Downloaded from www.clastify.com by dwidasa 06 IB Diploma Programme Extended Essay gm ai l.c om Elliptic Curve Cryptography e@ How does Elliptic Curve Cryptography ensure secure communication of pr ad ita sm information on the internet? Cl as tif y IB Mathematics Analysis & Approaches HL Word count: 3091 words Downloaded from www.clastify.com by dwidasa 06 Table of Contents 1. Introduction………………………………………………………………………...1 2. Public Key Cryptography………………………………………………………….2 3. Preliminaries………………………………………………………………………...3 3.1 Definitions of Mathematical Foundations ……………………………….………….3 3.2 Modular Arithmetic Fundamentals………………………………………..…………5 3.3 Euler’s Totient Function……………………………………………………………..7 4. Elliptic Curve Fundamentals……………………………………………...………..9 om 4.1 Definition and Examples…………………………………………………………….9 l.c 4.2 Properties of Elliptic Curves……………………………………………………..…10 gm ai 4.3 Geometric Operations………………………………………………………………11 e@ 4.4 Singularity in Elliptic Curves…………………..…………………………………...13 sm 5. Elliptic Curve Cryptography Using Prime Fields ……………….……………….15 ad ita 5.1 Formal Definition and Algebraic Procedures……………………………………….15 pr 5.2 Elliptic Curve Discrete Logarithm Problem………………………………………...19 tif y 5.3 Parameters of ECC………………………………………………………………….20 Cl as 5.4 Example of Calculating ECC Parameters………………………………………......20 5.5 Elliptic Curve Diffie-Hellman (ECDH) ……………………………………………22 5. Conclusion…………………………………………………………………….……..24 6. Appendices…………………………………………………………………….…….25 7. Bibliography………………………………………………………………….……...25 Downloaded from www.clastify.com by dwidasa 06 1 1. Introduction Cryptography has been utilized by humanity for the protection of confidential matter for centuries and the complexity of cryptosystems has gradually increased. From simple shift ciphers to complex quantum cryptosystems, the applicability of cryptography has broadened swiftly. As establishing a shared secret among parties became more difficult, asymmetric cryptography gained more influence. The concept of Elliptic Curve Cryptography (ECC) was first introduced in the 1980s and since then, there has been a om noticeably wider acceptance of this cryptosystem. My interest in ECC was evoked when I l.c learned that Bitcoin and Ethereum use elliptic curves to secure online transactions. I was gm ai intrigued by this process and learned that elliptic curves can be used for ‘digital signing’, e@ where a person can verify the identity of the sender of the message. Moreover, ECC has sm paved way for establishing shared information online more securely despite being a ad ita relatively new cryptosystem. The importance and potential of ECC is what inspired me to pr choose the research question: How does Elliptic Curve Cryptography ensure secure tif y communication of information on the internet? Therefore, this essay will explore the very Cl as mathematical fundamentals that make the cryptosystem secure, along with exploring its real-life application. To best answer the research question, I will explain Elliptic Curve Diffie-Hellman (ECDH) key agreement protocol and explore the topic not only through proofs and equations, but also visually by using graphs. Downloaded from www.clastify.com by dwidasa 06 2 2. Public Key Cryptography Public key cryptography can be explained by using the well-known Alice and Bob analogy [4]: (1) Let there be two parties known as Alice and Bob. Both people live very far away, thus they cannot easily meet to create a secure channel for communication. (2) Alice wants to send a letter to Bob, so Bob sends her a combination padlock that is publicly known. Alice locks the letter in a case using Bob’s padlock and delivers it om to him. ai gm password to the padlock that only he knows. l.c (3) When Bob receives the case, he unlocks it using his private key, which is the e@ (4) Bob can now send his response to the letter by locking it in the case with Alice’s ita sm padlock, which she had shared with him previously. Thus, Alice and Bob have ad successfully communicated information safely over an insecure channel. tif y pr Here, Alice encrypted the information by locking the letter using Bob’s padlock and Bob Cl as decrypted it by opening the lock with the passcode only he knew and vice versa. The padlocks are the public keys, which are accessible to everyone, and the passcodes are private keys. Although both parties do not know each other’s private keys, they were able to establish information only they knew, thus creating a ‘shared’ secret. Public key cryptography or asymmetric encryption ensures safe communication of information through numerically connected private keys without requiring the parties to have a shared key. Downloaded from www.clastify.com by dwidasa 06 3 This procedure can be visualized as follows where the public key and private key are om different: gm ai l.c Figure 1 Asymmetric encryption [5] e@ An extension of this concept is that the procedure can also be reversed. The private key can sm also encrypt the message which is decrypted by the corresponding public key of the sender. ita This process is used for ‘digital signing’ which verifies that the sender owns the private key pr ad linked to the public key [4], it forms the basis of Elliptic Curve Digital Signature Algorithm Cl as tif y (ECDSA) [16]. 3. Preliminaries This section will present the fundamental definitions and concepts which will be used in the essay. I will introduce the topics of modular arithmetic and Euler’s totient function, as we will encounter them later in the essay, such as for solving the parameters of ECC. 3.1. Definitions of Mathematical Foundations In this subsection, I will give the definitions of basic mathematical concepts of algebra and number theory used in the essay. Downloaded from www.clastify.com by dwidasa 06 4 • Algebra Definition 3.1.1. The symbol ⨁ denotes the operation sum of elements in a set S. This set with algebraic elements holds associative properties [4] if (a ⨁ b) ⨁ c = a ⨁ (b ⨁ c), ∀ a, b, c 𝜖 S. Definition 3.1.2. A set S is said to hold commutative properties [4] if a ⨁ b = b ⨁ a, ∀ a, b 𝜖 S. om Definition 3.1.3. A group P is a set of elements defined by one operation, which is either l.c addition or multiplication. The group operation is associative [4] and for any element e@ gm ai x 𝜖 P, there exists an additive inverse -x 𝜖 P if the group operation is additive; such that sm x ⨁ (-x) = (-x) ⨁ x = e, where e is the identity element. ad ita Definition 3.1.4. An abelian group P is a group that has a commutative group operation. pr The group operation on two group elements x and y gives an unchanged result despite the Cl as tif y order of the operation [2] such that x ⨁ y = y ⨁ x. Definition 3.1.5. A group P is said to be cyclic if it is abelian and generated by one element g, which is the generator of the group. For a group with multiplicative notation, the subgroup is written as [11]: P = <g> = {… g-3, g-2, g-1, 0, g, g2, g3…} where g-n = (gn)-1. Definition 3.1.6. A ring is a set R with two binary operations, addition ⊕ and multiplication ⊗ [3], where: Downloaded from www.clastify.com by dwidasa 06 5 1. R with operation ⊕ is an abelian group. 2. Multiplication is associative and is not necessarily commutative. 