20.Elliptic Curve CryptographyIntroductionECC - Elliptic CurveThis article is to introduce readers to the subject of EllipticCurve Cryptography. Topics that will be discussed herecover the basics of Elliptic Curve Cryptography and someof the basic mathematical calculations used over theelliptic curve.Elliptic Curve Cryptography (ECC) was introduced by NealKoblitz and Victor S. Miller in 1985. It is an approach topublic-key cryptography based on the algebraic structureof the elliptic curve over finite fields. Two advantages ofECC compared to RSA are: ECC is faster than RSA, and ECCuses a smaller key size compared to RSA. This comparisonis made at a point where both ECC and RSA provide thesame level of security. ECC is better than RSA because itis based on the elliptic curve discrete logarithm problem,a much harder problem than factoring integers. Table 1shows the comparison of security level in terms of keysizes in ECC and RSA.a) GF(p)The field GF(p) uses numbers from 0 to p-1, and thevalue of its computations end by taking the remainderon division by p. For example, in GF(11), the fieldcreates the integers from 0 to 10, and every operationwithin this field will result in an integer between 0 to 10.An elliptic curve with the essential field of GF(p) can beformed by choosing the variable of a and b within thefield of GF(p). The elliptic curve includes all points (x,y)which satisfy the elliptic curve equation modulo p wherethe value of x and y are numbers in GF(p).Example 1:y2 mod p = x3 + ax + b mod p has an underlying field ofGF(p) if the value of a and b are in GF(p).An elliptic curve group over GF(p) consists of the pointson the corresponding elliptic curve, together with aspecial point O called the point at infinity. There aremany points on an elliptic curve.For example, lets say we have an elliptic curve over thefield GF(p) with the value of a = 3 and b = 7. Then theelliptic curve equation is y2 = x3 +3x + 7.Table 1: Comparison of Security Levels in terms of Key Sizebetween ECC and RSA.Each cryptosystem, is based on a hard mathematicalproblem, which means it is computationally infeasibleto solve. The Elliptic Curve Cryptography relies on thedifficulty of solving the discrete logarithm problem for agroup of elliptic curves over finite fields such as GaloisFields (GF) and integers modulo a prime number.An elliptic curve is a plane curve defined by an equationof the form y2 = x3 + ax + b, where a, b, x and y are realnumbers. The elliptic curve can be changed with variousvalues of a and b. An elliptic curve over real numbersconsists of the points on the corresponding elliptic curve.ECC makes use of the additional operation of ellipticcurves.The nine points which satisfy this equation are:(1, 0) (5, 2) (5, 9) (8, 2) (8, 9) (9, 2) (9, 9) (10, 5) (10,6)All the points above can be achieved using the ellipticcurve equation as mentioned before. For example,below is the method on how to get all the points.The point (9, 2) satisfies this equation since:y2 mod p = x3 + 3x + 7 mod p22 mod 11 = 93 + 3(9) + 7 mod 114 mod 11 = 763 mod 114 = 4.There are two types of finite fields used in Elliptic CurveCryptography: fields of the form GF(p) with p as a primenumber, and fields of the form GF(2n) with n as a positiveinteger.
Graph 1 shows all the satisfied points.(g3)2 + g5g3 = (g5)3 + g4(g5)2 + 1g6 + g8 = g15 + g14 + 121.(1100) + (0101) = (0001) + (1001) + (0001)(1001) = (1001)The 15 points which satisfy this equation are:(1, g13) (g3, g13) (g5, g11) (g6, g14)(g9, g13) (g10, g8) (g12, g12) (1, g6)(g3, g8) (g5, g3) (g6, g8) (g9, g10)(g10, g) (g12, 0) (0, 1)Graph 1: Graph showing all nine points using the elliptic curveequation: y2 = x3 + 3x + 7 over GF(11) using a = 3;b = 7.b) GF(2n)The field GF(2n) consists of n-bit strings. The regulationsfor arithmetic on this field can be defined by using apolynomial representation.These points are shown in graph 2:An elliptic curve with the essential field of GF(2n) canbe formed by choosing the elements of a and b withinGF(2n), where b is not equal to 0. Since the outcomeof the field GF(2n) has two characteristics which are 0and 1, the elliptic curve equation is slightly adjusted forbinary representation:y2 + xy = x3 + ax2 + b.The elliptic curve includes all points (x, y) which satisfythe elliptic curve equation GF(2n) where the value of xand y are elements of GF(2n). An elliptic curve groupover GF(2n) consists of the points on the correspondingelliptic curve, together with a point O called the pointat infinity. There are finitely many points on an ellipticcurve. For this field, the additional operation with bitstringuses an XOR function.Example 2:GF(24) defined by using polynomial representation withirreducible polynomialf(x) = x4 + x + 1The element g = (0010) is a generator for the field.The powers of g are:g0 = (0001) g1 = (0010) g2 = (0100) g3 = (1000)g4 = (0011) g5 = (0110) g6 = (1100) g7 = (1011)g8 = (0101) g9 = (1010) g10 = (0111) g11 = (1110)g12 = (1111) g13 = (1101) g14 = (1001) g15 = (0001)Consider the elliptic curve y2 + xy = x3 + g4x2 + 1. Herea = g4 and b = g0 = 1. The point (g5, g3) satisfies thisequation over GF(2n):y2 + xy = x3 + g4x2 + 1Graph 2: Graph showing all 15 points using the elliptic curveequation: y2 + xy = x3 + g4x2 + 1 over GF(24) using a =g4; b = g0.ECC – Encryption & DecryptionFor this part, we will only consider the Elliptic Curve usingGF(P). Therefore, the example will employ data fromExample 1.a) AddingAdding points are obtained by adding all nine points ona curve using the following method.(x1, y1) + (x2, y2) = (x3, y3)if x1 ≠ x2 d = (y1 – y2)/(x1 - x2)if x1 = x2 and y1 = y2 d = (3x12 + a)/2y1 x3 = d2 – (x1 + x2) y3 = d(x1 – x3) – y1For this example, each point on the curve will providenine Adding points.Therefore, there will be 81 Adding points for thisGF(11).e-Security | <strong>CyberSecurity</strong> <strong>Malaysia</strong> | Volume 21 - (Q4/2009)