How does Elliptic Curve Cryptography ensure secure communication of information on the internet
advertisement
Downloaded from www.clastify.com by dwidasa 06
IB Diploma Programme
Extended Essay
gm
ai
l.c
om
Elliptic Curve Cryptography
e@
How does Elliptic Curve Cryptography ensure secure communication of
pr
ad
ita
sm
information on the internet?
Cl
as
tif
y
IB Mathematics Analysis & Approaches HL
Word count: 3091 words
Downloaded from www.clastify.com by dwidasa 06
Table of Contents
1. Introduction………………………………………………………………………...1
2. Public Key Cryptography………………………………………………………….2
3. Preliminaries………………………………………………………………………...3
3.1 Definitions of Mathematical Foundations ……………………………….………….3
3.2 Modular Arithmetic Fundamentals………………………………………..…………5
3.3 Euler’s Totient Function……………………………………………………………..7
4. Elliptic Curve Fundamentals……………………………………………...………..9
om
4.1 Definition and Examples…………………………………………………………….9
l.c
4.2 Properties of Elliptic Curves……………………………………………………..…10
gm
ai
4.3 Geometric Operations………………………………………………………………11
e@
4.4 Singularity in Elliptic Curves…………………..…………………………………...13
sm
5. Elliptic Curve Cryptography Using Prime Fields ……………….……………….15
ad
ita
5.1 Formal Definition and Algebraic Procedures……………………………………….15
pr
5.2 Elliptic Curve Discrete Logarithm Problem………………………………………...19
tif
y
5.3 Parameters of ECC………………………………………………………………….20
Cl
as
5.4 Example of Calculating ECC Parameters………………………………………......20
5.5 Elliptic Curve Diffie-Hellman (ECDH) ……………………………………………22
5. Conclusion…………………………………………………………………….……..24
6. Appendices…………………………………………………………………….…….25
7. Bibliography………………………………………………………………….……...25
Downloaded from www.clastify.com by dwidasa 06
1
1. Introduction
Cryptography has been utilized by humanity for the protection of confidential matter for
centuries and the complexity of cryptosystems has gradually increased. From simple shift
ciphers to complex quantum cryptosystems, the applicability of cryptography has
broadened swiftly. As establishing a shared secret among parties became more difficult,
asymmetric cryptography gained more influence. The concept of Elliptic Curve
Cryptography (ECC) was first introduced in the 1980s and since then, there has been a
om
noticeably wider acceptance of this cryptosystem. My interest in ECC was evoked when I
l.c
learned that Bitcoin and Ethereum use elliptic curves to secure online transactions. I was
gm
ai
intrigued by this process and learned that elliptic curves can be used for ‘digital signing’,
e@
where a person can verify the identity of the sender of the message. Moreover, ECC has
sm
paved way for establishing shared information online more securely despite being a
ad
ita
relatively new cryptosystem. The importance and potential of ECC is what inspired me to
pr
choose the research question: How does Elliptic Curve Cryptography ensure secure
tif
y
communication of information on the internet? Therefore, this essay will explore the very
Cl
as
mathematical fundamentals that make the cryptosystem secure, along with exploring its
real-life application. To best answer the research question, I will explain Elliptic Curve
Diffie-Hellman (ECDH) key agreement protocol and explore the topic not only through
proofs and equations, but also visually by using graphs.
Downloaded from www.clastify.com by dwidasa 06
2
2. Public Key Cryptography
Public key cryptography can be explained by using the well-known Alice and Bob analogy
[4]:
(1) Let there be two parties known as Alice and Bob. Both people live very far away,
thus they cannot easily meet to create a secure channel for communication.
(2) Alice wants to send a letter to Bob, so Bob sends her a combination padlock that is
publicly known. Alice locks the letter in a case using Bob’s padlock and delivers it
om
to him.
ai
gm
password to the padlock that only he knows.
l.c
(3) When Bob receives the case, he unlocks it using his private key, which is the
e@
(4) Bob can now send his response to the letter by locking it in the case with Alice’s
ita
sm
padlock, which she had shared with him previously. Thus, Alice and Bob have
ad
successfully communicated information safely over an insecure channel.
tif
y
pr
Here, Alice encrypted the information by locking the letter using Bob’s padlock and Bob
Cl
as
decrypted it by opening the lock with the passcode only he knew and vice versa. The
padlocks are the public keys, which are accessible to everyone, and the passcodes are private
keys. Although both parties do not know each other’s private keys, they were able to
establish information only they knew, thus creating a ‘shared’ secret. Public key
cryptography or asymmetric encryption ensures safe communication of information
through numerically connected private keys without requiring the parties to have a shared
key.
