Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
4 Pages
2005-10-10
Course: MATH 168, Fall 2009School: Washington
Rating:
Word Count: 1372
Document Preview
Elliptic 6.4 Curve Cryptography 113 6.4 Elliptic Curve Cryptography In this section we discuss an analogue of Die-Hellman that uses an elliptic curve instead of (Z/pZ) . The idea to use elliptic curves in cryptography was independently proposed by Neil Koblitz and Victor Miller in the mid 1980s. We then discuss the ElGamal elliptic curve cryptosystem. 6.4.1 Elliptic Curve Analogues of Die-Hellman The...
Unformatted Document Excerpt
Coursehero >> Washington >> Washington >> MATH 168Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Elliptic 6.4 Curve Cryptography
113
6.4 Elliptic Curve Cryptography
In this section we discuss an analogue of Die-Hellman that uses an elliptic curve instead of (Z/pZ) . The idea to use elliptic curves in cryptography was independently proposed by Neil Koblitz and Victor Miller in the mid 1980s. We then discuss the ElGamal elliptic curve cryptosystem.
6.4.1 Elliptic Curve Analogues of Die-Hellman
The Die-Hellman key exchange from Section 3.1 works well on an elliptic curve with no serious modication. Michael and Nikita agree on a secret key as follows: 1. Michael and Nikita agree on a prime p, an elliptic curve E over Z/pZ, and a point P E(Z/pZ). 2. Michael secretly chooses a random m and sends mP . 3. Nikita secretly chooses a random n and sends nP . 4. The secret key is nmP , which both Michael and Nikita can compute. Presumably, an adversary can not compute nmP without solving the discrete logarithm problem (see Problem 3.1.2 and Section 6.4.3 below) in E(Z/pZ). For well-chosen E, P , and p experience suggests that the discrete logarithm problem in E(Z/pZ) is much more dicult than the discrete logarithm problem in (Z/pZ) (see Section 6.4.3 for more on the elliptic curve discrete log problem).
6.4.2 The ElGamal Cryptosystem and Digital Rights Management
This section is about the ElGamal cryptosystem, which works well on an elliptic curves. This section draws on a paper by a computer hacker named Beale Screamer who cracked a Digital Rights Management (DRM) system. The elliptic curve used in the DRM is an elliptic curve over the nite eld k = Z/pZ, where p = 785963102379428822376694789446897396207498568951. In base 16 the number p is 89ABCDEF012345672718281831415926141424F7, which includes counting in hexadecimal, and digits of e, , and elliptic curve E is 2. The
y 2 = x3 + 317689081251325503476317476413827693272746955927x + 79052896607878758718120572025718535432100651934.
114
6. Elliptic Curves
We have #E(k) = 785963102379428822376693024881714957612686157429, and the group E(k) is cyclic with generator B = (771507216262649826170648268565579889907769254176, 390157510246556628525279459266514995562533196655). Our heroes Nikita and Michael share digital music when they are not out ghting terrorists. When Nikita installed the DRM software on her computer, it generated a private key n = 670805031139910513517527207693060456300217054473, which it hides in bits and pieces of les. In order for Nikita to play Juno Reactors latest hit juno.wma, her web browser contacts a web site that sells music. After Nikita sends her credit card number, that web site allows Nikita to download a license le that allows her audio player to unlock and play juno.wma. As we will see below, the license le was created using the ElGamal public-key cryptosystem in the group E(k). Nikita can now use her license le to unlock juno.wma. However, when she shares both juno.wma and the license le with Michael, he is frustrated because even with the license his computer still does not play juno.wma. This is because Michaels computer does not know Nikitas computers private key (the integer n above), so Michaels computer can not decrypt the license le.
