Elliptic Curve Cryptography and Smart Card Research

introduction

According to the characteristics of the key, people divide the cryptosystem into two major cryptosystems: private key and public key. In a private key cryptosystem, the decryption key is the same as the encryption key or is easily derived from the encryption key, a feature that makes the encryption system unsafe. In 1976, Diffie and Hellman published the famous "New Directions in Cryptography" [1], proposing the idea of ​​public key cryptography, and began the development of public key cryptography. In the public key cryptosystem, the decryption key is different from the encryption key. From one difficulty to the other, the encryption and decryption are separable, and the communication parties can establish a secret communication without exchanging the key beforehand. The RSA [2] scheme proposed by Rivest, Shamir and Adleman in 1978 and the ELGamal [3] scheme proposed in 1984 belong to the public key cryptosystem. The security of RSA depends on the difficulty of the large integer decomposition factor problem. The security of ELGamal is based on the difficulty of the discrete logarithm problem on the finite field.

With the rapid development of computer networks, the number of users communicating with each other has increased, and the weaknesses of the RSA and ELGamal public key cryptosystems with large public key digits (generally 512 bits or more) are gradually exposed. In 1985, Koblitz [4] and Miller [5] independently proposed to use the discrete logarithm on the elliptic curve instead of the discrete logarithm on the finite field, which can be constructed as the ELGamal public key cipher with a small number of public keys.

1 elliptic curve

Definition 1: Let K = GF(q) (where q = pd) be a finite field, and the elliptic curve equation E on K is:

Y2=x3+ax+b (p≥5, a, b∈K, 4a3+27b2≠0)

Y2+xy=x3+ax+b (p=2, a, b∈K)

a set of all points satisfying the elliptic curve equation E and a point called the infinity point O[6]

E(K)={(x,y)|(x,y)∈E, and x,y∈K}∪O

Is the set of K-rational points of the curve, which is a finite set, the number of elements is called the order of the elliptic curve E, remember #E(K). We define an addition operation [6] on the finite set, so that These points form an Abel group for the addition, and the unit of the group is the infinity point O.

Theorem 1 (Hasse inequality): Let K = GF(q), E/K be an elliptic curve over a finite field, with inequalities

|#E(K)-pd-1|≤2(pd)1/2 is established.

Definition 5: Let E/K be an elliptic curve, point P be the point above it, the minimum satisfies the condition rP=O, and the positive integer r is called the order of point P. According to the knowledge of the finite field, we know that such r always exists and divises the elliptic curve order #E(K). The integer k, l satisfies the condition kP=lP if and only if k=lmod(r).

2 cryptosystem on elliptic curve

The discrete logarithm problem ECDLP on elliptic curves is defined as follows: given prime p and elliptic curve E, for Q = kP, find a positive integer k less than p in the case of known P, Q. Can be proved by k and P Q is easier, and it is more difficult to calculate k from Q and P. ECDLP is a much more difficult mathematical problem than integer factorization problem IFP and discrete logarithm problem DLP. Based on this difficulty, Neal Koblitz and Victor Miller [4] [5] proposed the Elliptic Curve Cryptography (ECC) in 1985. ECC can be used for both data encryption and digital signature.

The addition operation in the elliptic curve corresponds to the modular multiplication operation in the discrete logarithm, and the multiplication operation in the elliptic curve corresponds to the modular exponentiation operation in the discrete logarithm, and we can establish a corresponding cryptosystem based on the elliptic curve. .

For example, corresponding to the Diffie-Hellman public key system, we can achieve this on the elliptic curve by selecting the generator P on E, requiring that the group elements generated by P are sufficient, and the communication parties A and B select a and b, respectively. , a and b are kept secret, but aP and bP are disclosed, and the key used for communication between A and B is abP, which is not known to the third party.

The corresponding ELGamal cryptosystem can be implemented on the elliptic curve in the following way:

Embed the plaintext m into the Pm point on E, select a point B∈E, and each user selects an integer a, 0<a<N, N is the order known, a is confidential, and aB is public. To send m to A, you can send the following pair of pairs: [kB, Pm+k(aAB)], where k is a randomly generated integer. A can find k(aAB) from kB. By: Pm+k(aAB)- k(aAB)=Pm restore Pm. Also corresponding to DSA we can construct ECDSA on elliptic curve.

3 elliptic curve password and smart card

Smart cartoons are often used in situations where security requirements are high and combined with the application of cryptography. This is firstly because the smart card can protect and securely handle sensitive data; it is also important for the smart card to protect the key, because "all secrets are in the key", in order to achieve the security services provided by the password, the key must not It was leaked, but the cost added for security reasons could not be too much.

The resources of the smart card's own hardware are extremely limited. Using it to implement a security system is limited in terms of memory capacity and computing power. Most smart cards on the market today have 128 to 1024 bytes of RAM, 1 k to 16 kbytes of EEPROM, 6 k to 16 kbytes of ROM, and the CPU is typically 8 bits. The typical clock frequency is 3.57 MHz. Any storage or enhancement of processing power means a significant increase in the cost of smart cards.

