Elliptic Curve Cryptography

Similar documents
Key Management and Distribution

Chapter 9. Public Key Cryptography, RSA And Key Management

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Public Key Algorithms

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Cryptography and Network Security

Public Key Cryptography

1. Diffie-Hellman Key Exchange

Public Key Cryptography

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

Lecture 2 Applied Cryptography (Part 2)

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Abhijith Chandrashekar and Dushyant Maheshwary

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Channel Coding and Cryptography Part II: Introduction to Cryptography

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography

Implementation and Benchmarking of Elliptic Curve Cryptography Algorithms

Crypto CS 485/ECE 440/CS 585 Fall 2017

Overview. Public Key Algorithms I

FINDING CRYPTOGRAPHICALLY STRONG ELLIPTIC CURVES: A TECHNICAL REPORT

Public Key Algorithms

ECC Elliptic Curve Cryptography. Foundations of Cryptography - ECC pp. 1 / 31

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Diffie-Hellman. Part 1 Cryptography 136

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh

Real-time protocol. Chapter 16: Real-Time Communication Security

Elliptic Curve Cryptography

Introduction to Public-Key Cryptography

CSC 474/574 Information Systems Security

A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS

Spring 2010: CS419 Computer Security

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Chapter 7 Public Key Cryptography and Digital Signatures

Public Key Algorithms

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

Chapter 9 Public Key Cryptography. WANG YANG

CSC/ECE 774 Advanced Network Security

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

The Application of Elliptic Curves Cryptography in Embedded Systems

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Lecture 6 - Cryptography

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptographic Protocols 1

Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography

Key Exchange. Secure Software Systems

CS 494/594 Computer and Network Security

Cryptographic Systems

Elliptic Curve Public Key Cryptography

Innovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Innovation and Cryptoventures. Digital Signatures. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Public-key encipherment concept

Topics. Number Theory Review. Public Key Cryptography

Auth. Key Exchange. Dan Boneh

Chapter 3 Public Key Cryptography

Public Key (asymmetric) Cryptography

Total No. of Questions : 09 ] [ Total No.of Pages : 02

The use of Elliptic Curve Cryptography in DNSSEC

Iqbal Singh Deptt. of Computer Science, Bhagwant University, Rajasthan, India

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Digital Signature. Raj Jain

CS 161 Computer Security

CS669 Network Security

Uzzah and the Ark of the Covenant

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

CSE 127: Computer Security Cryptography. Kirill Levchenko

Introduction to Cryptography Lecture 7

Cryptography and Network Security. Sixth Edition by William Stallings

Application of Number Theory to Cryptology

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Key Establishment and Authentication Protocols EECE 412

Diffie-Hellman Protocol as a Symmetric Cryptosystem

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Prime Field over Elliptic Curve Cryptography for Secured Message Transaction

T Cryptography and Data Security

Public Key Cryptography and the RSA Cryptosystem

Network Security. Chapter 4 Public Key Cryptography. Public Key Cryptography (4) Public Key Cryptography

Introduction to Cryptography Lecture 7

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.

Grenzen der Kryptographie

ECE 646 Fall 2009 Final Exam December 15, Multiple-choice test

POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017

David Wetherall, with some slides from Radia Perlman s security lectures.

Computer Security 3/23/18

Public-Key Cryptography

SEC 1: Elliptic Curve Cryptography

Public Key Cryptography. Toni Bluher Women and Mathematics Program Lecture 2 May 22, 2018

CHAPTER 4 VERIFIABLE ENCRYPTION OF AN ELLIPTIC CURVE DIGITAL SIGNATURE

Advanced Crypto. 2. Public key, private key and key exchange. Author: Prof Bill Buchanan

What did we talk about last time? Public key cryptography A little number theory

Transcription:

CMU Computer Club Talk Series Spring 2015 Elliptic Curve Cryptography We would like to thank Green Hills Software for sponsoring this talk series Green Hills make the world's highest performing compilers, most secure real-time operating systems, revolutionary debuggers, and virtualization solutions for embedded systems.

What is an elliptic curve?

What is an elliptic curve?

What is an elliptic curve? The idea of elliptic curves comes from the problem of finding the arc length of an ellipse.

Public-key cryptography Proposed by Merkle, 1974 First practical method described by Diffie & Hellman, 1976

What is modular arithmetic?

What is modular arithmetic? Mod 1000 This is known as a mathematical ring

Multiplication is also possible 500 * 2 = 000 What about division? 000 2 =? 001 2 =?

Prime number as modulus Mod 5 1x1=1 2x1=2 3x1=3 4x1=4 1x2=2 2x2=4 3x2=1 4x2=3 1x3=3 2x3=1 3x3=4 4x3=2 1x4=4 2x4=3 3x4=2 4x4=1

Where division (multiplictive inverse) is defined for every nonzero element, the ring is known as a field

Finite fields are also known as Galois fields, after Évariste Galois (1811-1832)

Exponentials and logarithms are also possible in a finite field. However... There is no known polynomial-time algorithm for finding logarithms in a finite field. This is known as the discrete logarithm problem.