We now describe the ElGamal cryptosystem, which lends itself well to implementation in the group E(Z/pZ). To illustrate ElGamal, we describe how Nikita would set up an ElGamal cryptosystem that anyone could use to encrypt messages for her. Nikita chooses a prime p, an elliptic curve E over Z/pZ, and a point B E(Z/pZ), and publishes p, E, and B. She also chooses a random integer n, which she keeps secret, and publishes nB. Her public key is the four-tuple (p, E, B, nB). Suppose Michael wishes to encrypt a message for Nikita. If the message is encoded as an element P E(Z/pZ), Michael computes a random integer r
6.4 Elliptic Curve Cryptography
115
and the points rB and P + r(nB) on E(Z/pZ). Then P is encrypted as the pair (rB, P + r(nB)). To decrypt the encrypted message, Nikita multiplies rB by her secret key n to nd n(rB) = r(nB), then subtracts this from P + r(nB) to obtain P = P + r(nB) r(nB). We implement this cryptosystem in Section 7.6.3. Remark 6.4.1. It also make sense to construct an ElGamal cryptosystem the in group (Z/pZ) . Returning out our story, Nikitas license le is an encrypted message to her. It contains the pair of points (rB, P + r(nB)), where rB = (179671003218315746385026655733086044982194424660, 697834385359686368249301282675141830935176314718) and P + r(nB) = (137851038548264467372645158093004000343639118915, 110848589228676224057229230223580815024224875699). When Nikitas computer plays juno.wma, it loads the secret key n = 670805031139910513517527207693060456300217054473 into memory and computes n(rB) = (328901393518732637577115650601768681044040715701, 586947838087815993601350565488788846203887988162). It then subtracts this from P + r(nB) to obtain P = (14489646124220757767, 669337780373284096274895136618194604469696830074). The x-coordinate 14489646124220757767 is the key that unlocks juno.wma. If Nikita knew the private key n that her computer generated, she could compute P herself and unlock juno.wma and share her music with Michael. Beale Screamer found a weakness in the implementation of this system that allows Nikita to detetermine n, which is not a huge surprise since n is stored on her computer after all.
6.4.3 The Elliptic Curve Discrete Logarithm Problem
Problem 6.4.2 (Elliptic Curve Discrete Log Problem). Suppose E is an elliptic curve over Z/pZ and P E(Z/pZ). Given a multiple Q of P , the elliptic curve discrete log problem is to nd n Z such that nP = Q.
116
6. Elliptic Curves
For example, let E be the elliptic curve given by y 2 = x3 + x + 1 over the eld Z/7Z. We have E(Z/7Z) = {O, (2, 2), (0, 1), (0, 6), (2, 5)}. If P = (2, 2) and Q = (0, 6), then 3P = Q, so n = 3 is a solution to the discrete logarithm problem. If E(Z/pZ) has order p or p1 or is a product of reasonably small primes, then there are some methods for attacking the discrete log problem on E, which are beyond the scope of this book. It is thus important to be able to compute #E(Z/pZ) eciently, in order to verify that the elliptic curve one wishes to use for a cryptosystem doesnt have any obvious vulnerabilities. The naive algorithm to compute #E(Z/pZ) is to try each value of x Z/pZ and count how often x3 + ax + b is a perfect square mod p, but this is of no use when p is large enough to be useful for cryptography. Fortunately, there is an algorithm due to Schoof, Elkies, and Atkin for computing #E(Z/pZ) eciently (polynomial time in the number of digits of p), but this algorithm is beyond the scope of this book. In Section 3.1.1 we discussed the discrete log problem in (Z/...
Textbooks related to the document above:
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
Washington - MATH - 168
6.5 Elliptic Curves Over the Rational Numbers117FIGURE 6.5. Louis J. Mordell6.5 Elliptic Curves Over the Rational NumbersLet E be an elliptic curve defined over Q. The following is a deep theorem about the group E(Q). Theorem 6.5.1 (Mordell).
Washington - MATH - 168
46CHAPTER 3. MODULAR SYMBOLS OF WEIGHT TWO3.4Computing a basis for S2 (0 (N )In this section we explain a method for using what we know how to compute using modular symbols to compute a basis for S2 (0 (N ). Let M2 (0 (N ); Q) and S2 (0 (N );
Washington - MATH - 168
An introduction to computing modular forms using modular symbolsWilliam A. SteinHarvard University Cambridge, MA 02138 was@math.harvard.edu http:/modular.fas.harvard.eduAbstract In this survey paper, we explain how weight 2 modular forms on 0 (N
Washington - MATH - 168
Explicit Approaches to Elliptic Curves and Modular FormsWilliam Stein Associate Professor of Mathematics University of California, San Diego Math 168a: 2005-09-261Outline of Course and this Lecture1. Pythagoras and Fermat2. Mordell-Weil Group
Washington - MATH - 168
6.5 Elliptic Curves Over the Rational Numbers117FIGURE 6.5. Louis J. Mordell6.5 Elliptic Curves Over the Rational NumbersLet E be an elliptic curve defined over Q. The following is a deep theorem about the group E(Q). Theorem 6.5.1 (Mordell).