3. Multiplication in R is distributive over addition so that (a ⊕ b) ⊗ c = (a ⊗ c) ⊕ (b ⊗ c), ∀ a, b, c 𝜖 R. Definition 3.1.7. A field is defined as a commutative ring F in which any non-zero element x 𝜖 F has a multiplicative inverse x-1 𝜖 F [1]. • Number Theory l.c om Definition 3.1.8. a|b reads as a divides b and denotes that b is divisible by a for a, b 𝜖 ℤ. ai Definition 3.1.9. The greatest common divisor c is the largest number that satisfies c|a and e@ gm c|b for two numbers a and b denoted by gcd(a,b) = c for a, b, c 𝜖 ℤ+. ita sm For example, 3 is the greatest number that divides both 21 and 15. Thus, pr ad gcd(21,15) = 3. For example, Cl as gcd(a,b) = 1. tif y Definition 3.1.10. The numbers a and b are relatively prime (also known as co-prime) if gcd(37,4)=1 3.2. Modular Arithmetic Fundamentals Modular arithmetic, also known as clock arithmetic, shows the cyclicity of remainders when an integer is divided by another number. Downloaded from www.clastify.com by dwidasa 06 6 The following example can be taken: 97 1 = 32 3 3 The remainder is 1 and the modular notation is as follows: 97 (mod 3) = 1 (1) Equation 1 is denoted by modular arithmetic as: 97 ≡ 1 (mod 3) om We can observe the congruent relationship between 97 and 1, as they both have the l.c remainder 1 when divided by 3. gm ai The remainder stays the same when 3k, where k 𝜖 ℤ, is added or subtracted from 97 or 1. sm e@ We can equate 97 to: ita 97 = 1 + 3 ⋅ 32 pr ad In this case, the equation is said to ‘wrap around’ the interval of 3. For example, a positive Cl as tif y multiple of 3, where k = 3, results in: 10 ≡ 1 (mod 3) This holds true also because 10 = 3⋅ 3 + 1. The remainder is 1 when 10 and 1 are divided by 3, thus we can also write: 1 ≡ 10 (mod 3) Definition 3.2.1. Let a, b, m > 0 𝜖 ℤ. Then, a ≡ b (mod m) (2) Downloaded from www.clastify.com by dwidasa 06 7 if 𝑚|(𝑎 − 𝑏) [17]. We can observe that the values can be flipped over the sides and the congruent relationship remains the same. This relationship is generalized to form the following equation from Equation 2: a (mod m) = b where a, b, m > 0 𝜖 ℤ. This relationship in this case is generalized to form the following equation for two l.c a=m⋅k+b om integers a, b that have the same remainder when divided by m > 1: sm e@ gm ai where k 𝜖 ℤ [4]. ita 3.3. Euler’s totient function pr ad Euler’s totient function or the phi function, denotes the number of positive integers that are Cl as tif y less than and are co-prime to a number m [19]. The function is expressed by: φ (𝑚) = # {0 < 𝑎 < 𝑚| gcd(𝑎, 𝑚) = 1} (3) where m 𝜖 ℤ+, m >1 and a is a number co-prime to m. We will take the following example of m = 24 for better understanding. First, we state the gcd between 24 and all the positive numbers less than m: φ(24) 𝐠𝐜𝐝(𝟏, 𝟐𝟒) = 𝟏 gcd(2,24) = 2 gcd(3,24) = 3 gcd(4,24) = 4 𝐠𝐜𝐝(𝟓, 𝟐𝟒) = 𝟏 gcd(6,24) = 6 𝐠𝐜𝐝(𝟕, 𝟐𝟒) = 𝟏 gcd(8,24) = 8 gcd(9,24) = 3 gcd(10,24) = 2 𝐠𝐜𝐝(𝟏𝟏, 𝟐𝟒) = 𝟏 gcd(12,24) = 12 𝐠𝐜𝐝(𝟏𝟑, 𝟐𝟒) = 𝟏 gcd(14,24) = 2 gcd(15,24) = 3 gcd(16,24) = 8 Downloaded from www.clastify.com by dwidasa 06 8 𝐠𝐜𝐝(𝟏𝟕, 𝟐𝟒) = 𝟏 gcd(18,24) = 6 𝐠𝐜𝐝(𝟏𝟗, 𝟐𝟒) = 𝟏 gcd(21,24) = 3 gcd(22,24) = 2 𝐠𝐜𝐝(𝟐𝟑, 𝟐𝟒) = 𝟏 gcd(20,24) = 4 The number of positive integers less than 24 that satisfy the condition gcd(a, 24 )= 1 is 8. Therefore, φ(24) = 8 There is a special case for when m = p, where p is a prime number. Since p only satisfies om p|p and 1|p, all numbers less than p are coprime to p. This can be written as: (4) l.c φ(𝑝) = 𝑝 − 1 gm ai Theorem 2.3.1. If p is a prime, then φ(𝑝𝑛 ) = (𝑝 − 1) ∙ 𝑝𝑛−1 sm e@ Proof. Let x be an integer from the set of values divisible by pn. Since gcd(x,pn)≠1, x is a ita multiple of p that is less than or equal to pn. Therefore, pr ad 𝑥 ϵ {p, 2p, 3p, 4p.... (pn-1)p}. tif y It is seen that (pn-1)p = pn, which means that apart from (pn-1)p, all the other elements in the Cl as set are coprime to pn [14]. This is denoted as: φ(pn) = pn −pn-1 φ(pn ) = pn-1(p −1) ∎ Corollary. Since we will only work with n = 1: φ(p1) = p1-1(p −1) φ(p) = p − 1 ∎ which is the result we saw in Equation 4. Downloaded from www.clastify.com by dwidasa 06 9 4. Elliptic Curve Fundamentals 4.1. Definition and examples An elliptic curve is an algebraic curve, meaning it satisfies properties of polynomials, with a degree of 3 along with a point at infinity, O. An elliptic curve over a field K can be defined as: y2 = x3 + ax +b (5) where a, b 𝜖 K. Here, 4a3+27b2 ≠0 [16] as the curve is non-singular therefore every point om has a ‘unique tangent’ and there are no repeated solutions. The field K can be real, ℝ, l.c complex, ℂ, or an integer modulo p (where p is a prime number), (ℤ/ pℤ) = {0, 1, 2, 3,….., gm ai p-1}. Cl as tif y pr ad ita sm e@ Following are some examples of elliptic curves: Figure 2 Examples of ECs [10] Since the essay will later cover the representation of elliptic curves over modular fields, an example of the graph of y2 = x3 - 3x + 3 (mod 17) is as follows: Downloaded from www.clastify.com by dwidasa 06 gm ai l.c om 10 e@ Figure 3 Modular form of Elliptic Curves [9] ita sm 4.2. Properties of Elliptic Curves pr ad (1) The curve is symmetric over the x-axis. Since, Cl as tif y y2 = x3 + ax + b ⇒y = ±√𝑥 3 + 𝑎𝑥 + 𝑏 Thus, for every point (xp, yp), there exists a point with coordinates (xp, -yp). For example, we can see from the annotated graph of y2 = x3 - 3x + 3 that the y-coordinate ya of any point A has an additive inverse - ya over the x-axis. Figure 4 EC symmetry [8] Downloaded from www.clastify.com by dwidasa 06 11 (2) Any non-vertical line intersects with a maximum of 3 points on the elliptic curve. (3) The line intersecting two given points P and Q will go through exactly one more point on the curve. These properties are used to define abelian groups on elliptic curves. om 4.3. Geometric operations [13] l.c This sub-section will focus on the geometric interpretation of prominent point operations gm ai that form the basis for Elliptic Curve Cryptography. The algebraic calculations will be sm e@ shown later in the essay. ita Point at infinity pr ad The point at infinity is an artificial point that also acts as the identity element of the curve. tif y It is denoted by O and shows the imaginary points of infinity on the field K. Unfortunately, Point addition • Cl as the proof of the existence of point at infinity is out of the scope of this essay. Adding two distinct points. (1) Let us take two distinct points on an elliptic curve, P and Q. (2) To add the points and solve the equation P ⨁ Q = R, we first introduce a line L through both points. (3) Line L intersects a third point -R, which is reflected across the x-axis to obtain point R. Since R is unique, the addition is well-defined. Downloaded from www.clastify.com by dwidasa 06 12 I used WolframAlpha to make the graph of y2 = x3 – 2x +3 (a = -2 and b = 3) and annotated om it to visualize the above steps in figure 5: Figure 5 Point addition [21] l.c ai gm Adding a point to itself. e@ • Figure 6 Adding a point to itself [21] sm (1) Let us take P = Q on an elliptic curve E. ad ita (2) To find P ⨁ P = 2P, the tangent L to curve E at point P is drawn. pr (3) The second point of intersection -2P is reflected over the x-axis to get 2P. Cl as tif y This process is visualized in the annotated graph of y2 = x3 – 2x +3 figure 6. We can generalize the results from the point addition equations for two points P and Q on the elliptic curve [16]: 𝑃⨁𝑄 =𝑄⨁𝑃 (𝑃 ⨁ 𝑄)⨁ 𝑅 = 𝑂 (𝑃 ⨁ 𝑄)⨁ 𝑅 = 𝑃 ⨁ (𝑄⨁ 𝑅) 𝑃⨁𝑂 =𝑃 These properties together form the points on the elliptic curve over ℤ/𝑝ℤ into an abelian group. Downloaded