25

Chapter 3

ELLIPTIC CURVE CRYPTOGRAPHY (ECC):

3.1 Introduction

The use of elliptic curves in cryptography was first proposed by Neil Koblitz [16]and Victor
Miller [20] in 1985. Koblitz and Miller did not invent a new cryptographic algorithm but they
implemented certain existing algorithms using elliptic curve arithmetic. Since its founding
elliptic curve cryptography has been studied a lot in the academic world. The use of elliptic
curves in cryptography is very inviting because shorter key lengths can be used than in the case
of conventional cryptography e.g. RSA.
As points on an elliptic curve over GF(2n)form a finite group of order n = E(GF(2n)), with the
point addition as a group operation. Multiplication over an elliptic curve is defined as in Section
2.1, i.e. it is performed by sequentially adding a point to itself. Multiplication is the basic
operation of any elliptic curve cryptosystem and many efficient algorithms to compute it have
been developed. All elliptic curve cryptography (ECC) algorithms rely on the fact that calculating
the point multiplication kP, where k is an integer and P is a point on an elliptic curve, is
relatively easy and fast, but it is a very hard task to calculate k, if P and kP are given. The
problem that must be solved, to calculate k, is called elliptic curve discrete logarithm problem
and it requires an exponential time to solve.
Elliptic curve cryptography has better security with a shorter key length than any other
published public-key cryptography method. Elliptic curve cryptosystem with a 173-bit key is
considered as secure as RSA using a 1024-bit key and ECC with a 313-bit key is considered as
secure as 4096-bit RSA . Elliptic curve cryptography is thus a very attractive alternative,
especially in communication systems with limited bandwidth.
Elliptic curves have been studied by mathematicians for more than a century. An extremely rich
theory has been developed around them, and in turn they have been the basis of numerous
new developments in mathematics. As far as cryptography is concerned, elliptic curves have
been used for factoring and primality proving. The idea of using elliptic curves for public-key
cryptosystems is due to Victor Miller
 26

[Miller85] and Neal Koblitz [Koblitz87] in the mid-eighties. As with all cryptosystems, and
especially with public-key cryptosystems, it takes years of public evaluation before a reasonable
level of confidence in a new system is established. The elliptic curve public-key cryptosystems
(ECPKCs) seem to have reached that level now. In the last couple of years, the first commercial
applications have appeared(email security, web security, smart cards, etc.). Before we look at
how the ECPKC s work, we will give a short introduction to elliptic curves

3.2 Mathematical of Elliptic Curve Cryptography:

Definition of elliptic curves: Elliptic curves are not ellipses. They are called this because they
are described by cubic equations, similar to those used for calculating the circumference of an
ellipse. In general, an elliptic curve is the set of solutions of an equation of the form
y2 + a1xy + a3y = x3 + a2x2 + a4x + a5 ……………….(1)

Where the coefficients ai are elements of some field (R, Z or Zp) which satisfy some
Simple conditions in order to avoid singularities. Such an equation is said to be
Cubic, or of degree 3, because the highest exponent it contains is 3. The Eq.1 is
Called Weierstrass equation. Also included in the definition of any elliptic curve is
a single element denoted O and called point of infinity or the zero point

An elliptic curve over real numbers may be defined as the set of points (x,y) which satisfy an
elliptic curve equation of the form:

y2 = x3 + ax + b, where x, y, a and b are real numbers.

Each choice of the numbers a and b yields a different elliptic curve. For example, a =1 and b =1
gives the elliptic curve with equation y2 = x3 +x +1; the graph of this curve is shown below:

If x3 + ax + b contains no repeated factors, or equivalently if 4a3 + 27b2 is not 0, then the elliptic
curve y2 = x3 + ax + b can be used to form a group. An elliptic curve group over real numbers
consists of the points on the corresponding elliptic curve, together with a special point O called
the point at infinity.

Figure:
 27

Elliptic Curve (y2 = x3+x +1)

Figure 3.1

3.2.1 Point addition: Elliptic Curve Addition: A Geometric

Approach:

P + Q = R is the additive property defined geometrically.

