Chapter

# Elliptic Curves and Cryptography

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

## Abstract

The subject of elliptic curves encompasses a vast amount of mathematics. Our aim in this section is to summarize just enough of the basic theory for cryptographic applications. For additional reading, there are a number of survey articles and books devoted to elliptic curve cryptography [14, 68, 81, 135], and many others that describe the number theoretic aspects of the theory of elliptic curves, including [25, 65, 73, 74, 136, 134, 138].

## No full-text available

... where , ∈ , ≠ 2, 3, and satisfy the condition 4 3 + 27 2 ≢ 0 ( ). The set of all points ( , ) that satisfy the elliptic curve with the point O at the infinity represent the elliptic curve group ( ) [1,17]. ...
Article
Full-text available
Data exchange has been rapidly increased recently by increasing the use of mobile networks. Sharing information (text, image, audio and video) over unsecured mobile network channels is liable for attacking and stealing. Encryption techniques are the most suitable methods to protect information from hackers. Hill cipher algorithm is one of symmetric techniques, it has a simple structure and fast computations, but weak security because sender and receiver need to use and share the same private key within a non-secure channel. Therefore, a novel hybrid encryption approach between elliptic curve cryptosystem and hill cipher (ECCHC) is proposed in this paper to convert Hill Cipher from symmetric technique (private key) to asymmetric one (public key) and increase its security and efficiency and resist the hackers. Thus, no need to share the secret key between sender and receiver and both can generate it from the private and public keys. Therefore, the proposed approach presents a new contribution by its ability to encrypt every character in the 128 ASCII table by using its ASCII value direct without needing to assign a numerical value for each character. The main advantages of the proposed method are represented in the computation simplicity, security efficiency and faster computation.
... Where , ∈ , ≠ 2, 3, and satisfy the condition 4 3 + 27 2 ≢ 0 ( ). The set of all points ( , ) that satisfy the elliptic curve with the point O at the infinity represent the elliptic curve group ( ) [1] [18]. ...
Research
Data exchange has been rapidly increased recently by increasing the use of mobile networks and mobile communications media. Sharing information (Text, Image, Audio, and Video) over unsecured mobile network channels is liable for attacking and stealing. Encryption techniques are the most suitable methods to protect information from hackers. Hill cipher algorithm is one of symmetric techniques, it has a simple structure and fast computations, but weak security because sender and receiver need to use and share the same private key within a non-secure channels. Therefore, a novel hybrid encryption approach between Elliptic Curve Cryptosystem and Hill Cipher (ECCHC) has been proposed in this paper to convert Hill Cipher from symmetric technique (private key) to asymmetric one (public key) and increase its security and efficiency and resist the hackers. Self-invertible key matrix is used to generate encryption and decryption secret key. thus, no need to find the inverse key matrix in the decryption process. Also, no need to share the secret key between sender and receiver and both can generate it from the private and public keys. Therefore, the proposed approach presents a new contribution by its ability to encrypt every character in the 128 ASCII table by using its ASCII value direct without needing to assign a numerical value for each character. The main advantages of the proposed method are represented in the computation simplicity, security efficiency and faster computation.
... An elliptic curve ‫ܧ‬ over a prime field ‫ܨ‬ is defined by‫:ܧ‬ ‫ݕ‬ ଶ ≡ ‫ݔ‬ ଷ + ‫ݔܽ‬ + ܾ ‫݀݉(‬ ‫)‬Where ܽ, ܾ ∈ ‫ܨ‬ , ‫‬ ≠ 2, 3, and satisfy the condition 4ܽ ଷ + 27ܾ ଶ ≢ 0 ‫݀݉(‬ ‫.)‬ The elliptic curve group ‫ܨ‪൫‬ܧ‬ ൯ consists of all points ‫,ݔ(‬ ‫)ݕ‬ that satisfy the elliptic curve ‫ܧ‬ and the point at the infinity O [1][23]. ...
Article
Full-text available
Image encryption is rapidly increased recently by the increasing use of the internet and communication media. Sharing important images over unsecured channels is liable for attacking and stealing. Encryption techniques are the suitable methods to protect images from attacks. Hill cipher algorithm is one of the symmetric techniques, it has a simple structure and fast computations, but weak security because sender and receiver need to use and share the same private key within a non-secure channels. A new image encryption technique that combines Elliptic Curve Cryptosystem with Hill Cipher (ECCHC) has been proposed in this paper to convert Hill Cipher from symmetric technique to asymmetric one and increase its security and efficiency and resist the hackers. Self-invertible key matrix is used to generate encryption and decryption secret key. So, no need to find the inverse key matrix in the decryption process. A secret key matrix with dimensions will be used as an example in this study. Entropy, Peak Signal to Noise Ratio (PSNR), and Unified Average Changing Intensity (UACI) will be used to assess the grayscale image encryption efficiency and compare the encrypted image with the original image to evaluate the performance of the proposed encryption technique.
