c



   
c c 


Presented By :
Deena Nath Gupta
M.Tech (C.S.E.)

Galgotia's College of Engineering and

3/28/2011 Technology 1
 m O

 


 


 



 
   




 



m 




 

  
 



 

   




 





 
  



m 







 







O 
 
 



 





 


 



   



 
  
Galgotia's College of Engineering and
3/28/2011 Technology 2
 xhy ECC

ƥ ECC was introduced by Victor Miller and Neal Koblitz in 1985.

ƥ For DSA, RSA we need larger key length.
ƥ ECC requires significantly smaller key size with same level of
security.
ƥ Benefits of having smaller key sizes : faster computations, need
less storage space.
ƥ ECC ideal for constrained environments : Pagers ; PDAs ;
Cellular Phones ; Smart Cards

Galgotia's College of Engineering and

3/28/2011 Technology 3
 Group

A group is an algebric system consisting of a set G together with a

binary operation * defined on G satisfying the following axioms :

1. Closure : for all x,y in G we have x * y £ —

2. Associativity : for all x,y and z in G we have
(x * y) * z = x * (y * z)
3. Identity : there exists an e in G such that x * e = e * x = x for
all x
4. Inverse : for all x in G there exists y in G such that
x*y=y*x=e

In addition if for x, y in G we have x * y = y * x then we say that

group G is

.

Galgotia's College of Engineering and

3/28/2011 Technology 4
 Finite Field

A finite field is an algebric system consisting of a set F together

with a binary operations + and * defined on F satisfying the
following axioms :

1. F is an abelian group with respect to +.

2. F \ {0} is an abelian group with respect to *.
3. For all x, y and z in F we have
x * ( y + z) = (x * y) + (x * z)
(x + y) * z = (x * z) + (y * z)

The order of the finite field is the number of elements in the field.

Galgotia's College of Engineering and

3/28/2011 Technology 5
 Galois Field GF(p)

It is a finite field and it consists of a set of integers {0,1,2,3Ʀ.p-1}

where p is a prime number. Additionally it satisfies the following
arithmetic operations :

ï
    if a, b £ GF(p), then a + b = r where r is the

remainder of the division of a + b by p and 0<= r <= p-1. This
operation is called
  
 .
  
  : if a, b £ GF(p), then a . b = s where s is the
remainder of the division of a . b by p and 0<= s <= p-1. This
operation is called
 
 
 .

Galgotia's College of Engineering and

3/28/2011 Technology 6
 Galois Field GF(2m)

It is a finite field and is called binary finite field. It is a vector space

of dimension m over GF(2) i.e. there exists a set of m elements
{›m-1, Ʀ,›1, ›0} each ›i £ {0,1} in GF(2m) such that each a £
GF(2m)
a = ›m-1xm-1 + Ʀ + ›1x + ›0
Additionally it satisfies the following arithmetic operations :
a = {am-1,..a1,a0} and b = {bm-1,..b1,b0} £ GF(2m)
ƥ
    a + b = c = {cm-1,..c1,c0} where ci = (ai + bi) mod
2. c £ GF(2m)
ƥ  
  : a . b = c = {cm-1,..c1,c0} where c is the
remiander of the division of the polynomial a(x) . b(x) by an
irreducible polynomial of degree m. c £ GF(2m)

Galgotia's College of Engineering and

3/28/2011 Technology 7
 Elliptic Curve over GF(p)

Xet GF(p) be a finite field, p > 3, and let a, b £ GF(p) are

constant such that

4a3 + 27b2 0 (mod p).

An elliptic curve, E(a,b)(GF(p)), is defined as the set of points

(x,y) £ GF(p) * GF(p) which satisfy the equation

y2 x3 + ax + b (mod p)

together with a special point, O, called the point at infinity.

Galgotia's College of Engineering and

3/28/2011 Technology 8
 Elliptic Curve over GF(p)

P and Q be two points on E(a,b)(GF(p)) and O is the point at infinity.

ƥ P+O = O+P = P
ƥ If P = (x1,y1) then -P = (x1 ,-y1)
and P + (-P) = O.

ƥ If P = (x1,y1) and Q = (x2,y2), and P and Q are not O.

then P +Q = (x3 ,y3) where
x 3 = 22 - x 1 - x 2
y3 = 2(x1 - x3) - y1

and 2 = (y2-y1)/(x2-x1) if P ƽ Q
2 = (3x12+a)/Galgotia's
2y1 College of Engineering
if P and
=Q
3/28/2011 Technology 9
 Elliptic Curve over GF(2m) for some m
1.

ƥ Elliptic curve E(a,b)(GF(2m)) is defined to be

the set of points (x,y) £ GF(2m) * GF(2m) which satisfy the
equation
y2 + xy = x3 + ax2 + b;
where a, b £ GF(2m) and bƽ0,
together with the point on the curve at infinity, O.

ƥ The points on an elliptic curve form an abelian group under a

well defined group operation.
The identity of the group operation is the point O.

Galgotia's College of Engineering and

3/28/2011 Technology 10
 Elliptic Curve over GF(2m) for some m
1.
P and Q be two points on E(a,b)(GF(2m)) and O is the point at infinity.

ƥ P+O = O+P = P
ƥ If P = (x1,y1) then -P = (x1 ,-y1)
and P + (-P) = O.