Washington - MATH - 168
AVERAGE RANKS OF ELLIPTIC CURVES (VERY ROUGH DRAFT)BAUR BEKTEMIROV, BARRY MAZUR, WILLIAM STEIN AND MARK WATKINS1. Introduction Suppose you are given an algebraic curve C defined over the rational number field, defined, let us say, as the locus of
Washington - MATH - 168
" Functions related to the congruent number problem for elliptic curves. AUTHOR: William Stein, 2005-10-17EXAMPLES: sage: attach "cong.sage" sage: cong_number_sets(101) ([], []) sage: is_conj_congruent_number(101) True sage: is_congruent_number(101
Washington - MATH - 168
* turn on recorder* ? office hours: tue 3-5;* ? section thur 5-6 in my office.* grad student numtheory seminar: tue 1-2 (informal, with lunch)* email address signup sheet.* The notes for today are from Chapter 6 of a book I'm writing on number
Washington - MATH - 168
1. homework: Come up with a project and create an outline of it. Turn in next wednesday. I'll grade this based on it being "coherent", and having some thought put into it. 2. turn on recorder3. lecture- manin symbols; p
Washington - MATH - 168
* remark: - modular symbols as discussed before allow computation of S_2(Gamma_1(N) in almost exactly the same way as before.* Motivate: (1) dirichlet characters decompose M_k(Gamma1(N) (2) use to write down generalized eisenstein se
Washington - MATH - 168
*. Handout take-home final and discuss it.*. Discuss class projects. *. Review of Dirichlet characters*. Conductor of Dirichlet character*. Writing down all Eisenstein series. *. break.*. Finish up Eis*. CAPEs
Washington - MATH - 168
was@form:~$ sage-- SAGE Version 0.7.11, Export Date: 2005-10-12-1029 Distributed under the terms of the GNU General Public License (GPL) IPython shell - for help type <object>?, <object>?, %magic, or help--sage: E = EllipticCurve([0,-1]
Washington - MATH - 168
* Ross Richardson will speak in the graduate student research seminar on Wednesday about "The Sigma function of a graph". This talk is partly about how to draw graphs and looks very interesting. I will provide pizza and sodas. 7218 on Wed a
Washington - MATH - 168
* New notes (rest of chapter)* Collect homework * Handout graded homework * Bernoulli numbers and Eisenstein series* State Structure theorem* VM basis* Hecke operators* Discuss course project ideas: - do something for SAGE - exp
Washington - MATH - 168
* announce the new interactive SAGE website* ent.py is a Python package with no dependence on SAGE, etc., for some elementary number theory algorithms.