from www.clastify.com by dwidasa 06 13 Point at infinity The point at infinity, O, occurs in two cases [18]. Case 1. Figure 7 shows the case when the line of intersection through P and Q is vertical. If P≠Q and xp = xq, then: P⨁Q=O Case 2. Figure 8 shows the case when the tangent for E at point P does not intersect a second point. ai gm P⨁P=O l.c om If P=Q and yp = yq = 0, then: Cl as tif y pr ad ita sm e@ 2P = O Figure 7 Point at infinity- Case 1 [18] Figure 8 Point at infinity- Case 2 [18] 4.4. Singularity in Elliptic Curves As mentioned in subsection 4.1, elliptic curves are non-singular and do not have repeated solutions that would otherwise make them singular. When = 4𝑎2 + 27𝑏 2 = 0, the equation has repeating roots which can be visualized by cusps or self-intersections as shown in the graphs I made with WolframAlpha in figures 9 and 10 respectively: Downloaded from www.clastify.com by dwidasa 06 14 Figure 9 Cusp [21] Figure 10 Self intersection [21] l.c om In the following figures, I used GeoGebra to create a graph of two equations in the form Cl as tif y pr ad ita sm e@ gm ai y2 = x3 + ax +b represented by the blue lines and y = x3 + ax +b represented by the red lines. Figure 12 Non-singular curve [8] Figure 11 Singularity Case [8] It is observed that there is a singularity when the minimum of y = x3 + ax +b touches the xaxis [6]. This means the singularity occurs at 𝑑 𝑑𝑥 (𝑥 3 + 𝑎𝑥 + 𝑏) = 3𝑥 2 + 𝑎 = 0 Downloaded from www.clastify.com by dwidasa 06 15 Hence at −𝑎 𝑥=√3 Substituting the values: −𝑎 −𝑎 (√ 3 )3+(√ 3 )𝑎 +b = 0 −𝑎 −𝑎 −𝑎 −𝑎 −𝑎 (√ 3 )2 (√ 3 )+(√ 3 )𝑎 = -b −𝑎 om √ 3 ( 3 ) +(√ 3 )𝑎 = -b −𝑎 gm −𝑎 ai l.c Factorizing: e@ √ 3 ( 3 + 𝑎) = -b 2𝑎 sm −𝑎 Cl as tif y pr ad ita √ 3 ( 3 ) = -b −𝑎 4𝑎2 ∙ 9 3 −4𝑎3 27 = b2 = b2 4𝑎2 + 27𝑏 2 = 0 ∎ Hence, it’s proven that 4a2+27b2≠0 to ensure non-singularity [6]. 5. Elliptic Curve Cryptography Using Prime Fields 5.1. Formal Definition and Algebraic Procedures The formal definition of an elliptic curve over prime fields is: Downloaded from www.clastify.com by dwidasa 06 16 E(Fp)= {(x, y) ϵ F2p: y2 = x3 + ax + b (mod p)} ∪ {O} (6) where p is a prime number and Fp is a finite field. The coordinates x and y are defined on F2p. Here, Fp denotes the set {0, 1, 2, 3,…., p - 1}. Algebraic operations on Fp • Adding two distinct points [15]. The slope of the line L through two points P (xp, yp) and Q (xq, yq) is defined as: 𝑦 −𝑦 =𝑥𝑞 −𝑥𝑝 (7) 𝑝 om 𝑞 l.c The slope-point form of equation: gm ai 𝑦− 𝑦𝑝 = (𝑥 − 𝑥𝑝 ) sm e@ The slope-intercept form of equation is written as: pr 𝑦 = 𝜆𝑥 + 𝑚 Cl as tif y Let m = −𝜆𝑥𝑝 + 𝑦𝑝 , thus ad ita 𝑦 = 𝜆𝑥 − 𝜆𝑥𝑝 + 𝑦𝑝 Substituting equation 8 into the equation of an elliptic curve: (x + m)2 = x3 + ax + b ⇒ x2 + xm + m2 = x3 + ax + b ⇒ x3 + ax + b − x2 − xm − m2 = 0 ⇒ x3 + ax + b − x2 − x(−𝜆𝑥𝑝 + 𝑦𝑝 ) − ( −𝜆𝑥𝑝 + 𝑦𝑝 )2 = 0 ⇒ x3 + ax + b − x2 + 𝑥𝑝 x−2𝜆𝑥𝑦𝑝 −𝜆2 𝑥𝑝 2 − 𝑦𝑃2 + 2𝜆𝑥𝑝 𝑦𝑝 = 0 (8) Downloaded from www.clastify.com by dwidasa 06 17 Rearranging: x3 − x2 + (𝑥𝑝 − 2𝜆𝑦𝑝 + 𝑎)x +(b −𝜆2 𝑥𝑝 2 − 𝑦𝑝2 + 2𝜆𝑥𝑝 𝑦𝑝 )= 0 (9) We know that for a polynomial P(x)= anxn + an-1xn-1+…. + a1x1 + a0, where an ≠ 0, the sum of n number of roots is as follows: −(𝑎𝑛−1 ) x1 + x2 +…. + xn = 𝑎𝑛 It is seen that equation 9 is cubic. Since we already know the two solutions xp and xq, the sum of the roots can be used to find the third solution xr, which is the x-coordinate of point 1 = 𝜆2 ai −(−𝜆2 ) e@ gm xp + xq + xr = l.c om R = P ⨁ Q: xr = 𝜆2- xp - xq xr = 𝜆2- (xp + xq) (10) y pr ad ita sm Thus, Cl as tif Therefore, using the equation for line L and reversing the sign: yr= (x - xr) - yp Let us use an example of two points P (-2, 4) and Q (1,6). To find point R = P ⨁ Q, we must find : 4− 6 = −2−1 2 = 3 (11) Downloaded