# ECE 842 Report Implementation of Elliptic Curve Cryptography

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic system. Before doing the implementation, I will review group operation defined on elliptic curve over finite field. From that perspective, the efficiency of elliptic curve cryptographic system can be improved in two steps. The first step is to find a good representation of field element such that arithmetic over finite field can be done with less efforts. The other one is to find a good representation of point on elliptic curve such that time consuming field operation could be avoided. These two steps will be discussed in detail. Finally, we will implement a simple public key elliptic curve cryptographic system and show how computation time can be saved by applying these techniques. 1 Introduction Elliptic curves over finite field can be used to implement secret exchanging scheme. This technique provides equivalent security level as RSA cryptography, but with shorter key length. Having shorter key length means smaller bandwidth and memory requirement. In some applications, these might be critical factors. Another advantage is that there are many curves available to be chosen. Consequently, the curve can be changed periodically for extra security. 1

2 The points on an elliptic curve form a group. The associated group operation involves arithmetic operations over underlying field. The field addition is easy to implement, both in hardware and in software. There has been much interest in the design of fast multiplication and fast inversion over GF (2 n ). In this report, I will discuss how group operation on elliptic curve can be accomplished efficiently. The reminder of this report is organized as follows. Section 2 presents a brief summary of elliptic curve over finite fields. In section 3, we talk about using normal basis representation to perform arithmetic over finite field. Based on normal basis representation, we describe projective coordinates in section 4. Finally, experiment results show improvement achieved by applying normal basis and projective coordinates. 2 Elliptic curve over Galois fields First, let s start with the general form of elliptic curves, y 2 + a 1 xy + a 3 y = x 3 + a 2 x 2 + a 4 x + a 6 Usually, they are categorized into following two versions, or y 2 + xy = x 3 + a 2 x 2 + a 6 (1) y 2 + y = x 3 + a 4 x + a 6 (2) The elliptic curves of the second form, Equation (2), is called supersingular curve. These curves have the advantage that they can be computed quickly. However, because of their special properties, their corresponding discrete logarithm problem is relatively easy to solve. That makes supersingular curves unsuitable for cryptographical purpose. Equation (1) is called non-supersingular curve. To date, no attacking method takes less than exponential time. Therefore, they are excellent for cryptography. The points on elliptic curve together with a point at infinite form a group. For elliptic curves over real number, the associated group operation can be visualized in terms of their geometrical relationship [5]. To implement a cryptographical system, we will focus on the case where elliptic curve over GF (2 n ). It leads us to efficient software and hard ware implementation. 2

3 Unfortunately, the group operation over GF (2 n ) is hard to visualize. It also require a lot of algebra to derive its formula. Here, I will skip all the derivation and only state the results. Based on these results, it will be very easy to understand the implementation issues. Given two points, P and Q, on a elliptic curve, group operation is defined as P + Q = R Let (x 1, y 1 ), (x 2, y 2 ) and (x 3, y 3 ) denote the coordinates of P, Q and R respectively. Then, x 3, y 3 can be expressed in terms of x 1, y 1, x 2 and y 2 as below: if P Q: θ = y 2 y 1 x 2 x 1 x 3 = θ 2 + θ + x 1 + x 2 + a 2 if P = Q: y 3 = θ(x 1 + x 3 ) + x 3 + y 1 θ = x 1 + y 1 x 1 x 3 = θ 2 + θ + a 2 y 3 = x (θ + 1)x 3 They are called point addition and point doubling on elliptic curve. In the elliptic curve cryptographic system, we will send multiplication of point over a unsecured channel. Multiplication of point can be computed efficiently using only point addition and point doubling. For example, 15P = P + 2(P + 2(P + 2P )) Now, it should be very clear that point doubling and point addition are the fundamental operations in elliptic curve cryptographic system. These two operations involve multiplication, division, addition, subtraction and squaring over GF (2 n ). So, our goal is to implement the arithmetics over GF (2 n ) with minimal hardware or software complexity. 3

4 3 Arithmetics over GF (2 n ) GF (2 n ) can be viewed as vector space of dimension m over GF (2). That is, there exist a basis α 0, α 1,..., α n 1 such that each a GF (2 n ) can be written uniquely in the form a = a i α i, where a i {0, 1} We can also represent a as a vector (a 0, a 1,..., a n 1 ). In hardware, a field element is stored in an array of length n. Addition of field element is accomplished by bitwise XOR operation. Because vector space is over GF (2), subtraction of field elements is exactly the same as addition of field elements. 3.1 Normal Basis A normal basis in GF (p n ) is a basis of the form {β p0, β p1, β p2,..., β pn 1 }. It is well known that a normal basis exists in every finite field. Every B GF (p n ) may be uniquely expressed in terms of B = b i β pi Further, let and Now Since we can write A = a i β pi, C = c i β pi C = AB C = a i b j β pi β pj j=0 β pi β pj = k=0 λ (k) i,j βpk (3) 4