... 2, 3, and satisfy the condition 4 27 ≢ 0 . The elliptic curve group is the set of all points , that satisfy the elliptic curve Equation (1) beside a special point O at infinity [1] [20]. ...
Article
Full-text available
Information security algorithms are widely used in the recent times to protect data and messages over internet. Elliptic Curve Cryptography (ECC) is one of the most efficient techniques that are used for this issue, because it is difficult for the adversary to solve the elliptic curve discrete logarithm problem to know the secret key that is used in encryption and decryption processes. A new efficient method has been proposed in this paper to improve the Menezes-Vanstone Elliptic Curve Cryptography (MVECC). This modification reduces the running time needed for encryption and decryption processes compared with the original method and another two methods. In the modified method, only addition and subtraction operations are used, and no inversion or multiplication operations because it consumes a long time comparing with addition and subtraction, and this makes the proposed algorithm faster in computations and running time than the original and other methods. Moreover, the modified method uses the hexadecimal ASCII value to encode each character in the message before encryption, which makes the algorithm more secure and complicated to resist the adversaries.
... Elliptic curves as algebraic entities have been studied for over 100 years [24,46]. The first time it was introduced in cryptography was in 1985. ...
Article
Full-text available
In this short note we describe an elementary technique which leads to a linear algorithm for solving the discrete logarithm problem on elliptic curves of trace one. In practice the method described means that when choosing elliptic curves to use in cryptography one has to eliminate all curves whose group orders are equal to the order of the finite field.
Conference Paper
Full-text available
We discuss the use of elliptic curves in cryptography. In particular, we propose an analogue of the Diffie-Hellmann key exchange protocol which appears to be immune from attacks of the style of Western, Miller, and Adleman. With the current bounds for infeasible attack, it appears to be about 20% faster than the Diffie-Hellmann scheme over GF(p). As computational power grows, this disparity should get rapidly bigger.
Conference Paper
Full-text available
Article
Full-text available
We show that to solve the discrete log problem in a subgroup of order p of an elliptic curve over the nite eld of characteristic p one needs O(lnp) operations in this eld. Let Fq be the nite eld of q = pl elements. We dene an elliptic curve E over Fq to be an equation of the form
Article
Full-text available
The Weil Pairing, first introduced by André Weil in 1940, plays an important role in the theoretical study of the arithmetic of elliptic curves and Abelian varieties. It has also recently become extremely useful in cryptologic constructions related to those objects. This paper gives the definition of the Weil Pairing, describes efficient algorithms to calculate it, gives two applications, and describes the motivation to considering it.
Book
In the past few years elliptic curve cryptography has moved from a fringe activity to a major challenger to the dominant RSA/DSA systems. Elliptic curves offer major advances on older systems such as increased speed, less memory and smaller key sizes. As digital signatures become more and more important in the commercial world the use of elliptic curve-based signatures will become all pervasive. This book summarizes knowledge built up within Hewlett-Packard over a number of years, and explains the mathematics behind practical implementations of elliptic curve systems. Due to the advanced nature of the mathematics there is a high barrier to entry for individuals and companies to this technology. Hence this book will be invaluable not only to mathematicians wanting to see how pure mathematics can be applied but also to engineers and computer scientists wishing (or needing) to actually implement such systems.
