cryptology presentation

7/31/2019 Cryptology Presentation

1/17

The Use of Elliptic Curves for Message Concealment

John Brunzell

Faculty Advisor: Professor LaVarnway


2/17

Historical Methods for Concealing Messages

1 2 3 4 5

1 A B C D E

2 F G H IJ K

3 L M N O P

4 Q R S T U

5 V W X Y Z

Spartan Scytale, 500 B.C.Polybius Checkerboard, 205-123 B.C.

Enigma, 1920s - WWII


3/17

Diagrammatic Representation

Alice Bob

Eve

Communication Channel

Key Channelk k

( )kF x ( )kF x


4/17

Massey-Omura Key Exchange

Alice Bob

Alice wants to send a message to Bob without anyone else knowing the content.

Alice and Bob have agreed on where p is a large prime number. This prime

number is made public. We will select p (prime)=101.

p

Selects her personal secret number such that11a gcd( , ) 1a p

11 50(mod101) 550(mod101) 45aM ComputeSends 45 to Bob

1 46a Finds1 99 46 99(mod101) 4554(mod101) 9a Compute

Sends 9 to Bob

Selects message (number) to send to Bob, 50M

Selects his personal secret number such that83b gcd( , ) 1b p

45 83 45(mod101) 3735(mod101) 99b Compute

Sends 99 to Alice

1 28b Finds

1 9 28 9(mod101) 252(mod101) 50b Compute

Bob now has Alices message (number), 50M

Why it works?

aM baM 1a baM 1 1b a baM 1 1 1 1 1 1b a baM b ba aM M M


5/17

General Equation & Graphs of Elliptic Curve

2 3 2y x ax bx c

4 2 2 4

10

5

5

10

4 2 2 4

5

5

4 2 2 4

6

4

2

2

4

6

4 2 2 4

5

5

2 35y x x 2 3 8y x

2 3 3 2y x x 2 3y x


6/17

Discriminant of the Elliptic Curve

2 3 2y x ax bx c

4 2 2 4

10

5

5

10

4 2 2 4

5

5

2 3 5y x x 2 3 8y x

2 2 3 218 4 27a b abc b c

2y ax bx c

2 4b ac


7/17

Group Structure

We can define a group structure over addition for adding points on anelliptic curve:

1. Define O to be the point at infinity. (Identity element).

P +O = O + P = P

2. Establish a procedure for adding two points on the curve.

3. Define the inverse. The inverse of P is -P


8/17

Addition of Points P and Q

4 2 2 4

5

5

P Q

R

P+Q

1 1( , )P x y 3 3( , )R x y2 2( , )Q x y

3 3( , )P Q x y


9/17

Addition of Point P and itself

1 1( , )P x y 3 3( , )R x y

3 32 ( , )P x y

4 2 2 4

5

5P R

2P


10/17

Formulas for Computing P+Q or 2P

2

2 1

3 1 22 1

y y

x a x xx x

2 1

3 3 1 12 1 ( )

y y

y x x yx x

22

1 13 1

1

3 22

2

x ax bx a x

y

2

1 13 3 1 1

1

3 2( )( )

2

x ax by x x y

y

2 3 2y x ax bx c

Case 1

3 3( , )P Q x y 1 2x x1 1( , )P x y 2 2( , )Q x yLet and with then where

3 32 ( , )P x y 1 0y 1 1( , )P x yLet with then where

Case 2


11/17

Elliptic Curves Mod P2 ( )(mod )y f x p

x2 3 1(mod11)y x

0

1

2

3

4

5

6

7

8

910

1

2

9

6

10

5

8

3

7

40 Squares when x=0, 2, 5, 7, 9, or 10

(0,1), (0,10), (2,3), (2,8), (5,4), (5,7), (7,5), (7,6), (9,2), (9,9), (10,0), O

20

212

22

32

4 25 26

2

7

28

29

210

0149

35

(mod11)

1,3,4,5,9 are quadratic residues mod 11


12/17

Discrete Logarithm Problem

&

Computer Processing Capabilities

(mod )ka b p

kP Q

An international team of mathematicians factored a 307-digit number, a record for the

largest factored number. This team used a special number field sieve.

For a hacker using a single computer, the job would require 100 years of processing

time. By sharing the load over about 500 computers, they reduced the time to

six months.

Given points P and Q, it is generally very difficult to solve for k. The elliptical

curve encryption scheme appears to allow us to work with smaller numbers to

achieve similar levels of security.


13/17

Determining Number of Points on a Curve

2 3 2 (mod )y x ax bx c p Given the elliptic curve3 21

0

( )1

p

x

x ax bx cN p

p

The number of points is where

Example: Select the elliptic curve over where

p=1377359.

2 3 2 1y x x p

3 21

0

( )p

x

x ax bx c

p

Legendre Symbol (r/p) defined to be +1 if r is a

quadratic residue mod p, -1 if r is a quadratic

nonresidue mod p, and 0 if p divides r.

31

0

( 2 1)1377539 1 1375269

1377539

p

x

x xN


14/17

Converting Message to Point on Curve2 3 2 1y x x 1377359over

Convert 1234 to a point on the curve

Mathematica

converttopoint[m_, b0_, b1_, b2_, p_]:=

Module[{x0, f},

x0 = 1000*m;

f[x_] := x^3 + b2x^2 + b1x + b0;While[JacobiSymbol[f[x0], p] == -1, x0++];

Print[{x0, PowerMod[f[x0], (p + 1)/4, p]}]]

converttopoint[1234, 1, 2, 0, 1377359]

{1234005, 349433}

01000 1000( 1)m x m 0( )f x0xChoose such that is a quadratic residue mod p, and

0 0( , )P x y 1 /4

0 0

py f x

Set and


15/17

Calculating aP2 3 2 1y x x 1377359over

Select a secret personal number relatively prime to 1377359, a=11111

0 1 2 5 6 8 9 11 13111111 2 2 2 2 2 2 2 2 2

1 2 5 6 8 9 11 13111111 2 2 2 2 2 2 2 2P P P P P P P P P P

Compute aP = 11111P

Could compute P+P, 2P+P, 3P+P, but this would take a lot of time

However,

So,


16/17

Massey-Omura Key Exchange

Alice

Bob

Alice wants to send a message to Bob without anyone else knowing the content.

Alice and Bob have agreed on where p is a large prime number. This primenumber is made public. We will select p (prime)=1375269.

p

11111a

11111(1234005,349433)(mod ) (1114312,498654)aP p 1 283322a

1 283322(710108,1324551)(mod ) (1075576,1307157)a baP p

(1234005,349433)P

22222b 22222(1114312,498654)(mod ) (710108,1324551)baP p

1 141661b 1 1

141661(1075576,1307157)(mod ) (1234005, 349433)b a baP p


17/17

References

M. Erickson & A. Vazzana, Introduction to Number Theory, Chapman & Hall/CRC, Florida, 2008

S. WagstaffJr., Cryptanalysis of Number Theoretic Ciphers, Chapman & Hall/CRC, Florida, 2008

M. Greenberg, Euclidean and Non-Euclidean Geometries, W.H. Freeman & Co, New York, 2007

M. Sipser, Introduction to the Theory of Computation, Thompson Course Technology, Massachusetts, 2006

J. Fraleigh, A First Course in Abstract Algebra, Addison Wesley, USA, 2003

T. Barr, Invitation to Cryptology, Prentice Hall, New Jersey, 2002

cryptology presentation

Documents