Downloaded from www.clastify.com by dwidasa 06
3
This procedure can be visualized as follows where the public key and private key are
om
different:
gm
ai
l.c
Figure 1 Asymmetric encryption [5]
e@
An extension of this concept is that the procedure can also be reversed. The private key can
sm
also encrypt the message which is decrypted by the corresponding public key of the sender.
ita
This process is used for ‘digital signing’ which verifies that the sender owns the private key
pr
ad
linked to the public key [4], it forms the basis of Elliptic Curve Digital Signature Algorithm
Cl
as
tif
y
(ECDSA) [16].
3. Preliminaries
This section will present the fundamental definitions and concepts which will be used in the
essay. I will introduce the topics of modular arithmetic and Euler’s totient function, as we
will encounter them later in the essay, such as for solving the parameters of ECC.
3.1. Definitions of Mathematical Foundations
In this subsection, I will give the definitions of basic mathematical concepts of algebra and
number theory used in the essay.
Downloaded from www.clastify.com by dwidasa 06
4
•
Algebra
Definition 3.1.1. The symbol ⨁ denotes the operation sum of elements in a set S. This set
with algebraic elements holds associative properties [4] if
(a ⨁ b) ⨁ c = a ⨁ (b ⨁ c), ∀ a, b, c 𝜖 S.
Definition 3.1.2. A set S is said to hold commutative properties [4] if
a ⨁ b = b ⨁ a, ∀ a, b 𝜖 S.
om
Definition 3.1.3. A group P is a set of elements defined by one operation, which is either
l.c
addition or multiplication. The group operation is associative [4] and for any element
e@
gm
ai
x 𝜖 P, there exists an additive inverse -x 𝜖 P if the group operation is additive; such that
sm
x ⨁ (-x) = (-x) ⨁ x = e, where e is the identity element.
ad
ita
Definition 3.1.4. An abelian group P is a group that has a commutative group operation.
pr
The group operation on two group elements x and y gives an unchanged result despite the
Cl
as
tif
y
order of the operation [2] such that
x ⨁ y = y ⨁ x.
Definition 3.1.5. A group P is said to be cyclic if it is abelian and generated by one element
g, which is the generator of the group. For a group with multiplicative notation, the subgroup
is written as [11]:
P = <g> = {… g-3, g-2, g-1, 0, g, g2, g3…}
where g-n = (gn)-1.
Definition 3.1.6. A ring is a set R with two binary operations, addition ⊕ and
multiplication ⊗ [3], where:
Downloaded from www.clastify.com by dwidasa 06
5
1.
R with operation ⊕ is an abelian group.
2.
Multiplication is associative and is not necessarily commutative.
3.
Multiplication in R is distributive over addition so that
(a ⊕ b) ⊗ c = (a ⊗ c) ⊕ (b ⊗ c), ∀ a, b, c 𝜖 R.
Definition 3.1.7. A field is defined as a commutative ring F in which any non-zero element
x 𝜖 F has a multiplicative inverse x-1 𝜖 F [1].
•
Number Theory
l.c
om
Definition 3.1.8. a|b reads as a divides b and denotes that b is divisible by a for a, b 𝜖 ℤ.
ai
Definition 3.1.9. The greatest common divisor c is the largest number that satisfies c|a and
e@
gm
c|b for two numbers a and b denoted by gcd(a,b) = c for a, b, c 𝜖 ℤ+.
ita
sm
For example, 3 is the greatest number that divides both 21 and 15. Thus,
pr
ad
gcd(21,15) = 3.
For example,
Cl
as
gcd(a,b) = 1.
tif
y
Definition 3.1.10. The numbers a and b are relatively prime (also known as co-prime) if
gcd(37,4)=1
3.2. Modular Arithmetic Fundamentals
Modular arithmetic, also known as clock arithmetic, shows the cyclicity of remainders when
an integer is divided by another number.
Downloaded from www.clastify.com by dwidasa 06
6
The following example can be taken:
97
1
= 32
3
3
The remainder is 1 and the modular notation is as follows:
97 (mod 3) = 1
(1)
Equation 1 is denoted by modular arithmetic as:
97 ≡ 1 (mod 3)
om
We can observe the congruent relationship between 97 and 1, as they both have the
l.c
remainder 1 when divided by 3.
gm
ai
The remainder stays the same when 3k, where k 𝜖 ℤ, is added or subtracted from 97 or 1.