Article
This is a textbook for a course (or self-instruction) in cryptography with emphasis on algebraic methods. The first half of the book is a self-contained informal introduction to areas of algebra, number theory, and computer science that are used in cryptography. Most of the material in the second half - "hidden monomial" systems, combinatorial-algebraic systems, and hyperelliptic systems - has not previously appeared in monograph form. The Appendix by Menezes, Wu, and Zuccherato gives an elementary treatment of hyperelliptic curves. This book is intended for graduate students, advanced undergraduates, and scientists working in various fields of data security. From the reviews: "... This is a textbook in cryptography with emphasis on algebraic methods. It is supported by many exercises (with answers) making it appropriate for a course in mathematics or computer science. ... Overall, this is an excellent expository text, and will be very useful to both the student and researcher." M.V.D.Burmester, Mathematical Reviews 2002 "... I think this book is a very inspiring book on cryptography. It goes beyond the traditional topics (most of the cryptosystems presented here are first time in a textbook, some of Patarin's work is not published yet). This way the reader has the feeling how easy to suggest a cryptosystem, how easy to break a safe looking system and hence how hard to trust one. The interested readers are forced to think together with their researchers and feel the joy of discovering new ideas. At the same time the importance of "hardcore" mathematics is emphasized and hopefully some application driven students will be motivated to study theory." P. Hajnal, Acta Scientiarum Mathematicarum 64.1998 "... Overall, the book is highly recommended to everyone who has the requisite mathematical sophistication." E.Leiss, Computing Reviews 1998
Book
In The Arithmetic of Elliptic Curves, the author presented the basic theory culminating in two fundamental global results, the Mordell-Weil theorem on the finite generation of the group of rational points and Siegel's theorem on the finiteness of the set of integral points. This book continues the study of elliptic curves by presenting six important, but somewhat more specialized topics: I. Elliptic and modular functions for the full modular group. II. Elliptic curves with complex multiplication. III. Elliptic surfaces and specialization theorems. IV. Neron models, Kodaira-N ron classification of special fibres, Tate's algorithm, and Ogg's conductor-discriminant formula. V. Tate's theory of q-curves over p-adic fields. VI. Neron's theory of canonical local height functions.
Article
We discuss analogs based on elliptic curves over finite fields of public key cryptosystems which use the multiplicative group of a finite field. These elliptic curve cryptosystems may be more secure, because the analog of the discrete logarithm problem on elliptic curves is likely to be harder than the classical discrete logarithm problem, especially over GF(2"). We discuss the question of primitive points on an elliptic curve modulo p, and give a theorem on nonsmoothness of the order of the cyclic subgroup generated by a global point.
Article
In this paper we present a deterministic algorithm to compute the number of F^-points of an elliptic curve that is defined over a finite field Fv and which is given by a Weierstrass equation. The algorithm takes 0(log9 q) elementary operations. As an application wc give an algorithm to compute square roots mod p. For fixed. e Z, it takes 0(log9p) elementary operations to compute fx mod p.
Book
The theory of elliptic curves is distinguished by its long history and by the diversity of the methods that have been used in its study. This book treats the arithmetic theory of elliptic curves in its modern formulation, through the use of basic algebraic number theory and algebraic geometry. The book begins with a brief discussion of the necessary algebro-geometric results, and proceeds with an exposition of the geometry of elliptic curves, the formal group of an elliptic curve, and elliptic curves over finite fields, the complex numbers, local fields, and global fields. Included are proofs of the Mordell–Weil theorem giving finite generation of the group of rational points and Siegel's theorem on finiteness of integral points. For this second edition of The Arithmetic of Elliptic Curves, there is a new chapter entitled Algorithmic Aspects of Elliptic Curves, with an emphasis on algorithms over finite fields which have cryptographic applications. These include Lenstra's factorization algorithm, Schoof's point counting algorithm, Miller's algorithm to compute the Tate and Weil pairings, and a description of aspects of elliptic curve cryptography. There is also a new section on Szpiro's conjecture and ABC, as well as expanded and updated accounts of recent developments and numerous new exercises. The book contains three appendices: Elliptic Curves in Characteristics 2 and 3, Group Cohomology, and a third appendix giving an overview of more advanced topics.
Article
Part I. Protocols: 1. Elliptic curve base protocols N. P. Smart 2. On the provable security of ECDSA D. Brown 3. Proofs of security for ECIES A. W. Dent Part II. Implementation Techniques: 4. Side channel analysis E. Oswald 5. Defenses against side-channel analysis M. Joye Part III. Mathematical Foundations: 6. Advances in point counting F. Vercauteren 7. Hyperelliptic curves and the HCDLP P. Guadry 8. Weil descent attacks F. Hess Part IV. Pairing Based Techniques: 9. Pairings S. Galbraith 10. Cryptography from pairings K. G. Paterson.
Article
Like its bestselling predecessor, Elliptic Curves: Number Theory and Cryptography, Second Edition develops the theory of elliptic curves to provide a basis for both number theoretic and cryptographic applications. With additional exercises, this edition offers more comprehensive coverage of the fundamental theory, techniques, and applications of elliptic curves. New to the Second Edition Chapters on isogenies and hyperelliptic curves A discussion of alternative coordinate systems, such as projective, Jacobian, and Edwards coordinates, along with related computational issues A more complete treatment of the Weil and TateLichtenbaum pairings Douds analytic method for computing torsion on elliptic curves over Q An explanation of how to perform calculations with elliptic curves in several popular computer algebra systems Taking a basic approach to elliptic curves, this accessible book prepares readers to tackle more advanced problems in the field. It introd uces elliptic curves over finite fields early in the text, before moving on to interesting applications, such as cryptography, factoring, and primality testing. The book also discusses the use of elliptic curves in Fermats Last Theorem. Relevant abstract algebra material on group theory and fields can be found in the appendices.
