Scribd
Upload
36 views16 pages

Elliptic Curve

Elliptic curve cryptography uses elliptic curves over finite fields for public-key encryption, digital signatures, and other applications. It is based on the elliptic curve discrete logarithm problem. The main operations are point addition and point doubling on the curve. Elliptic curve domain parameters define the curve and finite field used. Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH) are common implementations of digital signatures and key exchange using elliptic curves.

Uploaded by

Shravan Kumar Bolisetty
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
36 views16 pages

Elliptic Curve

Elliptic curve cryptography uses elliptic curves over finite fields for public-key encryption, digital signatures, and other applications. It is based on the elliptic curve discrete logarithm problem. The main operations are point addition and point doubling on the curve. Elliptic curve domain parameters define the curve and finite field used. Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman (ECDH) are common implementations of digital signatures and key exchange using elliptic curves.

Uploaded by

Shravan Kumar Bolisetty
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Elliptic Curve

Basics and Digital Signature


Public Key Cryptography
• Components
– Public Key,
– Private Key
– Set of Operators that work on these Keys
– Predefined Constraints (required by some
algorithms)
Elliptic Curve Cryptography
• Components

Private Key Public Key Set of Operations Domain Parameters


(Predefined constants)

A random Point on a curve These are defined over G, a, b


number the curve
= Private Key * G y2 = x3 + ax + b,
where 4a3 + 27b2 ≠ 0
Discrete Logarithm Problem (DLP)
• Let P and Q be two points on the elliptic curve
– Such that Q = kP, where k is a scalar value

• DLP: Given P and Q, find k?


– If k is very large, it becomes computationally infeasible

• The security of ECC depends on the difficulty of


DLP

• Main operation in ECC is Point Multiplication


Point Multiplication
• Point Multiplication is achieved by two basic curve
operations:

1. Point Addition, L = J + K
2. Point Doubling, L = 2J

Example:
If k = 23; then, kP = 23*P
= 2(2(2(2P) + P) + P) + P
Point Addition
Geometrical explanation:
Point Addition
• Analytical explanation:

• Consider two distinct points J and K such that J =


(xJ, yJ) and K = (xK, yK)
Let L = J + K where L = (xL, yL), then
• xL = s2 - xJ – xK
• yL = -yJ + s (xJ – xL)
s = (yJ – yK)/(xJ – xK), s is slope of the line through J
and K
Point Doubling
Geometrical explanation:
Point Doubling
• Analytical explanation
Consider a point J such that J = (xJ, yJ), where yJ ≠
0
Let L = 2J where L = (xL, yL), Then
• xL = s2 – 2xJ
• yL = -yJ + s(xJ - xL)
s = (3xJ2 + a) / (2yJ), s is the tangent at point J and
a is one of the parameters chosen with the
elliptic curve
Finite Fields
• The Elliptic curve operations shown were on real
numbers
– Issue: operations are slow and inaccurate due to round-
off errors

• To make operations more efficient and accurate, the


curve is defined over two finite fields
1. Prime field Fp and
2. Binary field F2m
• The field is chosen with finitely large number of
points suited for cryptographic operations
EC on Prime field Fp
• Elliptic Curve equation:
y2 mod p= x3 + ax + b mod p
where 4a3 + 27b2 mod p ≠ 0.
• Elements of finite fields are integers between 0 and
p-1
• The prime number p is chosen such that there is
finitely large number of points on the elliptic curve
to make the cryptosystem secure.
• SEC specifies curves with p ranging between 112-
521 bits
EC on Binary field F2m
 Elliptic Curve equation:
y2 + xy = x3 + ax2 + b,
where b ≠ 0
 Here the elements of the finite field are integers of length
at most m bits.
 In binary polynomial the coefficients can only be 0 or 1.
 The m is chosen such that there is finitely large number of
points on the elliptic curve to make the cryptosystem
secure.
 SEC specifies curves with m ranging between 113-571
bits
Elliptic Curve Domain parameters
Domain parameters for EC over field Fp
• Parameters:
p, a, b, G, n and h.

Domain parameters for EC over field F2m


• Parameters:
m, f(x), a, b, G, n and h.
Implementations
• ECDSA - Elliptic Curve Digital Signature Algorithm
Signature Generation:
For signing a message m by sender A, using A’s private key dA
and public key QA = dA * G
1. Calculate e = HASH (m), where HASH is a cryptographic hash function, such
as
SHA-1
2. Select a random integer k from [1,n − 1]
3. Calculate r = x1 (mod n), where (x1, y1) = k * G. If r = 0, go to step 2
4. Calculate s = k − 1(e + dAr)(mod n). If s = 0, go to step 2
5. The signature is the pair (r, s)
Implementations
 ECDSA - Elliptic Curve Digital Signature Algorithm
Signature Verification:
For B to authenticate A's signature, B must have A’s public key QA
1. Verify that r and s are integers in [1,n − 1]. If not, the signature is invalid
2. Calculate e = HASH (m), where HASH is the same function used in the
signature generation
3. Calculate w = s −1 (mod n)
4. Calculate u1 = ew (mod n) and u2 = rw (mod n)
5. Calculate (x1, y1) = u1G + u2QA
6. The signature is valid if x1 = r(mod n), invalid otherwise
Implementations
• ECDH – Elliptic Curve Diffie Hellman
A (QA,dA) – Public, Private Key pair
B (QB,dB) – Public, Private Key pair

1. The end A computes K = (xK, yK) = dA * QB


2. The end B computes L = (xL, yL) = dB * QA
3. Since dAQB = dAdBG = dBdAG = dBQA. Therefore K = L
and hence xK = xL
4. Hence the shared secret is xK

You might also like