Elliptic Curve Key Generation The introduction of Elliptic Curves by jonathanscott


									Elliptic Curve Key Generation

The introduction of Elliptic Curves into modern cryptography has caused major
interest and research in the subject from a mathematical and a practical point of
view. Based on advanced mathematics, it is particularly well-suited for applications
involving chip cards with limited computational power used in mobile
communication, for example. Elliptic Curves allow keys to be considerably shorter
than the two alternatives, RSA and exponentiation modulo a prime p, whilst
providing the same level of security.

Cryptomathic has implemented the key generation in odd characteristic in
compliance with IEEE P1363 and the ANSI standard X9.62. For characteristic 2,
Cryptomathic has contributed considerably to the extensive research and
furthermore implemented this innovative method for key generation.

The Elliptic Curve Group
Let p be an odd prime and consider the finite field K on p elements. A non-
singular equation of the form Y2 = x3 + Ax + B (mod p) defines an elliptic curve.

For characteristic 2 the equation takes the form y2+xy = x3+ax+b with coefficients
a and b in the field K on 2n elements.

The points on the curve, i.e. the pairs x and y in K satisfying the curve equation
together with a special point at infinity, form a group, with the addition given by
the chord and tangent method.

                                Elliptic Curve Addition

Key Generation

For p an odd prime:

The generation of suitable EC parameters is the major obstacle in an elliptic curve
environment. Advanced mathematics seems to be required in order to obtain
curve E and base point G which are not vulnerable to attacks on the discrete
logarithm problem.
In IEEE P1363 annex A, one approach is suggested involving mathematical topics
such as Class Group calculations, algebra in the finite field Zp[x]/m(x) and
evaluations of infinite series.

For characteristic 2:

A completely new algorithm, for counting points on elliptic curves over finite fields
of small odd characteristics, has been discovered by T Satoh. It uses a lot of the
arithmetic of elliptic curves such as lifting to characteristic 0, small Frobenius
maps, isogenies, p-adic numbers and trace calculations.

As mentioned the algorithm makes it possible to count points on random elliptic
curves in reasonable time, and thereby ensuring the security of the crypto-system.
Unfortunately, his methods do not work for characteristic 2, the most obvious
choice for applications apart from very large characteristics. However, we have
managed to solve the characteristic 2.

For cryptographic curves, the field size is typically about 200 and the number of
points has to satisfy additional criteria to be cryptographically useful. Execution
times for an optimised version can be found in the figure below.

Here is an example of a curve over the field size 21000:

The randomly selected j-invariant is:

And the number of points on the curve is (in hexadecimal notation):


To top