5 Substitution yields c k = j=0 a i b j λ (k) i,j (4) Define a matrix T N as follows: Index the rows of T N by the ordered pairs (i, j). In row (i, j), column k put λ (k) i,j. From now on, we consider the special case where p = 2. This leads us to design an efficient implementation. Let A = (a n 1,..., a 1, a 0 ) denote the coordinate vector for A in the normal basis. Because the property of normal basis, we have A 2 = (a n 2,..., a 0, a n 1 ) A 2m = (a n m 1,..., a n m+1, a n m ) where the subscripts are taken modulo n. This is an amazing result because square of field element can be calculated by circular shifting. Many implementation techniques are based on exploiting this property. By raising both side of (3) to the power of 2 m, then (β 2i β 2j ) 2 m = β 2i m β 2j m = k=0 λ (k) i m,j m β2k = k=0 λ (k) i,j β2k m Equating the coefficients of β 20 in the above equation, yields Therefore Equation (4) can be written as c k = j=0 λ (0) i m,j m = λ(m) i,j (5) n 1 a i b j λ (0) i k,j k = j=0 a i+k b j+k λ (0) i,j Therefore, c k is obtained from m fold cyclic shift of the variables involved Optimal normal basis An Optimal Normal Basis (ONB) [4] is one with the minimum number of nonzero terms in Equation (4). This value was proved to be 2n 1 [1]. Since 5

6 it allows multiplication with minimum complexity, such a basis normally leads to a more efficient hardware implementation. There are two types of optimal normal bases [4], namely Type I and Type II. In the following sections, we show the conditions under which optimal normal basis exist and the procedures for constructing multiplication table Type I For Type I, there exists an optimal normal basis if 1. n + 1 is a prime 2. 2 is a primitive in GF (n + 1) To implement multiplication, we need to find λ (k) i,j to Equation (5), we only need to solve for λ (0) i,j and then the whole multiplication table can be derived from λ (0) i,j one of the following two conditions [5], in Equation (4). According. For type I ONB, λ(0) i,j 2 i + 2 j = 1 mod n i + 2 j = 0 mod n + 1 = 1 iff i, j satisfy Using these two condition and Equation (5), building multiplication table is simple and efficient. The multiplication table of GF (2 4 ) is shown in Table Type II For Type II, an optimal normal basis exists if 1. 2 is primitive in Z 2n+1, or 2. 2n+1 is a prime congruent to 3 modulo 4 and 2 generates the quadratic residues in Z 2n+1. For type II ONB, λ 0 i,j = 1 iff i, j satisfy one of the following conditions [5], 2 i + 2 j = +1 mod 2n i + 2 j = 1 mod 2n i 2 j = +1 mod 2n i 2 j = 1 mod 2n + 1 6

7 Table 1: Multiplication table of Type I ONB, GF (2 4 ) k i j Again,using these condition and Equation (5), building multiplication table is straight forward. 3.2 Fast Inversion Using normal basis representation, square of a field element is very easy to calculated. That is just a rotation. Based on this nice property, Itoh and Tsujii [2] proposed an efficient method for computing inverse of field element. Observe that if a GF (2 n ), a 0, then a 1 = a 2n 2 This is the result from Fermat s Theorem. Now, let s look at the exponent. It can be factored as 2 n 2 = 2(2 n 1 1) 7

8 That means we can calculate a (2n 1 1) first and then square it. Then, if m is odd, we have 2 n 1 1 = (2 (n 1)/2 + 1)(2 (n 1)/2 1) Therefore, it takes only one multiplication once a 2(n 1)/2 1 has been computed. If n is even, we have 2 n 1 1 = 2(2 (n 2)/2 + 1)(2 (n 2)/2 1) + 1 and consequently it takes two multiplications once a 2(n 2)/2 1 has been computed. The procedure is then repeated recursively. It can be shown that this method requires log 2 (n 1) + ω(n 1) 1 field multiplications, where ω(n 1) denotes number of 1 s in the binary representation of m 1. 4 Projective Coordinates Even though there are special techniques for computing inverse in GF (2 n ), a field inversion is still far more expensive than a field multiplication. It may be of computational advantage to avoid inversion. This is done with the use of projective coordinates [3]. 4.1 Basic facts A projective coordinate is defined such that (X 1, Y 1, Z 1 ) and (X 2, Y 2, Z 2 ) are said to be equal if they are related by X 1 = λx 2, Y 1 = λy 2, Z 1 = λz 2, λ 0. Note that if a point P = (X, Y, Z) has nonzero Z, then P can be represented by the projective point (x, y, 1), where x = X/Z and y = Y/Z. An equation f(x, y) = 0 corresponds to an equation F (X, Y, Z) = 0, where F is obtained by replacing x = X/Z, y = Y/Z, and multiplying with a power of Z to clear the denominators. In particular, the projective equation of y 2 + xy = x 3 + ax 2 + b is given by ZY 2 + XY Z = X 3 + ax 2 Z + bz 3 If Z = 0 in this equation, then X 3 = 0, i.e., X = 0. Therefore, (0, 1, 0) is the only projective point that satisfies this equation. This point is called the point at infinity and denoted as O. 8

