# Welcome back

## Find a book, put up your feet, stay awhile

Sign in with Facebook

Sorry, we are unable to log you in via Facebook at this time. Please try again later.

or

Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more

Download

Standard view

Full view

of .

Look up keyword

Like this

Share on social networks

1Activity

×

0 of .

Results for: No results containing your search query

P. 1

Elimination of Weak Elliptic Curve Using Order of PointsRatings: (0)|Views: 36|Likes: 0

Published by ijcsis

The elliptic curve cryptography (ECC) is a public key cryptography. The mathematical operations of ECC is defined over the elliptic curve y2=x3+ax+b, where 4a3+27b2 ǂ 0. Each value of the ‘a’ and ‘b’ gives a different elliptic curve. All points (x,y) which satisfies the above equation plus a point at infinity lies on the elliptic curve. There are certain property of elliptic curve which makes the cryptography weak. In this paper, we have proposed technique which would eliminate such weak property and will make elliptic curve cryptography more secure.

The elliptic curve cryptography (ECC) is a public key cryptography. The mathematical operations of ECC is defined over the elliptic curve y2=x3+ax+b, where 4a3+27b2 ǂ 0. Each value of the ‘a’ and ‘b’ gives a different elliptic curve. All points (x,y) which satisfies the above equation plus a point at infinity lies on the elliptic curve. There are certain property of elliptic curve which makes the cryptography weak. In this paper, we have proposed technique which would eliminate such weak property and will make elliptic curve cryptography more secure.

See more

See less

https://www.scribd.com/doc/105613297/Elimination-of-Weak-Elliptic-Curve-Using-Order-of-Points

09/11/2012

text

original

Elimination of Weak Elliptic Curve Using Order of Points

Nishant Sinha

#1

, Aakash Bansal

*2#

School of IT CDAC Noida, India

1

sinha22nishant@gmail.com

*

School of IT CDAC Noida, India

2

aakashbansal.cdac@gmail.com

Abstract-

The elliptic curve cryptography (ECC) is a publickey cryptography. The mathematical operations of ECC isdefined over the elliptic curve y

2

=x

3

+ax+b, where4a

3

+27b

2

ǂ

0. Each value of the ‘a’ and ‘b’ gives a differentelliptic curve. All points (x,y) which satisfies the aboveequation plus a point at infinity lies on the elliptic curve.There are certain property of elliptic curve which makes thecryptography weak. In this paper, we have proposedtechnique which would eliminate such weak property andwill make elliptic curve cryptography more secure.

Keywords: cryptography, security, anomalous curve, discretelogarithm problem

I

INTRODUCTION

Cryptography is the study of “mathematical” systems forsolving two kinds of security problems: privacy andauthentication [1].Two types of cryptography are present– private key cryptography and public key cryptography.In public key cryptography, each user or the device takingpart in the communication generally have a pairs of keys,a public key and a private key, and a set of operationsassociated with the key to do the cryptographicoperations.Only the particular user knows the private key where asthe public key is distributed to all users taking part in thecommunication. Public key cryptography, unlike privatekey cryptography does not require any shared secretbetween communicating parties but it is much slower thanprivate key cryptography which is main drawbacks of public key cryptography.Elliptic curve cryptography is a variant of public keycryptography which eliminates the drawback of publiccryptography. Elliptic curve y

2

=x

3

+ax+b, where 4a

3

+27b

2

ǂ

0 for which each value of ‘a’ and ‘b’ gives a differentelliptic curve. In ECC, public key is the point on the curveand private key is a random number. The public key isobtained by multiplying the private key with the generatorpoint G in the curve.One main advantage of ECC is its small size. A 160 bitkey in ECC is considered to be as secured as 1024 bit keyin RSA.II

BACKGROUND KNOWLEDGE

Elliptic Curves

Elliptic curves are not ellipses, instead, they are cubiccurves of the form

y

2

= x

3

+ ax + b.

Elliptic curves over

(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No. 8, August 201248http://sites.google.com/site/ijcsis/ISSN 1947-5500

R

2

(

R

2

is the set

R x R

, where

R

= set of real numbers) isdefined by the set of points (

x

,

y

) which satisfy theequation

y

2

= x

3

+ ax + b

, along with a point

O

, which isthe point at infinity and which is the additive identityelement. The curve is represented as

E

(

R

).The following figure is an elliptic curve satisfying theequation

y

2

= x

3

–

3

x +

3

:-

Elliptic curve over R

2

: y

2

= x

3

– 3x + 3

A.

Elliptic Curves over Finite Fields

1)

Elliptic Curves over F

p:

An elliptic curve E(F

p

) over afinite field F

p

is defined by the parameters a, b

∈

F

p

(a, bsatisfy the relation 4a

3

+ 27b

2

≠

0), consists of the set of points (x, y)

∈

F

p

, satisfying the equation y

2

= x

3

+ ax + b.The set of points on E(F

p

) also include point O, which isthe point at infinity and which is the identity elementunder addition.2)

Elliptic curves over F

2

m:

An elliptic curve E(F

2

m) over afinite field F

2

m, is defined by the parameters a, b

∈

F

2

m,(a, b satisfy the relation 4a

3

+ 27b

2

≠

0, b

≠

0), consists of the set of points (x, y)

∈

F

2

m, satisfying the equation y

2

+xy = x

3

+ ax + b. The set of points on E(F

2

m) also includepoint O, which is the point at infinity and which is theidentity element under addition.Similar to

E

(

F

p

), addition is defined over E(

F

2

m

) and wecan similarly verify that even E(

F

2

m

) forms an abeliangroup under addition.

