elliptic curve cryptography
TRANSCRIPT
Elliptic Curve Cryptography Ajithkumar Vyasarao
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
#Who am I
• Ajithkumar Vyasarao • B.Sc., LL.M, MCA
• PG Diploma in Cyber Laws from NALSAR Hyderabad
• PG Diploma in IPRL from National Law School of India University, Bangalore
• Life Member Cryptology Research Society of India
• Pursuing research in the area of Cryptography
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Agenda
• Introduction
• Elliptic Curves Over the Real Numbers
• Elliptic Curves Over a Finite Field
• Elliptic Curve Cryptography Demo
• Elliptic Curve Cryptography – Key Exchange
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Introduction
• Major issue with use of public key is the size of numbers used.
• ECC belongs to the category of Public-key Cryptography, performs the computations using elliptic curve arithmetic instead of integer or polynomial arithmetic.
• ECC provides equally good security compared to RSA, but uses smaller key size.
• Notable Advantages of ECC • Uses smaller keys, ciphertexts and signatures. • ECC supports, very fast key generation. • ECC scores over RSA because of its moderately fast encryption and decryption. • ECC computations are uses less memory and CPU cycles compared to RSA, hence
suited for securing Mobile Handheld devices.
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Comparable Key Sizes for Equivalent Security
Symmetric scheme
(key size in bits)
ECC-based scheme
(size of n in bits)
RSA/DSA
(modulus size in bits)
56 112 512
80 160 1024
112 224 2048
128 256 3072
192 384 7680
256 512 15360
William Stallings Table 10.3 - “ Comparable Key Sizes in Terms of Computational Effort for Cryptanalysis"
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Introduction
• An elliptic curve is defined by an equation in two variables with coefficients.
• Elliptic curves are not ellipses. Elliptic curves are described by cubic equations similar to those used for calculating the circumference of an ellipse
• Elliptic curve cryptography makes use of elliptic curves, in which the variables and coefficients are all restricted to elements of a finite field.
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
ECC over Real Numbers
• Elliptic curve over real numbers are nothing but set of points (x,y) which satisfy an elliptic curve equation y2 = x3 + ax + b, where x, y, a and b are real numbers.
• Supplying different set of values for a and b results in a different elliptic curve.
• For example a = -4 and b = 0.67 gives the elliptic curve with equation y2 = x3 - 4x + 0.67
• If the cubic polynomial x3+ax+b has no repeated roots, we say the elliptic curve is non-singular.
• A necessary and sufficient condition for the cubic polynomial x3+ax+b to have distinct roots is 4a^3 + 27 b^2 not equal to 0.
• we’ll always assume the elliptic curves are non-singular.
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
P + Q = R is the additive property defined geometrically CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Elliptic Curves Over Finite Fields
• Instead of choosing the field of real numbers, we can create elliptic curves over other fields!
• Let a and b be elements of Zp for p prime, p>3. An elliptic curve E over Zp is the set of points (x,y) with x and y in Zp that satisfy the equation
together with a single element , called the point at infinity.
• As in the real case, to get a non-singular elliptic curve, we’ll require 4a3 + 27 b2 (mod p) 0 (mod p).
• Elliptic curves over Zp will consist of a finite set of points
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Elliptic Curves Over Finite Fields
• Just as in the real case, we can define addition of points on an elliptic curve E over Zp, for prime p>3.
• This is done in the essentially the same way as the real case, with appropriate modifications.
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Point Addition over Finite Field Fp
• Point addition and doubling are now slightly different visually.
• Lines drawn on this graph will wrap around the horizontal and vertical directions, just like in a game of Asteroids, maintaining the same slope.
• So adding points (2, 22) and (6, 25) looks like this:
• The third intersecting point is (47, 39) and its reflection point is (47, 28).
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Ref: http://www.coindesk.com/math-behind-bitcoin/
Elliptic Curve Cryptography Discrete Logarithm Problem [ ECCDLP ] • Addition is simple
P + P = 2P
Multiplication is faster , it takes only 8 steps to compute 100P, using point doubling and add
1. P * 2 = 2P
2. P + 2P = 3P
3. 3P * 2 = 6P
4. 6P *2 = 12P
5. 12P * 2 =24 P
6. P + 24 P = 25 P
7. 25P * 2 = 50 P
8. 50P *2 = 100 P
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Elliptic Curve Cryptography Discrete Logarithm Problem [ ECCDLP ] • Division is slow,
• In ECC Q is defined as product of n*P is another point on the curve Q = nP
given initial point P and final point Q, it is hard to compute ‘n’ which serves as a secret key.
Brute force method, start with P, every step multiply P with number 1, 2 and so on,
For each step compare result of P*x where x=1,2,3,… with Q
This problem is known as discrete log problem, difficult to beak
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Elliptic Curve point addition (R)- Demo
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Elliptic Curve scalar multiplication (R)- Demo
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Elliptic Curve point addition (Fp)- Demo
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Elliptic Curve scalar multiplication (Fp)- Demo
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
ECC Application
• ECC is being used in many places such as • PDAs
• VOIP
• Smart cards
• Mobile devices
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Diffie-Hellman Key Exchange – ECC scenario
• Alice and Bob two parties need to exchange secret key
1. Both Alice and Bob agree upon starting point P point on elliptic curve publicly defined y2 = x3 - 4x + 0.67
2. Alice selects his private ‘α’ and computes αP shares this with bob
3. Bob selects his private ‘β’ and computes βP shares with Alice
4. Alice receives βP and computes βPα by multiplying with his private
5. Bob receives αP and computes αPβ by multiplying with his private
6. It is obvious βPα = αPβ , hence both Alice and Bob have same key which serves as private key for further encryption and decryption
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Security Aspect
• Attacks on groups of elliptic curves are weaker than available factoring algorithms attacks
• Best known attacks on elliptic curves based on cryptographic criterions are the Baby-Step Giant-Step and Pollard-Rho method
• Complexity of these methods are approximately √ p .
• An elliptic curve using a prime p with 160 bit ,roughly 2160 points, provides a security of 280 steps on an average that is required by an attacker.
• An elliptic curve using a prime p with 256 bit, roughly 2256 points, provides a security of 2128 steps on an average.
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
Reference
1. Network security and cryptography - William Stallings
2. Kwangjo Kim, Cryptography, Open Access Journal
3. Elliptic Curve Cryptography - Lecture notes by Wayne Patterson
4. Elliptic Curve Cryptography: a gentle introduction, http://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/
5. Certicom, https://www.certicom.com/ecc
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016
CYSINFO CYBER SECURITY MEETUP – 17TH SEPTEMBER 2016