9 To convert a point (x, y) to projective coordinate, one sets X = x Z, Y = y Z, Z = Z. For elliptic curve over GF (2 n ), the rule to negate a point P = (x, y) is P = (x, x + y) So, the projective coordinate of P is given by (X, X + Y, Z). Let P 0 = (X 0, Y 0, Z 0 ) and P 1 = (X 1, Y 1, 1) be two different points on elliptic curve and assume that P 1 O and P 1 P 0. The adding formula in projective coordinate is (X 0, Y 0, Z 0 ) + (X 1, Y 1, Z 1 ) = (X 2, Y 2, Z 2 ) X 2 = AD Y 2 = CD + A 2 (BX 0 + AY 0 ) Z 2 = A 3 Z 0 and where A = X 1 Z 0 + X 0 B = Y 1 Z 0 + Y 0 C = A + B D = A 2 (A + az 0 ) + Z 0 BC This addition can be done in 13 field multiplications, which is more than the 2 field multiplications required when using affine coordinates. However, we usually save computation time by not performing field inversion. The gain occurs at the expense of memory space, as we now need extra registers to store intermediate results. The doubling formula in projective coordinate is (X 0, Y 0, Z 0 ) + (X 0, Y 0, Z 0 ) = (X 2, Y 2, Z 2 ) X 2 = A B Y 2 = X 4 1A + B(X Y 1 Z 1 + A) Z 2 = A 3 9

10 where A = X 1 Z 1 B = bz X 4 1 Therefore, point doubling can be done in 7 multiplications, which again is usually an improvement on the formulae with affine coordinates which needs 1 inversion and 2 multiplications. 4.2 Improved projective coordinate In [3], the authors derived the new formula for adding points in projective coordinates. The improved projective coordinate is defined such that (X 1, Y 1, Z 1 ) and (X 2, Y 2, Z 2 ) are said to be equal if they are related by X 1 = λx 2, Y 1 = λ 2 Y 2, Z 1 = λz 2, λ 0. An equation f(x, y) = 0 corresponds to an equation F (X, Y, Z) = 0, where F is obtained by replacing x = X/Z, y = Y/Z 2, and multiplying with a power of Z to clear the denominators. In particular, the projective equation of y 2 + xy = x 3 + ax 2 + b is given by Y 2 + XY Z = X 3 Z + ax 2 Z 2 + bz 4 If Z = 0 in this equation, then Y 2 = 0, i.e., Y = 0. Therefore, (1, 0, 0) is the only projective point that satisfies this equation. Hence O = (1, 0, 0) is the point at infinity when using improved projective coordinates. Let P 0 = (X 0, Y 0, Z 0 ) and P 1 = (X 1, Y 1, Z 1 ) be two different points on elliptic curve. The adding formula in improved projective coordinate is where (X 0, Y 0, Z 0 ) + (X 1, Y 1, Z 1 ) = (X 2, Y 2, Z 2 ) X 2 = C 2 + H + G Y 2 = H I + Z 2 J Z 2 = F 2 A 0 = Y 1 Z0, 2 C = A 0 + A 1, G = D 2 (F + ae 2 ), A 1 = Y 0 Z1, 2 D = B 0 + B 1, H = C F, B 0 = X 1 Z 0, E = Z 0 Z 1, I = D 2 B 0 E + X 2, B 1 = X 0 Z 1, F = D E, J = D 2 A 0 E + X 2, 10

