Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.
-
Upload
cathleen-thomas -
Category
Documents
-
view
224 -
download
0
Transcript of Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.
![Page 1: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/1.jpg)
Elliptic Curves
Number Theory and Cryptography
![Page 2: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/2.jpg)
A Pile of Cannonballs A Square of Cannonballs
![Page 3: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/3.jpg)
1
4
9
.
.
.
![Page 4: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/4.jpg)
1 + 4 + 9 + . . . + x2
= x (x + 1) (2x + 1)/6
x=3: 1 + 4 + 9 = 3(4)(7)/6 = 14
The number of cannonballs in x layers is
![Page 5: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/5.jpg)
y2 = 1 + 4 + 9 + . . . + x2
y2 = x (x + 1) (2x + 1)/6
If x layers of the pyramidyield a y by y square,we need
![Page 6: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/6.jpg)
y2 = x (x + 1) (2x + 1)/6
![Page 7: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/7.jpg)
![Page 8: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/8.jpg)
y2 = x (x + 1) (2x + 1)/6 and y = x
![Page 9: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/9.jpg)
![Page 10: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/10.jpg)
![Page 11: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/11.jpg)
![Page 12: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/12.jpg)
1 + 4 + 9 + . . . + 242 = 702
![Page 13: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/13.jpg)
An elliptic curve is the graph of an equation y2 = cubic polynomial in x
For example, y2 = x3 – 5x + 12
![Page 14: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/14.jpg)
Start with P1. We get P2.
![Page 15: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/15.jpg)
Using P1 and P2, we get P3.
![Page 16: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/16.jpg)
Using P1 and P3, we get P4.
![Page 17: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/17.jpg)
We get points P1, P2, P3, . . . , Pn , . . .
Given n , it is easy to compute Pn (even when n is a 1000-digit number)
Given Pn , it is very difficult to figureout the value of n .
All of these calculations are done mod a big prime. Otherwise, the computer overflows.
![Page 18: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/18.jpg)
“Do you know the secret?”
![Page 19: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/19.jpg)
The secret is a 200-digit integer s.Prove to me that you know the secret.
I send you a random point P1.
You compute PS and send it back to me.
![Page 20: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/20.jpg)
If the Blue Devil knows the secret:
![Page 21: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/21.jpg)
If the Blue Devil doesn’t know the secret:
(apologies to Bambi Meets Godzilla)
![Page 22: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/22.jpg)
![Page 23: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/23.jpg)
![Page 24: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/24.jpg)
![Page 25: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/25.jpg)
![Page 26: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/26.jpg)
< P , Q >
![Page 27: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/27.jpg)
Define a binary operation “+” on points of the elliptic curve: P1 + P3 =P4.
∞
∞
![Page 28: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/28.jpg)
Properties of +:
P + Q = Q + P (commutative)
∞ + P = P + ∞ = P (existence of an element)
P + P’ = ∞ (existence of inverses)
(P+Q) + R = P + (Q + R) (associative law)
The points form an abelian group.
![Page 29: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/29.jpg)
![Page 30: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/30.jpg)
Calculate 1000 P = P + P + P + . . . + P
4 P = 2P + 2P
8 P = 4P + 4P
. . .
. . .
1024 P = 512 P + 512 P
Even faster: 1000 P = 1024 P – 16 P – 8 P
1000 P = 512 P + 256 P + 128 P + 64 P + 32 P + 8 P
2 P = P + P
![Page 31: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/31.jpg)
y2 = x3 – 5x + 12 (mod 13)
x x3 – 5x + 12 y
1. 8 ---2. 10 6, 73. 11 ---4. 4 2, 115. 8 ---6. 3 4, 97. 8 ---8. 3 4, 99. 7 ---10. 0 011. 1 1, 1212. 3 4, 9
∞ ∞ ∞
0. 12 5, 8
We obtain a group with 16 elements.
It is cyclic and is generated by (2,6)
![Page 32: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/32.jpg)
The Discrete Logarithm Problem
Solve 2x = 8192x = 13
Solve 2x = 927 (mod 1453)
x = 13
![Page 33: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/33.jpg)
The Elliptic Curve Discrete Log ProblemGiven points P and Q on an elliptic curve with
Q = k P for some integer k.
Find k
Example: On the elliptic curve
y2 = x3 - 5x + 12 (mod 13),find k such that k (2,6) = (4,11).
7 (2,6) = (4,11)
The elliptic curve discrete log problem is very hard.
![Page 34: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/34.jpg)
Elliptic Curve Diffie-Hellman Key EstablishmentAlice and Bob want to establish a secret encryption key .
1. Alice and Bob choose an elliptic curve mod a large prime. 2. They choose a random point P on the curve.3. Alice chooses a secret integer a and computes aP.4. Bob chooses a secret integer b and computes bP. 5. Alice sends aP to Bob and Bob sends bP to Alice.6. Alice computes a(bP) and Bob computes b(aP) .7. They use some agreed-upon method to produce a key from abP.
The eavesdropper sees only P, aP, bP. It is hard to deduce abP from this informationwithout computing discrete logs.
![Page 35: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/35.jpg)
Alice and Bob agree on y2 = x3 – 5x +12 (mod 13) and take P = (2,6).
Alice Bob a = 7 7 (2,6) = (4, 11)
b = 5 5 (2,6) = (12, 4)
(4, 11) (12, 4)
7(12, 4) = (8,9) 5(4,11) = (8,9)
![Page 36: Elliptic Curves Number Theory and Cryptography. A Pile of Cannonballs A Square of Cannonballs.](https://reader036.fdocuments.in/reader036/viewer/2022062305/5697c00d1a28abf838cc95b3/html5/thumbnails/36.jpg)
THANK YOU