ƥ If P = (x1,y1) and Q = (x2,y2), and P and Q are not O.

then P +Q = (x3 ,y3),
where y3 = 2(x1 + x3) + x3 + y1
and 2 = (y1+y2)/(x1+x2) if P ƽ Q
2 = (x1 y1 + x1)/ y1 if P = Q

Galgotia's College of Engineering and

3/28/2011 Technology 11
 ECC Domain Parameters
ECC domain parameters over GF(q), are a sextuple:
T = (q, a, b, G, n, h)
ƥ q = p or q = 2m
ƥ a and b £ GF(q)
y2 x3 + ax + b (mod p) for q = p > 3
y2 + xy = x3 + ax2 + b for q = 2m
1
ƥ a base point G = (xG,yG) on E(a,b)(GF(q)),
ƥ a prime n which is the order of G
(The order of a point P on an elliptic curve is the smallest
positive integer r such that rP = O.)
ƥ h = #E/n. where #E represents number of points on elliptic
curve and is called the curve order.

Galgotia's College of Engineering and

3/28/2011 Technology 12
 ECC Key Generation
A public key Q = (xQ,yQ) associated with a domain parameter
(q, a, b, G, n, h) is generated for an entitiy A using the following
procedure :

ƥ Select a random or pseudo-random integer d in the interval

[1,n-1].
ƥ Compute Q = dG.
ƥ A's public key is Q; A's private key is d.

Galgotia's College of Engineering and

3/28/2011 Technology 13
 ECC Key Validation
A public key Q = (xQ,yQ) associated with a domain parameter
(q, a, b, G, n, h) is validated for an entitiy A using the following
procedure :

ƥ Check that Q D O
ƥ Check that xQ and yQ are properly represented elements of
GF(q).
ƥ Check that Q lies on the elliptic curve defned by a and b.
ƥ Check that nQ = O.

Galgotia's College of Engineering and

3/28/2011 Technology 14
 Elliptic Curve Digital Signature Algorithm
(ECDSA)
ƥ Proposed by Abdalla, Bellare and Rogaway in 1999.
ƥ Entity A has domain parameters D = (q, a, b, G, n, h) and
public key QA and private key dA. And entity B has authentic
copies of D and QA.
To sign a message m, A does the following:
ƥ Select a random integer k from [1,n-1].
ƥ Compute kG = (x1,y1) and r = x1 mod n. If r = 0 then go to
step 1.
ƥ Compute k-1 mod n. Compute e = SHA-1(m).
ƥ Compute s = k-1{e + dA . r} mod n.
If s = 0 then go to step 1.
A's signature for the message m is (r, s).
Galgotia's College of Engineering and
3/28/2011 Technology 15
 Elliptic Curve Digital Signature Algorithm
(ECDSA)
To verify A's signature (r, s) on m, B performs the following steps:

Verify that r and s are integers in [1,n-1].

ƥ Compute e = SHA-1(m).
ƥ Compute w = s-1 mod n.
ƥ Compute u1 = ew mod n and u2 = rw mod n.
ƥ Compute (x1,y1) = u1G+ u2 QA
ƥ Compute v = x1 mod n.
ƥ Accept the signature if and only if v = r.

SHA-1 denotes the 160-bit hash function

Galgotia's College of Engineering and

3/28/2011 Technology 16
 Elliptic Curve Authenticated Encryption
Scheme (ECAES)
Analogue of the DSA, proposed by Scott Vanstone in 1992.

To encrypt a message m for B, A performs:

ƥ Select a random integer r from [1,n-1].

ƥ Compute R = rG.
ƥ Compute K = hrQB = (KX, KY). Check that K D O:
ƥ Compute k1|| k2 = KDF(KX).
ƥ Compute c = (k1, m). Compute t = MAC(k2, c).
ƥ Send (R; c; t) to B.
ENC a symmetric encryption scheme such as Triple-DES
MAC denotes a message authentication code (MAC) algorithm
Galgotia's College of Engineering and
3/28/2011 Technology 17
ƠRFC 2104ơ ; KDF a key derivation function
 Elliptic Curve Authenticated Encryption
Scheme (ECAES)
To decrypt a ciphertext (R; c; t), B does:

ƥ Perform a partial key validation on R.

ƥ Compute K = hdBR = (KX, KY).. Check that that K D O:
ƥ Compute k1|| k2 = KDF(KX).
ƥ Verify that t = MAC(k2, c).
ƥ Compute m = ENC-1(k1, c).

Galgotia's College of Engineering and

3/28/2011 Technology 18
ECC, DSA and RSA key length comparisons done by Xopez and
Dahab in May 2000.

Elliptic Curve Cryptography provides added security over DSA/RSA.

Galgotia's College of Engineering and

3/28/2011 Technology 19
 Reference :
An Overview of Elliptic Curve Cryptography by Julio Xopez and
Richard Dahab May 2000.
M. Abdalla, M. Bellare and P. Rogaway. ƠDHAES: An
encryption scheme on the Diffie- Hellman problemơ,
preprint 1999.
www.rsasecurity.com
http://www.certicom.com/index.php?action=res,ecc_faq
http://cgd.best.vwh.net/home/flt/flt03.htm
http://mathworld.wolfram.com/EllipticCurve.html
Padma Bh et. al. / (IJCSE) International Journal on Computer
Science and Engineering Vol. 02, No. 05, 2010, 1904-1907
M.Prabhu et. al. / (IJCSE) International Journal on Computer
Science and Engineering Vol. 02, No. 04, 2010, 1492-1495

Galgotia's College of Engineering and

3/28/2011 Technology 20
 Galgotia's College of Engineering and
3/28/2011 Technology 21