Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
and Network
Security
Sixth Edition
by William Stallings
Chapter 10
Other Public-Key Cryptosystems
“Amongst the tribes of Central Australia every man, woman, and
child has a secret or sacred name which is bestowed by the older
men upon him or her soon after birth, and which is known to none
but the fully initiated members of the group. This secret name is
never mentioned except upon the most solemn occasions; to utter
it in the hearing of men of another group would be a most serious
breach of tribal custom. When mentioned at all, the name is spoken
only in a whisper, and not until the most elaborate precautions
have been taken that it shall be heard by no one but members of
the group. The native thinks that a stranger knowing his secret
name would have special power to work him ill by means of magic.”
7
8
ElGamal Cryptography
Public-key scheme
Used in the digital
based on discrete
Announced in 1984 by signature standard
logarithms closely
T. Elgamal (DSS) and the S/MIME
related to the Diffie-
e-mail standard
Hellman technique
9
10
Elliptic Curve Arithmetic
• Most of the products and standards that use public-key
cryptography for encryption and digital signatures use RSA
• The key length for secure RSA use has increased over recent
years and this has put a heavier processing load on applications
using RSA
11
Abelian Group
• A set of elements with a binary operation, denoted by , that
associates to each ordered pair (a, b) of elements in G an
element (a b) in G, such that the following axioms are obeyed:
• Special case:
y 2 x 3 ax b
4a 3 27b 2 0
Where x, y, a, and b
are all real numbers
13
Elliptic Curves over Real
Numbers
• The set of points E(a, b) forms an R Abelian group
with respect to “addition” as follows:
• P+Q is reflection of the intersection R
• O (Infinity) acts as additive identity
• To double a point P, find intersection of tangent and curve
• Closure: P+Q ε E
• Associativity: P+(Q+R) = (P+Q)+R
• Identity: P+O=P
• Inverse: -P ε E
• Commutative: P+Q = Q+P
14
Algebraic Description of
Addition
• Slope of line P = (xp,yp) and Q= (xQ,yQ) is:
( y Q y p ) /( xQ x P )
• The sum R=P+Q is:
x R 2 x p xQ
y R y P ( x p x R )
• P+P=2P=R 2
3 x 2p a
xR 2x p
2yp
3 x 2p a
yR ( x p x R ) y P
2yp
15
Finite Elliptic Curves
• Elliptic curve cryptography uses curves whose variables and coefficients
are finite
• Two families of elliptic curves are used in cryptographic applications:
Binary
curves Prime
y + xy =
2
over curves y2 =
x3 + ax2 + b GF(2m) over Zp x3 + ax + b
• Variables and coefficients all take on • Use a cubic equation in which the variables and
values in GF(2m) and in calculations are coefficients all take on values in the set of
performed over GF(2m) integers from 0 through p-1 and in which
• Best for hardware applications calculations are performed modulo p
• Best for software applications
16
Elliptic Curves over Zq
• Prime curves: Eq(a, b) defined over Zq
y 2 mod q ( x 3 ax b) mod q
• The condition
(4a 3 27b 2 ) mod q 0 mod q
18
Symmetric
about y = 11.5
19
Rules for addition over Eq(a, b)
• If P = (xP,yP) and Q= (xQ,yQ), then R=P+Q
x R (2 x P xQ ) mod q
y R ( ( x P x R ) y P ) mod q
where
y Q y P
mod q if P Q
xQ x P
3 x P2 a
2 y mod q if P Q
P
• Multiplication is defined as repeated addition
• 4P= P+P+P+P
20
Example Over E23(1, 1)
• Let P=(3, 10) and Q=(9,7) then find R = P + Q
7 10 -3 1
mod 23 mod 23 mod 23 11
93 6 2
x R (11 2 3 9) mod 23 109 mod 23 17
y R (11(3 17) 10) mod 23 164 mod 23 20
So R (17,20)
• Find 2P?
21
Elliptic Curves Over GF(2 ) m
22
Elliptic Curve Cryptography
(ECC)
• Addition operation in ECC is the counterpart of
modular multiplication in RSA
• Multiple addition is the counterpart of
modular exponentiation
23
Certicom example: E23(9,17)
• Consider the group E23(9, 17).
• y2 mod 23 = (x3 + 9x + 17) mod 23.
• What is the discrete logarithm k of Q = (4, 5) to the
base P = (16, 5)? The brute-force method is to
compute multiples of P until Q is found.
• Thus P = (16, 5); 2P = (20, 20); 3P = (14, 14); 4P = (19,
20); 5P = (13, 10); 6P = (7, 3); 7P = (8, 7); 8P = (12,
17) ; 9P = (4, 5).
• Because 9P=(4,5) = Q, the discrete logarithm Q=(4,5)
to the base P=(16, 5) is k=9.
• In a real application, k would be so large as to make
the brute-force approach24 infeasible.
25
ECC Encryption/Decryption
• Several approaches using elliptic curves have been analyzed
• Each user chooses a private key nA and generates a public key PA=nA * G
Cm = {kG, Pm+kPB}
• To decrypt the ciphertext, B multiplies the first point in the pair by B’s
secret key and subtracts the result from the second point:
Pm+kPB–nB(kG) = Pm+k(nBG)–nB(kG) = Pm
26
ECC Encryption/Decryption
Example
• E257(0, -4), Pm=(112,26), nB=101, G=(2, 2)
• PB=nBG = 101(2, 2) =(197, 167)
• k=41, C1=kG=41(2,2)=(136, 128)
• C2=Pm+kPB= (112, 26) + 41(197, 167)
=(112, 26)+(68, 84) = (246, 174)
• Cm={C1, C2} = {(136,128),(246, 174)}
Parameter Value
p(modulus) 0x89abcdef012345672718281831415926141424f7
a 0x37a5abccd277bce87632ff3d4780c009ebe41497
b 0x0dd8dabf725e2f3228e85f1ad78fdedf9328239e
generator x 0x8723947fd6a3a1e53510c07dba38daf0109fa120
generator y 0x445744911075522d8c3c5856d4ed7acda379936f
28
Security of Elliptic Curve
Cryptography
• Depends on the difficulty of the elliptic curve logarithm
problem
• determining k given kP and P