Today Learning elliptic curve cipher (Elliptic Curve CRYPTOGRAPHY,ECC) algorithm, his hand lacks the introduction of the algorithm of professional books, so on the internet to check a lot of blog and books, but most of the blog writing is really ... You know... Really deserves to be ' the world article a big copy ' Ah! The same does not say, the key is the introduction is not very clear, is I in the process of reading, produced a lot of doubts can not be solved! For example: Only "p+q=r", but why is it equal? What is the calculation based on what? Later looked for a long time, only to discover: this is the stipulation, is the definition! The moment is no language!
Well, do not spit groove, in order to facilitate the elliptic curve cipher algorithm has a systematic understanding, I have collated a few better posts, and add their own views!
The time is limited, the opinion is not deep, if appears the mistake, welcome correction!
Bitcoin uses an elliptic curve algorithm to generate a public and private key, and the SECP256K1 curve is selected.
Abbreviation for Elliptic curve cryptography (Elliptic Curve cryptography). The algorithm is a public-key cipher algorithm based on elliptic curve mathematics, and its security depends on the difficulty of elliptic curve discrete logarithm problem.
Before ECC was popular, almost all public-key algorithms were based on RSA, DSA, and DH ———— optional cryptographic systems based on modulo operations. RSA and its friend algorithms are still very important at present and are often used in conjunction with ECC. However, the principles behind RSA and its friend algorithms are easily explained, and are widely understood, and some simple implementations can be easily written out, but the basis for ECC implementation is still mysterious to most people.
Specifically, I will touch on the following topics:
1. Mathematical elliptic curves and related concepts
2. Elliptic Curves in cryptography
3. Encryption/decryption on elliptic curves
4. Elliptic curve signature and verification signature
I. Elliptic curves and related concepts in mathematics
1.1 Talking from parallel lines
Parallel lines, never intersect. But in modern times this conclusion has been questioned. Will parallel lines intersect far and far away? No one has actually seen it. So "parallel lines, never intersect" just assume (everyone think of junior high school learning parallel axiom, is not proven). Since it is possible to assume that parallel lines never intersect, you can also assume that parallel lines intersect far and far away. That is, parallel lines intersect at Infinity Point p∞ (Please close your eyes, imagine that Infinity Point p∞,p∞ is not very unreal, in fact, it is not so much a mathematical exercise of the abstract ability of people, rather than exercise people's imagination). Give a picture to help you understand:
The advantage of having a p∞ point on a line is that all straight lines intersect with only one intersection. This unifies the parallel and intersect of the straight line. To distinguish it from the Infinity Point, the point on the original plane is called the normal point.
The following are several properties of the Infinity Point.
▲ The Infinity Point on the line L can only have one. (can be derived directly from the definition)
A group of parallel lines on a plane has a common infinity point. (can be derived directly from the definition)
There are different infinity points on the plane of any intersecting two straight lines l1,l2. (otherwise L1 and L2 have a common infinity point P, then L1 and L2 have two intersection A, p, so the hypothesis is wrong.) )
▲ all the infinity points on the plane form an infinitely far line. (Imagine this straight line yourself)
▲ all the infinity points on the plane form the projective plane with all ordinary points.
1.2 Projective plane coordinate system
The projective plane coordinate system is an extension to the normal plane Cartesian coordinate system (the Cartesian plane Cartesian coordinate system we learned at the beginning). We know that the normal plane Cartesian coordinate system does not design coordinates for infinity points, and cannot represent infinity points. In order to represent the infinity point, the projective plane coordinate system is produced, and the projective plane coordinate system can also represent the old normal point very well (mathematics is also "backwards compatible").
We transform the coordinates of point a (x, y) on the normal planar Cartesian coordinate system as follows:
Make x=x/z, y=y/z (z≠0); a point can be represented as (x:y:z).
becomes a coordinate point with three parameters, which establishes a new coordinate system for the point on the plane.
Example 1: Finding the coordinates of a point in a new coordinate system.
Solution:∵x/z=1, y/z=2 (z≠0) ∴x=z,y=2z∴ coordinates (Z:2Z:Z), z≠0. That is (1:2:1) (2:4:2) (1.2:2.4:1.2) and other shapes such as (z:2z:z), z≠0 coordinates, are (all) in the new coordinate system coordinates.
