Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Public Key Cryptography Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic Algorithms Some Computational Indivar Gupta Hard Problems and their Application SAG, DRDO, Delhi Cryptography

Public Key Cryptography INTERNATIONAL CRYPTO-WEBINAR, 2020 Difﬁe Hellman Key Exchange Protocol 26th - 30th August, 2020 Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Outline

Public Key Cryptography 1 Background Indivar Gupta Basic Concepts in Complexity Theory SAG, DRDO, Delhi Some Number Theoretic & Algebraic Algorithms

Background Some Computational Hard Problems and their Application Basic Concepts in Complexity Theory Some Number 2 Cryptography Theoretic & Algebraic Algorithms Some Computational 3 Public Key Cryptography Hard Problems and their Application Difﬁe Hellman Key Exchange Protocol Cryptography Public Key Cryptosystems Public Key Cryptography RSA & ElGamal Difﬁe Hellman Key Exchange Protocol Elliptic Curve Cryptography Public Key Cryptosystems Other Public Key Cryptosystems: Post Quantum RSA & ElGamal Elliptic Curve Cryptography 4 Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum 5 Open Source Libraries Elliptic Curve Cryptography

Open Source Libraries Outline

Public Key Cryptography 1 Background Indivar Gupta Basic Concepts in Complexity Theory SAG, DRDO, Delhi Some Number Theoretic & Algebraic Algorithms

Open Source Libraries Representation of Numbers

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Each number can be represented in the form of different Complexity Theory Some Number basis. Theoretic & Algebraic Algorithms k−1 k Some Computational Any number n between b and b is a k-digit number to the Hard Problems and their Application base b. Cryptography Number of digits = [logb n] + 1 (basis b) Public Key Cryptography Number of bits (size of number) [log2 n] + 1 Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Complexity Theory:I

Public Key Cryptography Deﬁnition (Running Time) Indivar Gupta SAG, DRDO, Delhi The number of basic (primitives) operations (steps) to execute an

Background algorithm (computational complexity). Running time of an Basic Concepts in Complexity Theory algorithm is depend on the size of the input. Some Number Theoretic & Algebraic Algorithms Some Computational Deﬁnition (Size of an Input) Hard Problems and their Application

Cryptography In bits, in digits, in bytes, in words etc.....

Public Key Cryptography Definition (Space Complexity) Diffie Hellman Key Exchange Protocol Public Key Cryptosystems It measures the amount of temporary storage used when RSA & ElGamal Elliptic Curve performing a computational task. Cryptography Other Public Key Cryptosystems: Post Quantum Definition (Big- O) Elliptic Curve Cryptography

Open Source Libraries Complexity Theory:II

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi f (n) = O(g(n)) if there exists a positive constant c and a positive n f (n) cg(n) n n . g Background integer ◦ such that 0 6 6 for all > ◦ Note: is Basic Concepts in Complexity Theory simpler function than f and it does not increase much faster than f . Some Number Theoretic & Algebraic Algorithms Some Examples of Big-O Some Computational Hard Problems and 3 2 3 their Application Let f (n) = 2n + 3n + 4n + 5 & g(n) = n . Then f = O(g) Cryptography ,for take n0 = 5, c = 3. Public Key k k−1 Cryptography Let f (n) = akn + ak−1n + ··· + a0 with ak > 0, Difﬁe Hellman Key k Exchange Protocol f (n) = O(n ). Public Key Cryptosystems n n RSA & ElGamal x = O(e ) for any positive power n Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Complexity Theory: III

Public Key Cryptography Note: The notation Big-O is used to represents an upper bound of Indivar Gupta SAG, DRDO, the computational complexity of an algorithm in the worst-case Delhi scenario.

Background Basic Concepts in Deﬁnition (Small-o) Complexity Theory Some Number Theoretic & Algebraic f (n) = o(g(n)) if Algorithms Some Computational f (n) Hard Problems and lim → 0. their Application n→∞ g(n) Cryptography

Public Key Note: g(n) is upper bound of f (n) i.e f (n) << g(n). Cryptography Difﬁe Hellman Key Exchange Protocol Some Examples of small-o Public Key Cryptosystems n RSA & ElGamal For any positive integer a, a = o((n!)) Elliptic Curve n Cryptography n! = o(n ) Other Public Key Cryptosystems: Post Quantum Remark 1: : Other notations : Ω, ω, Θ. Elliptic Curve Cryptography

Open Source Libraries Orders of common functions2

Public Key Cryptography

Indivar Gupta SAG, DRDO, O(1) Constant Delhi O(log log n) Double-Logarithmic Background O(log n) Logarithmic Basic Concepts in c Complexity Theory O(log n), c > 1 Poly-Logarithmic Some Number Theoretic & Algebraic c Algorithms O(n ), 0 < c < 1 Fractional Some Computational Hard Problems and O(n) Linear their Application c Cryptography O(n ), c > 1 Polynomial 1 Public Key Ln(α, c) Sub-exponential Cryptography n Difﬁe Hellman Key O(c ) Exponential Exchange Protocol Public Key O(n!) Factorial Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum 1O(exp(c + O(1))(n)α(log n)1−α) Elliptic Curve 2 Cryptography http://en.wikipedia.org/wiki/Big_O_notation

Open Source Libraries Complexity of an AlgorithmI

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Complexity of an algorithm is said to be in polynomial time Basic Concepts in c Complexity Theory if its complexity is O(n ), where n is the bit length of the Some Number Theoretic & Algebraic input, & c > 1. Algorithms Some Computational f (n) Hard Problems and Algorithms with complexity of form c , where c > 1 & f their Application is a polynomial in n are called exponential time algorithm. Cryptography Public Key A sub-exponential algorithm is one for which the time Cryptography Difﬁe Hellman Key complexity is in between of polynomial and exponential Exchange Protocol Public Key (Ln(α, c)) Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Complexity of an AlgorithmII

Public Key Deﬁnition Cryptography

Indivar Gupta A decision problem is said to be in class P if it can be solved in SAG, DRDO, Delhi polynomial time.

Background Basic Concepts in Example Complexity Theory Some Number + Theoretic & Algebraic Instance: n ∈ Z Algorithms Some Computational Hard Problems and Question: Is n prime? their Application Answer: Yes, [O(log n)6 using AKS algo] Cryptography

Public Key Cryptography Definition Diffie Hellman Key Exchange Protocol Public Key A decision problem is said to be in class NP if ’yes’ answer can be Cryptosystems RSA & ElGamal verified in polynomial time. Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Complexity of an Algorithm III

Public Key Cryptography Deﬁnition

Indivar Gupta SAG, DRDO, A decision problem is said to be in class co-NP if ’no’ answer can Delhi be veriﬁed in polynomial time.

Background Basic Concepts in Complexity Theory Example Some Number Theoretic & Algebraic + Algorithms Instance: n ∈ Z Some Computational Hard Problems and their Application Question: Is n composite?

Cryptography Public Key Deﬁnition Cryptography Difﬁe Hellman Key Exchange Protocol L1 and L2 be two decision problems. L1 is said to poly-time Public Key Cryptosystems reduce to L2, written L1 6p L2, if there is an algorithm that solves RSA & ElGamal Elliptic Curve L1 using only polynomial calls to an algorithm for solving L2 as a Cryptography Other Public Key subroutine. This means a polynomial time algorithm for L2 Cryptosystems: Post Quantum implies a polynomial time algorithm for L1. Elliptic Curve Cryptography

Open Source Libraries Complexity of an AlgorithmIV

Public Key Cryptography Example Indivar Gupta SAG, DRDO, Delhi QRP 6P IFP

Background Basic Concepts in Deﬁnition Complexity Theory Some Number Theoretic & Algebraic A decision problem L is said to be NP-complete if Algorithms Some Computational Hard Problems and L ∈ NP their Application Cryptography L1 6P L for every L1 ∈ NP. Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Example Public Key Cryptosystems Subset Sum Problem NP RSA & ElGamal is complete problem: given a set of Elliptic Curve Cryptography positive integers {a1, a2, ··· an} and a positive integer s, Other Public Key Cryptosystems: Post determine whether or not there is a subset of the ai that sum to s. Quantum

Elliptic Curve Cryptography

Open Source Libraries Complexity of an AlgorithmV

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Deﬁnition Background Basic Concepts in A decision problem is said to be NP-hard if any NP-complete Complexity Theory Some Number problem polynomially reduces to it. Theoretic & Algebraic Algorithms Some Computational Hard Problems and their Application Examples Cryptography Public Key Computational version of subset sum problem is NP-hard Cryptography Difﬁe Hellman Key problem. Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Important Topics of Number Theory

