Number theory & cryptology

Analytical:

Project NA-1

Title: Choosing an elliptic curve for cryptographic applications.

Description:

Elliptic curves is a new emerging class of public key cryptosystems that may successfully compete in the future with the current monopoly of the RSA cryptosystem. The security of most elliptic curve cryptosystems is based upon the difficulty of solving a discrete logarithm problem in a group of points on the elliptic curve. If the elliptic curve is chosen correctly, the best known algorithm for finding the discrete logarithm is of exponential difficulty. The security of RSA is based on the difficulty of factoring large integers, a problem for which quite efficient subexponential algorithms (such as Number Field Sieve) have been developed (see project CS-3). As a result, the cryptographic keys may be significantly shorter for elliptic curve cryptosystems compared to RSA, which results in faster and more compact implementations. The other advantage of using elliptic curves for constructing cryptosystems is that each user may (but does not need to) choose his/her own curve. If this is the case, reconstructing the private key of one user, does not provide any information that could be used to reconstruct the private key of another user. According to the current knowledge, choosing an appropriate elliptic curve is equivalent to calculating the number of points on the elliptic curve, and checking whether this number has a large prime divisor. Only in this case, a discrete logarithm problem in a group of points on the elliptic curve has exponential complexity. Several methods have been devised for choosing an appropriate elliptic curve. The anex to the IEEE 1363 standard lists three of them: counting number of points on a randomly chosen curve using Schoof's algorithm, constructing the curve using the Weil theorem, and constructing the curve using the method of complex multiplication. Your task is to either perform a comparative analysis of the last two methods, or to prepare a detailed specification of the Schoof's algorithm, and try to estimate its running time.

Literature:

  1. A. Menezes, "Elliptic Curve Cryptosystems," RSA Laboratories' CryptoBytes, vol. 1, no. 2, summer 1995, pp. 1-4.
  2. S. Vanstone, "An Introduction to Elliptic Curve Cryptosystems," presentation at RSA Data Security Conf., January 1995.
  3. D. R. Stinson, "Cryptography: Theory and Practice," chapter 5.2.
  4. A. Menezes, "Elliptic Curve Public Key Cryptosystems," Kluwer Academic Publishers, 1993.
  5. "IEEE 1363: Standard for Public Key Cryptography," available by www from http://stdsbbs.ieee.org/groups/1363/
  6. R. Lercier and F. Morain, "Counting the number of points on elliptic curves over finite fields: strategies and performances," Proc. EUROCRYPT'95, pp. 79-94.
  7. A. Menezes, S. Vanstone, and R. Zuccherato, "Counting points on elliptic curves over F(2^m)," Math. Comp., vol. 60, Jan. 1993, pp. 407-420.
  8. A. Miyaji, "Elliptic curves over F(p) suitable for cryptosystems," Proc. AUSCRYPT'92, pp. 479-491.
  9. A. Menezes and S. Vanstone, "Elliptic Curve Cryptosystems and Their Implementation," Journal of Cryptology, vol. 6, no.4, Autumn 1993, pp. 209-224.
Prerequisites: basics of number theory
 

Project NA-2

Title: Efficient operations on points of an elliptic curve over the Galois field GF(2^n).

Description:

Elliptic curves for cryptographic applications may be constructed over fields GF(p), where p is a large prime, and GF(2^m) where m is some integer. Additionally, the operations in the field GF(2^m), addition, multiplication, division, and remainder, can be defined in various ways, leading to equivalent (isomorphic) fields. Choosing these operations affects the efficiency and complexity of the hardware and software implementations of elliptic curve cryptosystems. Two ways of defining GF(2^m) given in the IEEE P1363 standard use so called polynomial and optimal normal bases. Choice of any of these bases leads to hardware implementation that is more efficient than hardware implementation of operations in GF(p). Your task is to analyze and compare architectures used to implement multiplication and inversion in the fields GF(2^m) with polynomial and optimal normal bases, and estimate the running times for these operations.

Literature:

  1. A. Menezes, "Elliptic Curve Cryptosystems," RSA Laboratories' CryptoBytes, vol. 1, no. 2, summer 1995, pp. 1-4.
  2. S. Vanstone, "An Introduction to Elliptic Curve Cryptosystems," presentation at RSA Data Security Conf., January 1995.
  3. D. R. Stinson, "Cryptography: Theory and Practice," chapter 5.2.
  4. A. Menezes, "Elliptic Curve Public Key Cryptosystems," Kluwer Academic Publishers, 1993.
  5. "IEEE 1363: Standard for Public Key Cryptography," available by www from http://stdsbbs.ieee.org/groups/1363/
  6. G. B. Agnew, et al., "Arithmetic Operations in GF(2^n)," Journal of Cryptology, vol. 6, 1993, pp. 3-13.
  7. C. C. Wang, et. al, "VLSI Architectures for Computing Multiplications and Inverses in GF(2^n)," IEEE Transactions on Computers, vol. C-34, no. 8, Aug. 1985.
  8. G. B. Agnew, R. C. Mullin, and S. A. Vanstone, "An Implementation of Elliptic Curve Cryptosystems Over F(2^155)," IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, June 1993.
  9. A. Menezes and S. Vanstone, "Elliptic Curve Cryptosystems and Their Implementation," Journal of Cryptology, vol. 6, no.4, Autumn 1993, pp. 209-224.
  10. G. B. Agnew, et al., "An Implementation for a Fast Public-Key Cryptosystem," Journal of Cryptology, vol. 3, 1991, pp. 63-79.
Prerequisites: basics of number theory