from www.clastify.com by dwidasa 06 18 Therefore, 2 xr= (3)2 – (-2 + 1) 13 xr= 9 From here we can find the y-coordinate: 2 13 yr= 3 (-2 - 9 ) - 4 yr= −330 27 13 −330 Therefore, we now know that the coordinates of R are ( 9 , om ). l.c Adding a point to itself gm ai • 27 Thus, 𝑑𝑦 𝑑𝑥 =− 𝜕𝐹/𝜕𝑥 𝜕𝐹/𝜕𝑦 Cl as tif y pr ad ita 𝑑𝑥 For implicit differentiation: (y2 - x3 - ax – b) = 0 sm 𝑑 e@ When P = Q, the line L is tangent to E at the point, thus: 𝑑𝑦 𝑑𝑥 =− −3x2 −𝑎 2𝑦 Therefore, for point P (xp, yp): = 2 +𝑎 3𝑥𝑝 (12) 2𝑦𝑝 To find the coordinates of point R (xr, yr), where R = 2P= P ⨁ P, xr = 2 – (xp + xq) = 2 – 2xp (13) yr= (xp - xr) - yp (14) Downloaded from www.clastify.com by dwidasa 06 19 Scalar multiplication. The elliptic curve E is defined on a modulo p finite field Fp. The point P ϵ E(Fp) can create a point Q through repeated addition. The point Q is given by the following equation [16]. Q = 𝑃⨁ 𝑃⨁ 𝑃⨁ 𝑃⨁ 𝑃⨁ 𝑃⨁ 𝑃 … = tP t where t ϵ ℤ. Therefore, Q is simply defined as point P added to itself t times. P can also generate a subgroup H through point addition, this is known as the generator G of the om subgroup. This property of cyclic subgroups on elliptic curves paves way for the discrete ai l.c logarithm problem, the main idea behind the security of ECC. It is also to be noted if the e@ gm operation is multiplicative, we have: t ad ita sm Q = 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ 𝑃 ⊗ … = Pt y pr 5.2. Elliptic Curve Discrete Logarithm Problem Cl as tif Firstly, it is important to define the generator point, G: Definition 5.2.1. The generator G creates the abelian subgroup H on an elliptic curve modulo p, which is E(Fp), through repeated addition. Thus, any point Q = tG is an element on the cyclic subgroup generated by G and t is the number of times G has been added to itself [16]. This definition also leads to a problem about how one can find the value of smallest integer t such that it satisfies Q = tG [20]. Finding t is a more complex process [4] in multiplicatively created groups since Q = Pt ⇒ log p 𝑄 = 𝑡. A solution to this problem is to create an algorithm to calculate t in a reasonable period of time. This introduces the concept of time complexity, which is the prominent reason why ECC encryptions are difficult to break. Downloaded from www.clastify.com by dwidasa 06 20 5.3. Parameters of ECC This subsection explains the following parameters that arise from the generator point, G [13]: Order of the generator point, n: The order of G is denoted by ord(G) = n and it states the number of cyclic points generated by G. The order n is also the smallest number such that nG = O, where n 𝜖 ℤ+. Cofactor, h: The co-factor h is defined as the total number of points on the elliptic curve om on the modular p field divided by n. l.c |𝐸(𝐹𝑝 )| 𝑛 (15) gm ai h= e@ The ideal value of h is 1. An elliptic curve E(Fp) with co-factor h > 4 is weaker. ita sm Parameters of ECC: pr ad p: prime number specifying the field Fp Cl as tif y a, b: The curve descriptors, where a, b ϵ Fp G: The subgroup generator point n: ord(G) h: Cofactor 5.4. Example of calculating ECC parameters For this example, we will take the curve: y2 ≡ x3 + 3x + 6 (mod 13). Such a small curve would generally not be used; however, it will be used in the essay for demonstration. Let G = (1,6), to calculate G ⊕ G = 2G we will calculate 𝜆 first. From subsection 5.1: Downloaded from www.clastify.com by dwidasa 06 21 = 2 3𝑥𝐺 +𝑎 2𝑦𝐺 Since xG = 1 and yG = 6; a = 3: = 3(1)2 +3 2(6) 6 ≡ 12 ≡ (6 𝑚𝑜𝑑 13) ∙ (12−1 𝑚𝑜𝑑 13) ≡ 6 ∙ (12𝜑(13)−1 𝑚𝑜𝑑 13) ≡ 6 ∙ (1212−1 𝑚𝑜𝑑 13) ≡ 6 ∙ 12 (mod 13) ≡ 7 (mod 13) Now to calculate the co-ordinates of 2G, we know that: x2G = 2 – 2xG l.c om x2G≡ (7)2 – 2 ≡ 47 ≡ 