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in The Euclidean Algorithm Complexity Theory Some Number Theoretic & Algebraic Modular Arithmetic Algorithms Some Computational Hard Problems and Arithmetic functions and their Properties their Application

Cryptography Solution of Linear and Quadratic Congruences, CRT

Public Key Cryptography Primality testing and Factorization Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries The Euclidean Algorithm

Public Key Cryptography The Euclidean Algorithm ﬁnds the greatest common divisor of Indivar Gupta two integers a andb. SAG, DRDO, Delhi For example, if we want to ﬁnd gcd(287, 91), we divide 287 by

Background 91: Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic 287 = 91 ∗ 3 + 14 . Algorithms Some Computational Hard Problems and their Application We have if a|b and a|c, then a|(b + c). Cryptography Public Key gcd(287, 91) = gcd(91, 14) Cryptography Difﬁe Hellman Key Exchange Protocol Public Key gcd(91, 14) = gcd(14, 7) Cryptosystems RSA & ElGamal Elliptic Curve Cryptography gcd(14, 7) = 7 Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Therefore, gcd(287, 91) = 7. Cryptography

Open Source Libraries Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Theorem The gcd(a, b) is the least positive value of ax + by, Complexity Theory Some Number where x and y range over all integers. Theoretic & Algebraic Algorithms Some Computational Theorem An integer solution (x, y) of equation ax + by = c Hard Problems and their Application exists if and only if c is divisible by gcd(a, b). Cryptography Public Key gcd(a, b, c) = gcd(gcd(a, b), c) Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Number Theoretic Algorithms3

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Complexity of Basic Operations in Zn Basic Concepts in Complexity Theory Operations Complexity Some Number Theoretic & Algebraic (a + b) mod n O(log n) Algorithms Modular Addition Some Computational Hard Problems and Modular Subtraction (a − b) mod n O(log n) their Application Modular Multiplication (a.b) mod n O((log n)2) Cryptography Modular Inversion a−1 mod n O((log n)2) Public Key Cryptography Modular Exponentiation ak mod n, k < n O((log n)3) Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve 3 Cryptography Chapter 2, [2]

Open Source Libraries Solution of the Congruence

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Consider f (x) ≡ 0 (mod m), f (x) being a polynomial with integer coefficients. Any n ∈ is called a solution of the congruence if Background Z Basic Concepts in f (n) ≡ 0 (mod m). Complexity Theory Some Number k n ≡ k ( m) Theoretic & Algebraic The solution is not unique as for any , such that mod , Algorithms Some Computational Hard Problems and their Application f (k) ≡ f (n)(mod m) Cryptography =⇒ f (k) ≡ 0 (mod m) Public Key Cryptography Diffie Hellman Key Thus every congruence having one solution has infinitely many Exchange Protocol Public Key solutions. Cryptosystems RSA & ElGamal The congruence ax ≡ b (mod m) is called a linear congruence. Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Euler Fermat Theorem

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi We deﬁne Euler’s totient function φ(m) as Background Basic Concepts in Complexity Theory ( Some Number 1 when m = 1, Theoretic & Algebraic Algorithms φ(m) = Some Computational number of positive integers that are ≤ m and co-prime to m Hard Problems and their Application Cryptography Euler Fermat Theorem For (a, m) = 1, we have Public Key Cryptography φ(m) Difﬁe Hellman Key a ≡ 1 mod m. Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Fermat Little Theorem

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Fermat Little Theorem is a corollary to Euler-Fermat Theorem. Background Let p be a prime number. If (a, p) = 1 then from Euler Fermat Basic Concepts in Complexity Theory theorem, we have aφ(p) ≡ 1 (mod p) but φ(p) = p − 1, therefore Some Number Theoretic & Algebraic p−1 Algorithms a ≡ 1 . Some Computational p Hard Problems and Multiplying both side by a, we get a ≡ a (mod p). their Application Cryptography Otherwise, if (a, p) 6= 1, then p|a and a ≡ 0 (mod p). Public Key p Cryptography =⇒ a ≡ 0 (mod p) Difﬁe Hellman Key p Exchange Protocol =⇒ a ≡ a (mod p) Public Key Cryptosystems Which is Fermat Little Theorem. RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries The Chinese Remainder Theorem (CRT)

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Let m1, m2, ··· , mr be pairwise mutually prime positive integers. For arbitrary integers b1, b2, ··· , br, the system of linear Background Basic Concepts in congruences Complexity Theory Some Number Theoretic & Algebraic Algorithms x ≡ b1 (mod m1) Some Computational Hard Problems and their Application x ≡ b2 (mod m2) . Cryptography . Public Key Cryptography x ≡ br (mod mr) Difﬁe Hellman Key Exchange Protocol Pr Public Key has a unique solution x = bkMkMk0 modulo m, Cryptosystems k=1 RSA & ElGamal where M = m1m2 ··· mr and Mk = M/mk, MkMk0 ≡ 1 (mod mk). Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries CRT Problem

Public Key Cryptography To ﬁnd the least value of x which satisfy,

Indivar Gupta SAG, DRDO, Delhi x ≡ 2 (mod 3) x ≡ 3 (mod 5) Background Basic Concepts in x ≡ 2 (mod 7) Complexity Theory Some Number Theoretic & Algebraic Algorithms The calculations are given in the following table. Some Computational Hard Problems and their Application Cryptography bk mk Mk Mk(modmk) Mk0 bkMkMk0 Public Key 2 3 35 2 2 140 Cryptography Difﬁe Hellman Key 3 5 21 1 1 63 Exchange Protocol Public Key 2 7 15 1 1 30 Cryptosystems RSA & ElGamal sum 233 Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum The least number of things are obtained by reducing

Elliptic Curve 233 (mod 105) i.e. 23. Cryptography

Open Source Libraries Quadratic Residues

Public Key Cryptography Consider the quadratic congruences of the type 2 Indivar Gupta x − n ≡ 0 (mod p) ... (1) SAG, DRDO, Delhi where p is a prime. We see that the congruence can have at most 2 Background solutions. Basic Concepts in Complexity Theory If x is a solution, then (−x) is also a solution. Thus, (1) has either Some Number Theoretic & Algebraic Algorithms two solutions or none. When (1) has solutions, we say that n is a Some Computational Hard Problems and quadratic residue modulo p and we write nRp, otherwise if (1) has their Application no solution then we say that n is a quadratic non-residue modulo p Cryptography ¯ Public Key and we write nRp. Cryptography Difﬁe Hellman Key n Exchange Protocol The Legendre’s symbol is deﬁned as Public Key p Cryptosystems RSA & ElGamal  Elliptic Curve 0 if p|n, Cryptography n  Other Public Key Cryptosystems: Post = 1 if nRp, Quantum p  Elliptic Curve −1 if nRp¯ . Cryptography

Open Source Libraries Jacobi Symbols

Public Key Cryptography

Indivar Gupta SAG, DRDO, If P is an odd positive integer with prime factorization Delhi r Background Y P = pai Basic Concepts in i Complexity Theory Some Number i=1 Theoretic & Algebraic Algorithms n Some Computational Hard Problems and The Jacobi symbol is deﬁned as, their Application P Cryptography r a n Y n i Public Key = , if P > 1 Cryptography P pi Difﬁe Hellman Key i=1 Exchange Protocol Public Key and Cryptosystems n RSA & ElGamal = 1 Elliptic Curve Cryptography 1 Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Primitive Roots

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Let a and m be relatively prime and m > 1. Then a is called a Basic Concepts in Complexity Theory primitive root modulo m if Some Number Theoretic & Algebraic Algorithms k Some Computational a 6≡ 1 mod m Hard Problems and their Application

Cryptography whenever k < φ(m).