11 During the computation of point multiplication, we keep doing point doubling and also adding base point when it is necessary. The Z coordinate of base point is 1. Hence we are more interested in this special case. The point adding formula for Z 1 = 1 is given by: (X 0, Y 0, Z 0 ) + (X 1, Y 1, 1) = (X 2, Y 2, Z 2 ) where X 2 = A 2 + D + E Y 2 = E F + Z 2 G Z 2 = C 2 A = Y 1 Z0 2 + Y 0, E = A C, B = X 1 Z 0 + X 0, F = X 2 + X 1 Z 2, C = Z 0 B, G = X 2 + Y 1 Z 2, D = B 2 (C + az0), 2 Point addition in improved projective coordinate can be done in 13 field multiplications. If Z 1 = 1, then only 10 field multiplications are required which is less than the field multiplications required when using original projective coordinates. However, the gain occurs at the expense of using more memory space. The doubling formula in improved projective coordinate is where (X 1, Y 1, Z 1 ) + (X 1, Y 1, Z 1 ) = (X 2, Y 2, Z 2 ) Z 2 = Z 2 1 X 2 1, X 2 = X b Z 4 1, Y 2 = b Z 4 1 Z 2 + X 2 (a Z 2 + Y b Z 4 1). The improved projective doubling algorithm requires 5 field multiplications. Since it takes 2 field multiplications less than the previous projective doubling algorithm, we obtain an improvement of about 30% in general. The number of multiplications and squarings required to perform an elliptic group operation for various kinds of projective coo is listed in Table 2. 11

12 Table 2: The number of operations for different kinds of projective coordinates Projective Doubling Adding Cost of 2 5 P + Q coordinates Mult. Sqr. Mult. Sqr. Mult. Sqr. (x/z, y/z 2 ) (x/z 2, y/z 3 ) (x/z, y/z) Software Implementation The running time obtained with software implementation is presented in this section. The platform consisted of a 2.8GHz Pentium processor, windows XP and visual C As in most texts on cryptography, we said Alice wants to share secret with Bob. Diffie-Hellman scheme can be described as follows. Let k a be Alice s private key and k b belongs to Bob. Alice compute public key P a and send it to bob. P a = k a B where B is base point. Bob also compute public key P b and send it to Alice. P b = k b B Then, they both compute the shared secret P s. P s = k a (k b B) = k b (k a B) We use the running time required to do all these computation, specifically computing public keys and share secret, as a metric to compare different implementation techniques. There are many useful software routines for elliptic curve cryptography in [5]. Diffie-Hellman scheme is built based on these routines. Then, running times are measured under following conditions: Use Optimal Normal Basis as representation of field elements. Use Optimal Normal Basis as representation of field elements and projective coordinate as representation of point on a elliptic curve. 12

13 7 6 ONB ONB + Proj. Coord. ONB + Improved Proj. Coord. 5 Computation time(sec) n Figure 1: Running time for n = 89, 134, 179, 230, 278, 330, 386. ONB stands for Optimal Normal Basis. Use Optimal Normal Basis as representation of field elements and improved projective coordinate as representation of point on a elliptic curve. Here, we choose the finite fields GF (2 n ) where optimal normal basis exist. The resulting running times are shown in Figure 1. By using projective coordinate, the time consuming field inversion can be avoided. Hence running time is reduced as we can see in Figure 1. We can further reduce running time by applying improved projective coordinate. The improvement can also be observed in Figure 1. The results are what we expect from theoretical point of view. 13

14 6 Conclusion Sometimes, implementation is not a trivial task even though you know the mathematics very well. For example, implementation of Fast Fourier Transform in C language is not so easy for most of the engineering students. Implementation of elliptic curve cryptography is a similar situation. Hence, finding some software routines to begin with will save you lots of time. For those who are interested in implementing elliptic curve cryptography in computer, [5] is an excellent starting point. It provides complete set of software routines for elliptic curve cryptography. Based on these routines, it is very easy to implement advanced techniques and see how it works. In this report, I implement Diffie-Hellman scheme and use it as test platform for different implementation techniques. The results give us direct comparison on performance of different implementation techniques. References [1] D. W. Ash, I. F. Blake, and S. A. Vanstone. Low complexity normal bases. Discrete Applied Mathematics, 25(3): , Nov [2] T. Itoh and S. Tsujii. A fast algorithm for computing multiplicative inverses in gf(2m) using normal bases. Information and Computation, 78(3): , SEP [3] J. Lopez and R. Dahab. Improved algorithms for elliptic curve arithmetic in GF (2 n ), pages Selected Areas in Cryptography. 5th Annual International Workshop, SAC 98. Proceedings. Springer-Verlag, Kingston, Ont., Canada, [4] R. C. Mullin, I. M. Onyszchuk, S. A. Vanstone, and R. M. Wilson. Optimal normal bases in GF (p n ). Discrete Applied Mathematics, 22(2):149 61, Feb [5] Michael Rosing. Implementing Elliptic Curve Cryptography. Manning Publications,

### Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 12 Block Cipher Standards

### Mathematics of Cryptography

CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter

### Elliptic Curves and Elliptic Curve Cryptography

Undergraduate Colloquium Series Elliptic Curves and Elliptic Curve Cryptography Amiee O Maley Amiee O Maley graduated Summa Cum Laude from Ball State in May 00 with a major in Mathematics. She is currently

### Mathematics of Cryptography Part I

CHAPTER 2 Mathematics of Cryptography Part I (Solution to Odd-Numbered Problems) Review Questions 1. The set of integers is Z. It contains all integral numbers from negative infinity to positive infinity.

### Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

### a 11 x 1 + a 12 x 2 + + a 1n x n = b 1 a 21 x 1 + a 22 x 2 + + a 2n x n = b 2.

Chapter 1 LINEAR EQUATIONS 1.1 Introduction to linear equations A linear equation in n unknowns x 1, x,, x n is an equation of the form a 1 x 1 + a x + + a n x n = b, where a 1, a,..., a n, b are given

### An Introduction to Galois Fields and Reed-Solomon Coding

An Introduction to Galois Fields and Reed-Solomon Coding James Westall James Martin School of Computing Clemson University Clemson, SC 29634-1906 October 4, 2010 1 Fields A field is a set of elements on

Advanced Maths Lecture 3 Next generation cryptography and the discrete logarithm problem for elliptic curves Richard A. Hayden rh@doc.ic.ac.uk EC crypto p. 1 Public key cryptography Asymmetric cryptography

### SUM OF TWO SQUARES JAHNAVI BHASKAR

SUM OF TWO SQUARES JAHNAVI BHASKAR Abstract. I will investigate which numbers can be written as the sum of two squares and in how many ways, providing enough basic number theory so even the unacquainted

### Lecture 13 - Basic Number Theory.

Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted

### ABSTRACT ALGEBRA: A STUDY GUIDE FOR BEGINNERS

ABSTRACT ALGEBRA: A STUDY GUIDE FOR BEGINNERS John A. Beachy Northern Illinois University 2014 ii J.A.Beachy This is a supplement to Abstract Algebra, Third Edition by John A. Beachy and William D. Blair

### MATH REVIEW KIT. Reproduced with permission of the Certified General Accountant Association of Canada.

MATH REVIEW KIT Reproduced with permission of the Certified General Accountant Association of Canada. Copyright 00 by the Certified General Accountant Association of Canada and the UBC Real Estate Division.

### U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

### Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGraw-Hill The McGraw-Hill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,

### Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

### Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

### minimal polyonomial Example

Minimal Polynomials Definition Let α be an element in GF(p e ). We call the monic polynomial of smallest degree which has coefficients in GF(p) and α as a root, the minimal polyonomial of α. Example: We

### UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to Public-Key Cryptography Israel Koren ECE597/697 Koren Part.6.1

### Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

### Discrete Mathematics, Chapter 4: Number Theory and Cryptography

Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility

### Continued Fractions and the Euclidean Algorithm

Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction

### UNIT 2 MATRICES - I 2.0 INTRODUCTION. Structure

UNIT 2 MATRICES - I Matrices - I Structure 2.0 Introduction 2.1 Objectives 2.2 Matrices 2.3 Operation on Matrices 2.4 Invertible Matrices 2.5 Systems of Linear Equations 2.6 Answers to Check Your Progress

### Mathematics. (www.tiwariacademy.com : Focus on free Education) (Chapter 5) (Complex Numbers and Quadratic Equations) (Class XI)

( : Focus on free Education) Miscellaneous Exercise on chapter 5 Question 1: Evaluate: Answer 1: 1 ( : Focus on free Education) Question 2: For any two complex numbers z1 and z2, prove that Re (z1z2) =

### Galois Fields and Hardware Design

Galois Fields and Hardware Design Construction of Galois Fields, Basic Properties, Uniqueness, Containment, Closure, Polynomial Functions over Galois Fields Priyank Kalla Associate Professor Electrical

### A SOFTWARE COMPARISON OF RSA AND ECC

International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

### Problem Set 7 - Fall 2008 Due Tuesday, Oct. 28 at 1:00

18.781 Problem Set 7 - Fall 2008 Due Tuesday, Oct. 28 at 1:00 Throughout this assignment, f(x) always denotes a polynomial with integer coefficients. 1. (a) Show that e 32 (3) = 8, and write down a list

### University of Lille I PC first year list of exercises n 7. Review

University of Lille I PC first year list of exercises n 7 Review Exercise Solve the following systems in 4 different ways (by substitution, by the Gauss method, by inverting the matrix of coefficients

### Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

### Elementary Number Theory We begin with a bit of elementary number theory, which is concerned

CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

### Factorization Methods: Very Quick Overview

Factorization Methods: Very Quick Overview Yuval Filmus October 17, 2012 1 Introduction In this lecture we introduce modern factorization methods. We will assume several facts from analytic number theory.