Washington - MATH - 168
* Return midterms* Return homework* New notes (rest of chapter)* New homework* Eisenstein series * Bernoulli numbers* Structure theorem* Watch NOVA FLT special* VM basis* Discuss course project ideas: - do something for SAGE
Washington - MATH - 168
was@form:~$ magmaMagma V2.12-10 Wed Sep 28 2005 16:12:13 on form [S3818619903]Type ? for help. Type <Ctrl>-D to quit.Loading startup file "/home/was/magma/local/init.m"> M := ModularSymbols(37);> M;Full modular symbols space for Gamm
Washington - MATH - 168
Wed Nov 16 10:21:04 2005-* project / final exam due date? DUE: Friday at noon, Dec 9. Assigned (final): Wed Nov 30 (last day of class). Thur Dec 8: I'll be in my office all day on Thu Nov 8 to discuss projects. - I'll give you the
Washington - MATH - 168
was@modular:~/www/168/notes/2005-09-28$ sage- SAGE Version 0.7.5, Export Date: 2005-09-29-0607 Distributed under the terms of the GNU General Public License (GPL) IPython shell - for help type <object>?, <object>?, %magic, or help
Washington - MATH - 168
* You can download the complete book from http:/modular.ucsd.edu/edu/fall05/168/refs/ It's stein-number_theory.pdf * REMINDER: Grad student number theory seminar on WEDNESDAY at 1pm* Certicom-WP-DPM.pdf - page 3 * Joe's
Washington - MATH - 168
was@form:~/168/notes/2005-09-26$ sage- SAGE Version 0.7.4, Export Date: 2005-09-27-0000 Distributed under the terms of the GNU General Public L IPython shell - for help type <object>?, <object>?, %-sage: M = ModularSymbols(11)sage: M _2 =
Washington - MATH - 168
was@form:~$ sage--| SAGE Version 0.9.12, Build Date: 2005-11-22-0059 || Distributed under the terms of the GNU General Public License || For help type <object>?, <object>?, %magic, or help |--sage: dimension_modular_forms(Gamma1
Washington - MATH - 168
- SAGE Version 0.7.9, Export Date: 2005-10-10-0104 Distributed under the terms of the GNU General Public Licen IPython shell - for help type <object>?, <object>?, %magi--sage: E = EC(GF(next_prime(10^20),[-1,0])sage: EElliptic Curve defin
Washington - MATH - 168
From jlwether@earthlink.net Mon Oct 10 18:24:45 2005ECC and Digital Postage Marks - Part 1 http:/www.certicom.com/index.php?action=res,cc&issue=1-3&article=1-Neopost Selects Elliptic Curve Cryptography from Certicom "Neopost is proud to
Washington - MATH - 168
> p := 100000000000000000039;> k := GF(p);> E := EllipticCurve([k|0, 0, 0, 100000000000000000038, 0]);> #E;100000000000000000040> Factorization(#E);[ <2, 3>, <5, 1>, <7, 1>, <41, 1>, <53, 1>, <164354743277891, 1> ]> P := E![10, 336750760782573
University of Illinois, Urbana Champaign - PHYS - 460
Error in original solution the final answer is the same
University of Illinois, Urbana Champaign - CS - 232
CS232 Fall 2006Section 1: Bitwise Operators in CAugust 23, 20061. A char is a data type of size 1 byte. Given a char x and an int i 0, give C commands to achieve the following: (a) set the ith bit of x (i.e. change it to a 1) Note: The LSB is
University of Illinois, Urbana Champaign - CS - 498
Cipher TechniquesCS498SH Fall 2005Based on slides provided by Matt Bishop for use with Computer Security: Art and ScienceSlide #11-1Reading Chapter 11 in Computer Science: Art and Science, Chapter 10 in Introduction to Computer Security Can
Washington - RESEARCH - 101
Your name: class & section: research topic:Forming a Research Question 1. What is your general topic?2. What disciplines or academic fields may be interested in this topic? (Consult http:/www.lib.washington.edu/subject/ for ideas)3. Brainstorm
Washington - HST - 388
Washington - INFO - 220
Be a Reference Librarian Names: A student comes to the desk with the following question. I interested in finding books dealing with the depiction of the m Madonna in paintings especially those comparing Italian and Dutch artists. What are the key con
Washington - HSTAA - 230
Washington - HIST - 388
Washington - HIST - 388
Washington - HSTAA - 365
Washington - HIST - 388
Washington - HIST - 498
Harold BrackmanTHE ATTACK ON "JEWISH HOLLYWOOD": A CHAPTER IN THE HISTORY OF MODERN AMERICAN ANTI-SEMITISMAs the United States became a magnet for mass Jewish emigration from Eastern Europe, the imprecation was born: "New York is not America." A c
Washington - HST - 388
Washington - HST - 498
Washington - HSTEU - 334
Washington - HIST - 498
Washington - HST - 221
Images as Historical ArtifactsWorth a 1,000 words?Photographs have tremendous power to communicate information. But they also have tremendous power to communicate misinformation.Camera never lies?While photographs may not lie, liars may p
Washington - GRL - 2020
Willows Lodge Woodinville, WA Sept 30th Oct 2nd, 2007Lee Dirks Director, Scholarly CommunicationsTechnical Computing / External Research at MicrosoftThink big. What expectations do you have? What is going to make this worthwhile for you?
Washington - A - 101
Astronomy 101Midterm 1 Essay Question Pool1/22/2009Greetings exam takers! Below is the set of "big questions" from which I will draw the two essay questions that you will be asked to answer on exam day, Thursday, January 29th. Each is readily d
Washington - E - 199
Laws English 199 Guidelines for Out-of-Class Peer Critiques: The first paragraph: 1. Does the paragraph clearly assert the purpose of the paper? a. Underline the thesis or topical assertion of the paper and write down in your own words what you belie
Washington - E - 199
English 199Spring 2009Name: _Homework Assignment 1: Writing Profile Due by Wednesday, April 1st, 2009 In Class or Via Email.Please answer the following questions. Be as specific and thorough as you can be. Your answers will give me a chance
Washington - CHEM - 321
Experiment #7, Ni Notes:Preparation Submit a weighing bottle for your unknown. Dry the NiO standard and unknown for 3 hours in a 125 degree oven. Experiment Carry a blank through the entire procedure. This means to do the entire digestion process
Washington - CHEM - 321
Experiment #6, Manganese Notes:Preparation Dry MnSO4 2O for 30 minutes in the 125 oven. H C This experiment is highly compatible with the Fluoride experiment for multiplexing your time.Pre-Lab Calculations Standard addition calculations can be
Washington - CHEM - 142
Chem 142IN-CLASS QUESTION 1Prof. NormanWill each of the following 5 solutions have pH < 7, = 7, or > 7? HNO3(aq) K2O(aq) NH4NO3(aq) K3PO4(aq)+CaCl2(aq)pH < 7: HNO3(aq) + H2O(l) H3O (aq) + NO3-(aq) pH > 7: O2-(aq) + H2O(l) 2 OH-(aq) K+(aq
Washington - CHEM - 162
Chem 162A Request for Exam Regrade Complete one form for each question you want regraded and attach to your exam. Turn into Dr. Goren within 72 hours of the quiz section in which exams are returned. Request regrade of question #_ Write here the answe
Washington - CHEM - 321
Experiment #8, Flow Injection Analysis & Ion Chromatography Notes:Preparation Prepare your HCl standard solutions one day in advance. This experiment takes at least 2 hours to complete IC runs are 15-18 minutes each. Pre-Lab Calculations Be sure
Washington - CHEM - 142
Name TA name:Question 1: True or False: h is the Planck's constant Question 2: True or false: The green color of leaves is due to the pigment chlorophyll which doesn't absorb green wavelength Question 3: We did a flame test demo last week. List two
Washington - CHEM - 560
Homework #14 Due: 5/27/04 Yager: Frontiers in Nanotech Homework question: One of the major challenges in microfluidics is the fact that surface adsorption in small channels is much more serious problem than it is in larger channels. Consider the foll
Washington - CHEM - 162
CHEM 162 EXAM QUESTION ASSIGNMENT NAME: QUESTION TOPIC: QUESTION TYPE: QUESTION: SECTION:ANSWER CHOICES: Give four choices for the answers. All must be reasonable answers. (A) (B) (C) (D)HOW ANSWERS WERE DERIVED. Indicate CORRECT ANSWER with an a
Washington - CHEM - 152
Washington - CHEM - 152
Chem 152B Winter 2008 Midterm ISection:_(BA, BB, etc.) Seat:_ Name:_ Student #:_You will have 50 minutes. Useful information is provided on the last page of this exam. Feel free to remove the last page if convenient. You do not need to turn it in
Washington - CHEM - 531
Problem Set 2. Conformational Analysis and AcidityQuestion 1. Draw a 3-D representation of the most stable conformation of each of the following molecules: t-Bu Me Me O O CH3 Me Me O H OiPr i-Pr Me Me i-Pr i-Pr i-Pr i-Pr i-PrMeQuestion 2. a) Dra
Washington - CHEM - 321
Experiment #5, Fluoride Notes:Preparation Dry the NaF in the oven for 1 hour. Avoid leaving the NaF in the oven overnight. Submit a 250 mL volumetric flask for your unknown. The unknown will not be prepared until just before you need it. Experimen
Washington - CHEM - 162
CHEM 162A, SPRING 2000 Homework Six homework sets (15 points each) are assigned for the quarter. Working the problems is essential for learning physical chemistry and students are encouraged to work extra problems. Use proper format which is as follo