Introduction Elliptic Curves Elliptic Curve Cryptography Remark
Overview of Elliptic Curve Cryptography (ECC)
November 27, 2012 Introduction Elliptic Curves Elliptic Curve Cryptography Remark Introduction
For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible. The primary benefit promised by ECC is a smaller key size, reducing storage and transmission requirements, i.e., that an elliptic curve group could provide the same level of security afforded by an RSA-based system with a large modulus and correspondingly larger key–e.g., a 256-bit ECC public key should provide comparable security to a 3072-bit RSA public key. Introduction Elliptic Curves Elliptic Curve Cryptography Remark History
• In 1985, Neal Koblitz and Victor Miller independently proposed using elliptic curves to design public key cryptographic systems. • In the late 1990s, ECC was standardized by a number of organizations and it started receiving commercial acceptance. • Nowadays, it is mainly used in the resource constrained environments, such as ad-hoc wireless networks and mobile networks. Introduction Elliptic Curves Elliptic Curve Cryptography Remark
Elliptic Curve Groups over R, Fp, F2m
An good introduction from Certicom: http://www.certicom.com/index.php/10-introduction Introduction Elliptic Curves Elliptic Curve Cryptography Remark Cryptographic premise and schemes
The entire security of ECC depends on the ability to compute a point multiplication and the inability to compute the multiplicand given the original and product points. At the RSA Conference 2005, the National Security Agency (NSA) announced Suite B which exclusively uses ECC for digital signature generation and key exchange. The suite is intended to protect both classified and unclassified national security systems and information. Introduction Elliptic Curves Elliptic Curve Cryptography Remark Cryptographic schemes
Several discrete logarithm-based protocols have been adapted to elliptic curves, replacing the group with an elliptic curve: • the elliptic curve Diffie-Hellman (ECDH) key agreement scheme • the Elliptic Curve Integrated Encryption Scheme (ECIES) • the Elliptic Curve Digital Signature Algorithm (ECDSA) • the ECMQV key agreement scheme • the ECQV implicit certificate scheme Introduction Elliptic Curves Elliptic Curve Cryptography Remark Diffie-Hellman key agreement scheme
Diffie-Hellman key exchange is a specific method of exchanging cryptographic keys. http://en.wikipedia.org/wiki/Diffie-Hellman Introduction Elliptic Curves Elliptic Curve Cryptography Remark Elliptic Curve Diffie-Hellman key agreement scheme
1) Alice and Bob publicly agree on an elliptic curve E over a large finite field F and a point P on that curve. 2) Alice and Bob each privately choose large random integers, denoted a and b . 3) Using elliptic curve point-addition, Alice computes aP on E and sends it to Bob. Bob computes bP on E and sends it to Alice. 4) Both Alice and Bob can now compute the point abP , Alice by multipliying the received value of bP by her secret number a , and Bob vice-versa. 5) Alice and Bob agree that the x coordinate of this point will be their shared secret value. Introduction Elliptic Curves Elliptic Curve Cryptography Remark Integrated Encryption Scheme
Integrated Encryption Scheme (IES) is a hybrid encryption scheme which provides semantic security against an adversary who is allowed to use chosen-plaintext and chosen-ciphertext attacks. http: //en.wikipedia.org/wiki/Integrated_Encryption_Scheme Introduction Elliptic Curves Elliptic Curve Cryptography Remark Patents
• The general idea of ECC was not patented, but there are a number of patents regarding the efficient implementation from the underlying layer (finite field arithmetic ) to the highest layer (protocols) • The patent issue for elliptic curve cryptosystems is the opposite of that for RSA and Diffie-Hellman, where the cryptosystems themselves have patents, but efficient implementation techniques often do not. • Certicom holds more than 130 patents related to ECC. It has sold 26 patents to NSA and NISA in the value of 26 million US$, which covers the prime field curves with primes of 256 bits, 384 bits and 521 bits. • Certicom was taken over by the RIM( Research in Motion) with the offer of 130 million C$ in 2009. Introduction Elliptic Curves Elliptic Curve Cryptography Remark Summary
• The mathematic background of ECC is more complex than other cryptographic systems: Geometry, abstract algebra, number theory • ECC provides greater security and more efficient performance than the first generation public key techniques (RSA and Diffie-Hellman)