Elliptic curve groups are additive groups; that is, their basic function is addition. The addition of
two points in an elliptic curve is defined geometrically.
The negative of a point P = (X1,Y1) is its reflection in the x-axis: the point -P is (X1,-Y1). Notice that
for each point P on an elliptic curve, the point -P is also on the curve.

Adding distinct points P and Q :The resulted point of adding two different points on the elliptic
curve is computed as shown below in figure 2
When P = (X1,Y1) and Q = (X2,Y2) are not negative of each other,
(X1,Y1)+ (X2,Y2)= (X3,Y3); where X1≠X2
P + Q = R where

= (Y2 – Y1) / (X2 – X1)

 28

2
X3 = - X1 – X2 and

Y3 = -Y1 + (X1 – X3)

Note that λ is the slope of the line through P and Q.

Figure 3.2

Point Addition:

Suppose that P and Q are two distinct points on an elliptic curve, and the P is not -Q. To add the
points P and Q, a line is drawn through the two points. This line will intersect the elliptic curve in
exactly one more point, call -R. The point -R is reflected in the x-axis to the point R. The law for

addition in an elliptic curve group is P + Q = R..

3.2.2 Point doubling :

(X1,Y1)+ (X2,Y2)= (X3,Y3);

where Y1≠0
2P = R where
λ = (3X12 + a) / (2Y1 )
X3 = λ2 – 2X1 and

Y3 = λ (X1 – X3) -Y1

 29

Figure 3.3

Shows how a point can be doubled graphically on the elliptic curve. Suppose we want to double
a point P on the elliptic curve. A tangent line to the curve and passing by P is taken to double the
point. The line must cross the curve through another point; the point is noted as -R. Then we
reflect the point –R in the x-axis to the point R where R=2P.

The line through P and -P is a vertical line which does not intersect the elliptic curve at a third
point; thus the points P and -P cannot be added as previously. It is for this reason that the elliptic
curve group includes the point at infinity O. By definition, P + (-P) = O. As a result of this equation,
P + O = P in the elliptic curve group . O is called the additive identity of the elliptic curve group; all
elliptic curves have an additive identity.

Point P and the Negative of P from

Figure 3.4
 30

To add a point P to itself, a tangent line to the curve is drawn at the point P. If yP is not 0, then the
tangent line intersects the elliptic curve at exactly one other point, -R. -R is reflected in the x-axis
to R. This operation is called doubling the point P; the law for doubling a point on an elliptic curve
group is defined by:

J+J=2L.

Figure 3.5
 31

Doubling the point P if Yj = 0 2J=0.

If a point P is such that Yp = 0, then the tangent line to the elliptic curve at P is vertical and does
not intersect the elliptic curve at any other point.
By definition, 2P = O for such a point P. If one wanted to find 3P in this situation, one can add
2P + P. This becomes P + O = P Thus 3P = P.
3P = P, 4P = O, 5P = P, 6P = O, 7P = P,
 32

Figure 3.6

2 3
Elliptic curves over real numbers: y =x +ax+b with a=9,b=-2.
 33

Figure 3.7

y2=x3+ax+b with a=10,b=-10.

 34

Figure 3.8

y2=x3+ax+b with a=-4,b=9.

 35

Figure 3.9

y2=x3+ax+b with a=-8,b=8.

 36

Figure 3.10
2 3
y =x +ax+b with a=-7,b=8.
 37

Figure 3.11

y2=x3+ax+b with a=10,b=10.

 38

3.3 Elliptic Curve Groups over

Finite fields (Fp):
3.3.1. Introduction :

All elliptic curve operations mentioned earlier are based on real numbers. However, operations
over the real numbers are inaccurate and slow, whereas cryptographic operations need to be
accurate and fast. Therefore, the curve cryptography can be defined over finite fields to operate EC
efficiently and accurately. A finite field is a set of a finite number of elements. Cryptographic
applications require fast and precise arithmetic; thus elliptic curve groups over the finite fields of
Fp and F2m are used in practice.
Recall that the field Fp uses the numbers from 0 to p - 1, and computations end by taking the
remainder on division by p. The number of points on E(F p) is denoted by #E(F p). The Hasse
Theorem states that:

p+1-2√ ≤#E(F p) ≤p+1+2√ .