In addition, the data transmission of the smart card is relatively slow. In order to improve the efficiency of the application, the basic data unit must be small, which can reduce the data traffic between the smart card and the card terminal, and the reduction of the transmission time means the practicality is enhanced.

The advantage of applying the elliptic curve cryptosystem to the smart card is that it is convenient to generate the private key public key; save memory space; save bandwidth, improve practicability; save processing time, and do not need to increase hardware processing. The advantages brought by the short ECC key just make up for the limitations of the smart card hardware, which can not only effectively reduce the production cost of the smart card, but also improve the practicability of the smart card.

4 selection of parameters

The security of the public key cryptosystem on the elliptic curve is based on the discrete logarithm of the elliptic curve, but not all elliptic curves can be applied to the public key cryptosystem. To ensure its security, we must choose a secure ellipse. The curve, that is, the elliptic curve with a large prime or a large prime factor is a safe elliptic curve. There are generally four ways to find a safe elliptic curve:

1) Randomly generate an elliptic curve on the finite field GF(q), directly calculate its order, determine whether the order is a large prime number or contain a large prime factor, and if so, determine, otherwise continue to select the curve until the condition is met.

2) Take the coefficient of the elliptic curve with a certain speciality, calculate the order of the elliptic curve, and judge the order until the required safety curve is found.

3) If q = 2m, where m can be divisible by a relatively small integer d, we first select an elliptic curve E' on the finite field GF(q1)(q1=2d) and calculate its order, based on this value, Weil's theorem [6] calculates the order of the curve over its extension GF(q). If this order meets the safety criteria, we then find the embedded E of the curve E' on the domain GF(q), then E is required. Security elliptic curve.

4) First give a curve order with safety conditions, and then construct an elliptic curve with this order.

At present, the algorithms for calculating elliptic curve order which are popular at home and abroad include complex multiplication algorithm, SEA algorithm, and Satoh algorithm [7], [8], which belong to one of the above methods. The widely used elliptic curve public key cryptosystem is mostly based on the finite field of feature 2. Therefore, the search for the secure elliptic curve on the finite field of feature 2 must be solved first. The Satoh algorithm is proposed for this purpose.

5 Implementation issues related to the Satoh algorithm

The author implemented the feature 2 Satoh algorithm using the Mathematica language. In the verification part of the algorithm implementation, the above method is used. In order to find a secure elliptic curve on the finite field F2160, an elliptic curve E is randomly generated on the finite base domain F216, and the Frobenius homomorphic trace C is calculated by the Satoh algorithm according to the elliptic curve. The calculation method of the order shows that the order of the curve is 216+1-C. Let the two roots of the equation x2-Cx+216=0 be α, β. According to the Weil conjugate [6], the elliptic curve is on the extended domain. The order is: (216)10+1-(α10+β10). If this order is a large prime or contains a large prime factor, we embed E into F2160 and find a security curve that meets the requirements of the cryptosystem.

The computational fields involved in the C language implementation of the Satoh algorithm are: finite field Fq, 2-adic ring Zq and 2-adic integer ring Z2. The operations between elements in various fields are the basic operations of large integers, where q=2160.2- The form of the element α in the adic integer ring Z2 is like the power form of α=a1+a22+a322+a423+...an2n-1+..., the value of ai is either 0 or 1. Since the algorithm only needs precision precision is 83=[160+62], the level of elements in the 2-adic integer ring Z2 cannot exceed the data structure of the elements in the 83.2-adic integer ring.

Typedef unsigned long BIGword;

Typedef struct{

Int length

BIGword value[3]

}Z2word;

The addition and subtraction of two elements is an addition and subtraction of a large integer in the sense of modulo 283, and multiplication is a multiplication operation in the sense of modulo 283. The inverse element operation of element a is performed by Newton iterative algorithm. The initial value of iteration is 1 (the element is odd, otherwise there is no inverse), the iterative formula is x←xx(ax-1), and the iteration is doubled. The accuracy of 83 is required to be iterated 7 times.

The element α=a1+a2t+a3t2+a4t3+...a160t159 on the finite field Fq is in the form of a polynomial with a number of times not higher than 159 times. The coefficient of the polynomial is either 0 or 1, and the two polynomials are added to correspond. The coefficient of the number of times is modulo 2 plus, and subtraction and addition are an operation. Multiplication is a multiplication in the sense of a modular polynomial f(t)=t160+t5+t3+t2+1. In the actual operation, the method of edge multiplication is used, that is, the number of occurrences is 160, and the low order polynomial is used. Replace t5+t3+t2+1. The inverse operation uses the extended Euclidean algorithm. The data structure of the Fq element is defined as follows:

Typedef struct {

Int length

BIGword coef[5]

}Fqword

The ring Zq is the polynomial Z2[t] on the 2-adic full ring Z2, and the quotient formed by the ideal [f(t)] generated by the modular polynomial f(t), ie Zq:=Z2[t]/[f (t)], f(t) is the same as above. From the structure of the ring Zq, the form of the element in Zq is a polynomial with a number of times not higher than 159, and the coefficient is an element on the 2-adic whole ring Z2, so that we can define the element data structure of Zq.