Public Key Cryptography Theorem: Difﬁe Hellman Key φ(p − ) Exchange Protocol There are exactly 1 primitive roots modulo p. Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Computing Euler’s function

Public Key Cryptography If p is a prime, then for integers k ≥ 1

Indivar Gupta SAG, DRDO, k k−1 Delhi φ(p ) = p (p − 1)

Background If m and n are co-prime, then Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic φ(mn) = φ(m).φ(n) Algorithms Some Computational Hard Problems and Therefore, the value of φ(n) for any positive integer n can be their Application

Cryptography computed by writing prime factorization of n, for a1 a2 at Public Key n = p1 .p2 ...... pt Cryptography Difﬁe Hellman Key Exchange Protocol Public Key a1−1 a2−1 at−1 Cryptosystems φ(n) = (p1 − 1).p1 .(p2 − 1).p2 ....(pt − 1).pt RSA & ElGamal Elliptic Curve Cryptography And so, Other Public Key Cryptosystems: Post Quantum Y 1 φ(n) = n. (1 − ) Elliptic Curve p Cryptography p|n Open Source Libraries Some Primality Testing Algorithms 4

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Algorithms Type Complexity log log log n Basic Concepts in Jacobi Some test True Primality Test O(k(log n) ) Complexity Theory Elliptic Curve -do- O(log n)6+ Some Number Theoretic & Algebraic Primality Proving Algorithms Some Computational test (ECPP) Hard Problems and 10.5 their Application Agrawal, Kayal, -do (deterministic)- O((log n) and Saxena Test Cryptography Miller-Rabin test Probabilist Primality Test O((t log n)3),(t modular exp) Public Key 3 Cryptography Solovay-Strassen Probabilist Primality Test O((t log n) ),(t modular exp) Difﬁe Hellman Key Test Exchange Protocol Fermat’s test Probabilist Primality Test O((t log n)3),(t modular exp) Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve 4 Cryptography Chapter 4, [2]

Open Source Libraries Fermat’s Primality Test

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Fermat’s Little theorem for p prime and an integer a such that p−1 Background p - a says that a ≡ 1 mod p. Basic Concepts in p− Complexity Theory If a 1 6≡ 1 mod p for some a then p is composite. Thus, if Some Number Theoretic & Algebraic p−1 Algorithms a ≡ 1 mod p for one or more values of a, then we say that p is Some Computational Hard Problems and their Application probably a prime. Cryptography Example: Fermat pseudo-prime: n = 341, Public Key Cryptography 340 Difﬁe Hellman Key 2 ≡ 1 mod 341(11 × 31) Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Fermat’s Primality Test: Algorithm

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Input: n - an integer to test for primality, n > 3, k - a parameter Background that determines the number of times to test for primality. Basic Concepts in Complexity Theory Some Number Output: Composite if n is composite. Theoretic & Algebraic Algorithms Otherwise, probably prime. Some Computational Hard Problems and their Application Repeat k times. Cryptography

Public Key Pick ’a’ randomly in the range [2, n − 2] Cryptography p−1 Difﬁe Hellman Key If a 6≡ 1 mod p, then return composite. Exchange Protocol Public Key Cryptosystems If composite is never returned: return probable prime. RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Solovay-Strassen Test

Public Key Cryptography Concept: Indivar Gupta SAG, DRDO, Euler proved that for an odd prime number p and any integer Delhi p−1/2 a a Background a, a ≡ mod p, where is Legendre symbol. Basic Concepts in p p Complexity Theory Some Number Given an odd number n, we can contemplate weather or not Theoretic & Algebraic a Algorithms n−1/2 Some Computational the congruence a ≡ mod n, holds for various Hard Problems and n their Application values of the base a. If n is prime, then this congruence holds Cryptography for all values of a. Public Key Cryptography So, if we pick a value of a at random and test the congruence Diffie Hellman Key Exchange Protocol then as soon as we find an a which does not fit the Public Key Cryptosystems RSA & ElGamal congruence we know that n is not prime. Elliptic Curve Cryptography Example of Euler Pseudo-prime is 91 = (7 × 13) to the base Other Public Key 45 9 Cryptosystems: Post 9: 9 ≡ ( ) ≡ 1 Quantum 91 Elliptic Curve Cryptography

Open Source Libraries Solovay-Strassen Test: Continued –

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Pick a random integer a < n, and do the followings: Some Number Theoretic & Algebraic Algorithms If gcd(a, n) > 1, then return composite. Some Computational a Hard Problems and n−1/2 their Application If is not equal to a , then return composite. n Cryptography Else, return probable (pseudo) prime. Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Exercises Basic Concepts in Complexity Theory Some Number Complexity for computation of Jacobi /Legendre Symbol. Theoretic & Algebraic Algorithms Some Computational Complexity for ﬁnding square root of Quadratic Residue Hard Problems and their Application Modulo p. Cryptography Complexity for getting solution the system of linear Public Key Cryptography congruences using Chinese Remainder Theorem. Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Important Topics of Finite Fields

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Irreducible and Primitive Polynomials, and methods for Basic Concepts in Complexity Theory Some Number testing them. Theoretic & Algebraic Algorithms Some Computational Construction of Finite Fields and Basis Hard Problems and their Application Arithmetic over Finite Fields Cryptography Factorization of polynomial over finite fields Public Key Cryptography Diffie Hellman Key Combinatorial Problems over Finite Fields Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Field

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Definition Basic Concepts in Complexity Theory A field ( , +, ·) consists of a set along with 2 binary operations Some Number F F Theoretic & Algebraic Algorithms + & · on F satisfying the following conditions Some Computational Hard Problems and their Application i. (F, +) is a commutative group, Cryptography ii. (F \{0}, ·) is also a commutative group and Public Key Cryptography iii. The operation · is distributive over +. Diffie Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Finite Fields

Public Key Cryptography

Indivar Gupta SAG, DRDO, A finite field is a field F which contains a finite number of Delhi elements. Background m Basic Concepts in If F is a finite field, then F contains p elements for some Complexity Theory Some Number prime p and integer m ≥ 1. Theoretic & Algebraic Algorithms m Some Computational For every prime power order p , there is a ! finite field of Hard Problems and m their Application order p . This field is denoted by Fpm , or sometimes by Cryptography GF(pm). Public Key Cryptography For m = 1, Fp or GF(p) is a field. If p is a prime then Zp is a Diffie Hellman Key Exchange Protocol field. Public Key Cryptosystems ∼ ∼ p = GF(p) = p. RSA & ElGamal F Z Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Construction of Finite Field of Order pm

Public Key Cryptography First select an irreducible polynomial f (x) ∈ Zp[x] of degree Indivar Gupta m. SAG, DRDO, Delhi The ideal < f (x) > is e a maximal ideal. Then Z [x]/ < f (x) > is a finite field of order pm. Background p Basic Concepts in m ≥ ∃ Complexity Theory For each 1, a monic irreducible polynomial of degree Some Number Theoretic & Algebraic m over Zp. Algorithms Some Computational Hence, every finite field has a polynomial basis Hard Problems and their Application representation. Cryptography

Public Key Theorem Cryptography Difﬁe Hellman Key The number of monic irreducible polynomials in [x] of degreen Exchange Protocol Fq Public Key Cryptosystems is given by RSA & ElGamal 1 X n/d Elliptic Curve µ(d)q , Cryptography n Other Public Key Cryptosystems: Post d|n Quantum

Elliptic Curve where µ is Möbius function. Cryptography

Open Source Libraries Finite Fields GF(23)

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background 3 Basic Concepts in Consider an irreducible polynomial x + x + 1 over GF(2) Complexity Theory Some Number 3 Theoretic & Algebraic GF(2)[x]/ < x + x + 1 >= Algorithms 2 2 2 2 Some Computational {0, 1, x, x + 1, x , x + 1, x + x, x + x + 1} Hard Problems and their Application 3 One to one correspondence between GF(2 ) and Z8. Cryptography Similarly, GF(23) maps all of the polynomials over GF(2) to Public Key Cryptography the 8 polynomials shown above. Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Finite Field BasisI

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi m Background GF(p ) is a vector space over GF(P) of dimension m. Basic Concepts in Complexity Theory Any set of m Linearly Independent elements can be used as a Some Number Theoretic & Algebraic basis. Algorithms Some Computational Hard Problems and their Application 1 Polynomial Basis: If α is roots of generating polynomial Cryptography f (x) = 0 with GF(Pm)? =< α > then {0, α0, α1, ··· αn−1} Public Key m Cryptography will be basis of GF(p ). Difﬁe Hellman Key Exchange Protocol p pm−1 Public Key 2 Normal Basis: : Basis of the form {α, α , ··· α } is called Cryptosystems RSA & ElGamal normal basis, where α is a normal element. Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Finite Field BasisII

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic Algorithms Some Computational Hard Problems and their Application

Cryptography

Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Figure: Representation of GF(23), f (x) = x3 + x + 1 Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries 5 Complexity of Arithmetic Operations in Fpm

Public Key Cryptography Complexity wrt Polynomial Basis Representation Indivar Gupta SAG, DRDO, Operations Complexity in terms Delhi of Zp-operations Background Addition (g(x) + h(x)) mod f (x) O(m) Basic Concepts in Complexity Theory Subtraction (g(x) + h(x)) mod f (x) O(m) Some Number 2 Theoretic & Algebraic Multiplication (g(x).h(x)) mod f (x) O(m ) Algorithms −1 2 Some Computational Inversion g(x) mod f (x) O(m ) Hard Problems and k m their Application Exponentiation g(x) mod f (x), k < p O((log p)m3) Cryptography * f (x) is irreducible polynomial of degree m. Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Exercises Public Key Cryptosystems RSA & ElGamal Running time complexity of Extended Euclidean Algorithm Elliptic Curve Cryptography in [x] Other Public Key Zp Cryptosystems: Post Quantum