sm
e@
We can equate 97 to:
ita
97 = 1 + 3 ⋅ 32
pr
ad
In this case, the equation is said to ‘wrap around’ the interval of 3. For example, a positive
Cl
as
tif
y
multiple of 3, where k = 3, results in:
10 ≡ 1 (mod 3)
This holds true also because 10 = 3⋅ 3 + 1. The remainder is 1 when 10 and 1 are divided by
3, thus we can also write:
1 ≡ 10 (mod 3)
Definition 3.2.1. Let a, b, m > 0 𝜖 ℤ. Then,
a ≡ b (mod m)
(2)
Downloaded from www.clastify.com by dwidasa 06
7
if 𝑚|(𝑎 − 𝑏) [17]. We can observe that the values can be flipped over the sides and the
congruent relationship remains the same. This relationship is generalized to form the
following equation from Equation 2:
a (mod m) = b
where a, b, m > 0 𝜖 ℤ.
This relationship in this case is generalized to form the following equation for two
l.c
a=m⋅k+b
om
integers a, b that have the same remainder when divided by m > 1:
sm
e@
gm
ai
where k 𝜖 ℤ [4].
ita
3.3. Euler’s totient function
pr
ad
Euler’s totient function or the phi function, denotes the number of positive integers that are
Cl
as
tif
y
less than and are co-prime to a number m [19]. The function is expressed by:
φ (𝑚) = # {0 < 𝑎 < 𝑚| gcd(𝑎, 𝑚) = 1}
(3)
where m 𝜖 ℤ+, m >1 and a is a number co-prime to m. We will take the following example
of m = 24 for better understanding.
First, we state the gcd between 24 and all the positive numbers less than m:
φ(24)
𝐠𝐜𝐝(𝟏, 𝟐𝟒) = 𝟏
gcd(2,24) = 2
gcd(3,24) = 3
gcd(4,24) = 4
𝐠𝐜𝐝(𝟓, 𝟐𝟒) = 𝟏
gcd(6,24) = 6
𝐠𝐜𝐝(𝟕, 𝟐𝟒) = 𝟏
gcd(8,24) = 8
gcd(9,24) = 3
gcd(10,24) = 2
𝐠𝐜𝐝(𝟏𝟏, 𝟐𝟒) = 𝟏
gcd(12,24) = 12
𝐠𝐜𝐝(𝟏𝟑, 𝟐𝟒) = 𝟏
gcd(14,24) = 2
gcd(15,24) = 3
gcd(16,24) = 8
Downloaded from www.clastify.com by dwidasa 06
8
𝐠𝐜𝐝(𝟏𝟕, 𝟐𝟒) = 𝟏
gcd(18,24) = 6
𝐠𝐜𝐝(𝟏𝟗, 𝟐𝟒) = 𝟏
gcd(21,24) = 3
gcd(22,24) = 2
𝐠𝐜𝐝(𝟐𝟑, 𝟐𝟒) = 𝟏
gcd(20,24) = 4
The number of positive integers less than 24 that satisfy the condition gcd(a, 24 )= 1 is 8.
Therefore,
φ(24) = 8
There is a special case for when m = p, where p is a prime number. Since p only satisfies
om
p|p and 1|p, all numbers less than p are coprime to p. This can be written as:
(4)
l.c
φ(𝑝) = 𝑝 − 1
gm
ai
Theorem 2.3.1. If p is a prime, then φ(𝑝𝑛 ) = (𝑝 − 1) ∙ 𝑝𝑛−1
sm
e@
Proof. Let x be an integer from the set of values divisible by pn. Since gcd(x,pn)≠1, x is a
ita
multiple of p that is less than or equal to pn. Therefore,
pr
ad
𝑥 ϵ {p, 2p, 3p, 4p.... (pn-1)p}.
tif
y
It is seen that (pn-1)p = pn, which means that apart from (pn-1)p, all the other elements in the
Cl
as
set are coprime to pn [14]. This is denoted as:
φ(pn) = pn −pn-1
φ(pn ) = pn-1(p −1)
∎
Corollary. Since we will only work with n = 1:
φ(p1) = p1-1(p −1)
φ(p) = p − 1
∎
which is the result we saw in Equation 4.
Downloaded from www.clastify.com by dwidasa 06
9
4. Elliptic Curve Fundamentals
4.1. Definition and examples
An elliptic curve is an algebraic curve, meaning it satisfies properties of polynomials, with
a degree of 3 along with a point at infinity, O. An elliptic curve over a field K can be defined
as:
y2 = x3 + ax +b
(5)
where a, b 𝜖 K. Here, 4a3+27b2 ≠0 [16] as the curve is non-singular therefore every point
om
has a ‘unique tangent’ and there are no repeated solutions. The field K can be real, ℝ,
l.c
complex, ℂ, or an integer modulo p (where p is a prime number), (ℤ/ pℤ) = {0, 1, 2, 3,…..,
gm
ai
p-1}.