We can also get a straight line equation ax+by+cz=0 (think about why?) Tip: The general equation of straight line in normal plane Cartesian coordinates is ax+by+c=0. Can the new coordinate system represent an infinity point? Let's think about where the infinity point is. Based on the knowledge in the previous section, we know that the Infinity Point is the intersection of two parallel lines. So, how do you find the intersection coordinates of two lines? This is the knowledge of the middle school, that is, two straight lines corresponding to the equation to solve. The equations of parallel lines are: ax+by+c1z =0; ax+by+c2z =0 (C1≠C2);
Why Hint: can be considered from the slope, because parallel lines slope the same);
The two equations are solved. There are c2z= c1z=-(Ax+by), ∵c1≠c2∴z=0∴ax+by=0;
So the infinity point is that form (x:y:0). Note that the usual point z≠0, Infinity Point z=0, so the Infinity line corresponds to the equation is z=0.
Example 2: to find the parallel line l1:x+2y+3z=0 and l2:x+2y+z=0 intersection of the Infinity Point.
solution: because L1∥L2 so have z=0, x+2y=0; so the coordinates are ( -2y:y:0), y≠0. That is, ( -2:1:0) ( -4:2:0) ( -2.4:1.2:0) and other shapes such as ( -2y:y:0), y≠0 coordinates, all represent this infinity point.
It seems that this new coordinate system can represent all the points on the projective plane, and we will call this coordinate system that can represent all the points on the projective plane called the projective plane coordinates.
1.3 Elliptic Curve
In the previous section, we established the projective plane coordinate system, which we will set up in this coordinate system to establish the elliptic curve equation. Because we know that the curves in coordinates can be represented by equations (for example, the unit circle equation is x2+y2=1). Elliptic curves are curves, and natural elliptic curves have equations.
Definition of elliptic curve:
An elliptic curve is a set of all points that satisfy the equation---------------------------[1-1] on the projective plane, and each point on the curve is non-singular (or smooth).
Definition of the explanation:
▲[1-1] is the Weierstrass equation (Weierstrass, Karl Theodor Wilhelm weierstrass,1815-1897), which is a homogeneous equation.
The shape of the elliptic curve is not elliptical. Just because the elliptic curve describes the equation, similar to the calculation of an ellipse circumference of the equation, so named.
Let's see what the elliptic curve looks like.
▲ the so-called "non-singular" or "smooth", in mathematics refers to any point on the curve of the derivative fx (x, y, z), Fy (x, Y, z), Fz (x, y, z) can not be 0. If you have not studied advanced mathematics, you can understand this word, that is, any point that satisfies the equation has a tangent.
The following two equations are not elliptic curves, although they are in the form of equation [3-1].
Because they do not have tangents at (0:0:1) points (i.e. origin).
There is an infinity point o∞ (0:1:0) on the elliptic curve, because this point satisfies the equation [1-1].
Know the infinity point on the elliptic curve. We can put the elliptic curve in the normal plane Cartesian coordinate system. Because the normal plane Cartesian coordinate system is only less infinitely far point than the projective plane coordinate system. In the normal plane Cartesian coordinate system, we find the curve equation of all the ordinary points on the elliptic curve, plus the Infinity Point o∞ (0:1:0), do not constitute the elliptic curve?
We set x=x/z, the y=y/z generation equation [1-1] to get:
y2+a1xy+a3y = X3+a2x2+a4x+a6-------------------------[1-2]
That is to say, the smooth curve of satisfying equation [1-2] plus an infinity point o∞, the elliptic curve is formed. In order to facilitate operation, expression, and comprehension, the future discussion of elliptic curves will be mainly used in the form of [1-2].
At the end of this section, we discuss the tangent slope of the elliptic curve.
It is known from the definition of elliptic curve that the elliptic curve is smooth, so the normal point on the elliptic curve has tangent. And the most important parameter of tangent is the slope K.
Example 3: the slope K of the tangent of the normal point a (x, y) is obtained on the elliptic curve equation.
solution: make F (x, y) = Y2+a1xy+a3y-x3-a2x2-a4x-a6
Seeking partial derivative
Fx (x, y) = A1y-3x2-2a2x-a4
Fy (x, y) = 2y+a1x +a3
The derivative is: F ' (x) =-Fx (x, y)/Fy (x, y) =-(A1Y-3X2-2A2X-A4)/(2y+a1x +a3)
= (3x2+2a2x+a4-a1y)/(2y+a1x +a3)
So-------------[1-3]
Do not understand the problem-solving process is not related, remember the conclusion [1-3] can be.