For example, in F23 the field is composed of integers from 0 to 22, and any operation within this
field will result in an integer also between 0 and 22.
An elliptic curve with the underlying field of Fp can formed by choosing the variables a and b within
the field of Fp. The elliptic curve includes all points (x,y) which satisfy the elliptic curve equation
modulo p (where x and y are numbers in Fp).
For example: y2 mod p = x3 + ax + b mod p has an underlying field of Fp if a and b are in Fp.
If x3 + ax + b contains no repeating factors (or, equivalently, if 4a3 + 27b2 mod p is not 0), then the
elliptic curve can be used to form a group. An elliptic curve group over Fp consists of the points on
the corresponding elliptic curve, together with a special point O called the point at infinity. There
are finitely many points on such an elliptic curve.

3.3.2 Example of an Elliptic Curve Group over Fp:

As a very small example, consider an elliptic curve over the field F23. With a = 1 and b = 0, the elliptic
curve equation is y2= x3 + x. The point (9,5) satisfies this equation since y2 mod p = x3 + x mod p
 39

25 mod 23 = 729 + 9 mod 23

25 mod 23 = 738 mod 23
2=2
The 23 points which satisfy this equation are:
(0,0) (1,5) (1,18) (9,5) (9,18) (11,10) (11,13) (13,5)
(13,18) (15,3) (15,20) (16,8) (16,15) (17,10) (17,13) (18,10)
(18,13) (19,1) (19,22) (20,4) (20,19) (21,6) (21,17)
These points may be graphed as below:

Figure 3.3.2

Note that there is two points for every x value. Even though the graph seems random, there is
 40

still symmetry about y = 11.5. Recall that elliptic curves over real numbers, there exists a
negative point for each point which is reflected through the x-axis. Over the field of F23, the
negative components in the y-values are taken modulo 23, resulting in a positive number as a

difference from 23. Here -P = (xP, (-yP Mod 23))

3.3.2.1 Arithmetic in Elliptic Curve Group over Fp

Point addition:

Note that these rules are exactly the same as those for elliptic curve groups over real numbers,
with the exception that computations are performed modulo p.
There are several major differences between elliptic curve groups over Fp and over real
numbers. Elliptic curve groups over Fp have a finite number of points, which is a desirable
property for cryptographic purposes. Since these curves consist of a few discrete points, it is
not clear how to "connect the dots" to make their graph look like a curve. It is not clear how
geometric relationships can be applied. As a result, the geometry used in elliptic curve groups
over real numbers cannot be used for elliptic curve groups over Fp. However, the algebraic rules
for the arithmetic can be adapted for elliptic curves over Fp. Unlike elliptic curves over real
numbers, computations over the field of Fp involve no round off error - an essential property
required for a cryptosystem.
The rules for addition over Ep(a,b): Correspond to the algebraic technique described for elliptic
curve defined over real numbers. For all points P,Q∈Ep(a,b);
1.P+O=P.
2.If P=(xp,yp), then P+(xp,-yp)=O. The point (xp,-yp) is the negative of P, denoted as –P. For
example , in E23(1,1), for P=(13,7), we have –P=(13,-7).But -7 mod 23=16.Therefore –P=(13,16),
which is also in E23(1,1)
3.if P=(xP,yP) and Q=(xQ,yQ0 with P≠-Q, then R=P+Q=(xR,yR) is determined by the following rules:
XR=(λ2-xP-xQ) mod p , YR=(λ(xP-xR)-yP) mod p
Where

λ=( ) mod p if P≠Q

 41

+
( 2
) mod p if P=Q

3.3.2.2. Multiplication is defined as repeated addition; for example, 4P=P+P+P+P.

For example let P=(3,10) and Q=(9,7) in E23(1,1).Then
7−10 − −1
λ=( 9− ) mod 23=( 6 ) mod 23=( 2 ) mod 23=11

xR=(112-3-9) mod 23=109 mod 23=17

yR=(11(3-17)-10) mod 23=-164 mod 23=20
so P+Q=(17,20).To find 2P
( ( 2)+1 5 1
λ 2 10
) mod 23=(20) mod23=(4) mod 23=6
Figure 3.3.2
 42

Figure 3.3.2.1
2 3
y =x +ax+b with finite field over mod 23.
 43

3.3.3. Elliptic Curve Groups over Binary

field GF(2n):

The number of points on E(F2m)() is denoted by #E(F2m). The Hasse Theorem states that:
2m+1-2√2m≤#E(F2m) ≤2m+1+2√2m:
There are finitely many points on a curve over F2m .

