Elliptic-curve cryptography ECC is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography based on plain Galois fields to provide equivalent security. Elliptic curves are applicable for key agreement , digital signatures , pseudo-random generators and other tasks. Indirectly, they can be used for encryption by combining the key agreement with a symmetric encryption scheme. They are also used in several integer factorization algorithms based on elliptic curves that have applications in cryptography, such as Lenstra elliptic-curve factorization. Public-key cryptography is based on the intractability of certain mathematical problems.
|Published (Last):||28 November 2010|
|PDF File Size:||12.41 Mb|
|ePub File Size:||13.60 Mb|
|Price:||Free* [*Free Regsitration Required]|
Elliptic-curve cryptography ECC is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography based on plain Galois fields to provide equivalent security.
Elliptic curves are applicable for key agreement , digital signatures , pseudo-random generators and other tasks. Indirectly, they can be used for encryption by combining the key agreement with a symmetric encryption scheme. They are also used in several integer factorization algorithms based on elliptic curves that have applications in cryptography, such as Lenstra elliptic-curve factorization.
Public-key cryptography is based on the intractability of certain mathematical problems. Early public-key systems based their security on the assumption that it is difficult to factor a large integer composed of two or more large prime factors.
For later elliptic-curve-based protocols, the base assumption is that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible: this is the "elliptic curve discrete logarithm problem" ECDLP. The security of elliptic curve cryptography depends on the ability to compute a point multiplication and the inability to compute the multiplicand given the original and product points.
The size of the elliptic curve determines the difficulty of the problem. The U. National Security Agency NSA allows their use for protecting information classified up to top secret with bit keys. The primary benefit promised by elliptic curve cryptography is a smaller key size , reducing storage and transmission requirements  , i.
The use of elliptic curves in cryptography was suggested independently by Neal Koblitz  and Victor S. Miller  in Elliptic curve cryptography algorithms entered wide use in to For current cryptographic purposes, an elliptic curve is a plane curve over a finite field rather than the real numbers which consists of the points satisfying the equation.
The coordinates here are to be chosen from a fixed finite field of characteristic not equal to 2 or 3, or the curve equation will be somewhat more complicated. This set together with the group operation of elliptic curves is an abelian group , with the point at infinity as an identity element.
The structure of the group is inherited from the divisor group of the underlying algebraic variety. The suite is intended to protect both classified and unclassified national security systems and information. Recently, a large number of cryptographic primitives based on bilinear mappings on various elliptic curve groups, such as the Weil and Tate pairings , have been introduced. Schemes based on these primitives provide efficient identity-based encryption as well as pairing-based signatures, signcryption , key agreement , and proxy re-encryption.
To use ECC, all parties must agree on all the elements defining the elliptic curve, that is, the domain parameters of the scheme. The field is defined by p in the prime case and the pair of m and f in the binary case. The elliptic curve is defined by the constants a and b used in its defining equation. Finally, the cyclic subgroup is defined by its generator a. Unless there is an assurance that domain parameters were generated by a party trusted with respect to their use, the domain parameters must be validated before use.
The generation of domain parameters is not usually done by each participant because this involves computing the number of points on a curve which is time-consuming and troublesome to implement. As a result, several standard bodies published domain parameters of elliptic curves for several common field sizes.
Such domain parameters are commonly known as "standard curves" or "named curves"; a named curve can be referenced either by name or by the unique object identifier defined in the standard documents:. SECG test vectors are also available. EC domain parameters may be either specified by value or by name. If one despite the above wants to construct one's own domain parameters, one should select the underlying field and then use one of the following strategies to find a curve with appropriate i.
Because all the fastest known algorithms that allow one to solve the ECDLP baby-step giant-step , Pollard's rho , etc. This can be contrasted with finite-field cryptography e. However, the public key may be smaller to accommodate efficient encryption, especially when processing power is limited. The hardest ECC scheme publicly broken to date had a bit key for the prime field case and a bit key for the binary field case. For the prime field case, this was broken in July using a cluster of over PlayStation 3 game consoles and could have been finished in 3.
However, points on a curve can be represented in different coordinate systems which do not require an inversion operation to add two points. Note that there may be different naming conventions, for example, IEEE P standard uses "projective coordinates" to refer to what is commonly called Jacobian coordinates.
An additional speed-up is possible if mixed coordinates are used. Other curves are more secure and run just as fast.
Elliptic curves are applicable for encryption , digital signatures , pseudo-random generators and other tasks. They are also used in several integer factorization algorithms that have applications in cryptography, such as Lenstra elliptic curve factorization.
In , NIST recommended fifteen elliptic curves. Specifically, FIPS  has ten recommended finite fields:. The NIST recommendation thus contains a total of five prime curves and ten binary curves. The curves were ostensibly chosen for optimal security and implementation efficiency. Elliptic curve cryptography is used by the cryptocurrency Bitcoin. Consequently, it is important to counteract side-channel attacks e. Alternatively one can use an Edwards curve ; this is a special family of elliptic curves for which doubling and addition can be done with the same operation.
Cryptographic experts have expressed concerns that the National Security Agency has inserted a kleptographic backdoor into at least one elliptic curve-based pseudo random generator. The SafeCurves project has been launched in order to catalog curves that are easy to securely implement and are designed in a fully publicly verifiable way to minimize the chance of a backdoor.
Shor's algorithm can be used to break elliptic curve cryptography by computing discrete logarithms on a hypothetical quantum computer. The latest quantum resource estimates for breaking a curve with a bit modulus bit security level are qubits and billion Toffoli gates. All of these figures vastly exceed any quantum computer that has ever been built, and estimates place the creation of such computers as a decade or more away.
Supersingular Isogeny Diffie—Hellman Key Exchange provides a post-quantum secure form of elliptic curve cryptography by using isogenies to implement Diffie—Hellman key exchanges. This key exchange uses much of the same field arithmetic as existing elliptic curve cryptography and requires computational and transmission overhead similar to many currently used public key systems.
In August , the NSA announced that it planned to transition "in the not distant future" to a new cipher suite that is resistant to quantum attacks. From Wikipedia, the free encyclopedia. Main article: ECC patents. National Security Agency, January National Security Agency. Archived from the original on Retrieved Mathematics of Computation. Use of elliptic curves in cryptography. Lecture Notes in Computer Science. Archived from the original PDF download on Algorithmic Number Theory.
A cryptographic application of the Weil descent. Cryptography and Coding. Hewlett Packard Laboratories Technical Report. Bibcode : MaCom.. Journal of Cryptology. Commentarii Mathematici Universitatis Sancti Pauli.
April 27, Archived from the original PDF on Retrieved 1 December New York Times. Retrieved 28 October I believe the NSA has manipulated them through their relationships with industry. NY Times — Bits Blog. Retrieved October 1, Retrieved 3 May Seclist Org. Archived from the original html on 2 July Retrieved 4 July Hankerson, A. Menezes, and S. Blake, G. Seroussi, and N. Malhotra, S. Gardner, and R. Public-key cryptography. History of cryptography Cryptanalysis Outline of cryptography.
Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography. Topics in algebraic curves.
EP2443789B1 - Cryptographie sur une courbe elliptique simplifiee - Google Patents
Effective date : Kind code of ref document : A2. Kind code of ref document : B1. Ref country code : GB. Ref legal event code : FG4D. Ref country code : AT. Ref legal event code : REF.