Cryptography – Particular algorithmic function encoding – Public key
Reexamination Certificate
1999-02-23
2002-11-12
Smithers, Matthew (Department: 2132)
Cryptography
Particular algorithmic function encoding
Public key
Reexamination Certificate
active
06480606
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to techniques of retaining security of a computer network, and more particularly to encryption techniques using an elliptic curve.
2. Description of the Related Art
Elliptic curve encryption is public key cryptography independently invented by V. Miller and N. Koblitz.
The public key cryptosystem has been developed in order to eliminate disadvantages of a common key cryptosystem, the disadvantages being the security which may possibly be lowered at the stage when a private key which is kept secret from third parties is shared by two partners exchanging enciphered information. In this public key cryptosystem, a pair of a private and a public key is used. The private key secret from third parties belongs to a particular individual, and the public key is obtained through arithmetic operation of the private key and made public to third parties.
One feature of this public key cryptosystem resides in that a text enciphered by the public key of a particular person cannot be deciphered unless the private key (paired with the public key) of the person is used. This feature can be utilized when a text is transmitted to a partner while the text is kept secret from third parties. For example, when Mr. A transmits a text to Mr. B, the text enciphered by using the public key of Mr. B is transmitted. The enciphered text can be deciphered only with the private key of Mr. B paired with the public key so that only Mr. B can recover the original plain text.
A text enciphered with the private key of a particular person can be verified, by using the public key paired with the private key of the person, as to whether or not the text was enciphered by the secret key. This feature can be applied to digital signature. The digital signature is data obtained through arithmetic operation of a text to be signed and through encipher with the private key of the signer. For example, verification of the digital signature of Mr. A can be made depending upon whether or not the data obtained through decipher of the digital signature with the public key of Mr. A is coincident with the data obtained through arithmetic operation of a text to be signed and through encipher with the private key of the signer. If coincident, it can be verified that the digital signature is a correct signature made by Mr. A and that the text with the digital signature was not illegally altered. This feature can therefore be applied to identification of a particular person and prevention of illegal alteration on a network such as the Internet. Verification of a correct signature can be applied to prevent a hostile pretender from purchasing some goods. Verification of no alteration of a text can be applied to prevent alteration of a price entered in a contract note or a receipt.
From the viewpoint of security, requirements for the public key cryptosystem are that it is practically impossible to find a private key from a paired public key made public to third parties. Other requirements for the public key cryptosystem which fundamentally takes a longer encipher and decipher time than a private key cryptosystem are a shorter encipher and decipher time. As the techniques of the public key cryptosystem satisfying these to contradictory requirements of security and speed, an elliptic curve encryption has been paid much attention, which is better than conventional RSA and ElGamal cryptosystems.
An elliptic curve is represented by a standard formula y
2
=x
3
+ax+b (4a+27b≠0) of an elliptic curve in a finite field having a characteristic of 5 or higher. If a point of infinity is added to this curve, the Abelian group is established. The Abelian operation is represented by a symbol “+”.
A typical elliptic curve used for encryption is represented by the following standard forms of Weierstrass.
0: Unit element (a point of infinity on a two-dimensional projective plane of an elliptic curve).
0+0=0
2) (x, y)+0=(x, y)
3) (x, y)+(x, −y)=0
4) Commutativity (x
1
, y
1
)+(x
2
, y
2
)=(x
2
, y
2
)+(x
1
, y
1
)
5) Addition (x
3
, y
3
)=(x
1
, y
1
)+(x
2
, y
2
) x
3
=&lgr;
2
−x
1
−x
2
; y
3
=&lgr;(x
1
−x
3
)−y
1
; &lgr;=(y
2
−y
1
)/(x
2
−x
1
)
6) Doubling (x
3
, y
3
)=(x
1
, y
1
)+(x
1
, y
1
)=2(x
1
, y
1
) x
3
=&lgr;
2
−2*x
1
; y
3
=&lgr;(x
1
−y
3
)−y
1
; &lgr;=(3*x
1
2
=a)/(2*y
1
)
An elliptic curve cryptograph uses an elliptic curve in a finite field and a set of points constituting the finite filed.
As the finite field, a set Fp of remainders of integers congruent modulo of a prime p is used.
F
p
={0, 1, . . . , p−1}
The order of a finite field is the number of elements of the finite field. The order of an elliptic curve is the number of points on an elliptic curve.
A result of s-time addition of P (p+ . . . +P) is called an s-multiple point of P, and an operation of obtaining the s-multiple point of P is represented by sP.
The order of a point P on an elliptic curve is n which satisfies nP=0, 1<=m<n, and mp≠0.
Keys of the elliptic curve cryptograph include the following elliptic curve, base point, public key, and private key.
Coefficients of an elliptic curve are a and b.
Base point: a point P having a prime as the order.
Private key: finite field element d.
Public key: a point of private-key-multiplication of the base point Q (Q=dP).
An elliptic curve, base point, and public key are public information. The public key and private key are different for each user, whereas the elliptic curve and base point are common to each user.
Data encipher, data decipher, digital signature generation, and digital signature verification respectively of the elliptic curve encryption uses a sR operation of an arbitrary point R. This operation can be executed by a combination of the above-described addition and doubling. The above-described addition arithmetic and doubling each require to perform a division once. However, it takes a very long time to perform a division in a finite field. A method of avoiding a division in the finite field has been desired.
According to the document of D. V. Chudnovsky, G. V. Chudnovsky “Sequences of Numbers Generated by Addition in Formal Groups and New and New Primality and Factorization Tests”, Advances in Applied Mathematics, 7, 385-434, 1986, formulas of the addition and doubling are derived in a projective space. These formulas will be described in the following.
Chudnovsky Formulas 1
Addition:
[
X
3
, Y
3
, Z
3
]=[X
1
, Y
1
, Z
1
]+[X
2
, Y
2
, Z
2
]
X
3
=−(
U
1
+U
2
)
P
2
+R
2
2
Y
3
=R
(−2
R
2
+3
P
2
(
U
1
+U
2
))−
P
3
(
S
1
+S
2
)
Z
3
=Z
1
Z
2
P
U
1
=X
1
(
Z
2
)
2
; U
2
=X
2
(
Z
1
)
2
; S
1
=Y
1
(
Z
2
)
3
S
2
=Y
2
(
Z
1
)
3
P=U
2
−U
1
; R=S
2
−S
1
Doubling:
[
X
3
, Y
3
, Z
3
]=2
[X
1
, Y
1
, Z
1
]
X=T
Y
=−8((
Y
1
)
2
)
2
+M
(
S−T
)
Z
=2
Y
1
Z
1
S
=4
X
1
(
Y
1
)
2
; M
=3(
X
1
)
2
+a
((
Z
1
)
2
)
2
; T
=−2
S+M
2
M
=3(
X
1
−(
Z
1
)
2
(
X
1
+(
Z
1
)
2
if
a
=−3
M
=3(
X
1
)
2
if
a
=0
The X
1
, Y
1
, and Z
1
are finite field elements whose data can be expressed by a multiple-precision integer (larger than 2
160
)
Multiple-precision multiplication modulo arithmetic generally takes a longer time than multiple-precision addition subtraction. Therefore, a calculation time can be evaluated from the multiplication modulo arithmetic. The above-cited document describes that the addition arithmetic requires to perform a multiplication modulo operation 16 times and the doubling requires to perform it 10 times. It also describes that if the coefficient a of an elliptic cur
LandOfFree
Elliptic curve encryption method and system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Elliptic curve encryption method and system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Elliptic curve encryption method and system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2926075