8 (mod 13) gm ai We also know that: e@ y2G= (xG - x2G) - yG ita sm y2G ≡ 7 (1- 8) – 6 ≡-49-6 ≡ -55 ≡ 10 (mod 13) pr ad Thus, the co-ordinates of 2G are (8, 10). tif y By using the same process, one can calculate the multiples of G until the point at infinity to G (1, 6) Cl as find the order as follows: 2G (8, 10) 3G (3, 4) 4G (10, 3) 5G (5, 4) 6G (4, 2) 7G (4, 11) 8G (5, 9) 9G (10, 10) 10G (3, 9) 11G (8, 3) 12G (1, 7) 13G = O Downloaded from www.clastify.com by dwidasa 06 22 |13| Here, the smallest integer that results in nG = O is n = 13. Thus, h = 13 = 1. The graph of gm ai l.c om the curve is given below, which also helps confirm our calculations. sm e@ Figure 13 Graph of the curve form of y2 ≡ x3 + 3x + 6 (mod 13) [9] ad ita This data can be processed to be used in Elliptic Curve Cryptography. We will focus on Cl as tif y pr Elliptic Curve Diffie-Hellman, as it is one of the most used ECC protocols, in subsection 5.5. 5.5. Elliptic Curve Diffie-Hellman (ECDH) [13] The Diffie-Hellman key exchange system allows the parties to communicate over an insecure channel as shown in section 1. This is carried out through creating a ‘shared key’. (1) Bob and Alice are two individuals who want to communicate from far away using ECDH. Therefore, they agree on the set of parameters (p, a, b, G, n, h) where p is a prime number and a, b are coefficients of the arbitrary curve they choose. They then create a cyclic subgroup using G. In this case, a = 3, b = 6, p = 13, G = (1, 6), n = 13, and h = 1. These parameters are made public. Downloaded from www.clastify.com by dwidasa 06 23 (2) Both Alice and Bob choose a random private key from the subgroup. In this case, Bob chooses his private key tB = 7 and forms the public key B = 7G = (4, 11). Similarly, Alice chooses tA = 4 and forms the public key A = 4G = (10, 3). (3) Both parties share their public keys. Bob multiplies Alice’s public key to compute tB(A) = 28G. Since P = 13, 28G mod 13 = 12G = (8, 10). Alice also multiplies Bob’s public key and her private key to form tA(B) = 28G mod 13 = 12G = (8, 10). (4) Therefore, both individuals have successfully created a shared key that a third-party Cl as tif y pr ad ita sm e@ gm ai l.c om Eve is unaware of. This is because Eve only knows about G, A and B. Downloaded from www.clastify.com by dwidasa 06 24 6. Conclusion Elliptic Curve Cryptography has a broad range of applicability, and its increasing use is due to the fact that ECC encryptions are relatively harder to break when compared to another cryptosystem such as RSA (see Appendix 1). An ECC key of 160-bit can supply the same level of protection as an RSA key of 1024-bit. We have seen that the discrete logarithm problem is the fundamental idea that makes the ECC encryptions very strong and aids in secure transfer of information. This cryptosystem can pair with various protocols and om algorithms to form new key agreement protocols and algorithms such as Elliptic Curve Diffie- l.c Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA), which further gm ai enhances its presence on the internet. It is significantly used for digital signature in e@ cryptocurrencies and website activities, along with doing one-way encryption of data. Despite sm the strength of ECC keys, there are growing fears of quantum computing attacks, for example ad ita Shor’s algorithm [7]. Pollard’s Rho algorithm is also relatively quicker at the process of pr breaking Elliptic Curve keys when compared to other classical algorithms [16]. Apart from tif y these cybersecurity threats, ECC is very secure in the meantime, as seen from the prevalence Cl as of its application. Overall, the use of elliptic curves to offer the given level of