### Multiplicity. Chapter 6

Chapter 6 Multiplicity The fundamental theorem of algebra says that any polynomial of degree n 0 has exactly n roots in the complex numbers if we count with multiplicity. The zeros of a polynomial are

### Homework 5 Solutions

Homework 5 Solutions 4.2: 2: a. 321 = 256 + 64 + 1 = (01000001) 2 b. 1023 = 512 + 256 + 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = (1111111111) 2. Note that this is 1 less than the next power of 2, 1024, which

### 1 Introduction to Matrices

1 Introduction to Matrices In this section, important definitions and results from matrix algebra that are useful in regression analysis are introduced. While all statements below regarding the columns

### ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS

ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS D. Sravana Kumar 1 CH. Suneetha 2 A. ChandrasekhAR 3 1 Reader in Physics, SVLNS Government College, Bheemunipatnam, Visakhapatnam Dt., India skdharanikota@gmail.com

### Notes on Network Security Prof. Hemant K. Soni

Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

### MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS. + + x 2. x n. a 11 a 12 a 1n b 1 a 21 a 22 a 2n b 2 a 31 a 32 a 3n b 3. a m1 a m2 a mn b m

MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS 1. SYSTEMS OF EQUATIONS AND MATRICES 1.1. Representation of a linear system. The general system of m equations in n unknowns can be written a 11 x 1 + a 12 x 2 +

### 3. Applications of Number Theory

3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

### IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE

IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE Mrs. Megha Kolhekar Assistant Professor, Department of Electronics and Telecommunication Engineering Fr. C. Rodrigues Institute of Technology,

### Applications of Fermat s Little Theorem and Congruences

Applications of Fermat s Little Theorem and Congruences Definition: Let m be a positive integer. Then integers a and b are congruent modulo m, denoted by a b mod m, if m (a b). Example: 3 1 mod 2, 6 4

### = 2 + 1 2 2 = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Instructions. Answer each of the questions on your own paper, and be sure to show your work so that partial credit can be adequately assessed. Credit will not be given for answers (even correct ones) without

### 4. Factor polynomials over complex numbers, describe geometrically, and apply to real-world situations. 5. Determine and apply relationships among syn

I The Real and Complex Number Systems 1. Identify subsets of complex numbers, and compare their structural characteristics. 2. Compare and contrast the properties of real numbers with the properties of

### An Overview of Integer Factoring Algorithms. The Problem

An Overview of Integer Factoring Algorithms Manindra Agrawal IITK / NUS The Problem Given an integer n, find all its prime divisors as efficiently as possible. 1 A Difficult Problem No efficient algorithm

### Elements of Applied Cryptography Public key encryption

Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

### Implementation of Elliptic Curve Digital Signature Algorithm

Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India

### Computer and Network Security

MIT 6.857 Computer and Networ Security Class Notes 1 File: http://theory.lcs.mit.edu/ rivest/notes/notes.pdf Revision: December 2, 2002 Computer and Networ Security MIT 6.857 Class Notes by Ronald L. Rivest

### MATH 304 Linear Algebra Lecture 4: Matrix multiplication. Diagonal matrices. Inverse matrix.

MATH 304 Linear Algebra Lecture 4: Matrix multiplication. Diagonal matrices. Inverse matrix. Matrices Definition. An m-by-n matrix is a rectangular array of numbers that has m rows and n columns: a 11

### Definition: Group A group is a set G together with a binary operation on G, satisfying the following axioms: a (b c) = (a b) c.

Algebraic Structures Abstract algebra is the study of algebraic structures. Such a structure consists of a set together with one or more binary operations, which are required to satisfy certain axioms.

### Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

### Chapter 9. Computational Number Theory. 9.1 The basic groups Integers mod N Groups

Chapter 9 Computational Number Theory 9.1 The basic groups We let Z = {..., 2, 1,0,1,2,...} denote the set of integers. We let Z + = {1,2,...} denote the set of positive integers and N = {0,1,2,...} the

### IB Math Research Problem

Vincent Chu Block F IB Math Research Problem The product of all factors of 2000 can be found using several methods. One of the methods I employed in the beginning is a primitive one I wrote a computer

### Cryptography and Network Security

Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

### Implementing Network Security Protocols

Implementing Network Security Protocols based on Elliptic Curve Cryptography M. Aydos, E. Savaş, and Ç. K. Koç Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331, USA {aydos,savas,koc}@ece.orst.edu

### MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins

MA2C03 Mathematics School of Mathematics, Trinity College Hilary Term 2016 Lecture 59 (April 1, 2016) David R. Wilkins The RSA encryption scheme works as follows. In order to establish the necessary public