B.

Advantage of Elliptic Curve Cryptography Over RSA/DSA

The advantage of elliptic curve over the other public keysystems such as RSA, DSA etc is the key strength[2]. Thefollowing table summarizes the key strength of ECCbased systems in comparison to other public key schemes.RSA/DSA KeylengthECC Key Length for EquivalentSecurity

1024 1602048 2243072 2567680 38415360 512

Table 1:-Comparison of the key strengths of RSA/DSA and ECC

From the table it is very clear that elliptic curves offer acomparable amount of security offered by the otherpopular public key for a much smaller key strength. Thisproperty of ECC has made the scheme quite popular of late.

(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No. 8, August 201249http://sites.google.com/site/ijcsis/ISSN 1947-5500

III

ELLIPTIC CURVE DISCRETE LOGARITHM

The strength of the Elliptic Curve Cryptography lies inthe Elliptic Curve Discrete Log Problem (ECDLP). Thestatement of ECDLP is as follows.Let

E

be an elliptic curve and

P

∈

E

be a point of order

n

.Given a point

Q

∈

E

with

Q

=

mP

, for a certain

m

∈

{

2,3, ……,

m –

2

}

.Find the

m

for which the above equation holds.When

E

and

P

are properly chosen, the ECDLP is thoughtto be infeasible. Note that

m

= 0, 1 and

m –

1,

Q

takes thevalues

O

,

P

and –

P

. One of the conditions is that theorder of

P

i.e.

n

be large so that it is infeasible to check allthe possibilities of

m

.The difference between ECDLP and the DiscreteLogarithm Problem (DLP) is that, DLP though a hardproblem is known to have a sub exponential timesolution, and the solution of the DLP can be computedfaster than that to the ECDLP. This property of Ellipticcurves makes it favorable for its use in cryptography.A direct approach to determining

# E

(

Fq

)

is to compute z= x

3

+ A x + B for each x

∈

Fq

, and then to test if

z

has asquare root in

Fq.

If

z =

0

,

then

(

x,

0)

∈

E

(

Fq

).

If there exists

y

∈

Fq

such that

y

2

mod q= z,

then

(

x,y

)

,

(

x,- y

)

∈

E

(

Fq

)

,

else there is no point in

E

(

Fq)

with

x

-coordinate

x.

So there are at most

2

q +

1

elements in thegroup.A theorem of finite fields states that exactly 1

/

2 of thenon-zero elements of

Fq

are quadratic residues

.

So onaverage, there will be approximately

q +

1

elements in

E

(

Fq

).

A.

Hasse's Theorem

The following theorem, first proved by Helmut Hasse,told bounds on

#

E

(

Fq

)

.

Let

# E

(

Fq

) be an elliptic curveover the finite field

Fq

with

q = p

ⁿ

, n

∈

Z+

and

p

aprime. Then there exists a unique

t

∈

Z

such that

#E

(

Fq

)

= q +

1

- t

where

|t| <

2

√

q

.[4]B.

Reducing the problem of computing the order of curve#E(Fp

n

) to #E(Fp)

It tells that if we can compute

#E

(

Fp

)

,

then we cancompute

#E

(

F p

ⁿ

) in a direct manner.Let

#E

(

Fp

)

= p +

1

- t.

Write

X

2

- t X + p =

(

X –

α

)

(

X –

β

)

.

Then

αⁿ

+

βⁿ

∈

Z

and

#E

(

F p

ⁿ

)

= p

ⁿ

+ 1 –

(

αⁿ

+

βⁿ

)

.

If p is a small prime, then it is easy to determine #E(Fp)by direct counting or other simple methods.

C.

Weak curves

1)

Anomalous curve:

The curve E(Fq) is said to beanomalous if # E(Fq) = q. These curves are weak whenq=p, the field characteristic.2)

Supersingular elliptic curves:

The MOV(Menezes

,

Okamoto, and Vanstone) attack on elliptic curvesshows that ECDLP can be reduced to the classicaldiscrete logarithm problem on some extension field

Fq

k

, for some integer

k

(

k

is called the embeddingdegree or MOV degree). The MOV attack is onlypractical when

k

is small. For Supersingular ellipticcurves

k

<=6.3)

Prime-field anomalous curves:

If #

E

(

Fp

) =

p

, there ispolynomial algorithm solving the ECDLP by lifting thecurve and points to

Z

.The given properties of weak curve indicate that the orderof elliptic curve plays a major role in determining whetherthe given curve is weak or not. The Prime-fieldanomalous curve and anomalous curve where the order of

(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No. 8, August 201250http://sites.google.com/site/ijcsis/ISSN 1947-5500

- Read and print without ads
- Download to keep your version
- Edit, email or read offline

© Copyright 2015 Scribd Inc.

Language

Choose the language in which you want to experience Scribd:

Sign in with Facebook

Sorry, we are unable to log you in via Facebook at this time. Please try again later.

or

Password Reset Email Sent

Join with Facebook

Sorry, we are unable to log you in via Facebook at this time. Please try again later.

or

By joining, you agree to our

read free for one month

Personalized recommendationsbased on books you love

Syncing across all your devices

Join with Facebook

or Join with EmailSorry, we are unable to log you in via Facebook at this time. Please try again later.

Already a member? Sign in.

By joining, you agree to our

to download

Personalized recommendationsbased on books you love

Syncing across all your devices

Continue with Facebook

Sign inJoin with emailSorry, we are unable to log you in via Facebook at this time. Please try again later.

By joining, you agree to our

Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

CANCEL

OK

You've been reading!

NO, THANKS

OK

scribd