You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 24, 2022. It is now read-only.
To start with Elliptic Curve Cryptography we will first have to see various aspects involved in it. This tutorial is an attempt to help people understand Elliptic Curves better and dive deeper into the concepts of ECC as we move forward step by step. This tutorial includes implementation and explanation of the following:
8
+
To start with Elliptic Curve Cryptography we will first have to see various aspects involved in it. This tutorial is an attempt to help people understand Elliptic Curves better and dive deeper into the concepts as we move forward step by step. This tutorial includes implementation and explanation of the following:
9
9
1. Defining Elliptic Curves
10
10
2. Mathematics behind Elliptic Curves (painful?)
11
11
+ Point Arithmetic
12
-
+Dot operation or Point Addition
12
+
+ Point Addition
13
13
+ Point Doubling
14
14
+ Scalar Multiplication
15
-
+ Optimisation algorithms- how have they improved over the years
15
+
+ Double and Add algorithm
16
+
+ Montgomery Ladder [To be added]
16
17
17
18
18
19
19
20
## Elliptic Curves- definition
20
21
Consider the polynomial . All the solutions of this polynomial, when plotted in a graph will look something like this:
21
-
22
-
This polynomial has some very interesting properties and a modified version of this polynomial is used for cryptographic purposes. Elliptic Curves provide security with relatively smaller key sizes when compared to other public key systems such as RSA, Discrete Logarithm Problem, Diffie Hellman Key Exchange etc. The original polynomial mentioned above is not used directly, as it is favorable to have the curve over a finite set (particularly Finite Fields) than to have it defined over real numbers, for cryptographic purposes. We will see one such popular form of the polynomial which is used as an Elliptic Curve, and can be defined over  as the following:
> An Elliptic Curve over  with p>3, is the set of all pairs (x, y) in  that satisfy , along with an arbitrary value, where 
25
+
This polynomial has some very interesting properties and a modified version of this polynomial is used for cryptographic purposes. Elliptic Curves provide security with relatively smaller key sizes when compared to other public key systems such as RSA.
26
+
27
+
The original polynomial mentioned above is not used directly, as it is favorable to have the curve over a finite set (particularly Finite Fields) than to have it defined over real numbers, for cryptographic purposes. We will see one such popular form of the polynomial which is used as an Elliptic Curve, and can be defined over  as the following:
28
+
29
+
> An Elliptic Curve over  with p>3, is the set of all pairs (x, y) in  that satisfy , along with an arbitrary point 0, where 
25
30
26
31
27
32
In this tutorial, we will first define operations on Elliptic Curve over _real numbers_ and then formulate the same for Elliptic Curves over _Finite Fields_.
@@ -50,9 +55,10 @@ We can calculate `C` geometrically with the help of following steps:
50
55
> 2. Reflect the point obtained along the x-axis and on the curve. This mirrored point is point C.
51
56
52
57
53
-
To understand it better have a look at this GIF below taken from Nick Sullivan's blog post on Elliptic Curves- [https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/](https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/):
Now that we have defined point addition geometrically, let us formulate the same arithmetically with the help of observations noted from geometric definition of point addition:
58
64
1. We know that A, B, C' (C' is the reflection of point C along x-axis) lie on the curve as well the line joining A=(x<sub>1</sub>, y<sub>1</sub>), B=(x<sub>2</sub>,y<sub>2</sub>). Our approach will be to first calculate the coordinates of C' and then we can simply negate the y-coordinate of C' keeping the x-coordinate as it is to get coordinates of C. We can write:
@@ -77,28 +83,86 @@ You can find an implementation of the above discussed method in python here: [el
77
83
Point Doubling is similar to Point Addition, just that the formula for calculating slope is different, rest of the formulae for getting the coordinates of x<sub>3</sub> and y<sub>3</sub> are the same. We will first define point doubling geometrically and then define it arithmetically. Please note here `doubling` is just a notation, the operation that takes place on point lying on the curve is very different from normal doubling.
78
84
79
85
Consider a point P=(x<sub>3</sub>, y<sub>3</sub>) that we want to `double`. We can calculate 2P with the help of following steps:
80
-
> 1. Draw a tangent on the curve through P and obtain a second point of interesection between the curve and the line.
86
+
> 1. Draw a tangent on the curve through P and obtain a second point of intersection between the curve and the line.
81
87
> 2. Reflect the point obtained along the x-axis and on the curve. This mirrored point is 2P.
82
88
83
89
84
-
90
+
85
91
86
92
87
93
We can also understand it using Point Addition: Consider addition two points P and Q on an Elliptic Curve, as Q approaches P, the line joining the two points to `add` these points approaches closer and as Q becomes very very close to P, the line becomes a tangent at point P.