Article
We discuss analogs based on elliptic curves over finite fields of public key cryptosystems which use the multiplicative group of a finite field. These elliptic curve cryptosystems may be more secure, because the analog of the discrete logarithm problem on elliptic curves is likely to be harder than the classical discrete logarithm problem, especially over GF ( 2 n ) {\text {GF}}({2^n}) . We discuss the question of primitive points on an elliptic curve modulo p , and give a theorem on nonsmoothness of the order of the cyclic subgroup generated by a global point.
Article
Preface Introduction to Public-Key Cryptography Mathematical Background Algebraic Background Background on p-adic Numbers Background on Curves and Jacobians Varieties Over Special Fields Background on Pairings Background on Weil Descent Cohomological Background on Point Counting Elementary Arithmetic Exponentiation Integer Arithmetic Finite Field Arithmetic Arithmetic of p-adic Numbers Arithmetic of Curves Arithmetic of Elliptic Curves Arithmetic of Hyperelliptic Curves Arithmetic of Special Curves Implementation of Pairings Point Counting Point Counting on Elliptic and Hyperelliptic Curves Complex Multiplication Computation of Discrete Logarithms Generic Algorithms for Computing Discrete Logarithms Index Calculus Index Calculus for Hyperelliptic Curves Transfer of Discrete Logarithms Applications Algebraic Realizations of DL Systems Pairing-Based Cryptography Compositeness and Primality Testing-Factoring Realizations of DL Systems Fast Arithmetic Hardware Smart Cards Practical Attacks on Smart Cards Mathematical Countermeasures Against Side-Channel Attacks Random Numbers-Generation and Testing References
Book
Foreword. Preface. 1. Introduction to Public Key Cryptography. 2. Introduction to Elliptic Curves. 3. Isomorphism Classes of Elliptic Curves over Finite Fields. 4. The Discrete Logarithm Problem. 5. The Elliptic Curve Logarithm Problem. 6. Implementation of Elliptic Curve Cryptosystems. 7. Counting Points on Elliptic Curves over F2m. Bibliography. Index.
Article
In this paper we present a deterministic algorithm to compute the number of F q {{\mathbf {F}}_q} -points of an elliptic curve that is defined over a finite field F q {{\mathbf {F}}_q} and which is given by a Weierstrass equation. The algorithm takes O ( log 9 q ) O({\log ^9}q) elementary operations. As an application we give an algorithm to compute square roots mod p \bmod p . For fixed x ∈ Z x \in {\mathbf {Z}} , it takes O ( log 9 p ) O({\log ^9}p) elementary operations to compute x mod p \sqrt x \bmod p .
Article
We describe three algorithms to count the number of points on an elliptic curve over a finite field. The first one is very practical when the finite field is not too large ; it is based on Shanks’s baby-step-giant-step strategy. The second algorithm is very efficient when the endomorphism ring of the curve is known. It exploits the natural lattice structure of this ring. The third algorithm is based on calculations with the torsion points of the elliptic curve [18]. This deterministic polynomial time algorithm was impractical in its original form. We discuss several practical improvements by Atkin and Elkies.
Article
With the advent of powerful computing tools and numerous advances in math­ ematics, computer science and cryptography, algorithmic number theory has become an important subject in its own right. Both external and internal pressures gave a powerful impetus to the development of more powerful al­ gorithms. These in turn led to a large number of spectacular breakthroughs. To mention but a few, the LLL algorithm which has a wide range of appli­ cations, including real world applications to integer programming, primality testing and factoring algorithms, sub-exponential class group and regulator algorithms, etc ... Several books exist which treat parts of this subject. (It is essentially impossible for an author to keep up with the rapid pace of progress in all areas of this subject.) Each book emphasizes a different area, corresponding to the author's tastes and interests. The most famous, but unfortunately the oldest, is Knuth's Art of Computer Programming, especially Chapter 4. The present book has two goals. First, to give a reasonably comprehensive introductory course in computational number theory. In particular, although we study some subjects in great detail, others are only mentioned, but with suitable pointers to the literature. Hence, we hope that this book can serve as a first course on the subject. A natural sequel would be to study more specialized subjects in the existing literature.
