ECC algorithm analysis-mathematical background-top-down approach

Source: Internet
Author: User

ECC can be understood as RSA in a curve domain. Of course, it can only be understood that, even if they are placed in one domain, they are very different, resulting in different mathematical difficulties that can be applied separately. Since it can be understood as RSA in the curve domain (or DH and DSA in the curve domain), we should know where RSA, DSA, DH, and so on are located, in fact, they are all in the prime number field, and all the prime number fields are the same. Therefore, for RSA, DSA, or DH, they can be directly calculated. For example, to generate a large prime number, then the problem is directly generated. This kind of data generation problem can be solved by modern computers. Although the general machine does not provide ready-made hardware interfaces, it can still be easily implemented by programming, but how do we understand the curve Domain? As the name implies, it is a set of points defined on a curve plus some operations. Each curve has a curve domain. In this case, the curve domain is not unique, there are infinite numbers, so we must specify the curve on which the operation is performed during calculation, therefore, it is necessary to have a data structure more than the algorithm in the RSA and other prime number fields. The data structure is ec_group. Once the group is determined, the remaining operation procedures are basically the same as those in the prime number field, but they are only the same process. The specific operation methods are different. The reason for the difference is that the concept of domain can be overloaded for various operations (we recommend that you use OO to understand the concept of group RING domain)
The concept of a domain is similar to that of a class in OO. It has a data set, addition, subtraction, multiplication, division, and zero element and unit element. These operations can be implemented differently for different domains, A group domain is an abstraction of a set, an operation, and a zero element and a unit element. Since the addition, subtraction, multiplication, division, and division of a domain can be customized, we need to define the addition on the curve next. This is the most basic operation, because subtraction can be understood as adding a "negative" element, multiplication is the repetition of addition. Division can be understood as multiplying a "Inverted" element. Before describing the law of adding a curve domain, let's take a look at the concept of a projective plane.
In a normal Cartesian coordinate system, the concept of "infinite" cannot be expressed by numbers. In fact, the Cartesian coordinate system is the quantization of Euclidean geometry. In all Euclidean ry, "truth" remains in the Cartesian coordinate system, however, the ry of this "finite field" may only be suitable for engineering, and the theoretical ry should be all-encompassing. In order to include both limited and infinite in a coordinate system, it is necessary to record the concept of "infinity" in a way that corresponds to the geometric coordinate system as a "infinite distance" point, which is actually not reachable, do not expect a point that is far away or far away to jump to an infinite distance at once. The behavior similar to a quantum transition is impossible in a continuous set of real numbers. What we need to agree on is that there is only one infinite point, because our goal is to include infinite points in concept so that we can define new concepts, rather than quantize them to make computing possible, before the launch of the new mathematical theory, any attempt to quantify "infinity" was meaningless. Since there is no need to quantify infinity, it is enough to have only one such point. If this point is missing on a plane, it is equal to half of the content, A plane is complete, at least in terms of concept. Next, let's take a look at how to define this infinity point.
There are two ways to define a concept. One is descriptive definition and the other is an export definition. descriptive definition does not actually make sense for infinity, after all, we just use the concept of infinite distance and want to merge it into an existing Cartesian coordinate system. Therefore, a concept related to it is necessary to export it, therefore, the first choice is the definition of parallel lines. The Euclidean ry says that the two straight lines that do not overlap are parallel. Don't underestimate this definition, that is, this definition discards the error of the infinite distance Euclidean because it defines intersection and line as two concepts, and there is no bridge between them, which leads to the dual opposition of the two concepts, therefore, if they are intersecting lines, they must be in the finite stretch length. If they are parallel, they do not have intersections at all, so they do not need to care about the concept of the intersection and where it exists, if the concept of parallelism is defined as two straight lines that Intersect infinitely far, the concepts of intersection and line are all unified in the concept of intersection, then the two straight lines intersect. If the two lines are infinitely distant, the two lines are parallel. With this definition of infinity, we need to consider how to express it in the coordinate system. In fact, because the Cartesian coordinate system completely quantizes the Euclidean ry, so it is impossible to represent an infinitely distant point in this coordinate system,
L1: Y = AX + m
L2: Y = AX + n
In the case of M and N, the equations obtained by the above straight lines are unsolvable. Therefore, we do not expect to use this method to define the Infinity point. However, we need to find a solution to the above equations, that is to introduce another independent variable z, so the above line is:
L1': ZY = azx + ZM
L2 ': ZY = azx + Zn
In this way, as long as Z = 0, the above obviously parallel line will be intersecting, and the point of intersection will be infinity. The coordinate (x, y, z) is the coordinate of the new inner plane, of course, you can also change the following:
X' = ZX
Y' = ZY
Z' = z
Therefore, the point Z = 0 in all sets of projective surface coordinates is the unique infinity point. If the point Z = 0 is converted from the projective surface coordinate to the Cartesian coordinate, x = x'/Z appears, in the case of Y = y'/Z, it is clear that Z cannot be 0, which is why the Cartesian coordinate system cannot represent the Infinity point. With the concept and coordinates of infinity, the whole plane is harmonious and there is no need to worry about the problem of no intersection between the two curves.
The addition of the two points on the curve is defined as the extension of the two points on the two points and the intersection of the curve at the third point, and the intersection of the parallel lines on the Y axis (Cartesian coordinate system) at the fourth point, the fourth point is the final sum. In the curve field, the zero element is the Infinity distance. This rule looks strange. In fact, it is very common, in elementary school, the natural number addition method is the simplest curve addition law. The corresponding curve is the X axis of the Cartesian coordinate system, also referred to as the number axis, in addition, we were already using discrete points in elementary school. natural numbers are a series of discrete points on the number axis. in that era, we started learning from discrete natural numbers, at last, when I was in junior high school, I transitioned to a continuous real number, which is actually on the same number axis. But today we have just understood the addition definition on the continuous curve domain, next we will return the definition of discretization. This time we will first learn the continuity and then introduce the discretization, which is exactly the opposite of learning the number axis in junior high school.
In the ECC algorithm, in order to keep the coordinates of the points on the curve within a controllable range, ECC modulo the curve and re-defines the addition Law of the discrete curve points, in fact, it is similar to the law of continuous curve points. There is a reason to do this. After all, the final computing is machine, and not all machines can do high-intensity operations. The specific definition is:
A + B = C (MODM );
A * B = C (MODM );
This is easy to understand. The conditions for A and B to be equal to C are the addition of the real number fields of A and B, and the remainder of m division and C/M (real number Division) the remainder is equal (same as the remainder), and multiplication is the same. In addition, there is a concept of multiplication inverse element. If it is a real number field, the multiplication inverse element of a number is its reciprocal, the multiplication inverse element is the number equal to or equal to the unit element. For the discrete curve field of the ECC algorithm, the multiplication inverse element of M is N, satisfying M * n = 1 (modp ); n is the multiplication inverse element of m about P. For the discrete curve fields used by the ECC algorithm, the unit element is 1,
Multiplication is the modulo after multiplication, zero element is infinite distance, addition is the modulo after addition, which is very simple. However, if you encounter an expression 2/5 in the discrete curve field, do not consider it as a number. It is a division expression, which is no longer in the real number field. Therefore, a single 2/5 is meaningless, it depends on the number of mod. If it is 10, then the true positive value of a = 2/5 is 5, the multiplication inverse of 10, and then multiplied by 2. Pay attention to this.
The method of multiplication inverse element is implemented by extending the Euclidean algorithm. First, let's take a look at the description of the Extended Euclidean Algorithm:
Ax + by = gcd (a, B) ------- (1)
Here, gcd is the Euclidean algorithm. This equation 1 is obviously an indefinite equation. We can use the Extended Euclidean algorithm to find all the X and Y. First, if A and B are not mutually qualitative and have a unique approximate number, then, set their maximum public divisor and the unique public divisor to M.
A' mx + B 'my = m => a' x + B' y = 1 ---- (2)
It is converted to the mutual quality of A and B. If A and B have more than one common appointment, in fact, the Indefinite Equation 1 is unsolvable:
Since 1 has been converted to the form of 2, if A and B have a common number N, SO 2 => A "NX + B" NY = 1 => N (a "x + B" y) = 1 for integers, unless n = 1, otherwise, the above equation cannot be solved. If A and B are mutually compatible, you can use the extended European algorithm to solve X and Y:
Extended European algorithms use recursion. according to equation 1, we can obtain many forms:
Ax1 + by1 = gcd (a, B) -----
Bx2 + (a % B) y2 = gcd (B, A % B) ----- B
...
One day a % B will be 0, so if we push it backwards, we will get X and Y. The X and Y obtained by simultaneous solutions of A and B are a recursive formula, that is to say, xn + 1 can be used to represent XN, which is the basis for finding X and Y. In this process, we borrowed n equations in the form of equation 1 for the purpose of finding X and Y, and used the original Euclidean Algorithm to associate these seemingly unrelated equations, get a recursive formula. Finally, let's take a look at how to use the extended European algorithm to calculate the inverse multiplication element. The inverse multiplication element can be expressed as (A * B) mod p = 1, then B is the inverse element of a about P, the premise is that a and P are mutually qualitative. Since AB mod P is 1, it can be converted to the following formula:
A * B + py = 1
Taking B as the post-X formula is actually an indefinite equation that can be solved using Euclidean algorithms. You don't need to talk about things in the future.
The essence of ECC for cryptographic applications is to use a mathematical difficulty. This difficulty is similar to RSA and DH, but is defined on the curve domain, to use ECC encryption, you must define a curve, then select a vertex, and then calculate the order of the base point. The so-called order is a number set to P, set the base point to B, and p * B is actually a continuous addition of B. If Pb = infinity, p is the order of B, and then randomly select a number K less than P, calculate the KB value. If this value is set to A, then kb = A, then a is the public key, and K is the private key. The mathematical problem is that it is easy to calculate a by K and B, it is difficult to calculate K by A and B. The encryption and decryption process is not described here.
This article briefly introduces the essence of the ECC Algorithm and its partial implementation. When asked why the implementation of ECC in OpenSSL is different from the RSA stream, your answer can be: ECC is defined in discrete curve fields, while RSA is defined in the prime number field. In terms of geometric representation, since the curve domain defines addition based on the intersection, the intersection must exist unconditionally. Therefore, an infinite point is introduced as a backup processing resource that cannot be processed.
The last interesting thing is the understanding of the Euclidean algorithm. Many textbooks will talk about this algorithm, however, if you look at the old ry, there will be a completely different way of understanding the algorithm. Euclidean does not use division or remainder to describe this division, however, the concept of measurement is used. If one number can be divided into the other, the expression of "quantity exhausted" is used. This method of description is very good, although it is less rigorous, however, it is easy to understand. You can find two sticks of unequal length at will, find the maximum common divisor of their length, and use the short one to remove the long one, cut the long one by the short one, and then use the short one as the long one. The remaining one cut from the original long one is used as the short one, and so on, if one measurement shows that the quantity of the chunks is as long as possible, the chunks are cut again in units of the chunks. We will find that we have a bundle of sticks of the same length. The principle of this image is used to cut a lot of unequal sticks into an equal length. The requirement cannot be wasted, and the final length of the same wooden stick can be as long as possible.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.