Cl
as
tif
y
pr
ad
ita
sm
e@
Following are some examples of elliptic curves:
Figure 2 Examples of ECs [10]
Since the essay will later cover the representation of elliptic curves over modular fields, an
example of the graph of y2 = x3 - 3x + 3 (mod 17) is as follows:
Downloaded from www.clastify.com by dwidasa 06
gm
ai
l.c
om
10
e@
Figure 3 Modular form of Elliptic Curves [9]
ita
sm
4.2. Properties of Elliptic Curves
pr
ad
(1) The curve is symmetric over the x-axis. Since,
Cl
as
tif
y
y2 = x3 + ax + b ⇒y = ±√𝑥 3 + 𝑎𝑥 + 𝑏
Thus, for every point (xp, yp), there exists a point with coordinates (xp, -yp). For example,
we can see from the annotated graph of y2 = x3 - 3x + 3 that the y-coordinate ya of any point
A has an additive inverse - ya over the x-axis.
Figure 4 EC symmetry [8]
Downloaded from www.clastify.com by dwidasa 06
11
(2) Any non-vertical line intersects with a maximum of 3 points on the elliptic curve.
(3) The line intersecting two given points P and Q will go through exactly one more point
on the curve.
These properties are used to define abelian groups on elliptic curves.
om
4.3. Geometric operations [13]
l.c
This sub-section will focus on the geometric interpretation of prominent point operations
gm
ai
that form the basis for Elliptic Curve Cryptography. The algebraic calculations will be
sm
e@
shown later in the essay.
ita
Point at infinity
pr
ad
The point at infinity is an artificial point that also acts as the identity element of the curve.
tif
y
It is denoted by O and shows the imaginary points of infinity on the field K. Unfortunately,
Point addition
•
Cl
as
the proof of the existence of point at infinity is out of the scope of this essay.
Adding two distinct points.
(1) Let us take two distinct points on an elliptic curve, P and Q.
(2) To add the points and solve the equation P ⨁ Q = R, we first introduce a line L through
both points.
(3) Line L intersects a third point -R, which is reflected across the x-axis to obtain point R.
Since R is unique, the addition is well-defined.
Downloaded from www.clastify.com by dwidasa 06
12
I used WolframAlpha to make the graph of y2 = x3 – 2x +3 (a = -2 and b = 3) and annotated
om
it to visualize the above steps in figure 5:
Figure 5 Point addition [21]
l.c
ai
gm
Adding a point to itself.
e@
•
Figure 6 Adding a point to itself [21]
sm
(1) Let us take P = Q on an elliptic curve E.
ad
ita
(2) To find P ⨁ P = 2P, the tangent L to curve E at point P is drawn.
pr
(3) The second point of intersection -2P is reflected over the x-axis to get 2P.
Cl
as
tif
y
This process is visualized in the annotated graph of y2 = x3 – 2x +3 figure 6. We can
generalize the results from the point addition equations for two points P and Q on the
elliptic curve [16]:
𝑃⨁𝑄 =𝑄⨁𝑃
(𝑃 ⨁ 𝑄)⨁ 𝑅 = 𝑂
(𝑃 ⨁ 𝑄)⨁ 𝑅 = 𝑃 ⨁ (𝑄⨁ 𝑅)
𝑃⨁𝑂 =𝑃
These properties together form the points on the elliptic curve over ℤ/𝑝ℤ into an abelian
group.
Downloaded from www.clastify.com by dwidasa 06
13
Point at infinity
The point at infinity, O, occurs in two cases [18].
Case 1. Figure 7 shows the case when the line of intersection through P and Q is vertical. If
P≠Q and xp = xq, then:
P⨁Q=O
Case 2. Figure 8 shows the case when the tangent for E at point P does not intersect a second
point.
ai
gm
P⨁P=O
l.c
om
If P=Q and yp = yq = 0, then:
Cl
as
tif
y
pr
ad
ita
sm
e@
2P = O
Figure 7 Point at infinity- Case 1 [18]
Figure 8 Point at infinity- Case 2 [18]
4.4. Singularity in Elliptic Curves
As mentioned in subsection 4.1, elliptic curves are non-singular and do not have repeated
solutions that would otherwise make them singular. When = 4𝑎2 + 27𝑏 2 = 0, the equation
has repeating roots which can be visualized by cusps or self-intersections as shown in the
graphs I made with WolframAlpha in figures 9 and 10 respectively:
Downloaded from www.clastify.com by dwidasa 06
14
Figure 9 Cusp [21]
Figure 10 Self intersection [21]
l.c
om
In the following figures, I used GeoGebra to create a graph of two equations in the form
Cl
as
tif
y
pr
ad
ita
sm
e@
gm
ai
y2 = x3 + ax +b represented by the blue lines and y = x3 + ax +b represented by the red lines.