Elements of the field F2m are m-bit strings. The rules for arithmetic in F2m can be defined by
either polynomial representation or by optimal normal basis representation. Since F2m operates
on bit strings, computers can perform arithmetic in this field very efficiently.
An elliptic curve with the underlying field F2m is formed by choosing the elements a and b within
F2m (the only condition is that b is not 0). As a result of the field F2m having a characteristic 2, the
elliptic curve equation is slightly adjusted for binary representation:
y2 + xy = x3 + ax2 + b
The elliptic curve includes all points (x,y) which satisfy the elliptic curve equation over F2m
(where x and y are elements of F2m ). An elliptic curve group over F2m consists of the points on

the corresponding elliptic curve, together with a point at infinity, O. There are finitely many
points on such an elliptic curve.

An Example of an Elliptic Curve Group over F2m:

As a very small example, consider the field F24, defined by using polynomial representation with
the irreducible polynomial f(x) = x4 + x + 1.
The element g = (0010) is a generator for the field . The powers of g are:
g0 = (0001) g1 = (0010) g2 = (0100) g3 = (1000) g4 = (0011) g5 = (0110)
g6 = (1100) g7 = (1011) g8 = (0101) g9 = (1010) g10 = (0111) g11 = (1110)
g12 = (1111) g13 =(1101) g14 =(1001) g15 = (0001)
 44

In a true cryptographic application, the parameter m must be large enough to preclude the
efficient generation of such a table otherwise the cryptosystem can be broken. In today's
practice, m = 160 is a suitable choice. The table allows the use of generator notation (ge) rather
than bit string notation, as used in the following example. Also, using generator notation allows
multiplication without reference to the irreducible polynomial
f(x) = x4 + x + 1.
Consider the elliptic curve y2 + xy = x3 + g4x2 + 1. Here a = g4 and b = g0 =1. The point (g5, g3)
satisfies this equation overF2m :
y2 + xy = x3 + g4x2 + 1

(g3)2 + g5g3 = (g5)3 + g4g10 + 1

g6 + g8 = g15 + g14 + 1

(1100) + (0101) = (0001) + (1001) + (0001)

(1001) = (1001)

The fifteen points which satisfy this equation are:

(1, g13) (g3, g13) (g5, g11) (g6, g14) (g9, g13) (g10, g8) (g12, g12)

(1, g6) (g3, g8) (g5, g3) (g6, g8) (g9, g10) (g10, g) (g12, 0) (0, 1)

These points are graphed below:

 45

figure 3.3.3

Elliptic curve groups over F2m have a finite number of points, and their arithmetic involves no
round off error. This combined with the binary nature of the field, F2m arithmetic can be
performed very efficiently by a computer.
The following algebraic rules are applied for arithmetic over F2m :

3.3.3.1 Point addition (Adding Q) :

Adding distinct points P and Q

The negative of the point P = (xP, yP) is the point -P

P = (xP, xP + yP). If P and Q are distinct points
such that P is not -Q, then

P + Q = R where
s = (yP - yQ) / (xP + xQ)
xR = s2 + s + xP + xQ + a and yR = s(xP + xR) + xR + yP As with elliptic curve groups over real
numbers, P + (-P)
P) = O, the point at infinity. Furthermore, P + O = P for all points P in the elliptic
 46

curve group.