Elliptic Curve 5 Cryptography Chapter 2, [2]

Open Source Libraries Hard Problems and One-way FunctionI

Public Key Cryptography PKC is based on Indivar Gupta SAG, DRDO, Delhi Mathematical problems believed to be hard to solve. Hard means computationally infeasible Background 128 Basic Concepts in Hard=2 or more operations : ECC-256, Complexity Theory Some Number Theoretic & Algebraic Trapdoor one-way function Algorithms Some Computational Hard Problems and their Application

Cryptography

Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Hard Problems and One-way FunctionII

Public Key Deﬁnition (One-way Function) Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic Algorithms Some Computational Easy: There exists a polynomial-time algorithm that gives Hard Problems and their Application y = f (x). Cryptography Hard: For given any y = f (x) it is computationally infeasible to Public Key Cryptography ﬁnd x. Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Hard Problems and One-way Function III

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Definition (trapdoor one-way function) Complexity Theory Some Number Theoretic & Algebraic A trapdoor one-way function is a one-way function with the Algorithms Some Computational additional property that given some extra information (called the Hard Problems and their Application trapdoor information) it becomes feasible to find for any given Cryptography y ∈ Im(f ), an x ∈ X such that f (x) = y. Public Key Cryptography Diffie Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Some Computationally Hard ProblemsI

Public Key Cryptography Integer factorization (RSA) Indivar Gupta SAG, DRDO, Subset sum problem (Knapsack) Delhi Quadratic Residuosity Problem (Rabin) Background Basic Concepts in Complexity Theory DLP in finite fields (El Gamal) Some Number Theoretic & Algebraic Algorithms DLP in elliptic curve over finite fields (ECC) (ElGamal, ECIES, Some Computational Hard Problems and ECDSA) their Application Cryptography CDHP, DDHP, GDHP, GDLP Public Key Cryptography Conjugacy Search Problem Diffie Hellman Key Exchange Protocol Public Key Group action and Semi-group action problem Cryptosystems RSA & ElGamal BDHP (Joux Protocol) Elliptic Curve Cryptography Other Public Key Factorization with Discrete Logarithm Problem (Over Group Ring) Cryptosystems: Post Quantum

Elliptic Curve Discrete logarithm with conjugacy Search Problem Cryptography

Open Source Libraries Some Computationally Hard ProblemsII

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Solving system of multivariate polynomial equations over finite Background fields and isomorphism of polynomials (HFE, Sflash, Quartz) Basic Concepts in Complexity Theory Some Number Decoding Problem: GBD/GD (Code based Cryptography: Theoretic & Algebraic Algorithms McEliece’s Crypto-system) Some Computational Hard Problems and their Application Lattice basis reduction (NTRU, FALCON) Cryptography

Public Key Hash Based PKC (Gravity-SPHINCS), PICNIC, SPHINCS+ Cryptography Difﬁe Hellman Key Exchange Protocol Computational Supersingular Isogeny Problem Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Integer factorization (RSA)

Public Key Cryptography N = Large Composite Integer. IFP: Find factor of N.

Indivar Gupta SAG, DRDO, Sub-exponential Algorithms Delhi

Background Methods Running Time √ Basic Concepts in Complexity Theory Continued Fraction T(CFRAC) = O (LN(1/2, 2) Some Number Theoretic & Algebraic Algorithms Method Some Computational Hard Problems and Lenstra’s Elliptic Curve T(ECM) = their Application √ 2 Cryptography Method O Lp(1/2, 2).(log N) ) √ Public Key Multiple Polynomial T(MPQS) = O LN(1/2, 3/2 2) Cryptography Difﬁe Hellman Key Quadratic Field Sieve Exchange Protocol Public Key Method Cryptosystems p3 RSA & ElGamal General Number Field T(GNFS) = O LN(1/3, 64/9) Elliptic Curve Cryptography Sieve Method Other Public Key Cryptosystems: Post p3 Quantum Special Number Field T(SNFS) = O LN(1/3, 32/9) Elliptic Curve Sieve Method Cryptography

Open Source Libraries Integer factorization (RSA)

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Other Integer Factorization Algorithms (Exponential) Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic Methods Running Time Algorithms 1 Some Computational 3 + Hard Problems and Lehman’s Method O(N ) their Application 1 4 Cryptography Shanks’ Square Form O(N )

Public Key Factorization Number Cryptography 1 + Difﬁe Hellman Key Shanks’ Class Group O(N 5 ) Exchange Protocol Public Key Cryptosystems Method RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries DLP in ﬁnite ﬁelds (El Gamal)

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Some Number Deﬁnition (Discrete Logarithm Problem (DLP)) Theoretic & Algebraic Algorithms Some Computational x Hard Problems and Given y ∈ G, The DLP in G is to ﬁnd the unique x ∈ ZN such that y = g . their Application Such an x is called the discrete log of y with respect to base g. Cryptography

Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries DLP in ﬁnite ﬁelds (El Gamal)

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Algorithm for Solving DLP Background Basic Concepts in Complexity Theory Methods Running Time / Space Some Number √ Theoretic & Algebraic Algorithms Shanks’ Baby-Step Giant- O( N log N) (group Opera- Some Computational √ Hard Problems and their Application Step Algorithm tions) / O( N) Pi=k √ Cryptography Silver-Pohlig-Hellman, O( i=1 αi(log N + pi)) Qi=k α1 Public Key N = p (group Operations) /Compara- Cryptography i=1 i Difﬁe Hellman Key ble Exchange Protocol √ Public Key Pollard’s Rho O( N) (group Operations) Cryptosystems RSA & ElGamal /Negligible Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries DLP in ﬁnite ﬁelds (El Gamal)

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Algorithm for Solving DLP Background Basic Concepts in O L ( / , c) Complexity Theory Adleman’s Index Calculus p 1 2 ? Some Number Algorithm for Theoretic & Algebraic Fp Algorithms OL ( / , c) c Some Computational Coppersmith et al Algo (for p 1 2 ( is smaller than Adle- Hard Problems and ? their Application Fp ) man’s Algo) Cryptography Index Calculus Algorithm O Lq(1/2, c) m Public Key for GF(q): q = p Cryptography Coppersmith Index Calculus O L m (1/3, c) Difﬁe Hellman Key 2 Exchange Protocol Algorithm for GF(2m) Public Key Cryptosystems 1/3 RSA & ElGamal General Number Field Sieve O Lq(1/3, c) , c = (64/9) Elliptic Curve Cryptography Algorithm (for GF(q)) Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Outline

Public Key Cryptography 1 Background Indivar Gupta Basic Concepts in Complexity Theory SAG, DRDO, Delhi Some Number Theoretic & Algebraic Algorithms

Open Source Libraries Cryptography for Secure Communication

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi InputInput EncodingEncoding CompressionCompression Background Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic Algorithms Text,Text, Speech,Speech, KeyKey EncryptionEncryption Some Computational Hard Problems and Fax,Fax, ImageImage their Application

Cryptography

Public Key Steganography Cryptography WirelessWireless Difﬁe Hellman Key Exchange Protocol oror wiredwired Public Key Cryptosystems RSA & ElGamal ModulationModulation ErrorError ControlControl Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Cryptography for Secure Communication

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Example Background Basic Concepts in Input to Source Complexity Theory Some Number Text ⇒ ASCII Theoretic & Algebraic Algorithms Text Some Computational Speech ⇒ PCM Hard Problems and their Application Speech Picture/Movie ⇒ JPEG, Cryptography Picture/Movie MPEG Public Key Cryptography Fax FAX ⇒ Modiﬁed Huffman Difﬁe Hellman Key Exchange Protocol Coding Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Cryptology

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Cryptography Design of algorithms, systems, protocols which are Complexity Theory Some Number used to protect information against specific threats. PRIVACY, Theoretic & Algebraic Algorithms AUTHENTICATION, INTEGRITY & NON-REPUDIATION. Some Computational Hard Problems and their Application Cryptanalysis Evolving mathematical methods to check if the Cryptography specified cryptographic design achieves the desired security goal. Public Key It is a science which deals with how to defeat of achieving Cryptography ‘Security Goals’. Diffie Hellman Key Exchange Protocol Public Key Cryptosystems Cryptology = Cryptography + Cryptanalysis RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries CryptologyI