Figure 12 Non-singular curve [8]
Figure 11 Singularity Case [8]
It is observed that there is a singularity when the minimum of y = x3 + ax +b touches the xaxis [6]. This means the singularity occurs at
𝑑
𝑑𝑥
(𝑥 3 + 𝑎𝑥 + 𝑏) = 3𝑥 2 + 𝑎 = 0
Downloaded from www.clastify.com by dwidasa 06
15
Hence at
−𝑎
𝑥=√3
Substituting the values:
−𝑎
−𝑎
(√ 3 )3+(√ 3 )𝑎 +b = 0
−𝑎
−𝑎
−𝑎
−𝑎
−𝑎
(√ 3 )2 (√ 3 )+(√ 3 )𝑎 = -b
−𝑎
om
√ 3 ( 3 ) +(√ 3 )𝑎 = -b
−𝑎
gm
−𝑎
ai
l.c
Factorizing:
e@
√ 3 ( 3 + 𝑎) = -b
2𝑎
sm
−𝑎
Cl
as
tif
y
pr
ad
ita
√ 3 ( 3 ) = -b
−𝑎
4𝑎2
∙ 9
3
−4𝑎3
27
= b2
= b2
4𝑎2 + 27𝑏 2 = 0
∎
Hence, it’s proven that 4a2+27b2≠0 to ensure non-singularity [6].
5. Elliptic Curve Cryptography Using Prime Fields
5.1. Formal Definition and Algebraic Procedures
The formal definition of an elliptic curve over prime fields is:
Downloaded from www.clastify.com by dwidasa 06
16
E(Fp)= {(x, y) ϵ F2p: y2 = x3 + ax + b (mod p)} ∪ {O}
(6)
where p is a prime number and Fp is a finite field. The coordinates x and y are defined on
F2p. Here, Fp denotes the set {0, 1, 2, 3,…., p - 1}.
Algebraic operations on Fp
•
Adding two distinct points [15].
The slope of the line L through two points P (xp, yp) and Q (xq, yq) is defined as:
𝑦 −𝑦
=𝑥𝑞 −𝑥𝑝
(7)
𝑝
om
𝑞
l.c
The slope-point form of equation:
gm
ai
𝑦− 𝑦𝑝 = (𝑥 − 𝑥𝑝 )
sm
e@
The slope-intercept form of equation is written as:
pr
𝑦 = 𝜆𝑥 + 𝑚
Cl
as
tif
y
Let m = −𝜆𝑥𝑝 + 𝑦𝑝 , thus
ad
ita
𝑦 = 𝜆𝑥 − 𝜆𝑥𝑝 + 𝑦𝑝
Substituting equation 8 into the equation of an elliptic curve:
(x + m)2 = x3 + ax + b
⇒ x2 + xm + m2 = x3 + ax + b
⇒ x3 + ax + b − x2 − xm − m2 = 0
⇒ x3 + ax + b − x2 − x(−𝜆𝑥𝑝 + 𝑦𝑝 ) − ( −𝜆𝑥𝑝 + 𝑦𝑝 )2 = 0
⇒ x3 + ax + b − x2 + 𝑥𝑝 x−2𝜆𝑥𝑦𝑝 −𝜆2 𝑥𝑝 2 − 𝑦𝑃2 + 2𝜆𝑥𝑝 𝑦𝑝 = 0
(8)
Downloaded from www.clastify.com by dwidasa 06
17
Rearranging:
x3 − x2 + (𝑥𝑝 − 2𝜆𝑦𝑝 + 𝑎)x +(b −𝜆2 𝑥𝑝 2 − 𝑦𝑝2 + 2𝜆𝑥𝑝 𝑦𝑝 )= 0
(9)
We know that for a polynomial P(x)= anxn + an-1xn-1+…. + a1x1 + a0, where an ≠ 0, the sum
of n number of roots is as follows:
−(𝑎𝑛−1 )
x1 + x2 +…. + xn =
𝑎𝑛
It is seen that equation 9 is cubic. Since we already know the two solutions xp and xq, the
sum of the roots can be used to find the third solution xr, which is the x-coordinate of point
1
= 𝜆2
ai
−(−𝜆2 )
e@
gm
xp + xq + xr =
l.c
om
R = P ⨁ Q:
xr = 𝜆2- xp - xq
xr = 𝜆2- (xp + xq)
(10)
y
pr
ad
ita
sm
Thus,
Cl
as
tif
Therefore, using the equation for line L and reversing the sign:
yr= (x - xr) - yp
Let us use an example of two points P (-2, 4) and Q (1,6). To find point R = P ⨁ Q,
we must find :
4− 6
= −2−1
2
= 3
(11)
Downloaded from www.clastify.com by dwidasa 06
18
Therefore,
2
xr= (3)2 – (-2 + 1)
13
xr= 9
From here we can find the y-coordinate:
2
13
yr= 3 (-2 - 9 ) - 4
yr=
−330
27
13 −330
Therefore, we now know that the coordinates of R are ( 9 ,
om
).
