The Use of Elliptic Curves for Message Concealment

John Brunzell

Faculty Advisor: Professor LaVarnway
Historical Methods for Concealing Messages
1 2 3 4 5
1 A B C D E
2 F G H IJ K
3 L M N O P
4 Q R S T U
5 V W X Y Z
Spartan Scytale, 500 B.C.
Polybius Checkerboard, 205-123 B.C.
Enigma, 1920s - WWII
Diagrammatic Representation
Alice Bob
Eve
Communication Channel
Key Channel k k
( )
k
F x ( )
k
F x
Massey-Omura Key Exchange
Alice Bob
Alice wants to send a message to Bob without anyone else knowing the content.
Alice and Bob have agreed on where p is a large prime number. This prime
number is made public. We will select p (prime)=101.

p
Selects her personal secret number such that 11 a = gcd( , ) 1 a p =
11 50(mod101) 550(mod101) 45 aM = = = Compute
Sends 45 to Bob
1
46 a

= Finds
1
99 46 99(mod101) 4554(mod101) 9 a

= = = Compute
Sends 9 to Bob
Selects message (number) to send to Bob, 50 M =
Selects his personal secret number such that 83 b = gcd( , ) 1 b p =
45 83 45(mod101) 3735(mod101) 99 b = = = Compute
Sends 99 to Alice
1
28 b

= Finds
1
9 28 9(mod101) 252(mod101) 50 b

= = = Compute
Bob now has Alices message (number), 50 M =
Why it works?
aM baM
1
a baM
1 1
b a baM
1 1 1 1
1 1 b a baM b ba aM M M

= = =
General Equation & Graphs of Elliptic Curve
2 3 2
y x ax bx c = + + +
4 2 2 4
10
5
5
10
4 2 2 4
5
5
4 2 2 4
6
4
2
2
4
6
4 2 2 4
5
5
2 3
5 y x x =
2 3
8 y x = +
2 3
3 2 y x x = +
2 3
y x =
Discriminant of the Elliptic Curve
2 3 2
y x ax bx c = + + +
4 2 2 4
10
5
5
10
4 2 2 4
5
5
2 3
5 y x x =
2 3
8 y x = +
2 2 3 2
18 4 27 a b abc b c +
2
y ax bx c = + +
2
4 b ac
Group Structure
We can define a group structure over addition for adding points on an
elliptic curve:
1. Define O to be the point at infinity. (Identity element).

P + O = O + P = P

2. Establish a procedure for adding two points on the curve.

3. Define the inverse. The inverse of P is -P


Addition of Points P and Q
4 2 2 4
5
5
P
Q
R
P+Q
1 1
( , ) P x y =
3 3
( , ) R x y =
2 2
( , ) Q x y =
3 3
( , ) P Q x y + =
Addition of Point P and itself
1 1
( , ) P x y =
3 3
( , ) R x y =
3 3
2 ( , ) P x y =
4 2 2 4
5
5
P
R
2P
Formulas for Computing P+Q or 2P
2
2 1
3 1 2
2 1
y y
x a x x
x x
| |
=
|

\ .
2 1
3 3 1 1
2 1
( )
y y
y x x y
x x
| |
= +
|

\ .
2
2
1 1
3 1
1
3 2
2
2
x ax b
x a x
y
| | + +
=
|
\ .
2
1 1
3 3 1 1
1
3 2
( )( )
2
x ax b
y x x y
y
+ +
= +
2 3 2
y x ax bx c = + + +
Case 1
3 3
( , ) P Q x y + =
1 2
x x =
1 1
( , ) P x y =
2 2
( , ) Q x y = Let and with then where
3 3
2 ( , ) P x y =
1
0 y =
1 1
( , ) P x y = Let with then where
Case 2
Elliptic Curves Mod P
2
( )(mod ) y f x p
x
2 3
1(mod11) y x = +
0
1
2
3
4
5
6
7
8
9
10
1
2
9
6
10
5
8
3
7
4
0 Squares when x=0, 2, 5, 7, 9, or 10
(0,1), (0,10), (2,3), (2,8), (5,4), (5,7), (7,5), (7,6), (9,2), (9,9), (10,0), O
2
0

2
1
2
2
2
3
2
4
2
5
2
6
2
7
2
8
2
9
2
10

0
1
4
9
3
5
(mod11)
1,3,4,5,9 are quadratic residues mod 11
Discrete Logarithm Problem
&
Computer Processing Capabilities
(mod )
k
a b p
kP Q =
An international team of mathematicians factored a 307-digit number, a record for the
largest factored number. This team used a special number field sieve.