1.4 addition on an elliptic curve
In the previous section, we've seen the image of an elliptical curve, but there seems to be no connection between points and points. Can we create an algorithm similar to the addition on the real axis? The genius mathematician found this algorithm.
Since the introduction of the concept of group, ring and Domain in the recent century, the algebra operation has achieved a high degree of unification. For example, mathematicians summed up the main features of general addition, and proposed Dabigatran (also called commutative group, or Abel (abelian) group), in the eyes of the group. There is no difference between the addition of real numbers and the addition of elliptic curves. This may be the mathematical abstraction:). For the specific concepts of group and Group, please refer to the Mathematics Book of modern algebra.
Algorithm: Arbitrarily take the elliptic curve on the two point P, Q (if p, q two points coincident, then do the tangent of the P-point) to do a straight line in the elliptic curve of the other R ', over R ' to do the y-axis parallel intersection of R. We stipulate p+q=r. ()
The law is detailed:
▲ Here the + is not the ordinary addition of the real number, but the addition from the ordinary addition, he has some ordinary addition of some properties, but the specific algorithm is obviously different from ordinary addition.
▲ According to this law, you can know that the elliptic curve Infinity Point o∞ and the elliptic curve point P's connection to P ', over P ' as the parallel line of the Y axis in P, so there is an infinity point o∞+ p = p. In this way, the function of Infinity Point o∞ is equivalent to zero in ordinary addition (0+2=2), we call the Infinity point o∞ 0 yuan. At the same time we call P ' P's negative element (abbreviation, negative p; record,-P). See
▲ According to this rule, the following conclusions can be obtained: if the three points a, B, C on the elliptic curve are in the same line, then their sum equals 0 yuan, namely a+b+c= o∞
The sum of three points on the same line equals 0.
Note: All we need is a three-point line, regardless of the order of the points. This means that if p, Q and R are the same line, then P + (q + r) = q + (p + r) = R + (p + Q) =??? = 0. In this way, we can visually prove that our "+" operation satisfies both the binding law and the commutative law.
▲k the same point P added, we remember it as KP. such as: P+p+p = 2p+p = 3P.
Below, we use the coordinates of P, Q points (x1,y1), (X2,y2), to find the coordinates of the R=P+Q (X4,Y4).
Example 4: to find the elliptic curve square y2+a1xy+a3y = x3+a2x2+a4x+a6, the normal point P (x1,y1), Q (X2,y2) and R (x4,y4) coordinates.
Solution:(1) First seek point-R (X3,y3)
Because the P,q,-r three-point collinear, the collinear equation is y=kx+b, in which
If P≠q (p,q two points do not coincide) then
Linear slope k= (y1-y2)/(X1-X2)
If the p=q (p,q two points coincident) the line is the tangent of the elliptic curve, it is known from Example 3.1:
k= (3x2+2a2x+a4-a1y)/(2Y+A1X+A3)
So the coordinate value of the P,q,-r three point is the equation set:
Y2+a1xy+a3y=x3+a2x2+a4x+a6-----------------[1]
Y= (kx+b)-----------------[2]
The solution.
Will [2], substituting [1] has
(kx+b) 2+a1x (kx+b) +a3 (kx+b) =x3+a2x2+a4x+a6--------[3]
for [3] into the general equation, according to the three-time equation root and coefficient relationship (when the three-time term coefficient is 1 o'clock;-x1x2x3 equals constant term coefficients, x1x2+x2x3+x3x1 equals the first-order coefficient,-(x1+x2+x3) equals two times the coefficient. )
So-(X1+X2+X3) =A2-KA1-K2
x3=k2+ka1+a2+x1+x2;---------------------find out the horizontal axis of the point-R
Because k= (y1-y3)/(X1-X3)
Y3=y1-k (x1-x3);-------------------------------find out the ordinate of the point-R
(2) using the-R to seek R
Apparently there were x4=x3= k2+ka1+a2+x1+x2; ------------Find out the horizontal axis of the point R
And Y3 Y4 is the solution of the x=x4 equation y2+a1xy+a3y=x3+a2x2+a4x+a6
To the general equation y2+ (a1x+a3) y (x3+a2x2+a4x+a6) =0, according to the two-time equation root and coefficient relationship:
-(A1X+A3) =y3+y4
therefore y4=-y3-(A1X+A3) =k (x1-x4)-y1-(A1X4+A3); ---------------find out the ordinate of point R
That
x4=k2+ka1+a2+x1+x2;
Y4=k (x1-x4)-y1-a1x4-a3;
At the end of this section, it is important to note that previously provided images may give you an illusion that the elliptic curve is symmetric about the x-axis. In fact, elliptic curves are not necessarily about x-axis symmetry. such as the y2-xy=x3+1
Ii. elliptic curves in cryptography
We now have a basic understanding of the elliptic curve, which is to be pleased.