3.3.3.2 Point doubling :

If xP = 0, then 2P = O
Provided that xP is not 0,
2P = R where
s = xP + yP / xP
xR = s2+ s + a and yR = xP2 + (s + 1) * xR
Recall that a is one of the parameters chosen with the elliptic curve and that s is the slope of the
line through P and Q

Elliptic curves over binary fields:

Let y2+xy=x3+ax2+b let a=g4, b=1 the points and the graph is given by:

Table:3.1

x Y
0 1
1 6
1 13
3 8
3 13
5 3
5 11
6 8
6 14
9 10
9 13
10 1
10 8
12 12
12 15
 47

Figure 3.3.3.1

16

14

12

10

8
Series1
6

0
0 2 4 6 8 10 12 14

1: The points on the Elliptic curve = +x+1 here a=1,b=1 and p=23 are given by

0 1 17 20
0 22 18 3
1 7 18 20
1 16 19 5
3 10 19 18
3 13
4 0
5 4
5 19
6 4
6 19
7 11
7 12
9 7
9 16
11 3
11 20
12 4
12 19
13 7
13 16
17 3
Table:3.2
 48

Figure 3.3.3.2

25

20

15

Series1
10

0
0 5 10 15 20

Similarly consider the Elliptic curve = +10x+5 here a=3,b=5 and p=17 the points are given by

0 3 Table: 3.3 the graph is given by

0 14
1 4
1 13 Figure 3.3..3.3
6 3
6 14 18
9 12 16
9 5 14
11 1
12
11 16
12 0 10
Series1
8
Series2
6
4
2
0
0 2 4 6 8 10 12 14
 49

Let the Elliptic curve = +3x+1 here a=3, b=1 and p=13and the points are given by

Table: 3.4

0 1
0 12
1 2
1 11
4 3
4 9
6 1
6 12
7 1
7 12
11 0

The graph is given by:

figure 3.3.3.3.4

14

12

10

6 Series1

0
0 2 4 6 8 10 12
 50

3.3.3.3 Construction of finite field of order 28 :

Construction of finite field of order 28 GF (28) with the irreducible polynomial(x)
=x8+x4+x2+x+1.Let a be a point in this polynomial then a8=a4+a3+a2+1.
As α is a primitive element of GF(28),every element x of GF(28) may be expressed as
a0+a1α+a2α2+a3α3+a4α4+a5α5+a6α6+a7α7 ai∈GF(28),0≤i≤ .It is represented as 8-tuple
(a0,a1,a2,a3,a4,a5,a6, a7).By this terminology we have
α0=(1,0,0,0,0,0,0,0),α1=(0,1,0,0,0,0,0,0)α2=(0,0,1,0,0,0),α3=(0,0,0,1,0,0,0,0),α4=(0,0,0,0,1,0)
α5=(0,0,0,0,0,10,0,) α6=(0,0,0,0,0,0,1,0),α7=(0,0,0,0,0,0,0,1)
And α8=α 4+α3 +α2+1=(10,1,1,1,0,0,0,0),we get α9= α5+α4+α3+α=(0,1,0,1,1,1,0,0)The other
powers of α are computed similarly with the following table.

Table for order GF(28):