l.c
Adding a point to itself
gm
ai
•
27
Thus,
𝑑𝑦
𝑑𝑥
=−
𝜕𝐹/𝜕𝑥
𝜕𝐹/𝜕𝑦
Cl
as
tif
y
pr
ad
ita
𝑑𝑥
For implicit differentiation:
(y2 - x3 - ax – b) = 0
sm
𝑑
e@
When P = Q, the line L is tangent to E at the point, thus:
𝑑𝑦
𝑑𝑥
=−
−3x2 −𝑎
2𝑦
Therefore, for point P (xp, yp):
=
2 +𝑎
3𝑥𝑝
(12)
2𝑦𝑝
To find the coordinates of point R (xr, yr), where R = 2P= P ⨁ P,
xr = 2 – (xp + xq) = 2 – 2xp
(13)
yr= (xp - xr) - yp
(14)
Downloaded from www.clastify.com by dwidasa 06
19
Scalar multiplication.
The elliptic curve E is defined on a modulo p finite field Fp. The point P ϵ E(Fp) can create
a point Q through repeated addition. The point Q is given by the following equation [16].
Q = 𝑃⨁ 𝑃⨁ 𝑃⨁ 𝑃⨁ 𝑃⨁ 𝑃⨁ 𝑃 … = tP
t
where t ϵ ℤ. Therefore, Q is simply defined as point P added to itself t times. P can also
generate a subgroup H through point addition, this is known as the generator G of the
om
subgroup. This property of cyclic subgroups on elliptic curves paves way for the discrete
ai
l.c
logarithm problem, the main idea behind the security of ECC. It is also to be noted if the
e@
gm
operation is multiplicative, we have:
t
ad
ita
sm
Q = 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ … = Pt
y
pr
5.2. Elliptic Curve Discrete Logarithm Problem
Cl
as
tif
Firstly, it is important to define the generator point, G:
Definition 5.2.1. The generator G creates the abelian subgroup H on an elliptic curve
modulo p, which is E(Fp), through repeated addition. Thus, any point Q = tG is an element
on the cyclic subgroup generated by G and t is the number of times G has been added to
itself [16].
This definition also leads to a problem about how one can find the value of smallest integer
t such that it satisfies Q = tG [20]. Finding t is a more complex process [4] in multiplicatively
created groups since Q = Pt ⇒ log p 𝑄 = 𝑡. A solution to this problem is to create an
algorithm to calculate t in a reasonable period of time. This introduces the concept of time
complexity, which is the prominent reason why ECC encryptions are difficult to break.
Downloaded from www.clastify.com by dwidasa 06
20
5.3. Parameters of ECC
This subsection explains the following parameters that arise from the generator point, G
[13]:
Order of the generator point, n: The order of G is denoted by ord(G) = n and it states the
number of cyclic points generated by G. The order n is also the smallest number such that
nG = O, where n 𝜖 ℤ+.
Cofactor, h: The co-factor h is defined as the total number of points on the elliptic curve
om
on the modular p field divided by n.
l.c
|𝐸(𝐹𝑝 )|
𝑛
(15)
gm
ai
h=
e@
The ideal value of h is 1. An elliptic curve E(Fp) with co-factor h > 4 is weaker.
ita
sm
Parameters of ECC:
pr
ad
p: prime number specifying the field Fp
Cl
as
tif
y
a, b: The curve descriptors, where a, b ϵ Fp
G: The subgroup generator point
n: ord(G)
h: Cofactor
5.4. Example of calculating ECC parameters
For this example, we will take the curve: y2 ≡ x3 + 3x + 6 (mod 13). Such a small curve
would generally not be used; however, it will be used in the essay for demonstration.