Conference Paper
In this paper, we propose a three participants variation of the Diffie-Hellman protocol. This variation is based on the Weil and Tate pairings on elliptic curves, which were first used in cryptography as cryptanalytic tools for reducing the discrete logarithm problem on some elliptic curves to the discrete logarithm problem in a finite field.
Article
In this paper we propose a three participants variation of the Diffie--Hellman protocol. This variation is based on the Weil and Tate pairings on elliptic curves, which were first used in cryptography as cryptanalytic tools for reducing the discrete logarithm problem on some elliptic curves to the discrete logarithm problem in a finite field.
Conference Paper
We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Conference Paper
In this paper we introduce a novel type of cryptographic scheme, which enables any pair of users to communicate securely and to verify each other’s signatures without exchanging private or public keys, without keeping key directories, and without using the services of a third party. The scheme assumes the existence of trusted key generation centers, whose sole purpose is to give each user a personalized smart card when he first joins the network. The information embedded in this card enables the user to sign and encrypt the messages he sends and to decrypt and verify the messages he receives in a totally independent way, regardless of the identity of the other party. Previously issued cards do not have to be updated when new users join the network, and the various centers do not have to coordinate their activities or even to keep a user list. The centers can be closed after all the cards are issued, and the network can continue to function in a completely decentralized way for an indefinite period.
Article
Bibliogr. s. 259-262
Article
We describe a fast algorithm for counting points on elliptic curves defined over finite fields of small characteristic, following Satoh. Our main contribution is an extension to characteristics two and three. We give a detailed description with the optimisations necessary for an efficient implementation. Finally we give the number of points we have computed on a random'' curve defined over the field Fq with q=2^8009.
Article
This paper is devoted to the description and analysis of a new algorithm to factor positive integers. It depends on the use of elliptic curves. The new method is obtained from J. M. Pollard’s p-1-method [Proc. Camb. Philos. Soc. 76, 521-528 (1974; Zbl 0294.10005)] by replacing the multiplicative group by the group of points on a random elliptic curve. It is conjectured that the algorithm determines a non-trivial divisor of a composite number n in expected time at most K(p)(log n) 2 , where p is the least prime dividing n and K is a function for which logK(x)=(2+o(1))logxloglogxforx→∞· In the worst case, when n is the product of two primes of the same order of magnitude, this is exp((1+o(1))lognloglogn(forn→∞)· There are several other factoring algorithms of which the conjectural expected running time is given by the latter formula. However, these algorithms have a running time that is basically independent of the size of the prime factors of n, whereas the new elliptic curve method is substantially faster for small p.
Article
Elliptic curve cryptosystems have the potential to provide relatively small block size, high-security public key schemes that can be efficiently implemented. As with other known public key schemes, such as RSA and discrete exponentiation in a finite field, some care must be exercised when selecting the parameters involved, in this case the elliptic curve and the underlying field. Specific classes of curves that give little or no advantage over previously known schemes are discussed. The main result of the paper is to demonstrate the reduction of the elliptic curve logarithm problem to the logarithm problem in the multiplicative group of an extension of the underlying finite field. For the class of supersingular elliptic curves, the reduction takes probabilistic polynomial time, thus providing a probabilistic subexponential time algorithm for the former problem
Article
. We give an algorithm for counting points on arbitrary ordinary elliptic curves over nite elds of characteristic 2, extending the method given by Takakazu Satoh in [Satoh 2000]. Introduction Let E : y 2 + xy = x 3 + a 6 be an elliptic curve dened over the nite eld F 2 N , with j(E) = 2 F 4 . We want to count the number of points on E. Like in other point counting algorithms, our aim is to calculate the trace of the 2 N 'th power Frobenius: Fr 2 N 2 End(E), since #E(F 2 N ) = 2 N + 1 Tr(Fr 2 N ). To do this we split the Frobenius into N small Frobenius maps, giving rise to the following sequence: E Fr 2 // E 1 Fr 2 // : : : Fr 2 // EN 1 : Let K be the unramied extension of Q 2 of degree N given by Q 2 [X] f(X)Q 2 [X] , where f(X) 2 F 2 [X] is the polynomial used to dene F 2 N , and denote by R the valuation ring of K. We want to simultaneously lift the j-invariants of the above curves to R, in such a way that the small Frobenius maps can all be lifted to...
SEC 2: recommended elliptic curve domain parameters (Version 1)
• Efficient Standards
• Cryptography
Public key cryptography for the financial services industry: the elliptic curve digital signature algorithm (ECDSA)
• Ansi-Ecdsa