protection also adds an element of beauty to the cryptosystem. Downloaded from www.clastify.com by dwidasa 06 25 Appendices Appendix 1. Table showing the key sizes of different cryptosystems offering the same level sm e@ gm ai l.c om of security [12] pr ad ita References Brilliant.org. Fields. https://brilliant.org/wiki/fields/. Accessed 15 June 2022 2. Brilliant.org. Group theory. https://brilliant.org/wiki/group-theory-introduction/. Cl as tif y 1. Accessed 15 June 2022 3. Brilliant.org. Ring theory. https://brilliant.org/wiki/ring-theory/. Accessed 15 June 2022 4. A. A. Bruen, M. Forcinito, Cryptography, information theory, and error-correction: A handbook for the 21st Century. John Wiley & Sons, Hoboken, 2011. 5. Cisco. What is encryption? explanation and types. Cisco. https://www.cisco.com/c/en/us/products/security/encryptionexplained.html#~encryption-algorithms. Accessed 20 June 2022 Downloaded from www.clastify.com by dwidasa 06 26 6. Tom Davis. Elliptic Curve Cryptography. Geometer.org. http://www.geometer.org/mathcircles/ecc.pdf. Accessed July 2022 7. Dan Garisto. (2021, April 8). Quantum computers won't break encryption just yet. Protocol. Protocol. https://www.protocol.com/manuals/quantum-computing/quantumcomputers-wont-break-encryptionyet#:~:text=Shor's%20algorithm%20would%20take%2020,still%20millions%20of%20ti mes%20faster. Accessed 18 June 2022 8. Geogebra. Graphing calculator. GeoGebra. om https://www.geogebra.org/graphing?lang=en. Accessed June 2022 Sascha Grau. Elliptic curves over finite fields. https://graui.de/code/elliptic2/. ai l.c 9. e@ Hans Knutson. (2018). What is the math behind elliptic curve cryptography? sm 10. gm Accessed June 2022 ita HackerNoon. https://hackernoon.com/what-is-the-math-behind-elliptic-curve- Martin Liebeck, A concise introduction to pure mathematics. CRC Press, Boca Raton, 12. Cl as 2015. tif y 11. pr ad cryptography-f61b25253da3. Accessed 13 June 2022 Julie Olenski. (2015). Elliptic curve cryptography. GlobalSign. https://www.globalsign.com/en/blog/elliptic-curve-cryptography. Accessed 18 June 2022 13. Robert Pierce. Elliptic Curve Diffie Hellman. (2014). YouTube. YouTube. https://www.youtube.com/watch?v=F3zzNa42-tQ. Accessed May 2022 14. Polar Pi, [Euler Phi Function] - Formula + Proof for primes to a power (phi(p^k)). (2019). YouTube. https://www.youtube.com/watch?v=N-YVDPYdi2I. Accessed June 2022 15. RiverNinj4. (2011, February 2). Elliptic curve point addition. YouTube. YouTube. https://www.youtube.com/watch?v=XmygBPb7DPM. Accessed 9 October 2022 Downloaded from www.clastify.com by dwidasa 06 27 16. Olga Shevchuk. Introduction to elliptic curve cryptography - University of Chicago. The University of Chicago. https://math.uchicago.edu/~may/REU2020/REUPapers/Shevchuk.pdf. Accessed May 2022 17. TrevTutor. (2015). [discrete mathematics] modular arithmetic. YouTube. YouTube. https://www.youtube.com/watch?v=d-n92Ml1iu0. Accessed 13 June 2022 18. Trustica. Elliptic curves: point at infinity. (2018). YouTube. YouTube. https://www.youtube.com/watch?v=WnBEZ0qNdV0. Accessed 13 June 2022 Eric W. Weisstein. Totient function. Wolfram MathWorld. om 19. ai l.c https://mathworld.wolfram.com/TotientFunction.html#:~:text=The%20totient%20functio gm n%20is%20implemented%20in%20the%20Wolfram,factor%20in%20common%20with. Jeremy Wohlwend. Elliptic curve cryptography: Pre and post quantum. MIT ita 20. sm e@ %20is%20always%20even%20for. Accessed 14 June 2022 pr ad Mathematics. https://math.mit.edu/~apost/courses/18.204- Wolfram Research, Inc. Graphing Calculator. WolframAlpha. Cl as 21. tif y 2016/18.204_Jeremy_Wohlwend_final_paper.pdf. https://www.wolframalpha.com/input?i=graphing%2Bcalculator. Accessed June 2022