Let G = (1,6), to calculate G ⊕ G = 2G we will calculate 𝜆 first. From subsection 5.1:
Downloaded from www.clastify.com by dwidasa 06
21
=
2
3𝑥𝐺
+𝑎
2𝑦𝐺
Since xG = 1 and yG = 6; a = 3:
=
3(1)2 +3
2(6)
6
≡ 12 ≡ (6 𝑚𝑜𝑑 13) ∙ (12−1 𝑚𝑜𝑑 13) ≡ 6 ∙ (12𝜑(13)−1 𝑚𝑜𝑑 13)
≡ 6 ∙ (1212−1 𝑚𝑜𝑑 13) ≡ 6 ∙ 12 (mod 13) ≡ 7 (mod 13)
Now to calculate the co-ordinates of 2G, we know that:
x2G = 2 – 2xG
l.c
om
x2G≡ (7)2 – 2 ≡ 47 ≡ 8 (mod 13)
gm
ai
We also know that:
e@
y2G= (xG - x2G) - yG
ita
sm
y2G ≡ 7 (1- 8) – 6 ≡-49-6 ≡ -55 ≡ 10 (mod 13)
pr
ad
Thus, the co-ordinates of 2G are (8, 10).
tif
y
By using the same process, one can calculate the multiples of G until the point at infinity to
G (1, 6)
Cl
as
find the order as follows:
2G (8, 10)
3G (3, 4)
4G (10, 3)
5G (5, 4)
6G (4, 2)
7G (4, 11)
8G (5, 9)
9G (10, 10)
10G (3, 9)
11G (8, 3)
12G (1, 7)
13G = O
Downloaded from www.clastify.com by dwidasa 06
22
|13|
Here, the smallest integer that results in nG = O is n = 13. Thus, h = 13 = 1. The graph of
gm
ai
l.c
om
the curve is given below, which also helps confirm our calculations.
sm
e@
Figure 13 Graph of the curve form of y2 ≡ x3 + 3x + 6 (mod 13) [9]
ad
ita
This data can be processed to be used in Elliptic Curve Cryptography. We will focus on
Cl
as
tif
y
pr
Elliptic Curve Diffie-Hellman, as it is one of the most used ECC protocols, in subsection 5.5.
5.5. Elliptic Curve Diffie-Hellman (ECDH) [13]
The Diffie-Hellman key exchange system allows the parties to communicate over an insecure
channel as shown in section 1. This is carried out through creating a ‘shared key’.
(1) Bob and Alice are two individuals who want to communicate from far away using
ECDH. Therefore, they agree on the set of parameters (p, a, b, G, n, h) where p is a
prime number and a, b are coefficients of the arbitrary curve they choose. They then
create a cyclic subgroup using G. In this case, a = 3, b = 6, p = 13, G = (1, 6), n =
13, and h = 1. These parameters are made public.
Downloaded from www.clastify.com by dwidasa 06
23
(2) Both Alice and Bob choose a random private key from the subgroup. In this case,
Bob chooses his private key tB = 7 and forms the public key B = 7G = (4, 11).
Similarly, Alice chooses tA = 4 and forms the public key A = 4G = (10, 3).
(3) Both parties share their public keys. Bob multiplies Alice’s public key to compute
tB(A) = 28G. Since P = 13, 28G mod 13 = 12G = (8, 10). Alice also multiplies Bob’s
public key and her private key to form tA(B) = 28G mod 13 = 12G = (8, 10).
(4) Therefore, both individuals have successfully created a shared key that a third-party
Cl
as
tif
y
pr
ad
ita
sm
e@
gm
ai
l.c
om
Eve is unaware of. This is because Eve only knows about G, A and B.
Downloaded from www.clastify.com by dwidasa 06
24
6. Conclusion
Elliptic Curve Cryptography has a broad range of applicability, and its increasing use is due
to the fact that ECC encryptions are relatively harder to break when compared to another
cryptosystem such as RSA (see Appendix 1). An ECC key of 160-bit can supply the same
level of protection as an RSA key of 1024-bit. We have seen that the discrete logarithm
problem is the fundamental idea that makes the ECC encryptions very strong and aids in
secure transfer of information. This cryptosystem can pair with various protocols and
om
algorithms to form new key agreement protocols and algorithms such as Elliptic Curve Diffie-
l.c
Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA), which further
gm
ai
enhances its presence on the internet. It is significantly used for digital signature in
e@
cryptocurrencies and website activities, along with doing one-way encryption of data. Despite
sm
the strength of ECC keys, there are growing fears of quantum computing attacks, for example
ad
ita
Shor’s algorithm [7]. Pollard’s Rho algorithm is also relatively quicker at the process of
pr
breaking Elliptic Curve keys when compared to other classical algorithms [16]. Apart from
tif
y
these cybersecurity threats, ECC is very secure in the meantime, as seen from the prevalence
Cl
as
of its application. Overall, the use of elliptic curves to offer the given level of protection also
adds an element of beauty to the cryptosystem.