However, please note that the elliptic curve learned in the previous is continuous and not suitable for encryption , so we have to turn the elliptic curve into a discrete point, to define the elliptic curve in a finite field .
Let's think about why the elliptic curve is continuous. Because the coordinates of the points on the elliptic curve are real numbers (that is, the elliptic curves described above are defined on the real number field), the real numbers are contiguous, resulting in the continuous curve. Therefore, we want to define the elliptic curve on a finite field (as the name implies, a finite field is a domain consisting of only a finite number of elements).
The concept of a domain is abstracted from the operation of our rational number and real numbers, and strict definitions refer to the number of modern algebra. Simply put, the elements in the domain, like the rational number, have their own addition, multiplication, Division, Unit (1), 0 (0), and meet the exchange rate, allocation rate.
Below, we give a finite field FP, which has only a finite number of elements.
Only P (p is prime) element 0,1,2 in FP ... p-2,p-1;
The addition (a+b) rule of the Fp is a+b≡c (mod p); that is, the remainder of (a+c) ÷p is the same as the remainder of C÷p.
The rule of the Fp multiplication (AXB) is axb≡c (mod p);
The Fp Division (a÷b) rule is a/b≡c (mod p), i.e. axb-1≡c (mod p); (B-1 is also an integer between 0 and p-1, but satisfies bxb-1≡1 (mod p)).
The unit element of the FP is 1, and 0 yuan is 0.
At the same time, not all elliptic curves are suitable for encryption. Y2=x3+ax+b is a class of elliptic curves that can be used for encryption, and is the simplest. Below we will puty2=x3+ax+b(mod p) This curve is defined on the FP:
Select two nonnegative integers a, b with less than P (p as prime number) that meet the following conditions
4a3+27b2≠0 (mod p)
All points (x, y) of the following equations are satisfied, plus the Infinity Point o∞ to form an elliptic curve.
Y2=x3+ax+b (mod p)
Where X,y∈[0,p-1] is an integer, and the Elliptic Curve is recorded as EP (A, B).
Let's take a look at the image of Y2=x3+x+1 (mod 23)
Does it feel weird? Elliptic curve, how to become such a shape, become a discrete point?
Elliptic curves appear differently in different number fields, but their nature is still an elliptic curve. To cite an inappropriate example, like water, which is liquid at room temperature, when it is below zero, the water becomes ice and becomes solid, and the temperature rises to 100 degrees and the water becomes vapour. But its essence is still H2O.
The elliptic curve on FP also has addition, but it can't give the explanation of geometrical meaning. However, the rule of addition is almost the same as the real number field, so the reader should compare itself.
1. Infinity Point o∞ is 0 yuan, there is o∞+ o∞= o∞,o∞+p=p
2. The negative element of P (x, y) is (x,-y), with p+ (-p) = o∞
3. P (X1,y1), Q (X2,y2) and R (X3,Y3) have the following relationship:
X3≡K2-X1-X2 (mod p)
Y3≡k (x1-x3)-y1 (mod p)
If P=q k= (3x2+a)/2y1 if p≠q, then k= (y2-y1)/(X2-X1)
Example 5: known elliptic curve known E23 (two points P (3,10), Q (9,7), ask (1)-P, (2) P+q, (3) 2P
Solution:
Finally, let's talk about the order of the points on the elliptic curve.
If there is a point p on the elliptic curve, there is a minimum positive integer n, which makes the number multiplication np=o∞, then n is called the Order of P, and if n does not exist, we say that P is an infinite order.