Public Key Cryptography

Indivar Gupta SAG, DRDO, Symmetric Key Crypto : → Alice and Bob both agree on Delhi common key. Background Basic Concepts in Public Key Crypto : → PKC use a pair of keys −→ public key, Complexity Theory Some Number private key. Computing the private key form public key has to be Theoretic & Algebraic Algorithms intractable. Some Computational Hard Problems and their Application Hash Function: → function that maps a bit string of arbitrary Cryptography length into an output of ﬁxed number of bits, called message digest Public Key or hash value. Cryptography Difﬁe Hellman Key Exchange Protocol Digital Signature: A digital signature is a data string which Public Key Cryptosystems associates a message (in digital form) with some originating entity. RSA & ElGamal Elliptic Curve Cryptography Non-repudiation: An entity should not be allowed to deny valid Other Public Key Cryptosystems: Post signatures made by him. Quantum

Elliptic Curve Cryptography

Open Source Libraries CryptologyII

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Data Origin Authentication /Message-Authentication: Basic Concepts in Complexity Theory techniques provide to receiver which receives a message assurance Some Number Theoretic & Algebraic of the identity of the party which originated the message. Algorithms Some Computational Hard Problems and their Application Entity Authentication/Identiﬁcation: Alice proves her identity to

Cryptography Bob. Alice demonstrates to Bob her knowledge of a secret piece of

Public Key information. Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Outline

Public Key Cryptography 1 Background Indivar Gupta Basic Concepts in Complexity Theory SAG, DRDO, Delhi Some Number Theoretic & Algebraic Algorithms

Open Source Libraries Introduction

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi PKC developed by Difﬁe-Hellman and Merkle in the mid

Background 1970s. Basic Concepts in Complexity Theory In PKC, each user has pair of keys: Private Key and Public Some Number Theoretic & Algebraic Key. Algorithms Some Computational Hard Problems and Every one has access to the public key but private their Application

Cryptography information can be accessed by only the owner. Public Key PKC depends on computationally hard problems that prevent Cryptography Difﬁe Hellman Key inverting the public map. Exchange Protocol Public Key Cryptosystems Computing the private key form public key has to be RSA & ElGamal Elliptic Curve intractable. Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Public-Key Cryptosystems

Public Key Cryptography Public Key Cryptosystem CS is a ﬁve-tuple Indivar Gupta SAG, DRDO, Delhi CS = (P, C, K, E, D)

Background Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic Algorithms P: Plaintext Space, C: Ciphertext Space Some Computational Hard Problems and K: Key Space their Application Cryptography E: Encryption Rule, D: Decryption Rule Public Key Cryptography Ee : P → C, Ee(M) = C, Dd : P → C, Dd(C) = M Difﬁe Hellman Key Exchange Protocol (e, d) ∈ K, E ∈ E, D ∈ D. Public Key Cryptosystems It is computationally infeasible to compute d from e. RSA & ElGamal Elliptic Curve Cryptography Dd(Ee(M)) = M. Other Public Key Cryptosystems: Post Quantum E and D operations should be efﬁciently computable. Elliptic Curve Cryptography

Open Source Libraries Advantages and Disadvantages of PKC

Public Key Cryptography

Indivar Gupta SAG, DRDO, Key Security: Only private key needs to be kept secret. Delhi Longevity: Key pairs may be used without change in most Background cases over long period of time. Basic Concepts in Complexity Theory Some Number Key Management: In a large network fewer private keys Theoretic & Algebraic Algorithms will be required. Some Computational Hard Problems and their Application Key-exchange: No key exchange is required Cryptography Digital Signature: The greatest advantage of PKC. Public Key Cryptography Performance: It is slow, in general. Difﬁe Hellman Key Exchange Protocol Public Key Dependency: Role of CA, require PKI. Cryptosystems RSA & ElGamal Elliptic Curve System Security: Depends on well-deﬁned computational Cryptography Other Public Key hard problems. Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Difﬁe Hellman Key Exchange Protocol

Public Key Cryptography

Indivar Gupta Diﬃe Hellman Key Exchange Protocol I SAG, DRDO, Delhi

Background p a large prime Basic Concepts in Complexity Theory a - a generator of Zp* Some Number Theoretic & Algebraic Algorithms Some Computational Unsecured Channel Hard Problems and their Application A B ax mod p Cryptography x y by mod p Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Public Key k º (ay)x mod p k º (ax)y mod p Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key k is the shared secret key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Difﬁe Hellman Key Exchange Protocol

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Knowing α, αx and αy(but neither x nor y) it is hard to ﬁnd Background αxy. Basic Concepts in Complexity Theory Some Number This is as secure as discrete log is intractable. Theoretic & Algebraic Algorithms Some Computational Idea of this protocol: The enciphering key can be made Hard Problems and their Application public since it is computationally infeasible to obtain the Cryptography deciphering key from enciphering key. Public Key Cryptography This protocol is the door-opener to Public Key Difﬁe Hellman Key Exchange Protocol Cryptography. Public Key Cryptosystems RSA & ElGamal Security: CDHP Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Public Key Encryption Schemes

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Setup Some Number Theoretic & Algebraic Algorithms Key Generation Algorithm Some Computational Hard Problems and their Application Encryption Cryptography Decryption Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries RSA Cryptosystem

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Key Generation

Background The ﬁrst task is to select n. n is normally very large (approx Basic Concepts in Complexity Theory Some Number 308 digits) which is a product of two large primes p and q. Theoretic & Algebraic Algorithms e e Some Computational Next a large integer is chosen such that is relatively prime Hard Problems and their Application to φ(n). e is usually picked as a prime larger than both Cryptography (p − 1) and (q − 1). Public Key Cryptography Next d is selected in such a way that: e.d ≡ 1 mod φ(n). Difﬁe Hellman Key Exchange Protocol n and e are made public. Public Key Cryptosystems RSA & ElGamal p, q and d are kept private. Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Encryption and Decryption

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Encryption

Background A obtains B’s public key Basic Concepts in Complexity Theory Message m is an integer in the interval [1, n − 1]. Some Number Theoretic & Algebraic e Algorithms Compute c ≡ m mod n. Some Computational Hard Problems and their Application Send the cipher text c to B. Cryptography Decryption Public Key Cryptography To recover plaintext m from c, B uses his private key d to Difﬁe Hellman Key Exchange Protocol recover m ≡ cd mod n. Public Key Cryptosystems RSA & ElGamal Security: IFP Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Example

Public Key Cryptography Suppose A wants to send the following message to B Indivar Gupta SAG, DRDO, Delhi powera

Background Basic Concepts in Let B chooses his n = 1943 = 29.67. Then φ(n) = 1848. Complexity Theory 2 3 Some Number Suppose he picks e = 701, then d = 29. 26 < n < 26 , Theoretic & Algebraic ∵ Algorithms Some Computational therefore the block size of the plaintext = 2. Hard Problems and their Application m1 = po = 15.26 + 14 = 404, m2 = we = 22.26 + 4 = Cryptography 576, m3 = ra = 17.26 + 0 = 42. Public Key 701 Cryptography c1 = 404 ≡ 1419( mod 1943). Similarly, A can Difﬁe Hellman Key Exchange Protocol calculate c2 = 344& c3 = 210. Public Key Cryptosystems 2 RSA & ElGamal Now c1 = 1419 = 2.26 + 2.26 + 15 = ccp, c2 = 344 = Elliptic Curve Cryptography 13.26 + 6 = ng & c3 = 210 = 8.26 + 2 = ic Therefore the Other Public Key Cryptosystems: Post Quantum cipher text is

Elliptic Curve ccpngic Cryptography

Open Source Libraries RSA Signature Scheme

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Setup Some Number Theoretic & Algebraic Algorithms Key Generation Algorithm Some Computational Hard Problems and their Application Signature Generation Cryptography Signature Veriﬁcation Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries RSA Signature Scheme

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Setup: common parameters: security level, hash Basic Concepts in ∗ Complexity Theory (h : {0, 1} −→ Zn). Some Number Theoretic & Algebraic Algorithms Key Generation Algorithm : Public Key of Signer (n, e), Some Computational Hard Problems and private key d. their Application d Cryptography Signature Generation: s = h(m) mod n. Public Key e Cryptography Signature Veriﬁcation: m˜ = s mod n, verify that Difﬁe Hellman Key Exchange Protocol m˜ = h(m), if not reject the signature. Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Discrete Log: ElGamal

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Key Generation Background Basic Concepts in Complexity Theory First choose a large prime p such that the DLP is infeasible in Some Number Theoretic & Algebraic ∗ Algorithms (Zp,.). Some Computational Hard Problems and ∗ their Application Select a primitive element α of (Zp,.). Cryptography Pick a random integer a(1 < a < p − 1) and compute Public Key a Cryptography β ≡ α (modp). Difﬁe Hellman Key Exchange Protocol Public Para = (p, α), Public Key= β and Private key = a. Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Encryption and Decryption