Downloaded from www.clastify.com by dwidasa 06
25
Appendices
Appendix 1. Table showing the key sizes of different cryptosystems offering the same level
sm
e@
gm
ai
l.c
om
of security [12]
pr
ad
ita
References
Brilliant.org. Fields. https://brilliant.org/wiki/fields/. Accessed 15 June 2022
2.
Brilliant.org. Group theory. https://brilliant.org/wiki/group-theory-introduction/.
Cl
as
tif
y
1.
Accessed 15 June 2022
3.
Brilliant.org. Ring theory. https://brilliant.org/wiki/ring-theory/. Accessed 15 June
2022
4.
A. A. Bruen, M. Forcinito, Cryptography, information theory, and error-correction:
A handbook for the 21st Century. John Wiley & Sons, Hoboken, 2011.
5.
Cisco. What is encryption? explanation and types. Cisco.
https://www.cisco.com/c/en/us/products/security/encryptionexplained.html#~encryption-algorithms. Accessed 20 June 2022
Downloaded from www.clastify.com by dwidasa 06
26
6.
Tom Davis. Elliptic Curve Cryptography. Geometer.org.
http://www.geometer.org/mathcircles/ecc.pdf. Accessed July 2022
7.
Dan Garisto. (2021, April 8). Quantum computers won't break encryption just yet.
Protocol. Protocol. https://www.protocol.com/manuals/quantum-computing/quantumcomputers-wont-break-encryptionyet#:~:text=Shor's%20algorithm%20would%20take%2020,still%20millions%20of%20ti
mes%20faster. Accessed 18 June 2022
8.
Geogebra. Graphing calculator. GeoGebra.
om
https://www.geogebra.org/graphing?lang=en. Accessed June 2022
Sascha Grau. Elliptic curves over finite fields. https://graui.de/code/elliptic2/.
ai
l.c
9.
e@
Hans Knutson. (2018). What is the math behind elliptic curve cryptography?
sm
10.
gm
Accessed June 2022
ita
HackerNoon. https://hackernoon.com/what-is-the-math-behind-elliptic-curve-
Martin Liebeck, A concise introduction to pure mathematics. CRC Press, Boca Raton,
12.
Cl
as
2015.
tif
y
11.
pr
ad
cryptography-f61b25253da3. Accessed 13 June 2022
Julie Olenski. (2015). Elliptic curve cryptography. GlobalSign.
https://www.globalsign.com/en/blog/elliptic-curve-cryptography. Accessed 18 June 2022
13.
Robert Pierce. Elliptic Curve Diffie Hellman. (2014). YouTube. YouTube.
https://www.youtube.com/watch?v=F3zzNa42-tQ. Accessed May 2022
14.
Polar Pi, [Euler Phi Function] - Formula + Proof for primes to a power (phi(p^k)).
(2019). YouTube. https://www.youtube.com/watch?v=N-YVDPYdi2I. Accessed June
2022
15.
RiverNinj4. (2011, February 2). Elliptic curve point addition. YouTube. YouTube.
https://www.youtube.com/watch?v=XmygBPb7DPM. Accessed 9 October 2022
Downloaded from www.clastify.com by dwidasa 06
27
16.
Olga Shevchuk. Introduction to elliptic curve cryptography - University of Chicago.
The University of Chicago.
https://math.uchicago.edu/~may/REU2020/REUPapers/Shevchuk.pdf. Accessed May
2022
17.
TrevTutor. (2015). [discrete mathematics] modular arithmetic. YouTube. YouTube.
https://www.youtube.com/watch?v=d-n92Ml1iu0. Accessed 13 June 2022
18.
Trustica. Elliptic curves: point at infinity. (2018). YouTube. YouTube.
https://www.youtube.com/watch?v=WnBEZ0qNdV0. Accessed 13 June 2022
Eric W. Weisstein. Totient function. Wolfram MathWorld.
om
19.
ai
l.c
https://mathworld.wolfram.com/TotientFunction.html#:~:text=The%20totient%20functio
gm
n%20is%20implemented%20in%20the%20Wolfram,factor%20in%20common%20with.
Jeremy Wohlwend. Elliptic curve cryptography: Pre and post quantum. MIT
ita
20.
sm
e@
%20is%20always%20even%20for. Accessed 14 June 2022
pr
ad
Mathematics. https://math.mit.edu/~apost/courses/18.204-
Wolfram Research, Inc. Graphing Calculator. WolframAlpha.
Cl
as
21.
tif
y
2016/18.204_Jeremy_Wohlwend_final_paper.pdf.
https://www.wolframalpha.com/input?i=graphing%2Bcalculator. Accessed June 2022