 i
i a 42 10101101 85 01101011 128 10100001 171 11001101 214 10011111
0 10000000 43 11101110 86 10001101 129 11101000 172 11011110 215 11110111 51
1 01000000 44 01110111 87 11111110 130 01110100 173 01101111 216 11000011
2 00100000 45 10000011 88 01111111 131 00111010 174 10001111 217 11011001 Table:3.5
3 00010000 46 11111001 89 10000111 132 00011101 175 11111111 218 11010100
4 00001000 47 11000100 90 11111011 133 10110110 176 11000111 219 01101010
5 00000100 48 01100010 91 11000101 134 01011011 177 11011011 220 00110101
6 00000010 49 00110001 92 11011010 135 10010101 178 11010101 221 10100010
7 00000001 50 10100000 93 01101101 136 11110010 179 11010010 222 01010001
8 10111000 51 01010000 94 10001110 137 01111001 180 01101001 223 10010000
9 01011100 52 00101000 95 01000111 138 10000100 181 10001100 224 01001000
10 00101110 53 00010100 96 10011011 139 01000010 182 01000110 225 00100100
11 00010111 54 00001010 97 11110101 140 00100001 183 00100011 226 00010010
12 10110011 55 00000101 98 11000010 141 10101000 184 10101001 227 00001001
13 11100001 56 10111010 99 01100001 142 01010100 185 11101100 228 10111100
14 11001000 57 01011101 100 10001000 143 00101010 186 01110110 229 01011110
15 01100100 58 10010110 101 01000100 144 00010101 187 00111011 230 00101111
16 00110010 59 01001011 102 00100010 145 10110010 188 10100101 231 10101111
17 00011001 60 10011101 103 00010001 146 1011001 189 11101010 232 11101111
18 10110100 61 11110110 104 10110000 147 10010100 190 01110101 233 11001111
19 01011010 62 01111011 105 01011000 148 01001010 191 10000010 234 11011111
20 00101101 63 10000101 106 00101100 149 00100101 192 01000001 235 11010111
21 10101110 64 11111010 107 00010110 150 10101010 193 10011000 236 11010011
22 01010111 65 01111101 108 00001011 151 01010101 194 01001100 237 11010001
23 10010011 66 10000110 109 10111101 152 10010010 195 00100110 238 11010000
24 11110001 67 01000011 110 11100110 153 01001001 196 00010011 239 01101000
25 11000000 68 10011001 111 01110011 154 10011100 197 10110001 240 00110100
26 01100000 69 11110100 112 10000001 155 01001110 198 11100000 241 00011010
27 00110000 70 01111010 113 11111000 156 00100111 199 01110000 242 00001101
28 00011000 71 00111101 114 01111100 157 10101011 200 00111000 243 10111110
29 00001100 72 10100110 115 00111110 158 11101101 201 00011100 244 01011111
30 00000110 73 01010011 116 00011111 159 11001110 202 00001110 245 10010111
31 00000011 74 10010001 117 10110111 160 01100111 203 00000111 246 11110011
32 10111001 75 11110000 118 11100011 161 10001011 204 10111011 247 11000001
33 11100100 76 01111000 119 11001001 162 11111101 205 11100101 248 11011000
34 01110010 77 00111100 120 11011100 163 11000110 206 11001010 249 01101100
35 00111001 78 00011110 121 01101110 164 01100011 207 01100101 250 00110110
36 10100100 79 00001111 122 00110111 165 10001001 208 10001010 251 00011011
37 01010010 80 10111111 123 10100011 166 11111100 209 01000101 252 10110101
38 00101001 81 11100111 124 11101001 167 01111110 210 10011010 253 11100010
39 10101100 82 11001011 125 11001100 168 00111111 211 01001101 254 01110001
40 01010110 83 11011101 126 01100110 169 10100111 212 10011110 255 10000000
41 00101011 84 11010110 127 00110011 170 11101011 213 01001111
 52

A finite field of order 24it is also a subfield of order 28

Table:3.6
i ai
0 00000000
17 10011000
34 01001110
51 00001010
68 10011001
85 11010110
102 01000100
119 10010011
136 01001111
153 10010010
170 11010111
187 11011100
204 11011101
221 01000101
238 00001011
255 00000001
 53

Multiplication table is given by here for the curve y2+xy=x3+ax2+b let a=g4, b=1

0 1 g g2 g3 g4 g5 g6 g7 g8 g9 g10 g11 g12 g13 g14 g15

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1 0 1 g g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1
+1 +1 +g +g+1 +1
g 0 g g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1 g
+1 +1 +g +g+1 +1
g 0 g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1 g g2
2
+1 +1 +g +g+1 +1
g 0 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1 g g2 g3
3 +1 +1 +g +g+1 +1
g 0 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1 g g2 g3 g+1
4
+1 +1 +g +g+1 +1
g 0 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1 g g2 g3 g+1 g2+g
5
+1 +1 +g +g+1 +1
g 0 g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1 g g2 g3 g+1 g2+g g3+g2
6
+1 +1 +g +g+1 +1
g 0 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1 g g2 g3 g+1 g2+g g3+g2 g3+g
7
+1 +1 +g +g+1 +1 +1
g 0 g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1 g g2 g3 g+1 g2+g g3+g2 g3+g g2+1
8
+1 +g +g+1 +1 +1
g 0 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1 G g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g
9
+1 +g +g+1 +1 +1
g 0 g2+g g3+g2 g3+g2 g3+g2 g3+1 1 g g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g
1
+1 +g +g+1 +1 +1 +1
0

