(Very) Basic Intro To Elliptic Curve Cryptography

The post (Very) Basic Intro To Elliptic Curve Cryptography appeared first on Qvault.

Elliptic curve cryptography is an efficient modern approach to public-key cryptosystems. In this introduction, our goal will be to focus on the high-level principles of what makes ECC work. We will omit implementation details and mathematical proofs, we can save those for another article.

What It’s For?

A common use of ECC is to encrypt data so that only authorized parties can decrypt it. This has several obvious use cases but is most often used to encrypt internet traffic. For example, we can use ECC to ensure that when we send an email, no one but the recipient can read the message.

ECC is public key cryptography

There are many types of public-key cryptography, and Elliptic Curve Cryptography is just one flavor. Other algorithms include RSA, Diffie-Helman, etc. I’m going to give a very simple background of public-key cryptography as a jumping-off point so that we can discuss ECC and build on top of these ideas. By all means, study more in-depth on public-key cryptography when you have the time.

Public-key cryptography allows the following to happen:

encryption algorithm example
http://itlaw.wikia.com/wiki/Key_pair

We create two keys, a public key, and a private key. The public key is given freely, and any party can encrypt data by using it. However, the private key is kept secret and only those who hold it will have the ability to decrypt data.

An Example of Public-Key-Cryptography

Let’s pretend that Facebook is going to receive a private post from Donald Trump. Facebook needs to be able to ensure that when the President sends his post over the internet, no one in the middle (Like the NSA, or internet service provider) can read the message. The entire exchange using Public Key Cryptography would go like this:

  • Donald Trump Notifies Facebook that he wants to send them a private post
  • Facebook sends Donald Trump their public key
  • Donald Trump uses the public key to encrypt his post:

“I love Fox and Friends” + Public Key = “s80s1s9sadjds9s”

  • Donald Trump sends only the encrypted message to Facebook
  • Facebook uses its private key to decrypt the message:

“s80s1s9sadjds9s” + Private Key= “I love Fox and Friends”

As you can see this is a very useful concept. Here are some key points:

  • The public key can be sent to anyone. It is public.
  • The private key must be kept safe because if someone in the middle were to get the private key, they could decrypt messages.
  • Computers can very quickly use the public key to encrypt a message, and the private key to decrypt a message.
  • Computers require a very long time (millions of years) to derive the original data from the encrypted message if they don’t have the private key.

How it Works: The Trapdoor Function

The crux of all public-key cryptographic algorithms is that they each have their own unique trapdoor function. A trapdoor function is a function that can only be computed one way, or at least can only be computed one way easily (in less than millions of years using modern computers).

Not a trapdoor function: A + B = C

If I’m given A and B I can compute C. The problem is that if I’m given B and C I can also compute A. This is not a trapdoor function.

Trapdoor function:

“I love Fox and Friends” + Public Key –> “s80s1s9sadjds9s”

If given “I love Fox and Friends” and the public key, I can produce “s80s1s9sadjds9s”, but if given “s80s1s9sadjds9s” and the Public Key I can’t produce “I love Fox and Friends”

In RSA (Probably the most popular public-key system) the trapdoor function relies on how hard it is to factor large numbers into their prime factors.

Public Key: 944,871,836,856,449,473

Private Key: 961,748,941 and 982,451,653

In the example above the public key is a very large number, and the private key is the two prime factors of the public key. This is a good example of a Trapdoor Function because it is very easy to multiply the numbers in the private key together to get the public key, but if all you have is the public key it will take a very long time using a computer to re-create the private key.

Note: In real cryptography, the private key would need to be 200+ digits long to be considered secure.

What Makes Elliptic Curve Cryptography Different?

You would use ECC for the same reasons as RSA. ECC and RSA both generate a public and private key and allows two parties to communicate securely.

There is one major advantage however that ECC offers over RSA. A 256 bit key in ECC offers about the same security as a 3072-bit key using RSA. This benefits systems with limited resources.
Click To Tweet

ECC allows resource-constrained systems like smartphones, embedded computers, and cryptocurrency networks to use 10% of the storage space and bandwidth required by RSA.

ECC’s Trapdoor Function

This is probably why most of you are here. The trapdoor function is what makes ECC special and different than RSA. The trapdoor function is similar to a mathematical game of pool. First, we start with a certain point on the curve. Next, we use a function (called the dot function) to find a new point. Finally, we keep repeating the dot function to hop around the curve until we finally end up at our last point. Lets walk through the algorithm.

ecc's trapdoor function example
image source
  • Starting at A:
  • A dot B = -C (Draw a line from A to B and it intersects at -C)
  • Reflect across the X axis from -C to C
  • A dot C = -D (Draw a line from A to C and it intersects -D)
  • Reflect across the X axis from -D to D
  • A dot D = -E (Draw a line from A to D and it intersects -E)
  • Reflect across the X axis from -E to E

This is a great trapdoor function because if you know where the starting point (A) is and how many hops are required to get to the ending point (E), it is very easy to find the ending point. On the other hand, if all you know is where the starting point and ending point are, it is nearly impossible to find how many hops it took to get there.