For a hacker using a single computer, the job would require 100 years of processing
time. By sharing the load over about 500 computers, they reduced the time to
six months.
Given points P and Q, it is generally very difficult to solve for k. The elliptical
curve encryption scheme appears to allow us to work with smaller numbers to
achieve similar levels of security.
Determining Number of Points on a Curve
2 3 2
(mod ) y x ax bx c p = + + +
Given the elliptic curve
3 2 1
0
( )
1
p
x
x ax bx c
N p
p

=
+ + +
= + +

The number of points is where

Example: Select the elliptic curve over where
p=1377359.
2 3
2 1 y x x = + +
p
3 2 1
0
( )
p
x
x ax bx c
p

=
+ + +

Legendre Symbol (r/p) defined to be +1 if r is a

quadratic residue mod p, -1 if r is a quadratic
nonresidue mod p, and 0 if p divides r.
3 1
0
( 2 1)
1377539 1 1375269
1377539
p
x
x x
N

=
+ +
= + + =

Converting Message to Point on Curve

2 3
2 1 y x x = + +
1377359
over
Convert 1234 to a point on the curve
Mathematica

converttopoint[m_, b0_, b1_, b2_, p_]:=
Module[{x0, f},
x0 = 1000*m;
f[x_] := x^3 + b2x^2 + b1x + b0;
While[JacobiSymbol[f[x0], p] == -1, x0++];
Print[{x0, PowerMod[f[x0], (p + 1)/4, p]}]]

converttopoint[1234, 1, 2, 0, 1377359]

{1234005, 349433}
0
1000 1000( 1) m x m < < +
0
( ) f x
0
x Choose such that is a quadratic residue mod p, and
0 0
( , ) P x y = ( )
( ) 1 /4
0 0
p
y f x
+
=
Set and
Calculating aP
2 3
2 1 y x x = + +
1377359
over
Select a secret personal number relatively prime to 1377359, a=11111
0 1 2 5 6 8 9 11 13
111111 2 2 2 2 2 2 2 2 2 = + + + + + + + +
1 2 5 6 8 9 11 13
111111 2 2 2 2 2 2 2 2 P P P P P P P P P P = + + + + + + + +
Compute aP = 11111P
Could compute P+P, 2P+P, 3P+P, but this would take a lot of time
However,
So,
Massey-Omura Key Exchange
Alice
Bob
Alice wants to send a message to Bob without anyone else knowing the content.
Alice and Bob have agreed on where p is a large prime number. This prime
number is made public. We will select p (prime)=1375269.

p
11111 a =
11111(1234005, 349433)(mod ) (1114312, 498654) aP p = =
1
283322 a

=
1
283322(710108,1324551)(mod ) (1075576,1307157) a baP p

= =
(1234005, 349433) P =
22222 b =
22222(1114312, 498654)(mod ) (710108,1324551) baP p = =
1
141661 b

=
1 1
141661(1075576,1307157)(mod ) (1234005, 349433) b a baP p

= =
References
M. Erickson & A. Vazzana, Introduction to Number Theory, Chapman & Hall/CRC, Florida, 2008

S. Wagstaff Jr., Cryptanalysis of Number Theoretic Ciphers, Chapman & Hall/CRC, Florida, 2008

M. Greenberg, Euclidean and Non-Euclidean Geometries, W.H. Freeman & Co, New York, 2007

M. Sipser, Introduction to the Theory of Computation, Thompson Course Technology, Massachusetts, 2006

J. Fraleigh, A First Course in Abstract Algebra, Addison Wesley, USA, 2003

T. Barr, Invitation to Cryptology, Prentice Hall, New Jersey, 2002