### Linear Algebra Notes for Marsden and Tromba Vector Calculus

Linear Algebra Notes for Marsden and Tromba Vector Calculus n-dimensional Euclidean Space and Matrices Definition of n space As was learned in Math b, a point in Euclidean three space can be thought of

### Pythagorean Triples Pythagorean triple similar primitive

Pythagorean Triples One of the most far-reaching problems to appear in Diophantus Arithmetica was his Problem II-8: To divide a given square into two squares. Namely, find integers x, y, z, so that x 2

### Introduction to Matrix Algebra I

Appendix A Introduction to Matrix Algebra I Today we will begin the course with a discussion of matrix algebra. Why are we studying this? We will use matrix algebra to derive the linear regression model

### Light-Weight Cryptography for Ubiquitous Computing

Light-Weight Cryptography for Ubiquitous Computing Securing Cyberspace Workshop IV: Special purpose hardware for cryptography Attacks and Applications University of California at Los Angeles, December

### Light-Weight Cryptography for Ubiquitous Computing

Light-Weight Cryptography for Ubiquitous Computing Securing Cyberspace Workshop IV: Special purpose hardware for cryptography Attacks and Applications University of California at Los Angeles, December

### CONTINUED FRACTIONS, PELL S EQUATION, AND TRANSCENDENTAL NUMBERS

CONTINUED FRACTIONS, PELL S EQUATION, AND TRANSCENDENTAL NUMBERS JEREMY BOOHER Continued fractions usually get short-changed at PROMYS, but they are interesting in their own right and useful in other areas

MODULAR ARITHMETIC KEITH CONRAD. Introduction We will define the notion of congruent integers (with respect to a modulus) and develop some basic ideas of modular arithmetic. Applications of modular arithmetic

### MATH Fundamental Mathematics II.

MATH 10032 Fundamental Mathematics II http://www.math.kent.edu/ebooks/10032/fun-math-2.pdf Department of Mathematical Sciences Kent State University December 29, 2008 2 Contents 1 Fundamental Mathematics

### CHAPTER 5 Round-off errors

CHAPTER 5 Round-off errors In the two previous chapters we have seen how numbers can be represented in the binary numeral system and how this is the basis for representing numbers in computers. Since any

### Consequently, for the remainder of this discussion we will assume that a is a quadratic residue mod p.

Computing square roots mod p We now have very effective ways to determine whether the quadratic congruence x a (mod p), p an odd prime, is solvable. What we need to complete this discussion is an effective

### ELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM

ELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM DANIEL PARKER Abstract. This paper provides a foundation for understanding Lenstra s Elliptic Curve Algorithm for factoring large numbers. We give

### MATH 2030: SYSTEMS OF LINEAR EQUATIONS. ax + by + cz = d. )z = e. while these equations are not linear: xy z = 2, x x = 0,

MATH 23: SYSTEMS OF LINEAR EQUATIONS Systems of Linear Equations In the plane R 2 the general form of the equation of a line is ax + by = c and that the general equation of a plane in R 3 will be we call

### CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

### The Laws of Cryptography Cryptographers Favorite Algorithms

2 The Laws of Cryptography Cryptographers Favorite Algorithms 2.1 The Extended Euclidean Algorithm. The previous section introduced the field known as the integers mod p, denoted or. Most of the field

### MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS

MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS Systems of Equations and Matrices Representation of a linear system The general system of m equations in n unknowns can be written a x + a 2 x 2 + + a n x n b a

### Congruences. Robert Friedman

Congruences Robert Friedman Definition of congruence mod n Congruences are a very handy way to work with the information of divisibility and remainders, and their use permeates number theory. Definition

### Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

### Integer Factorization using the Quadratic Sieve

Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give

### PYTHAGOREAN TRIPLES PETE L. CLARK

PYTHAGOREAN TRIPLES PETE L. CLARK 1. Parameterization of Pythagorean Triples 1.1. Introduction to Pythagorean triples. By a Pythagorean triple we mean an ordered triple (x, y, z) Z 3 such that x + y =

### Cryptography: RSA and the discrete logarithm problem

Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:

### Elliptic Curve Cryptography

Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first

### Thinkwell s Homeschool Algebra 2 Course Lesson Plan: 34 weeks

Thinkwell s Homeschool Algebra 2 Course Lesson Plan: 34 weeks Welcome to Thinkwell s Homeschool Algebra 2! We re thrilled that you ve decided to make us part of your homeschool curriculum. This lesson

### Short Programs for functions on Curves

Short Programs for functions on Curves Victor S. Miller Exploratory Computer Science IBM, Thomas J. Watson Research Center Yorktown Heights, NY 10598 May 6, 1986 Abstract The problem of deducing a function

### 4. MATRICES Matrices

4. MATRICES 170 4. Matrices 4.1. Definitions. Definition 4.1.1. A matrix is a rectangular array of numbers. A matrix with m rows and n columns is said to have dimension m n and may be represented as follows:

### Polynomials and Cryptography

.... Polynomials and Cryptography Michele Elia Dipartimento di Elettronica Politecnico di Torino Bunny 1 Trento, 10 marzo 2011 Preamble Polynomials have always occupied a prominent position in mathematics.

