Re: Elliptical Curve Encryption

Anonymous (nobody@replay.com)
Tue, 7 Jul 1998 22:37:02 +0200

• Next message: bram: "Re: Random Data from Geiger Counter"
• Previous message: Mike Rosing: "Re: Random Data from Geiger Counter"
• In reply to: Mark Tillotson: "Re: Random Data from Geiger Counter"
• Next in thread: Lewis McCarthy: "Re: Elliptical Curve Encryption"
• Reply: Lewis McCarthy: "Re: Elliptical Curve Encryption"
• Reply: Paul Lambert: "Re: Elliptical Curve Encryption"

> A while back a website was posted with an article on ECC. Could
> someone point me in that direction? I've just been freed up enough on
> projects to start looking in to this....

No, Jeremy, I'm afraid not. See, it's nothing personal, but here on
CodherPlunks, most of us prefer worrying about issues of cryptographic
implementation rather than worrying about other people's web searches
about cryptographic implementation.

More bluntly, take your question and shove it up...um, shove it up
<http://altavista.digital.com>. :)

On a less childish note, I'll be glad to give you some background on ECC.
Elliptic (not "elliptical," although I'm not sure if I'm spelling it right
either) curve encryption is based on an operation called elliptic curve
addition. The only way elliptic curve addition is like regular addition is
that it keeps addition's mathematical properties, namely A + (B + C) = A +
B + C and D + E = E + D.

Just like you can use these properties in the context of normal addition
to efficiently construct multiplication, you can use them in the context
of elliptic curve addition to efficiently construct what you might call
"elliptic curve multiplication."

Elliptic curve variants of normal public-key cryptosystems -- ECDH, ECDSS,
and now ECKEA/XECKEA (said like "ecky/zecky") -- work by replacing the
standard algorithm's modular exponentiation with that operation.

However, ECKEA/XECKEA might not work, because KEA contains checks which I
assume are there to prevent some attack involving choosing Y or R so that
the value of the other guy's x or r is revealed. It may be that, when
using elliptic curve operations instead of modular exponentiations, you
can still do that attack (or a similar one) but not the check that
prevents it.

The difficulty of cracking the mathematical problem behind elliptic curve
cryptosystems is called the elliptic curve discrete logarithm problem, or
ECDLP. It is thought to be hard enough to allow you to safely use
elliptic-curve cryptosystems with shorter keys. The whole problem is
relatively new and hasn't been studied much, so I wouldn't reccomend
putting ECC in any "mission-critical" applications (by which I mean key
distribution) soon.

• Next message: bram: "Re: Random Data from Geiger Counter"
• Previous message: Mike Rosing: "Re: Random Data from Geiger Counter"
• In reply to: Mark Tillotson: "Re: Random Data from Geiger Counter"
• Next in thread: Lewis McCarthy: "Re: Elliptical Curve Encryption"
• Reply: Lewis McCarthy: "Re: Elliptical Curve Encryption"
• Reply: Paul Lambert: "Re: Elliptical Curve Encryption"