Difference between revisions of "Elliptic Curve Cryptography"

Revision as of 14:23, 21 February 2019

Summary

This documentary gives a brief introduction into elliptic curve cryptography

Elliptic Curve Cryptography

Elliptic curve cryptography is a part of asymmetric cryptography, it is based on the mathematical hard problem to find a solution for the elliptic curve discrete logarithm. The calculations are performed on the algebraic structure of elliptic curves over finite fields, which means we compute points on a elliptic curve over finite field by applying the group operations double and add.

The scalar multiplication of a point on an elliptic curve over a finite field is equivalent to the exponentation of a number in a prime field, therefore the inversion is also called discrete logarithm.

First proposed application of elliptic curves in cryptography was random number generations, now ECC is widely used for key establishment and digital signature schemes.

Simple Weierstrass Elliptic Curve Presentation

Simple Weierstrass form curve equation:

$y^{2}=x^{3}+ax+b$ The elliptic curve are all points in the x,y coordinates which fulfill the cubic curve equation, whereas a and b are called the characteristic of the curve. The curve needs to be smooth, which means that it will not contain any singularities such as a cusp or a self intersection,

This can be also described by the term: $4a^{3}+27b^{2}\neq 0$

Another characteristic we need to introduce is the point at infinity denoted by 0 (also known as ideal point), which can be thought as identity element infinitly raised on the y axis. Therefore our points on the elliptic curve over R² all fulfill this equation $\{(x,y)\in R^{2}|y^{2}=x^{3}+ax+b,4a^{3}+27b^{2}\neq 0\}\cup \{0\}$ and can be presented by:

A point consists of 2 values P(x,y).

Group operations on elliptic curves

According to the group law all points support following operations:

Point addition: $P+Q=R$
Point doubling: $P=Q-2P=R$

TODO:Need to install link target extension: https://www.mediawiki.org/wiki/Extension:LinkTarget Test: https://cdn.rawgit.com/andreacorbellini/ecc/920b29a/interactive/reals-add.html

Geometric derivation of the point addition by the Tangent Chord Law

^[1]

Given the elliptic curve $E:y^{2}=x^{3}+ax+b$ and the points $P=(x_{1},y_{1})$ and $Q=(x_{2},y_{2})$ , we can caculate the coordinates of the point $R=P+Q=(x_{3},y_{3})$ as follows. 1. Calculation of $y_{3}$

We know the equation from the line

$y=kx+d\qquad {\text{concising of}}\qquad k={\frac {\Delta y}{\Delta x}}$

Therfore

$k={\frac {y_{2}-y_{1}}{x_{2}-x_{1}}}$ and we can find the intersection with the y-axis and achieve d $d=y_{1}-kx_{1}={\frac {y_{1}\cdot x_{2}-y_{1}\cdot x_{1}-y_{2}\cdot x_{1}+y_{1}\cdot x_{1}}{x_{2}-x_{1}}}={\frac {y_{1}\cdot x_{2}-y_{2}\cdot x_{1}}{x_{2}-x_{1}}}$ .

$y_{3}$ we can find by insertion in the line equation:

$y_{3}=(-1){\bigg (}{\frac {y_{2}-y_{1}}{x_{2}-x_{1}}}\cdot x_{3}+y_{1}-{\frac {y_{2}-y_{1}}{x_{2}-x_{1}}}\cdot x_{1}{\bigg )}={\bigg (}{\frac {y_{2}-y_{1}}{x_{2}-x_{1}}}{\bigg )}(x_{1}-x_{3})-y_{1}$

2. Calculation of $x_{3}$

Now we insert the values of the line equation into the elliptic curve equation:

${\begin{aligned}(k\cdot x+d)^{2}&=x^{3}+a\cdot x+b\\k^{2}x^{2}+2k\cdot x\cdot d+d^{2}&=x^{3}+a\cdot x+b\\x^{3}-x^{2}k^{2}+x(a-2k\cdot d)+b-d^{2}&=0\end{aligned}}$

The cross points can be searched by

${\begin{aligned}(x-x_{1})\cdot (x-x_{2})\cdot (x-x_{3})&=0\\(x^{2}-x\cdot x_{2}-x\cdot x_{1}+x_{1}\cdot x_{2})\cdot (x-x_{3})&=0\\x^{3}-x^{2}\cdot x_{2}-x^{2}\cdot x_{1}+x\cdot x_{1}x_{2}-x^{2}\cdot x_{3}+x\cdot x_{2}x_{3}+x\cdot x_{1}x_{3}-x_{1}x_{2}x_{3}&=0\\x^{3}-x^{2}(x_{1}+x_{2}+x_{3})+x(x_{1}x_{2}+x_{2}x_{3}+x_{1}x_{3})+x_{1}x_{2}x_{3}&=0\end{aligned}}$

