Elliptic Curve Cryptography
Celia Li
Computer Science and Engineering
November 10, 2005
Content
 Introduction
of Elliptic Curve
Theory
 Elliptic Curve Diffie-Helman
Protocol
 Elliptic Curve Digital Signature
Authentication
 ECC Security Analysis
2
What is Elliptic Curve
Cryptography (ECC) ?
 A public
key encryption
technique based on elliptic curve
theory that can be used to create
faster, smaller, and more efficient
cryptographic keys
3
Elliptic Curve Over Real Numbers



Set of Points (x, y):
y2 = x3 + ax + b
where x, y, a and b are real
numbers.
Includes all points (x, y)
+ a special point O, called
the point at infinity
Point O does not satisfy
elliptic curve equation, but
is needed for addition
operation
4
Elliptic Curve Addition

Adding distinct points P and Q
 P=(xP, yP), Q=(xQ, yQ) are not
negative of each other
P+Q=R
 P + Q = R where
s= (yP-yQ)/ (xP-xQ)
xR = s2-xP-xQ
yR = -yP+s (xP-xR)
 s is the slope of the line through P
and Q
 Example:
P(-2.35, -1.86), Q(-0.1, 0.836)
–R(3.89, 5.62), R(3.89, -5.62)
P+Q=R=(3.89, -5.62)
5
Elliptic Curve Addition

Adding Points P and -P
 Elliptic curve group
includes the point at
infinity O.
P+(-P)=O
 P+O=P
 All elliptic curves
have the point at
infinity O
P+(-P)=O
6
Elliptic Curve Addition

Doubling the Point P if yP0
 P=(xP, yP), yP0
 P+P=2P=R
s= (3xP2 +a)/ (2yP)
xR = s2-2xP
yR = -yP+s (xP-xR)
 Example:
P(2, 2.65),
–R(-1.11, -2.64),
R(-1.11, 2.64)
2P=R=(-1.11, -2.64)
P+P=2P=R
7
Elliptic Curve Addition

Doubling the Point P if yP=0
 P+P=2P=O
 3P= 2P+P=O+P=P
 4P= 3P+P=P+P=O
 5P=P, 6P=O, 7P=P, etc
2P=O
(1.1, 0)
8
Elliptic Curve Over Finite Field Fz

Major Difference between Elliptic Curve
Over Fz and Over Real Numbers
 Elliptic curve over Fz has a finite number of
points
 Unlike elliptic curve over real numbers,
computations over Fz involve no round off error
 Computations are performed by modulo z
9
Elliptic Curve Over Finite Field Fz

Set of points (x, y) satisfy
y2 = x3 + ax + b mod z,
where z is a prime number>3, a, b, x, y  Fz
Adding Distinct Points P and Q
 P=(xp, yp) , -P=(xp, -ypmod z).
 P+Q=R where
s= (yP-yQ)/ (xP-xQ) mod z
xR = s2-xP-xQ mod z
yR = -yP+s (xP-xR) mod z
 Doubling the Point P if yp 0
 2P=R where
s= (3xP2 +a)/ (2yP) mod z
xR = s2-2xP mod z
yR = -yP+s (xP-xR) mod z

10
Conclude Elliptic Curve Theory

Crucial Property of an Elliptic Curve
 Define a rule for “adding” two points which
are on the elliptic curve, to obtain a 3 rd point
which is also on the elliptic curve
 Include a special point O, which does not
satisfy the elliptic curve equation
 Order of a Point
 Order of a point P on the elliptic curve is the
smallest integer r such that r*P=O
11
Elliptic Curve Discrete Logarithm
Problem (ECDLP)
Public-key cryptography systems use hard-tosolve problems as the basis of the algorithm
 Prime factorization is a hard problem used
by RSA
 ECDLP is a “hard” problem used by ECC
 Given two points Q & G on elliptic curve,
such that Q = d*G
 Can we easily find integer d?
 Q is public key, d is private key
 Relatively easy to perform, but extremely
difficult to reverse

12
Elliptic Curve Diffie-Helman Protocol
Q: public key
d: private key
G: a fixed point on
elliptic curve
Message
Generates dAlice
Computes QAlice=dAlice *G
shared secret
key
=
=dAlice*(dBob*G)
Generates dBob
Publish QBob
shared
secret key
Use this computed
point P1 or P2 as the
shared secret key
Computes QBob=dBob *G
Computes P2=dBob * QAlice
=
Computes P1=dAlice*QBob
Publish Curve
Point QAlice
=dBob * (dAlice *G)
P1=P2=dAlice* dBob* G
Given a curve point G and the result of d*G,
it is difficult to compute d.
13
Elliptic Curve Digital Signature Authentication
QAlice: public key
dAlice: private key
Select a random number k[1,n-1]
Compute point P=k *G=(x,y)
Compute r=x mod n
Yes
r=0?
No
(29*35)mod78=
(k*x)mod n=1
1 -1
e=SHA-1(m)
 x=k
G: a point on elliptic curve
n: order of point G, n*G=O
Sends
message m
and her
signature
(r,s)
Verify r and s are integers in the
range [1, n-1]
e=SHA-1(m)
Compute w=s-1 mod n
Compute u1=e*w and u2=r*w
Point X=(x1, y1)=u1*G+u2*QAlice
Compute s=k-1(e+dAlice*r) mod n
X=O?
Yes
s=0?
Yes
Reject
No
Compute v=x1 mod n
Signature of m is the pair (r,s)
Accept Alice’s signature if v=r
14
Security Analysis

ECC can offer same
levels of security
with small size keys
comparable to RSA
and other public key
cryptography
methods

Designed for devices with limited memory,
bandwidth, computational power, e.g. smartcards
and PDAs
RSA Time to ECC Key RSA:ECC
Key Break Key Size for Key Size
Size
(MIPS Equivalent Ratio
Years)
Security
512
104
106
5:1
768
108
132
6:1
1,024
1011
160
7:1
2,048
1020
210
10:1
21,000
1078
600
35:1
15
Reference











Neal Koblitz, "Elliptic curve cryptosystems", Mathematics of Computation 48, 1987,
pp203–209.
V. Miller, "Use of elliptic curves in cryptography", CRYPTO 85, 1985.
Blake, Seroussi, Smart, "Elliptic Curves in Cryptography", Cambridge University
Press, 1999.
Hankerson, Menezes, Vanstone, "Guide to Elliptic Curve Cryptography", SpringerVerlag, 2004.
L. Washington, "Elliptic Curves: Number Theory and Cryptography", Chapman &
Hall/CRC, 2003.
B.Schneier. Applied Cryptography. John Wiley and Sons, second edition, 1996
Julio Lopez and Ricardo Dahab, “An overview of elliptic curve cryptography”, May
2000.
V. Miller, “Uses of elliptic curves in cryptography”, Advances in Cryptology CRYPTO'85, LNCS 218, pp.417-426, 1986.
Robert Milson, “Introduction to Public Key Cryptography and Modular Arithmetic”
William Stallings, Cryptography and Network Security-Principles and Practice second
edition, Prentice Hall publications.
R. Schroppel, H. Orman, S. O’Malley and O. Spatscheck, “Fast key exchange with
elliptic key systems”, Advances in Cryptography, Proc. Crypto’95, LNCS 963, pp. 4356, Springer-Verlag, 1995.
16
Thank You !
17