Introduction Elliptic Curves Elliptic Curve Remark

Overview of Elliptic Curve Cryptography (ECC)

November 27, 2012 Introduction Elliptic Curves Elliptic Curve Cryptography Remark Introduction

For elliptic-curve-based protocols, it is assumed that finding the of a random elliptic curve element with respect to a publicly known base point is infeasible. The primary benefit promised by ECC is a smaller size, reducing storage and transmission requirements, i.e., that an elliptic curve group could provide the same level of security afforded by an RSA-based system with a large modulus and correspondingly larger key–e.g., a 256-bit ECC public key should provide comparable security to a 3072-bit RSA public key. Introduction Elliptic Curves Elliptic Curve Cryptography Remark History

• In 1985, Neal Koblitz and Victor Miller independently proposed using elliptic curves to design public key cryptographic systems. • In the late 1990s, ECC was standardized by a number of organizations and it started receiving commercial acceptance. • Nowadays, it is mainly used in the resource constrained environments, such as ad-hoc wireless networks and mobile networks. Introduction Elliptic Curves Elliptic Curve Cryptography Remark

Elliptic Curve Groups over R, Fp, F2m

An good introduction from Certicom: http://www.certicom.com/index.php/10-introduction Introduction Elliptic Curves Elliptic Curve Cryptography Remark Cryptographic premise and schemes

The entire security of ECC depends on the ability to compute a point multiplication and the inability to compute the multiplicand given the original and product points. At the RSA Conference 2005, the National Security Agency (NSA) announced Suite B which exclusively uses ECC for generation and . The suite is intended to protect both classified and unclassified national security systems and information. Introduction Elliptic Curves Elliptic Curve Cryptography Remark Cryptographic schemes

Several discrete logarithm-based protocols have been adapted to elliptic curves, replacing the group with an elliptic curve: • the elliptic curve Diffie-Hellman (ECDH) key agreement scheme • the Elliptic Curve Integrated Scheme (ECIES) • the Elliptic Curve Digital Signature Algorithm (ECDSA) • the ECMQV key agreement scheme • the ECQV implicit certificate scheme Introduction Elliptic Curves Elliptic Curve Cryptography Remark Diffie-Hellman key agreement scheme

Diffie-Hellman key exchange is a specific method of exchanging cryptographic keys. http://en.wikipedia.org/wiki/Diffie-Hellman Introduction Elliptic Curves Elliptic Curve Cryptography Remark Elliptic Curve Diffie-Hellman key agreement scheme

1) Alice and Bob publicly agree on an elliptic curve E over a large finite field F and a point P on that curve. 2) Alice and Bob each privately choose large random integers, denoted a and b . 3) Using elliptic curve point-addition, Alice computes aP on E and sends it to Bob. Bob computes bP on E and sends it to Alice. 4) Both Alice and Bob can now compute the point abP , Alice by multipliying the received value of bP by her secret number a , and Bob vice-versa. 5) Alice and Bob agree that the x coordinate of this point will be their value. Introduction Elliptic Curves Elliptic Curve Cryptography Remark Integrated Encryption Scheme

Integrated Encryption Scheme (IES) is a hybrid encryption scheme which provides semantic security against an adversary who is allowed to use chosen-plaintext and chosen- attacks. http: //en.wikipedia.org/wiki/Integrated_Encryption_Scheme Introduction Elliptic Curves Elliptic Curve Cryptography Remark Patents

• The general idea of ECC was not patented, but there are a number of patents regarding the efficient implementation from the underlying layer (finite field arithmetic ) to the highest layer (protocols) • The patent issue for elliptic curve is the opposite of that for RSA and Diffie-Hellman, where the cryptosystems themselves have patents, but efficient implementation techniques often do not. • Certicom holds more than 130 patents related to ECC. It has sold 26 patents to NSA and NISA in the value of 26 million US$, which covers the prime field curves with primes of 256 bits, 384 bits and 521 bits. • Certicom was taken over by the RIM( Research in Motion) with the offer of 130 million C$ in 2009. Introduction Elliptic Curves Elliptic Curve Cryptography Remark Summary

• The mathematic background of ECC is more complex than other cryptographic systems: Geometry, abstract algebra, number theory • ECC provides greater security and more efficient performance than the first generation public key techniques (RSA and Diffie-Hellman)