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Encryption

Background A obtains B’s public information (p, α, β). Basic Concepts in Complexity Theory He represents the message m as an integer in ∗. Some Number Zp Theoretic & Algebraic Algorithms He chooses a random integer k in [2, p − 2]. Some Computational Hard Problems and ∗ ∗ k their Application Compute c = (c1, c2) ∈ Zp × Zp, where c1 ≡ α ( Cryptography k mod p)&c2 ≡ mβ ( mod p). Public Key Cryptography Decryption Using B’s private key, he decrypts the ciphertext Difﬁe Hellman Key a −1 Exchange Protocol c = (c , c ) by calculating m ≡ c (c ) ( mod p). Public Key 1 2 2 1 Cryptosystems RSA & ElGamal Security: DLP Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Example of ElGamal

Public Key Cryptography Let p = 2579 and α = 2, α is a primitive element Indivar Gupta mod 2579. SAG, DRDO, Delhi Let a = 765 then β ≡ 2765( mod 2579) ≡ 949( Background mod 2579). Basic Concepts in Complexity Theory Some Number Therefore the public key of B = (2579, 2, 949) and private Theoretic & Algebraic Algorithms key is 765. Some Computational Hard Problems and their Application m = 1299 Cryptography Now suppose A wants to send the message m = 1299 to B Public Key Cryptography and A picks the random integer k = 853. Difﬁe Hellman Key 853 Exchange Protocol Then A computes c ≡ 2 mod 2579 ≡ 435 mod 2579 Public Key 1 Cryptosystems 853 RSA & ElGamal and c2 ≡ 1299.949 mod 2579 ≡ 2396( mod 2579). Elliptic Curve Cryptography Therefore, the ciphertext of A is Other Public Key Cryptosystems: Post Quantum C = (435, 2396). Elliptic Curve Cryptography

Open Source Libraries Digital Signature Algorithm (DSA)

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Adopted by NIST in 1994 Background Basic Concepts in Complexity Theory Setup: common parameters: security level, hash Some Number ∗ Theoretic & Algebraic (h : {0, 1} −→ Zq). Algorithms Some Computational Hard Problems and Key Generation Algorithm: their Application 1 Select primes p, q with q/(p − 1) Cryptography ? q 2 select g 6= 1 ∈ Zp such that g = 1 mod p Public Key x Cryptography 3 Select x ∈ Zq and compute y = g mod p Difﬁe Hellman Key Exchange Protocol 4 public key (p, q, g, y), secret key x Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Digital Signature Algorithm (DSA)

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Signature Generation ? Background 1 Choose k ∈ Zq , k Basic Concepts in 2 Complexity Theory Compute r = (g mod p) mod q −1 Some Number 3 s = k (H(m) + xr) mod q Theoretic & Algebraic Algorithms 4 Output the signature σ = (s, r) Some Computational Hard Problems and their Application Signature Veriﬁcation: Cryptography

Public Key 1 Check if r, s ∈ {1,..., q − 1}, otherwise reject signature Cryptography −1 2 set w = s mod q, u1 = H(m)w mod q, u2 = rw mod q Difﬁe Hellman Key u u Exchange Protocol 3 Compute v = (g 1 y 2 mod p) mod q Public Key Cryptosystems 4 Accept sign if v = r mod q, and reject otherwise. RSA & ElGamal Elliptic Curve Cryptography Security: DLP Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries RSA Factoring Challanges7

Public Key Cryptography Factorization of Giver Number Indivar Gupta SAG, DRDO, Started by RSA Laboratories: March 1991, Ended: 2009 Delhi RSA-768 factored in Dec 2009 Background A lot of research have been carried out to factor RSA number Basic Concepts in Complexity Theory beyond 768-bit. 6 Some Number Theoretic & Algebraic Algorithms RSA-768= 12301866845301177551304949583849627207728535695953347 Some Computational Hard Problems and 92197322452151726400507263657518745202199786469389956 their Application 47494277406384592519255732630345373154826850791702612 Cryptography 21429134616704292143116022212404792747377940806653514 Public Key 19597459856902143413 Cryptography Difﬁe Hellman Key p = 33478071698956898786044169848212 Exchange Protocol Public Key 6908177047949837137685689124313889828837938780022 Cryptosystems 87614711652531743087737814467999489 RSA & ElGamal Elliptic Curve ×q = 3674604366679959042824463379962795 Cryptography 2632279158164343087642676032283815739666511279233 Other Public Key Cryptosystems: Post 373417143396810270092798736308917 Quantum 6Cryptology ePrint Archive: http://eprint.iacr.org/2010/006 Elliptic Curve 7 Cryptography https://en.wikipedia.org/wiki/RSA_Factoring_Challenge

Open Source Libraries RSA Factoring Record: Feb 2020

Public Key Cryptography

Indivar Gupta SAG, DRDO, RSA-250 has 250 decimal digits (829 bits), and was factored in Delhi February 2020 by Fabrice Boudot, Pierrick Gaudry, Aurore

Background Guillevic, Nadia Heninger, Emmanuel Thome, and Paul Basic Concepts in Complexity Theory Zimmermann Some Number RSA-250 21403246502407449612644230728393335630086147151447550177 Theoretic & Algebraic Algorithms (829)= 97754920881418023447140136643345519095804679610992851872 Some Computational Hard Problems and 47091458768739626192155736304745477052080511905649310668 their Application 76915900197594056934574522305893259766974716817380693648 Cryptography 94699871578494975937497937

Public Key Cryptography p = 64135289477071580278790190170577389084825014742943 Difﬁe Hellman Key 4472081168596320245323446302386235987526683477087376619255 Exchange Protocol Public Key 85694639798853367 Cryptosystems ×q = 3337202759497815655622601060535511422794076034 RSA & ElGamal Elliptic Curve 47675546667845209870238417292100370802574486732968818775657 Cryptography 18986258036932062711 Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Post Quantum Cryptography

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi If quantum computers are available then Shor’s algorithm Background runs in polynomail time to solve Basic Concepts in Complexity Theory Integer factorization problem Some Number Theoretic & Algebraic Algorithms DLP in ﬁnite ﬁelds & DLP on elliptic curves Some Computational Hard Problems and DLP in general class groups their Application

Cryptography The following PKC will be dead: RSA, DLP /ECDLP based

Public Key Cryptosystems Cryptography Difﬁe Hellman Key Cryptography that will be resistant to attack by quantum Exchange Protocol Public Key computer is known as Post Quantum Cryptography Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Definition (Lattices) Background Basic Concepts in A lattices is defined as the set of all integer combinations of n Complexity Theory Some Number linearly independent vectors b , ··· , b : Theoretic & Algebraic 1 n Algorithms Some Computational Hard Problems and i=n their Application n X o L(b , ··· , b ) = x b : x ∈ for 1 ≤ i ≤ n . Cryptography 1 n i i i Z i=1 Public Key Cryptography Diffie Hellman Key The set of vectors b1, ··· , bn is called a basis for the lattice. Exchange Protocol Public Key B = [b1, ··· , bn] Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Lattice basis reduction (NTRU)

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Lattice Problems Basic Concepts in Complexity Theory Shortest Vector Problem (SVP): Given a lattice basis B, find Some Number Theoretic & Algebraic Algorithms the shortest non zero vector in L(B). Some Computational Hard Problems and their Application Closest Vector Problem (CVP): Given a lattice basis B and a Cryptography target vector t (not necessarily in the lattice), find the lattice Public Key point v closest to t. Cryptography Diffie Hellman Key Exchange Protocol Fact: SVP and CVP are NP-hard Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Solving System of Multivariate Polynomial Equations Over Finite Field

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Deﬁnition (MQ Problem)

Background Basic Concepts in Solve the system p1(x) = p2(x) = ··· = pm(x), where each pi is a Complexity Theory Some Number quadratic in x. All coefficients and variables are in =˛Fq, the field Theoretic & Algebraic Algorithms with q elements. Some Computational Hard Problems and their Application Cryptography Multivariate Public Key Cryptography is based on hardness Public Key of MQ. Cryptography Diffie Hellman Key Exchange Protocol MQ is an NP-Hard Problem Public Key Cryptosystems HFE, Sflash, Quartz RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Decoding Problem: GBD/GD

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi Definition (Goppa Bounded Decoding (GBD) Problem) r Background Instance: An r × n binary matrix H and word s ∈ F2. Basic Concepts in n Complexity Theory Question: Is there a word e in of weight ≤ r/ log2 n such that Some Number F2 Theoretic & Algebraic T Algorithms He = s? Some Computational Hard Problems and their Application Definition (Goppa Code Distinguishing (GD) Problem) Cryptography Public Key Instance: An r × n binary matrix H. Cryptography Diffie Hellman Key Question: Does H belong to Gn,t for some t. Here Gn,t denotes the Exchange Protocol Public Key set of all parity check matrices of t-error correcting binary Goppa Cryptosystems RSA & ElGamal codes of length n. Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Decoding Problem: GBD/GD