Now we can conclude from the second term

${\begin{aligned}x^{3}-x^{2}{\underline {k^{2}}}+x(a-2k\cdot d)+b-d^{2}&=0\\x^{3}-x^{2}{\underline {(x_{1}+x_{2}+x_{3})}}+x(x_{1}x_{2}+x_{2}x_{3}+x_{1}x_{3})+x_{1}x_{2}x_{3}&=0\\k^{2}&=x_{1}+x_{2}+x_{3}\end{aligned}}$

and achieve a solution for $x_{3}$ by:

$x_{3}=k^{2}-x_{1}-x_{2}={\bigg (}{\frac {y_{2}-y_{1}}{x_{2}-x_{1}}}{\bigg )}^{2}-x_{1}-x_{2}$

Algebraic group of points

The points further comply associative and commutative algebraic group laws and the handling of the neutral element:

- closure: $P+Q=R\forall P,Q,R\in E$ b
- associative: $P+0=0+P\forall P\in E$
- identity element and inverse that: $P+(-P)=0\forall P\in E$
- cummutative: $P+(Q+R)=(P+Q)+R\forall P,Q,R\in E$

The inverse point of a point P(x,y) is therfore P(x,-y).

Scalar Multiplication

Double and Add algorithm

Calculation in projective coordinates

Side Channel Attacks

Montgomery ladder

Standardization of elliptic curves

Curve25519

Curve25519 is a highly optimized curve proposed by Daniel J. Bernstein (djb) in 2005. The curve equation is $y^{2}=x^{3}+486662x^{2}+x$ over a prime field $2^{255}-19$

Edward curves

Applications Example Elliptic curve Diffie Hellman key exchange

References

↑ Hankerson, D., A. Menezes and S. Vanstome: Guide to Elliptic Curve Cryptographie. Springer Verlag New York, Inc., 1. Auflage, 2004.

[HMV-1] Hankerson, D., A. Menezes and S. Vanstome: Guide to Elliptic Curve Cryptographie. Springer Verlag New York, Inc., 1. Auflage, 2004.

[1]

@@ Line 17: / Line 17: @@
 * Simple Weierstrass form curve equation:
-TODO need to install math extension: https://www.mediawiki.org/wiki/Extension:Math/advancedSettings#Installing_texvc
+<math>y^2 = x^3 +  ax + b</math>
-<math>y² = x³ +  ax + b</math>
 The elliptic curve are all points in the x,y coordinates which fulfill the cubic curve equation, whereas a and b are called the characteristic of the curve.
 The curve needs to be smooth, which means that it will not contain any singularities such as a cusp or a self intersection,
@@ Line 29: / Line 28: @@
 Another characteristic we need to introduce is the point at infinity denoted by 0 (also known as ideal point), which can be thought as identity element infinitly raised on the y axis.
 Therefore our points on the elliptic curve over R² all fulfill this equation
-<math>\{(x,y)∈R2 | y2=x3+ax+b, 4a3+27b2≠0\} \cup \{0\}</math>
+<math>\{(x,y) \in R^2 | y^2=x^3+ax+b, 4a^3+27b^2 \neq 0\} \cup \{0\}</math>
 and can be presented by:
@@ Line 40: / Line 39: @@
 According to the group law all points support following operations:
 * Point addition: <math> P+Q=R</math>
-* Point doubling: <math> P=Q - 2P=R<\math
+* Point doubling: <math>P=Q - 2P=R</math>
 TODO:Need to install link target extension: https://www.mediawiki.org/wiki/Extension:LinkTarget
@@ Line 90: / Line 89: @@
 === Algebraic group of points ===
 The points further comply associative and commutative algebraic group laws and the handling of the neutral element:
-** closure: <math>P+Q=R \forall P,Q,R \in E<\math>b
+** closure: <math>P+Q=R \forall P,Q,R \in E</math>b
-** associative: <math>P+0=0+P \forall P \in E<\math>
+** associative: <math>P+0=0+P \forall P \in E</math>
-** identity element and inverse that: <math>P+(-P) = 0  \forall P \in E<\math>
+** identity element and inverse that: <math>P+(-P) = 0  \forall P \in E</math>
-** cummutative: <math>P+(Q+R)=(P+Q)+R  \forall P,Q,R \in E<\math>
+** cummutative: <math>P+(Q+R)=(P+Q)+R  \forall P,Q,R \in E</math>
 The inverse point of a point P(x,y) is therfore P(x,-y).
@@ Line 112: / Line 111: @@
 Curve25519 is a highly optimized curve proposed by Daniel J. Bernstein (djb) in 2005.
 The curve equation is
-<math>y^2=x^3+486662x^2+x<\math> over a prime field <math>2^{255}-19</math>
+<math>y^2=x^3+486662x^2+x</math> over a prime field <math>2^{255}-19</math>
 === Edward curves===
 == Applications Example Elliptic curve Diffie Hellman key exchange ==

Difference between revisions of "Elliptic Curve Cryptography"

Revision as of 14:23, 21 February 2019

Contents

Summary

Elliptic Curve Cryptography