88
94
95
+
Formula for slope will be different, as we have only one point on the curve and we want to compute the slope of its tangent, let us see how we can do it:
96
+
1. We know that . Differentiating both sides of this equation with respect to x, we get:
97
+
2.
98
+
3. Thus, with the given point (x<sub>1</sub>, y<sub>1</sub>), we can write `m` as:
99
+
+, where `m` is slope of the tangent passing through the point P
100
+
89
101
Arithmetically, we can express coordinates of 2P as:
90
102
> 
91
103
> Here m is the slope of the tangent passing through P
92
104
93
105
94
106
You can find an implementation of the above method in python here: [ellipticcurve.py](ellipticcurve.py) and in sage here(lesser lines of code): [ellipticcurve.sage](ellipticcurve.sage)
95
107
108
+
## Scalar Multiplication
109
+
There are two algorithms for implementing scalar multiplication in Elliptic Curves:
110
+
1. Double and Add algorithm
111
+
2. Montgomery Ladder
112
+
113
+
We will see how to implement each algorithm and also discuss why Montgomery ladder is preferred over Double and Add algorithm.
114
+
115
+
### Double and Add Algorithm
116
+
This is a very simple algorithm for multiplication of a point with a scalar. Let us try to first understand multiplication of two scalars `a` and `b` using double and add, and then apply the same logic for points on an Elliptic Curve.
117
+
Suppose you want to multiply 5 = (101)<sub>2</sub> by 11 = (1011)<sub>2</sub>
118
+
1. We can write: 5\*11 = 5 \* (1\*2<sup>0</sup> + 1\*2<sup>1</sup> + 0\*2<sup>2</sup> + 1\*2<sup>3</sup>)
2. For each term starting from the left, corresponding bit of `b` (ie equal to 11 in our example) is multiplied with a*2<sup>i</sup>, where i = 0,...,n (`n` is number of bits of `b` minus 1)
121
+
+ All the terms are then added together to give the result
122
+
123
+
Let us implement this algorithm for multiplying two scalars `a` and `b`:
124
+
```python
125
+
defdoubleandadd(a, b):
126
+
res =0
127
+
addend = a
128
+
for i inbin(b)[2:][::-1]:
129
+
if i =="1":
130
+
res = res + addend
131
+
addend *=2
132
+
return res
133
+
```
134
+
135
+
We can apply the same for Elliptic Curves, the only difference is that instead of `a` we have a point `P` lying on an Elliptic Curve `E`:
136
+
137
+
```python
138
+
from sage.all import*
139
+
# Declaring parameters of Elliptic Curve
140
+
# Select appropriate values of p, a, b
141
+
142
+
# Declaring a Weierstrass Curve
143
+
E = EllipticCurve(GF(p), [a, b])
144
+
145
+
defdoubleandadd(E, P, b):
146
+
# P is a point on the Elliptic Curve E
147
+
148
+
# (0:1:0) are projective coordinates of arbitrary point at infinity
149
+
res = E((0, 1, 0))
150
+
addend = P
151
+
for i inbin(b)[2:][::-1]:
152
+
if i =="1":
153
+
res = res + addend
154
+
addend = addend *2
155
+
return res
156
+
```
157
+
[Projective coordinates of points on Elliptic Curves](https://math.stackexchange.com/questions/1973640/elliptic-curve-point-op-zero-point-p)
96
158
97
159
## Resources
98
160
There are some pretty cool resources on ECC which you can refer:
99
-
1.[Nick Sullivan's blog post on Elliptic Curves](https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/)
100
-
2.[Introduction to Cryptography by Christof Paar- Introduction to Elliptic Curves](https://www.youtube.com/watch?v=vnpZXJL6QCQ)
101
-
3.[Introduction to Cryptography by Christof Paar- Elliptic Curve Cryptography](https://www.youtube.com/watch?v=zTt4gvuQ6sY)
161
+
1.[Andrea Corbellini- Gentle Introduction to Elliptic Curves](https://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction)
162
+
2.[Andrea Corbellini- Finite Fields and Discrete Logarithms](https://andrea.corbellini.name/2015/05/23/elliptic-curve-cryptography-finite-fields-and-discrete-logarithms/)
163
+
3.[Nick Sullivan- Primer on Elliptic Curves](https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/)
164
+
4.[Introduction to Cryptography by Christof Paar- Introduction to Elliptic Curves](https://www.youtube.com/watch?v=vnpZXJL6QCQ)
165
+
5.[Introduction to Cryptography by Christof Paar- Elliptic Curve Cryptography](https://www.youtube.com/watch?v=zTt4gvuQ6sY)
0 commit comments