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi GBD and GD problem are NP-hard. In fact these problems Background Basic Concepts in are exponential. Complexity Theory Some Number Security of Code based Cryptography are based on hardness Theoretic & Algebraic Algorithms Some Computational of GBD/GD problem. Hard Problems and their Application Examples: McEliece’s Cryptosystem and Niederreiter. Cryptography

Public Key Cryptanalytic Attacks: not susceptible to all known attacks Cryptography Difﬁe Hellman Key Key Size: Very Large Exchange Protocol Public Key Cryptosystems Encryption/Decryption Speed: Reasonable RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Outline

Public Key Cryptography 1 Background Indivar Gupta Basic Concepts in Complexity Theory SAG, DRDO, Delhi Some Number Theoretic & Algebraic Algorithms

Open Source Libraries Introduction to Elliptic CurveI

Public Key Cryptography

Indivar Gupta An elliptic curve E over a field K is a non-singular cubic SAG, DRDO, Delhi curve in two variables, f(x, y) = 0 together with an extra point the point at infinity. Background Basic Concepts in Complexity Theory The field K is usually taken to be the complex, real, rational, Some Number Theoretic & Algebraic algebraic extensions of rational or a finite field. Algorithms Some Computational Hard Problems and Elliptic curves groups for cryptographic applications are their Application examined with the underlying finite fields of characteristic Cryptography p(where p > 3 is a prime) i.e F m and fields of characteristic Public Key p Cryptography 2 i.e. F2m . Diffie Hellman Key Exchange Protocol Public Key The “standard elliptic curve”has the form: Cryptosystems RSA & ElGamal Elliptic Curve 2 3 Cryptography y = x + ax + b Other Public Key Cryptosystems: Post Quantum for some fixed a and b. Elliptic Curve Cryptography

Open Source Libraries Introduction to Elliptic CurveII

Public Key Cryptography Examples for Characteristic 0:

Indivar Gupta SAG, DRDO, y2 = x3 − 1 y2 = x3 + 1 Delhi

Background Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic Algorithms Some Computational Hard Problems and their Application

Cryptography 2 3 Public Key y = x − 3x + 3 Cryptography y2 = x3 − x Difﬁe Hellman Key 4 Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Elliptic Curve

Public Key Generalized Form: An elliptic curve E over a field K is defined by a Cryptography 2 3 2 Weiestrass equation: E : y + a1xy + a3y = x + a2x + a4x + a6, Indivar Gupta SAG, DRDO, ai ∈ K together with a point O called point at infinity. Delhi E/K- if a1, a2, a3, a4, a6 ∈ K Background Basic Concepts in E(K) the set of K-rational points of E, with the point O. Complexity Theory Some Number 2 2 3 2 Theoretic & Algebraic E(K) = {(x, y) ∈ K : y +a1xy+a3y = x +a2x +a4x+a6}∪{O}. Algorithms Some Computational (1) Hard Problems and their Application we define some constants: Cryptography 2 2  b2 = a1 + 4a2, b4 = a1a3 + 2a4, b6 = a3 + 4a6, Public Key 2 2 2  Cryptography b8 = a1a6 + 4a2a6 − a1a2a4 − a2a3 − a4, Diffie Hellman Key 2 3  Exchange Protocol c4 = b2 − 24b4, c6 = −b2 + 36b2b4 − 216b6. Public Key Cryptosystems discriminant ∆ = −b2b − 8b3 − 27b2 + 9b b b . RSA & ElGamal 2 8 4 6 2 4 6 Elliptic Curve 3 2 Cryptography (K) 6= 2, 3,∆ = (c4 − c6)/1728. Other Public Key Cryptosystems: Post ∂f ∂f Quantum The curve f (x, y) = 0 is non singular iff at least one of ∂x , ∂y 6= 0. Elliptic Curve Equivalent condition is Discriminant ∆ 6= 0. Cryptography

Open Source Libraries Public Key Let E be an elliptic curve given by a Weierstrass equation. Then Cryptography (E, +) is an abelian group with identity element O and E(K) is a Indivar Gupta subgroup of E. SAG, DRDO, Delhi P(x1, y1) and Q(x2, y2) be two points on a curve. the explicit Background Basic Concepts in formula for P + Q = (x3, y3) can be computed easily. If the curve Complexity Theory Some Number is deﬁned in equation (1), then Theoretic & Algebraic Algorithms Some Computational 2 Hard Problems and x3 = λ + a1λ − a2 − x1 − x2 (2) their Application

Cryptography y3 = −(λ + a1)x3 − β − a3

Public Key Cryptography where β = y1 − λx1 and Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems  y2−y1  x −x if P 6= Q, RSA & ElGamal λ = 2 1 Elliptic Curve 3x2+2a x +a −a y Cryptography  1 2 1 4 1 1 , if P = Q. Other Public Key 2y1+a1x1+a3 Cryptosystems: Post Quantum

Elliptic Curve Cryptography −P = (x1, −y1 − a1x1 − a3) Open Source Libraries Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic Algorithms Some Computational Hard Problems and their Application

Cryptography

Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Complexity Analysis

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Some Number Theoretic & Algebraic Algorithms Some Computational Hard Problems and their Application

Cryptography

Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Elliptic Curve based Cryptographic Schemes

Public Key Cryptography Koblitz (1987) and Miller (1985) ﬁrst recommended the use of

Indivar Gupta elliptic-curve groups (over finite fields) in cryptosystems. Some SAG, DRDO, Delhi cryptographic schemes [6]: 1 Background Signature Scheme Basic Concepts in Complexity Theory ECDSA Some Number Theoretic & Algebraic EC-KCDSA Algorithms Some Computational 2 Public Key Encryption Hard Problems and their Application ElGamal Elliptic Curve Encryption. Cryptography Elliptic Curve Integrated Encryption (ECIES)(Bellare and Public Key Rogaway, Variant of ElGamal). Cryptography Diffie Hellman Key Provably Secure Encryption Curve Scheme(PSEC)-Fujisaki Exchange Protocol Public Key and Okamoto. Cryptosystems RSA & ElGamal 3 Key Agreement Elliptic Curve Cryptography Other Public Key Diffie-Hellman. Cryptosystems: Post Quantum Station-to-station (Diffie, Van Oorschot, Wiener).

Elliptic Curve ECMQV (Menezes, Qu, Vanstone). Cryptography

Open Source Libraries ElGamal Elliptic Curve Cryptosystem

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in ElGamal Cryptosystem Consists of: Complexity Theory Some Number Theoretic & Algebraic Setup: Domain Parameters D = (Fp, E, P, n) Algorithms Some Computational Hard Problems and Key Generation Algorithm: Key Pair (d, Q), where Q = d.P. their Application

Cryptography Encryption Algorithm: Ciphertext Public Key Decryption Algorithm: Plaintext Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Encryption

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Input: Elliptic curve domain parameters (Fp, E, P, n), public Basic Concepts in Complexity Theory key Q = d.P, plaintext m. Some Number Theoretic & Algebraic Algorithms Output: Ciphertext (C1, C2) Some Computational Hard Problems and 1 Represent the message m as a point M in E(Fp). their Application 2 Select random k ∈ [2, n − 1]. Cryptography 3 Compute C1 = k.P(scalar multiplication). Public Key Cryptography 4 Compute C2 = M + k.Q. Difﬁe Hellman Key Exchange Protocol 5 Return (C1, C2). Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Decryption

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Input: Elliptic curve domain parameters (Fp, E, P, n), Some Number Theoretic & Algebraic Algorithms private key d, ciphertext (C1, C2). Some Computational Hard Problems and Output: Plaintext m their Application

Cryptography 1 Compute M = C2 − d.C1. 2 Return (m). Public Key Cryptography Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Key Size Comparison:

Public Key Cryptography

Indivar Gupta Key sizes (in bits) recommended by the National Institute of SAG, DRDO, Delhi Standards and Technology (NIST) to protect keys used in (DES) and (AES) together with the key sizes for RSA, Diffie-Hellman Background 8 Basic Concepts in and elliptic curves that are needed to provide equivalent security. Complexity Theory Some Number Theoretic & Algebraic Algorithms Some Computational Hard Problems and Symmetric Key Size RSA and Diffie- Elliptic Curve Key their Application Hellman Key Size Size Cryptography 80 1024 160 Public Key Cryptography 112 2048 224 Diffie Hellman Key Exchange Protocol 128 3072 256 Public Key Cryptosystems 192 7680 384 RSA & ElGamal 256 15360 512 Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve 8 Cryptography https://www.nsa.gov/business/programs/elliptic_curve.shtm

