation in JavaScript

daes798

More Related Content