Public Key: Starting Point A, Ending Point E

Private Key: Number of hops from A to E

Questions?

Here are just a couple of questions I had when I first learned about ECC. Hopefully, I can address them properly.

How is the second point found? If the dot function is basically drawing a line between two points, don’t you need a second point to start with?

Answer: No. The second point (we will call it -R below) is actually the result of P dot P (let’s assume the first point is called P)

P dot P= -R

So what is P dot P? It is actually just the tangent line of P. See the graphic below:

dot function elliptical curve
https://devcentral.f5.com/articles/real-cryptography-has-curves-making-the-case-for-ecc-20832

What happens if the dot function produces a line that will go way off out to some extreme?

If the line doesn’t hit the curve close to the origin, we can actually define a maximum X value where the line will wrap back around and start from the beginning again. See the graphic below for an example.

elliptic curve cryptography illustration
image source

I get the trapdoor function, but how are public and private keys created in practice? How are they used in conjunction with data to be encrypted?

This is a great question, but it requires a much more in-depth answer. I gave very hand-wavy explanations of both RSA and ECC in this article. However, there are plenty of more technical resources out there and I encourage you to look into them.

Who Cares?

ECC is used as the cryptographic key algorithm in Bitcoin because it potentially can save 90% of the resources used by a similar RSA system. It seems that each year we see more systems moving from a bloaty RSA system to a more modern elliptic curve approach. Hopefully, we’ve helped you gain a high-level understanding ECC and public-key cryptography.

Thanks For Reading!

Follow us on Twitter @q_vault if you have any questions or comments

Take game-like coding courses on Qvault Classroom

Subscribe to our Newsletter for more educational articles

Related Articles


Hashing Passwords – Python Cryptography Examples
How SHA-2 Works Step-By-Step (SHA-256)
Is AES-256 Quantum Resistant?

The post (Very) Basic Intro To Elliptic Curve Cryptography appeared first on Qvault.



source https://qvault.io/2020/07/21/very-basic-intro-to-elliptic-curve-cryptography/

Comments

Post a Comment

Popular posts from this blog

Why is Exclusive Or (XOR) Important in Cryptography?

Image
If you are getting into cryptography, or just trying to understand the fundamentals, you may have noticed that the exclusive-or operation is used quite often, especially in ciphers. What is XOR ( ⊕ )? XOR, or “exclusive or” operates on binary data. It returns true if both of its inputs are opposites (one false and one true), otherwise, it returns false. An example in go code would be something like: func exclusiveOr(a bool, b bool) bool { return a != b } XOR Cipher – The Perfect Cipher The XOR operation can be used as a simple cipher for encrypting and decrypting messages with a single key. This is known as symmetric encryption. It is interesting to note that if: The key is the same size as the message The key is kept secret and generated truly randomly Then the cipher is impossible to crack. This is known as a one time pad . However, a simple XOR shouldn’t be used in production due to the key length needing to be too long to be practical. Cipher Example A
Read more

What are UUIDs, and should you use them?

Image
The post What are UUIDs, and should you use them? first appeared on Qvault . A universally unique identifier (UUID) is a 128-bit format for creating IDs in code that has become popular in recent years, especially in relation to database keys. By using UUIDs, you ensure that your ID is not just unique in the context of a single database table or web application, but is truly unique in the universe. No other ID in existence should be the same as yours. Sorry to interrupt! I just wanted to mention that you should check out my new free Go course. It’s designed to teach you all the fundamentals of my favorite coding language. Learn Golang Now It is important to note that while the probability that a UUID will collide with another is not zero , its practically zero. The chances of collision are so astronomically low, worrying about it would be ridiculous. The total number of possible UUIDs is 2^128 or 340282366920938463463374607431768211456 . UUID Generator Online
Read more

6 Things to Avoid When Contributing to Open-Source Projects

Image
The post 6 Things to Avoid When Contributing to Open-Source Projects first appeared on Qvault . With #HacktoberFest being a thing, there has been an influx of devs desperately trying to contribute to their favorite Open-Source projects. Unfortunately, many of these pull requests have been a waste of time, with the maintainers ultimately unable to use the contributions. Maintainers don’t want to waste their time reviewing bad PRs, and contributors don’t want to waste their time writing code that will never make it into production. Let’s take a look at some common pitfalls that developers fall prey to when working on an open-source project. As a side note, we recently open-sourced the Qvault front-end, so take a look at that if you want to help out. 1. Don’t Start Work Without Approval If you hop into a Github repo and find something you don’t like, don’t immediately open a pull request. Follow these steps instead: Is there already an issue logged? If not, make one. If there
Read more