### Chapter 7. Matrices. Definition. An m n matrix is an array of numbers set out in m rows and n columns. Examples. ( 1 1 5 2 0 6

Chapter 7 Matrices Definition An m n matrix is an array of numbers set out in m rows and n columns Examples (i ( 1 1 5 2 0 6 has 2 rows and 3 columns and so it is a 2 3 matrix (ii 1 0 7 1 2 3 3 1 is a

### Linear Systems. Singular and Nonsingular Matrices. Find x 1, x 2, x 3 such that the following three equations hold:

Linear Systems Example: Find x, x, x such that the following three equations hold: x + x + x = 4x + x + x = x + x + x = 6 We can write this using matrix-vector notation as 4 {{ A x x x {{ x = 6 {{ b General

### Algebra Unpacked Content For the new Common Core standards that will be effective in all North Carolina schools in the 2012-13 school year.

This document is designed to help North Carolina educators teach the Common Core (Standard Course of Study). NCDPI staff are continually updating and improving these tools to better serve teachers. Algebra

### 2 The Euclidean algorithm

2 The Euclidean algorithm Do you understand the number 5? 6? 7? At some point our level of comfort with individual numbers goes down as the numbers get large For some it may be at 43, for others, 4 In

### An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and

### A New Method for Speeding Up Arithmetic. on Elliptic Curves over Binary Fields

A New Method for Speeding Up Arithmetic on Elliptic Curves over Binary Fields Kwang Ho Kim and So In Kim Department of Algebra, Institute of Mathematics National Academy of Sciences, Pyongyang, D. P. R.

### STUDY GUIDE FOR SOME BASIC INTERMEDIATE ALGEBRA SKILLS

STUDY GUIDE FOR SOME BASIC INTERMEDIATE ALGEBRA SKILLS The intermediate algebra skills illustrated here will be used extensively and regularly throughout the semester Thus, mastering these skills is an

### Public Key Cryptography. Performance Comparison and Benchmarking

Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What

### Quotient Rings and Field Extensions

Chapter 5 Quotient Rings and Field Extensions In this chapter we describe a method for producing field extension of a given field. If F is a field, then a field extension is a field K that contains F.

### CHAPTER 3 THE NEW MMP CRYPTO SYSTEM. mathematical problems Hidden Root Problem, Discrete Logarithm Problem and

79 CHAPTER 3 THE NEW MMP CRYPTO SYSTEM In this chapter an overview of the new Mixed Mode Paired cipher text Cryptographic System (MMPCS) is given, its three hard mathematical problems are explained, and

### Intro to Rings, Fields, Polynomials: Hardware Modeling by Modulo Arithmetic

Intro to Rings, Fields, Polynomials: Hardware Modeling by Modulo Arithmetic Priyank Kalla Associate Professor Electrical and Computer Engineering, University of Utah kalla@ece.utah.edu http://www.ece.utah.edu/~kalla

### Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

### Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5

CS 70 Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5 Modular Arithmetic One way to think of modular arithmetic is that it limits numbers to a predefined range {0,1,...,N

### 1.5 Elementary Matrices and a Method for Finding the Inverse

.5 Elementary Matrices and a Method for Finding the Inverse Definition A n n matrix is called an elementary matrix if it can be obtained from I n by performing a single elementary row operation Reminder:

PYTHAGOREAN TRIPLES KEITH CONRAD 1. Introduction A Pythagorean triple is a triple of positive integers (a, b, c) where a + b = c. Examples include (3, 4, 5), (5, 1, 13), and (8, 15, 17). Below is an ancient

### Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

### Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet

### Linear algebra and the geometry of quadratic equations. Similarity transformations and orthogonal matrices

MATH 30 Differential Equations Spring 006 Linear algebra and the geometry of quadratic equations Similarity transformations and orthogonal matrices First, some things to recall from linear algebra Two

### THE CONGRUENT NUMBER PROBLEM

THE CONGRUENT NUMBER PROBLEM KEITH CONRAD 1. Introduction A right triangle is called rational when its legs and hypotenuse are all rational numbers. Examples of rational right triangles include Pythagorean