Asymmetric Encryption

ECC

Elliptic Curve
Cryptography
 Introduction

• What are Elliptic Curves?

• Curve with standard form y2 = x3 + ax + b a, b ϵ ℝ
• Implementing Group Operations
• Main operations - point addition and point multiplication
• Adding two points that lie on an Elliptic Curve – results in a third
point on the curve
• Point multiplication is repeated addition
• If P is a known point on the curve (aka Base point; part of domain
parameters) and it is multiplied by a scalar k, Q=kP is the
operation of adding P + P + P + P… +P (k times)
• Q is the resulting public key and k is the private key in the public-
private key pair
What is Elliptic Curve Cryptography?

•Discrete Log Problem

• The security of ECC is due the intractability or difficulty of
solving the inverse operation of finding k given Q and P
• This is termed as the discrete log problem
• Methods to solve include brute force and Pollard’s Rho attack
both of which are computationally expensive or infeasible
Examples of Elliptic Curves
 y = x + ax + b
2 3

Examples
 Elliptic Curves in Applications - Bitcoin
• The elliptic curve used by Bitcoin, Ethereum and many others is the
secp256k1 curve, with a equation of y² = x³+7 and looks like this:

• Start=>

• x-coordinate:
55066263022277343669578718895168534326250603453777594175
500187360389116729240
• y-coordinate:
32670510020758816978083085130507043184471273380659243275
938904335757337482424
With different parameters
Point multiplication demonstrated in a finite field
ECC Curve25519
• 2005 - Curve25519 first released by Daniel J. Bernstein
• One of the fastest ECC curves and is not covered by any known
patents
• Used a Montgomery curve y2 = x3+486662x2+x, over the prime field
defined by the prime number 255 - 19, and it uses the base point
x=9.
• Curve25519 is constructed such that it avoids many potential
implementation pitfalls
• immune to timing attacks
• it accepts any 32-byte string as a valid public key
• does not require validating that a given point belongs to the curve, or is
generated by the base point.
• 2018 - Transport Layer Security v1.3 published, requires
MANDATORY support for X25519, Ed25519, X448, and Ed448
algorithms.
• Why would you prefer X25519 over the common p256?
Why Elliptic Curve Cryptography?

• Shorter Key Length

• Lesser Computational Complexity

• Low Power Requirement

• More Secure
Comparable Key Sizes for Equivalent Security

Symmetric Encryption (Key Size in RSA and Diffie-Hellman (modulus size ECC Key Size in bits
bits) in bits)

56 512 112

80 1024 160

112 2048 224

128 3072 256

192 7680 384

256 15360 512

 Elliptic Curve Schemes

• Elliptic Curve Digital Signature Algorithm (ECDSA)

• Elliptic Curve Pintsov Vanstone Signature(ECPVS)

• Elliptic Curve Diffie-Hellman (ECDH)

 Pros and Cons

• Pros
• Shorter Key Length
• Same level of security as RSA achieved at a much shorter key
length
• Better Security
• Secure because of the ECDLP
• Higher security per key-bit than RSA
• Higher Performance
• Shorter key-length ensures lesser power requirement – suitable in
wireless sensor applications and low power devices
• More computation per bit but overall lesser computational
expense or complexity due to lesser number of key bits
 Pros and Cons

• Cons
• Relatively newer field
• Idea prevails that all the aspects of the topic may not have been
explored yet – possibly unknown vulnerabilities
• Doesn’t have widespread usage
• Not perfect
• Attacks still exist that can solve ECC (112 bit key length has been
publicly broken)
• Well known attacks are the Pollard’s Rho attack (complexity O(√n)
), Pohlig’s attack, Baby Step, Giant Step etc