Diffie-Hellman Key Exchange Prearranged generator g, prime modulus p Alice Bob Secret x Secret y Calculate g x Calculate g y Exchange gx,gy Calculate (gy)x = gxy Calculate (gx)y = gxy

Choosing g and p Ideally, we want g to generate every nonzero element when multiplied with itself. For example: mod 5 21 = 2 22 = 4 23 = 3 24 = 1 The sequence will repeat every p-1 elements (Fermat's little theorem).

But what if... mod 31 21 = 2 22 = 4 23 = 8 24 = 16 25 = 1 26 = 2... The sequence repeats every 5 elements! This makes finding discrete logarithms a little too easy.

Avoiding multiplicative subgroups To avoid this problem, choose p such that p-1 does not have many small factors. 31 is a poor choice because 31-1 = 2 x 3 x 5 Generally it is preferred to choose prime p, such that (p-1)/2 is also prime.

The Man in the Middle Alice Bob Alice Bob

Authenticating Public Keys Website Browser Certificate Authority (trusted third party)

ElGamal signature scheme Proposed by Tahir ElGamal in 1984 Prearranged generator g, prime modulus p Private key x, public key y = gx To sign message m: Choose random k r = gk (mod p) s = (m-xr)k-1 (mod p-1)

Signature verification m g r s yr Verify = (mod p) xr+ks (which is equivalent to g ) NIST Digital Signature Algorithm (DSA) rearranges the terms a bit: gm/syr/s = r

What if k is not random? m g r s yr Signature = (mod p) k So, m = xr+ks, r = g If two messages are signed using same k, we have: m1 = xr+ks1 and m2 = xr+ks2...solve for k, x

Ephemeral Diffie-Hellman (eg SSHv2) Diffie-Hellman key exchange with random keys Authenticate with known keys Erase temporary keys when session ends Old sessions can not be decrypted if the authentication keys are later exposed (back traffic protection) Future sessions can not be decrypted if the session keys are later exposed (forward secrecy)

The Socialist Millionaires

The Socialist Millionaires Scenario: Two millionaires want to know if they have the same amount of money, but don't want to reveal how much they have. This is equivalent to the password authentication problem. We want to confirm that both parties have the same password, without revealing the password.

Challenge-Response (Kerberos, WPA, RADIUS, etc) Client Server challenge Encryption Key response Random number Validate

Socialist Millionaires Protocol Random a,b,c,d,e,f Generator g Passwords x,y ga gb gc gd ge(gab)x (ge-fgab(x-y))c gcde gf(gab)y (ge-fgab(x-y))d gcdf If x=y then verify gabcd(x-y)=1

Complex numbers in finite fields _ -1 mod 5? -1 4 _ -1 2

The circular function For real (non-discrete) values, e iθ parameterizes a unit circle in the complex plane.

eiθ = cos θ + i sin θ Multiplying complex numbers is equivalent to adding arcs eaeb = ea+b ea eb ea+b

Arc length of a circle The complex natural logarithm gives the arc length, or distance along the circumference of a unit circle (x+iy) ln(x+iy)/i

Trigonometric identities cos(a+b) = (cos A)(cos B) (sin A)(sin B) sin(a+b) = (sin A)(cos B) + (cos A)(sin B) This is equivalent to multiplying complex numbers. ℜ(A B) = ℜ(A)ℜ(B) ℐ(A)ℐ(B) ℐ(A B) = ℐ(A)ℜ(B) + ℜ(A)ℐ(B)

What about an ellipse instead of a circle?

Arc length of an ellipse Unlike a circle, the arc length of an ellipse can not, in general, be expressed in closed form. What function can be used to parameterize an ellipse using the distance along its circumference?

Weierstrass function Defined by a differential equation [ '(z)]² = 4[ (z)]³ g₂ (z) - g₃ Karl Weierstrass 1815-1897

Parameterizing the function X = (z) Y = ' (z) y² = 4x³ + ax + b

Example elliptic curve y² = 4x³ + 2x + 2

1 y²

If [ (a), '(a)], [ (b), '(b)], [ (c), '(c)] are colinear, a + b + c = 0 (mod ω/2)

Attacks on Elliptic Curve Crypto Transform elliptic curve discrete logarithm problem to ordinary discrete logarithm problem Anomalous elliptic curves with p points in prime field p Menezes-Okamoto-Vanstone (MOV) attack, for supersingular elliptic curves Frey-Rueck attack, for non-prime fields (p n)

SSH Key Exchange curve25519-sha256: ECDH over Curve25519 (mod 2255-19) with SHA2 ecdh-sha2-nistp256: ECDH over NIST P-256 with SHA2 ecdh-sha2-nistp384: ECDH over NIST P-384 with SHA2 ecdh-sha2-nistp521: ECDH over NIST P-521 with SHA2 diffie-hellman-group-exchange-sha256: Custom DH with SHA2 diffie-hellman-group-exchange-sha1: Custom DH with SHA1 diffie-hellman-group14-sha1: 2048 bit DH with SHA1 diffie-hellman-group1-sha1: 1024 bit DH with SHA1

SSL/TLS Key Exchange TLS_RSA TLS_DH_DSS TLS_DH_RSA TLS_DHE_DSS TLS_DHE_RSA TLS_ECDH_ECDSA TLS_ECDH_RSA TLS_ECDHE_ECDSA TLS_ECDHE_RSA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback