Today, Elliptic Curve Cryptography (ECC) appears in TSL, SSL, PGP, and many other things including Bitcoin and Blockchain.
(My application is based on C language, but in the blog I will explain ECC in Python language to skip bignum part.)
I explain how I applied ECC algorithm on secure transmission channel from server to client. I used Elliptic Curve Diffie-Hellman (ECDH) key exchange to generate keys for Advanced Encryption Standard (AES). That key used to encrypt the data exchanged between the client and the server.
In addition, I use of Elliptic Curve Digital Signature Algorithm (ECDSA) as a authentication mechanism.
In mathematics, elliptic curve is described in here. But in cryptography, an elliptic curve have the form known as:
satisfied
This is required to exclude singular curves.
Example: link
For an elliptic curve, I have a set of points that belong to the curve denoted by a set E(a, b) along with a special point at infinity, denoted by O. E(a, b) is a abelian group under a special addtion operator, denoted by +
If I want to add a point P to another point Q, I take the following steps:
The straight line passing through points P and Q is
with
In this image, there are three intersection points between the straight line and the elliptic curve, satisfied equation under
Two of these roots are x-coordinates of points P and Q, the third root (of point R) can be found using property of a monic polynomial.
By the Viet theorem
from which I can find the third root
In addition, R is a straight line passing through P and Q. So, I can express y-coordinate of point R as:
Result of addition of two points is the reflection of point R along x-axis
ECC is based on adding a point to ifself k times in order to obtain another point
k x P. Adding point to ifself is called point doubling and expressed as P + P = 2P
I can compute 2P using the following steps:
Point doubling can also be easily expressed algebraically. Similarly to point addition, I calculate the slope. I obtain the slope of a single point P at (x, y) by:
and expressing the slope as:
Similar to the above, I have the result:
After that, I illustrate the Point addition algorithm on python as follows:
from collections import namedtuple
Point = namedtuple("Point", "x y")
def point_addition(P, Q):
if P != Q:
lamda = (Q.y - P.y)*inverse_mod(Q.x - P.x, p)
else:
lamda = (3* P.x^2 + A)*inverse_mod(2*P.y, p)
Rx = (lamda^2 - Q.x - P.x) % p
Ry = (lamda*(P.x - Rx)- P.y) % p
return Point(Rx, Ry)
Scalar multiplication can represented as repeated point addition.
For example, I want to calculate 3P. The multiplication can be represented as a series of addition:
To calculate 3P, I divide it by 2 steps.
Using point addition technique described in Algebraic addition to obtain result.
Scalar multiplication algorithm is implemented on python like this code:
from collections import namedtuple
Point = namedtuple("Point", "x y")
def scalar_multiplication(Q, n):
R = Point(0, 0)
while n > 0:
if n % 2 == 1:
R = point_addition(R, Q)
Q = point_addition(Q, Q)
n = n // 2
return R
As described on wikipeida Elliptic-Curve Diffie-Hellman (ECDH) is a key agreement protocol that allows two parties, each having an elliptic-curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key.
The key, or the derived key, can then be used to encrypt subsequent communications using symmetric-key cipher. It is a variant of the Diffie-Hellman protocol using elliptic-curve cryptography.
ECDH is very similar to the classical Diffie-Hellman Key Exchange (DHKE) algorithm, but it uses ECC point multiplication instead of modular exponentiations. ECDH is based on the following property of EC point:
Alice and Bob want to create a secure communication channel. They choose ECC parameters p, a, b for an Elliptic Curve and base point G
After that, following like this image:
You can find the definition of AES on the wikipedia or anywhere on google because it's so common.
"The algorithm was designed by two Belgian cryptographers: Joan Daemen and Vincent Rijmen. The algorithm was named "Rijdael" during the AES design competition.
Although the two names AES and Rijdael are often referred to interchangeably, in fact the two algorithms are not exactly the same. AES only works with 128/192/256bits data blocks while Rijdael can work with data and keys of any length that is multiple of 32bits"
Unlike DES, AES rounds are a variable that depends on the size of the key. Plaintext is divided into blocks of size 16bytes.
Description by link
Each round consists of 4 sub-processes as shown below:
I will not go too closely into AES, I hope that readers here have a little understanding of this algorithm.
After that,I used it to encrypt the data exchanged on the communication channel.
continue…