In fact, the order n of all points on an elliptic curve defined on a finite field are present.
Calculation can be 27p=-p= (3,13)
So the order of 28p=o∞p is 28.
These points are made into a cyclic abelian group, where the generated element is P and the order is 29. Obviously, the distribution and order of the dots are disorganized.
III. encryption/decryption on elliptic curves
Public key algorithms are always based on a mathematical puzzle. For example, RSA is based on: given two prime numbers p, Q is easy to multiply to get N, but the factorization of n is relatively difficult. What's the problem with the elliptic curve?
Consider the following equation:
k=kg [where K,g is a point on EP (A, B) and K is an integer less than n (n is the order of Point G)]
It is not difficult to find that given K and G, it is easy to calculate k according to the rule of addition, but given K and G, it is relatively difficult to find K.
This is the problem that Elliptic curve encryption algorithm adopts.
We refer to the point G as base point,
K (K<n,n is the order of Base point G) is called the private key (Privte key),
K is called the Public key (public= "" key). <= "p=" ">
Now we describe a process for encrypting communication using an elliptic curve:
1, User A selected an Elliptic Curve EP (A, B), and take the elliptic curve point, as the base point G.
2, User A selects a private key K, and generates a public key k=kg.
3. User A transmits EP (A, B) and point k,g to User B.
4, User B received the message, the text to be transmitted to the Code to the EP (A, B) a little m (coding method is many, not discussed here), and produce a random integer R (r<n).
5, User B compute point c1=m+rk;c2=rg.
6. User B passes C1 and C2 to User A.
7, User A received information, calculate C1-KC2, the result is point M.
Because C1-kc2=m+rk-k (RG) =m+rk-r (KG) =m is decoded to point M, the plaintext can be obtained.
In this encrypted communication, if there is a peeping H, he can only see the EP (A, B), K, G, C1, C2 and by K, G K or through the C2, G to seek r is relatively difficult. Therefore, H cannot get the plaintext information transmitted between A and B.
Summarize:
Set the private key, the public key is K, K,k = = {RG, m+ + rk-k (RG) = m + R (KG)-K (RG) = m where k, K is the private key, the public key, respectively.
ECC Technical Requirements:
In cryptography, an elliptic curve on an FP is described, commonly used to six parameters:
T= (p,a,b,g,n,h).
(P, a, b are used to determine an elliptic curve, G is the base point, N is the order of point G, H is the integer portion of the number m and N of all points on the elliptic curve)
The choice of these parameters has a direct effect on the security of encryption. Parameter values are generally required to meet the following conditions:
1, p of course, the larger the more secure, but the larger the calculation speed will be slow, around 200 can meet the general safety requirements;
2, P≠nxh;
3, pt≠1 (mod n),1≤t<20;
4, 4a3+27b2≠0 (mod p);
5, N is the prime number;
6, H≤4.
Four, Elliptic curve signature and verification signature
Elliptic curve Signature algorithm, namely ECDSA.
Set the private key, the public key is K, K, that is, k = KG, where G is the G point.
Private key Signature:
1. Select random number R to calculate the point RG (x, y).
2, according to the random number R, the hash h of message m, the private key k, calculate s = (H + KX)/R.
3. Send the message m, and the signature {RG, s} to the receiving party.
Public key authentication Signature:
1. The receiving party receives the message m, and the signature {rg= (x, y), s}.
2, according to the message to hash H.
3, using the sender's public key K calculation: HG/S + xk/s, and compared with RG, such as the equivalent of the successful verification.
The principle is as follows:
hg/s + xk/s = hg/s + x (kG)/s = (H+XK) g/s
= R (h+xk) G/(H+KX) = RG
"Haste, if there is a mistake, please correct me!" If you write well, thank you for recommending! | | Welcome to leave your comments! We discuss and learn the blockchain together! 】
REFERENCE
1. Babbitt Forum Zmworm http://8btc.com/article-138-1.html
2. Zhang Wo Rui, the foundation of modern algebra, higher Education Press, 1978
3. Minsihe Shijin, "Elementary Number Theory", Higher Education Press, 1982
4. ECC Detailed https://www.cnblogs.com/Kalafinaian/p/7392505.html
Cryptography in 1.3.2 Blockchain--Elliptic curve cryptography (ECC)