elliptic curve cryptography implementation & pki adoption brian saville jonathan mitchell
TRANSCRIPT
![Page 1: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/1.jpg)
Elliptic Curve Cryptography
Implementation & PKI Adoption
Brian SavilleJonathan Mitchell
![Page 2: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/2.jpg)
Overview
• Background of ECC and PKI• ECC Weaknesses• Experimentation• Results• ECC Adoption • Conclusion• Questions
![Page 3: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/3.jpg)
Elliptic Curves
All Elliptic Curves come in the following form: y2 = x3 + ax + b
![Page 4: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/4.jpg)
Mathematical PropertiesCan define a new algebra on Elliptic Curves with interesting mathematical properties:• first, add a point-at-infinity O • point addition: draw a line
through 2 points. the sum is the opposite of where the line hits the curve a 3rd time.
• adding point to itself: use tangent line (point doubling)
• if vertical, sum is "O" • this can also be determined
algebraically.
![Page 5: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/5.jpg)
Point Addition: Rules
![Page 6: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/6.jpg)
Finite Elliptic Curves
• Encryption works better with integers.• Wrap elliptic curves in finite field (modulo)• Pretty curves and lines no longer applicable• Algebra still works • Curves now look like:
y2 mod p = (x3 +ax+b) mod p
![Page 7: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/7.jpg)
Finite Point Addition: Rules
![Page 8: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/8.jpg)
Uses in Cryptography
Mathematical properties are useful for PKI• Can generate asymmetric (public/private) keys• Can encrypt/decrypt data
Stronger than RSA
![Page 9: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/9.jpg)
Key Generation
Agree on the following (public):• Curve parameters (a, b)• The modulus p• Base point G (on the curve)
Pick a random integer n as private key Calculate public key P = n*G
![Page 10: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/10.jpg)
Encryption/Decryption
Alice represents her text or data to send as a point Pm Alice sends Bob a pair of points: SentPair = {k*G, Pm + k*P} k = randomly chosen integer Bob decrypts the message using his private key: Pm + k*P - n(k*G) = Pm + k(n*G) - n(k*G) = Pm
![Page 11: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/11.jpg)
Why ECC is strong
The difficult mathematical problem is called the
elliptic curve discrete logarithm problem
That is, given P and G, (and P= n*G), find n
• Invented a whole new algebrao not susceptible to common attacks
• Runs in exponential timeo RSA runs in sub-exponential time
• Best known attack: Pollard's rho attack (exponential)o runs in ((πn)^1/2) / 2
![Page 12: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/12.jpg)
Weaknesses
Unexplored since not used much in productionChoosing correct curve parameters• Modulo p - some sub-exponential algorithms exist for certain
pFinding base point G• Not as easy as you'd think
![Page 13: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/13.jpg)
Experiments - Goals and Outcomes
1. Create a visual representation of point addition2. Perform timing experiments contrasting ECC and RSA
1.Length of time to generate keys (various key sizes) 2.Length of time to encrypt data (various data lengths)
![Page 14: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/14.jpg)
Demo
![Page 15: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/15.jpg)
Results
![Page 16: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/16.jpg)
Key Generation by Key Size
![Page 17: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/17.jpg)
Key Generation by Key Strength
![Page 18: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/18.jpg)
Encryption by Key Size
![Page 19: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/19.jpg)
Encryption by Key Strength
![Page 20: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/20.jpg)
Analysis
Results are about as expected, with surprises • Key generation was faster in ECC at same strength• Encryption was faster in ECC at higher bit sizes
May have been due to naive implementation
![Page 21: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/21.jpg)
ECC Adoption
Patents• Many willing to work with community - Sun• Certicom is the problem - Sued Sony• NSA licensing from Certicom
Logistics• Replace software and hardware in place for RSA, etc
Estimated standard ~2020
![Page 22: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/22.jpg)
Conclusion
ECC is stronger than RSA for PKIPatents won't stand in the way foreverLargest obstacle: replacing current PKI infrastructure
![Page 23: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/23.jpg)
Review
• Background of ECC and PKIo Elliptic Curveso Key Generationo Data Encryptiono Weaknesses
• Experimentationo Visual Point Addition o Key Generationo Data Encryption
• Results• ECC Adoption - Patents, Logistics • Conclusion
![Page 24: Elliptic Curve Cryptography Implementation & PKI Adoption Brian Saville Jonathan Mitchell](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649edc5503460f94bec7e1/html5/thumbnails/24.jpg)
Questions