g 0 g3+g2 g3+g2 g3+g2 g3+1 1 g g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2
1
+g +g+1 +1 +1 +1 +g
1

g 0 g3+g2 g3+g2 g3+1 1 g g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2
1
+g+1 +1 +1 +1 +g +g+1
2

g 0 g3+g2 g3+1 1 g g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2
1
+1 +1 +1 +g +g+1 +1
3

g 0 g3+1 1 g g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1
1
+1 +1 +g +g+1 +1
4

g 0 1 g g2 g3 g+1 g2+g g3+g2 g3+g g2+1 g3+g g2+g g3+g2 g3+g2 g3+g2 g3+1 1
1
+1 +1 +g +g+1 +1
5
 54

Similarly the multiplication table for the GF(28) with the irreducible polynomial
Consider the Elliptic curve E28(a,b)
Y2+xy=x3+ax2+b
Let a=1,b=1 4a3+27b2≠0
Hence E28(1,1) exists.
Y2+xy=x3+g17x2+1 . . . . . .. . . .(I)
Put x=0 y2=1
Y=±1
i.e. (0,1) is a point on the curve (I)
Y2+xy=x3+ax2+b
Y2=x3+ax2+b-xy
Y2=x3+x2+xy+1
_________________
Put x=a17
Y2=a51+a34+a17y+1
(00001010)+(01001110)+(a17y)+(00000000)
=(01000101)+a17y
a102+a17y
y2=a102+ya
_____________-
a238y2=(a85+y)
L.H.S=a238a34=a17
R=a34
a238a68=a85+a34
=a51
x-1y2=x2+x+x-1)+y
a238y2=(a34+a119)+y =a170+y
 55

Y2=a187+a17y
__________________
Y2=a187+a17y
___________________
y2+xy=x3+a51x2+1
y2=x3+a51x2+xy+1
y2=a51+a51a34+a17y+1
=a51(1+a34)+a17y+1
=a51.a136+a17y+1
=a204+a17y
a34=x3+a51x2+a17x+1
a34+1=x2(x+a51)+(a17x+1)
(x+1)(x2+x+1)+a17x(a34x+1)
Xy+y2=x3+Ax2+B
Xy+y2=x51+Ax34+B
Put B=1
a17y+y2=a51+Ax34+1=(00001010)+Aa34+1
put A=a51 xy=(00001010)+a85+1
(00001010)+(11010110)+(00000001)
=(11011101)=a204
a51+a153=a17
y2+a17y+a204=0
y2+(a51+a13)+a51a103=0
(y+a5()(y+a153)=0
Put x=a68
X3+a51x2+1=a204+a51a136+1
=a204+a187+1
Y2+xy=0 y2+a68y=0
 56

Global public key elements:

E28(a51,1) Elliptic curve with parameters P(a51,1),Q=28.

Let G=point on the Elliptic curve whose order is large let (a17,a51) y2+xy=x3+a51x2+1.

P((xp,yp) then R=2P,a=a51

P=Q xR=λ2+λ+a

YR=xP2+(λ+1)xR

λ=a17+a51/a17=a17+a34

xR=(a17+a34)2+(a17+a34)+a51

(a17+a34)(a17+a34+1)+a51

=a85(a85+1)+a51

a170+a85+a51

=a238.

YR=a34+(a17+a34+1)a238

=a34+(a85+1)a238
= 34
a +a323+a238
= 34
a +a68+a238
= 34
a +a153
= 1877
a

2P=(a238,a187).

3P=P+2P (a17,a51)+(a238,a187)

P≠Q

XR=λ2 +λ+xP+xQ+a

YR=λ(xP+xR)+xR+yP
 57

=a187+a51/a238+a17

a85/a119 =a221

xR=a442+a221+a17+a238+a51

=a187+221+a17+a238+a51

a51+a51=0

yR=a221(a17+0)+0+a17

a238+a17=a119

3P=(0,a119)

4P=2P+2P

=(a238,a187)+(a238,a187)

=λ=xP+yP/xP=a238+a187/a238=a238+a204=a85

XR=λ2+λ+a=a51

YR=xP2+(λ+1)xR

a221+a136+a51=0

i.e 4P=(a51,0)