Typedef struct {

Int length

Z2word coef[159]

}Zqword

The addition and subtraction of elements are similar to the general polynomial operation, except that the addition and subtraction of the coefficients of the corresponding number of times is the addition and subtraction of the elements on the 2-adic ring Z2. The multiplication operation is handled like the operation of element multiplication in a finite field. The inverse of the element a is calculated using the Newton iteration method. The iterative initial value is obtained by first modulo 2 the element a coefficient to obtain an element a' on the finite field, and calculate the inverse of a' by using the element inversion method on the finite field. The inverse of a' is the initial value of the iteration. The iterative polynomial is identical to the inverse iterative polynomial of the elements in the 2-adic integer ring.

After the above basic operations are solved, we proceed to the calculation of the elliptic curve order. The elliptic curve y2+xy=x3+α (α is an element in the finite field) is randomly selected, and the order of the curve can be obtained by the Satoh algorithm. Each time an alpha value is given (actually a curve E is given), the order of the curve is calculated.

Selection of a
The number of points corresponding to the curve

0x40582590ac00873494fc02b180ba640130acb252
0x1000000000000000000014c3ec7372a968d0b1138

0xd80c00e8008e2021384a0243012d600554e10200
0xfffffffffffffffffffed059c32e5457a83e0314

0x8992b8ca2b70624440f6003100411646002d102c
0xffffffffffffffffffff203b8ad8bf63e2891eac



The author realized the SEA algorithm of the secure elliptic curve construction on the prime domain during the master's degree. In the later study and work, the Satoh algorithm was implemented in Mathematica and C respectively. The implementation of these two algorithms solves the problem of the construction of the security curve on the finite field, and prepares for the future research—the application of the elliptic curve cryptosystem in the field of mobile communication.

6 Conclusion

1. The advantage of introducing the security elliptic curve into the public key cryptosystem is that compared with the current widely used RSA algorithm, the key length required is much lower than that of RSA under the same security, so ECC The feature is more suitable for the development trend of today's e-commerce requiring rapid response. It has broad market prospects in the fields of fast encryption, key exchange, identity authentication, digital signature, mobile communication, and security card security.

The key to the realization of the elliptic curve public key cryptosystem is the construction of the security curve. In this paper, the technique of implementing the verification part of the Satoh algorithm is given. Firstly, the elliptic curve order on the small basis domain is calculated. The Weil theorem shows that the curve is The order on the finite expansion domain, if the order meets the requirements of the elliptic curve public key cryptosystem, a curve can be obtained by embedding the curve into its extension domain.

references:

[1] W Diffie, M E Hellman.NEW Directions in Cryptography [J]. IEEE Trans Informat Theory, 1976, IT-22:644-654.

[2] Rivest R L, Shamir A, Adleman LA Method for obtaining Digital Signatures and Public-key Cryptosystem [J]. Comm ACM, 1978, 21(2): 120-126.

[3] L ElGamal.A Public Key Cryptosystem and Signature Scheme Base on Discrete Logarithm [J]. IEEE Transactions of information Theory, 1985, 31: 469-472.

[4] V Miller. Use of Elliptic Curves in Cryptography [A]. A M Odlyzko. Advances in Cryptology-Proceedings of CRYPTO 1986, volume 263 of Lecture Notes in Computer Science [C]. New york: Springer, 1986.417-426.

[5] N Koblitz. Elliptic Curve Cryptosystems [J]. Mathematics of Compution, 1987, 48: 203-309.

[6] Joseph H Silberman. The Arithmetic of Elliptic Curves [M]. New York: Springer-Verlag, 1986. 46-61, 130-136.

[7] T Satoh. The canonical lift of an ordinary elliptic curve over a finite field and its point counting [J]. Ramanujan Mathematical Society, 2000, 15: 247-270.

[8] M Fouquet, P Gaudry, R Harley. An extention Satoh' algorithm and its implementation [J]. Ramanujan Mathematical Society, 2000, 15:281-318.

Author: South China Agricultural University Department of Computer Guoai Xia

Shoe cabinets keep footwear neat, tidy and out of sight. Fold-down cabinet doors open to reveal organized shoe racks and close to create a polished appearance.Save time to search for shoes by organizing your collection in one dedicated storage space. The easy track shoe tower keeps up to 15 pairs of shoes and boots in order, up off the floor, and stored neatly in one place so they`re easy to find and put away. Slanted shelves help shoes stay visible, while chrome fences keep them in place. Four of the five shelves are adjustable, so you can move them up or down easily to make room for different types of shoes or boots. The tower is easy to assemble and can be set on the floor or hung on a heavy-duty steel rail to keep floor space open underneath for additional storage.

Shoe Rack

Shoe Rack,Shoe Storage,Shoe Organizer,Wooden Shoe Rack,Storage Cabinet,Shoe Bench

FuJian YuanFu Import&Export Trading Co., Ltd. , http://www.fjyffurniture.com