Open Source Libraries ECC:Advantage

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Shorter Key Length translates to Basic Concepts in Complexity Theory 1 Faster implementation Some Number Theoretic & Algebraic 2 Less power consumption Algorithms Some Computational 3 Less silicon area Hard Problems and their Application Can be implemented in 8/16/32-bits microprocessor with Cryptography

Public Key reasonable amount of security. Cryptography Difﬁe Hellman Key Can be implemented in Smart Card, PDA etc.. Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Implementation of ECC

Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Note: Basic necessity for implementation of ECC: a good Basic Concepts in Complexity Theory finite filed library Some Number Theoretic & Algebraic Algorithms Choice of Finite Filed Some Computational Hard Problems and their Application Choice of Basis Cryptography Choice of coordinate Systems Public Key Cryptography Choice of methods for scaler multiplication Diffie Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Certicom ECC CChallanges9

Public Key Cryptography The Challenge is to compute the ECC private keys from the Indivar Gupta SAG, DRDO, given list of ECC public keys and associated system Delhi parameters Background Certicom Proposed two levels of challenges for elliptic Basic Concepts in Complexity Theory curves over prime fields ( ) and elliptic over extension of Some Number Fp Theoretic & Algebraic Algorithms finite fields (F2n ). Some Computational Hard Problems and Level I level II their Application

Cryptography 109-bit challenge Solved EECp- 163-bit challenge

Public Key 109 Solved in 2002 EECC2-109 Cryptography Difﬁe Hellman Key Solved in 2004 Exchange Protocol Public Key 131-bit challenge 191-bit challenge Cryptosystems RSA & ElGamal 239-bit challenge Elliptic Curve Cryptography 359-bit challenge Other Public Key Cryptosystems: Post Quantum World records: 113-bit Koblitz curve using FPGA-cluster

Elliptic Curve 9 Cryptography Certicom Research

Open Source Libraries Identity Based CryptographyI

Public Key Cryptography

Indivar Gupta Conventional Public-key cryptography is dependent on a SAG, DRDO, Delhi public-key infrastructure(PKI). PKI addresses authentication of public key problem Background Basic Concepts in Complexity Theory A PKI often works with a party trusted by all users, called Some Number Theoretic & Algebraic Certiﬁcation Authority (CA) Algorithms Some Computational Hard Problems and CA has to generate and sign certiﬁcates containing public their Application

Cryptography key of users along with identity. Public Key PKI- based cryptography is both time-consuming and Cryptography Difﬁe Hellman Key error-prone. Exchange Protocol Public Key Cryptosystems In 1984, Shamir introduced the concept of identity-based RSA & ElGamal Elliptic Curve cryptography. Cryptography Other Public Key Cryptosystems: Post It uses user identity attributes, such as email addresses/ phone Quantum numbers company address instead of digital certiﬁcates Elliptic Curve Cryptography

Open Source Libraries Identity Based CryptographyII

Public Key Cryptography

Indivar Gupta SAG, DRDO, More precisely, the public key of a user is derived directly Delhi from publicly available information. Background Basic Concepts in Practical realization of identity-based public key Complexity Theory Some Number cryptography (ID-PKC) came prom pairings. Theoretic & Algebraic Algorithms Some Computational In 2001, Boneh and Franklin proposed the first identity-based Hard Problems and their Application encryption scheme, using the bilinearity of pairings. Cryptography Computationally Hard prob: Bilinear Diffie Hellman Public Key Cryptography Problem Diffie Hellman Key Exchange Protocol Public Key Although it provides some advantages over PKI-based Cryptosystems RSA & ElGamal approaches, it is not without its drawbacks (Key escrow). Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Outline

Public Key Cryptography 1 Background Indivar Gupta Basic Concepts in Complexity Theory SAG, DRDO, Delhi Some Number Theoretic & Algebraic Algorithms

Open Source Libraries Some Open Source Libraries10

Public Key Cryptography

Indivar Gupta SAG, DRDO, SAGE [System for Algebra and Geometry Experimentation]: Delhi http://www.sagemath.org/ Background Basic Concepts in PARI/GP: http://pari.math.u-bordeaux.fr/ Complexity Theory Some Number Theoretic & Algebraic crypto - OpenSSL cryptographic library: Algorithms Some Computational https://www.openssl.org/docs/crypto/crypto.html Hard Problems and their Application GAP http://www.gap-system.org Cryptography

Public Key NTL: A Library for doing Number Theory Cryptography http://www.shoup.net/ntl/ Difﬁe Hellman Key Exchange Protocol Public Key MIRACL http://indigo.ie/?mscott/ Cryptosystems RSA & ElGamal Elliptic Curve GNU MP http://www.swox.com/gmp/ Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve 10 Cryptography Appendix B, [6]

Open Source Libraries ReferencesI

Public Key Cryptography

Indivar Gupta Neal Koblitz, SAG, DRDO, Delhi A Course in Number Theory and Cryptography (Graduate Texts in Mathematics, Springer, 2nd edition, 1994. Background Basic Concepts in Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone Complexity Theory Some Number Handbook of Applied Cryptography, CRC Press, 1996. Theoretic & Algebraic Algorithms Some Computational Hard Problems and John Talbot & Dominic Wels, their Application Complexity and Cryptography : An Introduction, Cambridge University Cryptography Press, 2006. Public Key Cryptography Lawrence C. Washington, Difﬁe Hellman Key Exchange Protocol Elliptic Curves: Number Theory and Cryptography, 2nd ed (Discrete Public Key Cryptosystems Mathematics and Its Applications), CRC Press 2008. RSA & ElGamal Elliptic Curve Cryptography Song Y. Yan & M.E. Hellmann, Other Public Key Cryptosystems: Post Number Theory for Computing, 2nd ed, Springer, 2002. Quantum

Elliptic Curve Cryptography

Open Source Libraries ReferencesII

Public Key Cryptography

Indivar Gupta Darrel Hankerson, Alfred J. Menezes & Scott Vanstone, SAG, DRDO, Guide to Elliptic Curve Cryptography, Springer-Verlag, New York, 2004. Delhi

Background I F Blake, G. Seroussi & N P Smart, Basic Concepts in Complexity Theory Elliptic Curves in Cryptography, Cambridge University Press, 1999. Some Number Theoretic & Algebraic Algorithms I F Blake, G. Seroussi & N P Smart, Some Computational Hard Problems and Advances in Elliptic Curve Cryptography, Cambridge University Press 2nd their Application Ed, 2005. Cryptography

Public Key Abhijit Das Cryptography Difﬁe Hellman Key Computational Number Theory, , CRC Press, 2013. Exchange Protocol Public Key Cryptosystems Henri Cohen, Gerhard Frey, Roberto Avanzi, Christophe Doche, Tanja RSA & ElGamal Lange, Kim Nguyen & Frederik Vercauteren Elliptic Curve Cryptography Handbook of Elliptic and Hyperelliptic Curve Cryptography, Chapman and Other Public Key Cryptosystems: Post Hall/CRC, 2005. Quantum

Elliptic Curve Cryptography

Open Source Libraries References III

Public Key Cryptography Indivar Gupta Alasdair McAndrew, SAG, DRDO, Delhi Introduction to Cryptography with Open-Source Software, CRC Press, 2011. Background Basic Concepts in Complexity Theory Jintai Ding, Jason E. Gower & Dieter S Schmidt, Some Number Theoretic & Algebraic Multivariate Public Key Cryptography, Springer, 2006. Algorithms Some Computational Hard Problems and Daniel J Bernstein, Johannes Buchmann, Erik Dahmen, their Application

Cryptography Post-Quantum Cryptography, Springer, 2009

Public Key Cryptography J L Mullen and D Panario, Difﬁe Hellman Key Hand Book of Finite Fields, CRC Press, 2013. Exchange Protocol Public Key Cryptosystems Boneh, D. and Franklin, M.: Identity-Based Encryption from the Weil RSA & ElGamal Elliptic Curve Pairing. Advances in Cryptology - Crypto 2001, LNCS 2139, Cryptography Other Public Key Springer-Verlag (2001), pp. 213?229. Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries Public Key Cryptography

Indivar Gupta SAG, DRDO, Delhi

Background Basic Concepts in Complexity Theory Thanks Some Number Theoretic & Algebraic Algorithms Some Computational Hard Problems and their Application

Cryptography

Public Key Cryptography [email protected] Difﬁe Hellman Key Exchange Protocol Public Key Cryptosystems RSA & ElGamal Elliptic Curve Cryptography Other Public Key Cryptosystems: Post Quantum

Elliptic Curve Cryptography

Open Source Libraries