5P=4P+P

P≠

XR=λ2 +λ+xP+xQ+a

YR=λ(xP+xR)+xR+yP

XR=a306+a153+a51+a17+a51=a17+a17=0

YR=a153(a51+0)+0+0=a136

5P=(0,a136)

6P=5P+P=(0,a136)+(a17+a51) =(∞,∞) The points on the curve are

P=(a17,a51)
 58

2P=(a238,a187)

3P=(0,a119)

4P=(a51,0)

5P=(0,a136)

6P=(∞,∞)

Points are

P=(a17,a51)
2P=(a238,a187)
3P=(0,a119)
4P=(a51,0)
5P=(0,a136)
6P=(∞,∞)
3.3.3.4 Cryptosystem of order 28 :
Eq(a,b) elliptic curve with parameters a and q where q is a prime or an integer of the form
2m
G point on elliptic curve whose order is large value n let G=(a17,a51) n=6

User A key generation: Select private nA ∋ na<n

i.e nA=2
calculate public key PA=nAXG
2(a17,a51)
=(a238,a187)
User B key generation:
Select private key nB nB<n
i.e nB=1
calculate public key PB i.e PB=nBXG=1(a17,a51)
 59

calculation of secret key by user A

K=nAXPB=2(a17,a51)
=(a238,a187)
Calculation of secret key by user B:
K=nBXPA
=1(a238,a187)
=(a238,a187)
The two calculations in this produce the same result, because
nAX PB=nAX(nBXG)=nBX(nAXG)=nBXPA
nAXPB=nBXPA.
E28(a34,a187) elliptic curve with parameters P(a34,a187) G is point on the elliptic curve
whose order is very large
Let (a34,a187)
Y2+xy=x3+a51x2+1
L.H.S=A374+A221
=a85
R.H.S= a102+a51+68+1
85
=a
L.H.S=R.H.S
P=Q
P(xP,yP) then R=2P
XR=λ2+λ+a
YR=xP2+(λ+1)
λ=a187
XR=a221
YR=a34
2P=(a221,a34)
 60

3P=2P+P= a221,a34)+(a34,a187)

P≠Q here
XR=λ2+λ+xP+xQ+a , YR=λ(xP+xR)+xR+yP

λ=a170
xR=0
yR=1
3P=(0,1)
4P=2P+2P
(a221,a34)+(a221,a34)
λ=a187
xR=a221
yR=a238
4P=(a221,a238)
5P=4P+P=(a221,a238)+(a34,a187)
λ=a187
xR=a34
yR=a153
5P=(a34,a153)
6P=2(3P)=3P+3P=(0,1)+(0,1)

λ=∞
xR=∞
yR=∞
Similarly another cryptosystem is given with the following points on the curve
Y2+xy=x3+ax2+b
a=a51
P=(a34,a187)
 61

2P=(a221,a34)
3P=(0,1)
4P=(a221,a238)
5P=(a34,a153)
6P=(∞,∞)

Cryptosystem:
Let n=6
G=(a34,a187)
User A key generation: select private key nA ∋ nA<n

i.e nA=4

calculate public key PA=nAXG=4(a34,a187)

=(a221,a238)
User B key generation:

Select private key nB ∋ nB<n

nB<n
i.e nB=5
calculate public key PBi.e PB=nBXG=5(a34,a187)=(a34,a153)
calculate of secret key by user A:
k=nAXPB=4(a34,a187)
=(a221,a34)
Calculation of secret key by user B:
K=nBXPA=5(a221,a238)
=(a221,a34)

The two calculations in this produce the same result, because

nAX PB=nAX(nBXG)=nBX(nAXG)=nBXPA
 62

nAXPB=nBXPA.

Conclusion third chapter ECC:

In this chapter, an introduction of ECC operations over binary field, prime field and their
mathematical operations is explained. With clear examples, how the field operation level work
over both fields (Binary, Prime) are shown. Then, higher level operations (ECC operations) are
discussed. The process of adding point to another point and point doubling in order to produce a
new point is explained .We explained the construction of finite field of order2 8 .This chapter gives the
cryptosystem over the binary field of order 28

CHAPTER 4

Elliptic curve group and discrete logarithmic problem: