I. Introduction
There are currently two popular encryption algorithms, one is based on the large integer factorization problem ( IFP
) RSA
and the algorithm based on the discrete logarithm calculation problem on the elliptic curve ( ECDLP
) ECC
. RSA
The algorithm has been explained in detail before , but ECC
the encryption algorithm has not been discussed yet, so I will explain ECC
the content of the encryption algorithm as simple and easy to understand as possible without delving into mathematical concepts.
2. Encryption process
It is inevitable to get in touch with some mathematical knowledge here, and I don’t understand the process of encrypting secrets. Please refer to my third part of the explanation for the corresponding process, nanny-level teaching.
1. Mathematical principles
We assume that there are two points P and Q on the elliptic curve, and then k is an integer. At this point there are:
Q = k P Q=kPQ=kP
For given k and P, it is easy to calculate Q according to the addition rule, but it is very difficult to find k given P and Q
2. Encryption and decryption
- Select an elliptic curve Ep(a,b), and take a point on the elliptic curve as the base point P
- Choose a large number k as the private key, and generate the public key Q (Q=kP)
- Encryption: Choose a random number r to generate ciphertext C from plaintext M. The ciphertext is a point pair,
C=(rP,M+rQ)
- Decryption: M+rQ-k(rP)=M+r(kP)-K(rP)=M
3. Mathematics Supplement
1. Why use elliptic curves
Whether it is the ECC encryption algorithm or other encryption algorithms, the basis of encryption is based on a mathematical problem. ECC
Encryption is designed based on the elliptic curve discrete logarithm problem. Let's first look at the mathematical principle of this problem.
We assume two points on an elliptic curve P
and Q
then k
integers. At this point: Q=KP
For a given k
sum P
, according to the law of addition, the calculation Q
is easy, but given P
the sum Q
, it is very difficult to find k
.
The Q=KP here is not the multiplication in mathematics that you understand. I will explain it later and tell you what KPQ is.
2. What is an elliptic curve
Here, first throw away the ellipse in the mathematics that you think in your head. The elliptic curve is not an ellipse.
The ellipse in your head is: x 2 /a 2 +y 2 /b 2 =1,
Now the elliptic curve is: y 2 = x 3 + ax +b, which also satisfies (4a 3 + 27b≠0)
The satisfaction 4a^3 + 27b^2 ≠ 0
is to ensure that there is no singular point in the curve, that is, to ensure that there is a tangent at every point on the curve.
Singularity, also known as flaws, should have been introduced in the university's advanced mathematics, but I forgot to remember to turn it into high mathematics, of course it is not the focus here.
This is the graph of the elliptic curve found on the Internet. Please refer to it:
3. Finite fields
First of all, we know that the elliptic curve is continuous, and it is not suitable for encryption. We need to turn the elliptic curve into discrete points, and the area formed by these discrete points is a finite field.
Note: Finite fields are not simple collections. I will refer to the introduction of detailed fields when I write about the information security of the Internet of Things later. Here is a brief mention.
A field is a set on which addition, subtraction, multiplication, and division operations can be performed without the result exceeding the field. For example, sets of rational numbers, sets of real numbers, and sets of complex numbers are all fields, but sets of integers are not. (Obviously, the fraction or decimal obtained by division has exceeded the set of integers)
If a field F contains only a finite number of elements, it is called a finite field, and the number of elements in a finite field is called the order of the finite field.
The order of each finite field must be a power of a prime number, that is, the order of a finite field can be expressed as p n (p is a prime number, n is a positive integer), and this finite field is usually called Galois Fields (Galois Fields), denoted as GF§.
Based on the domain definition, make the following modifications:
- 1. Define modulo p addition and modulo p multiplication (when the result of addition or multiplication exceeds p, the remainder modulo p is taken, and p is a prime number)
- 2. The elements in the set are calculated by addition and multiplication, and the result is still in the set.
- 3. Calculate the exchange rate, binding rate and distribution rate
- 4. Addition and multiplication have unit elements (all values in the set have corresponding negative numbers, and all non-zero values in the set have reciprocals).
How to ensure that after the operation, the elements are still in the finite field? This requires a modulo operation.
4. Addition rules for elliptic curves
Although the algorithm of the elliptic curve uses the same addition and multiplication as usual operations, it is not a simple addition or multiplication of two coordinates. Here we first introduce to you how the algorithm of the elliptic curve is. Yes, let’s introduce how to calculate. First, let’s look at the addition rule, as shown in the figure below:
Look at the picture to understand: here we have two points A and B (on the elliptic curve), and now the point where their connection line and the intersection point of the elliptic curve is symmetrical about the x-axis is the point A+B we need to calculate.
Here, it is still necessary to select the straight line determined by the two points A and B. It must be ensured that it has a third intersection point. Suppose you take B=-A now, then the graph drawn is like this:
In this case, we can think that the straight line intersects the elliptic curve at a point at infinity.
5. Multiplication of elliptic curves
In mathematics, do we understand multiplication as the superposition of addition, and it is the same here, A+A=2A.
On the basis of the addition just now, we make point B infinitely close to point A until they coincide. At this time, the connection line AB is equivalent to the tangent line of A. The intersection point of the tangent line and the ellipse is the axisymmetric point, X
that A+A
is2A
Calculation 3A is the result of the calculation . Make a straight line A+2A
through A
point and point, and then the symmetric point with the focus of the elliptic curve about the axis is .2A
X
3A
Supplement: Q=KP in the second part, do you understand it now, where K is the number 2, 3... here, P is the point A we used for example here, and Q is the calculation result.
At this point, everyone should be able to understand why we mentioned the mathematical problems of elliptic curves at the beginning:Q=KP
For a given k
sum P
, the calculation Q
is easy according to the law of addition.
The K here can be very large. Don’t think it’s just 2 or 3. Here’s an example.
6. Give an example
Elliptic Curve Equation: x 3 + x +1
When GF(23)
over a finite field, our elliptic curve becomes the following:
4. Example calculation
1. Operation rules
2. For example
Now we assume y2 = x3 + x +1 mod(23)
Grade point: A (0, 1)
When A=B, bring into the calculation k=3*0 2 +1/2=1/2 mod(23)
This involves fractional modulo operations, we can use congruence replacement to calculate:
Therefore, x3 here is calculated to be 6;
At the same time, y3 can also be calculated as 19.
Both x3 and y3 come out here, so let’s not talk about the x-axis symmetry.
3. Teacher's class example
Five.python implementation
def get_points(a, b, p):
"""
获取有限域下的散点集
"""
# 计算所有可能的点坐标
points = []
for x in range(p):
y_square = (x ** 3 + a * x + b) % p
for y in range(p):
if (y ** 2) % p == y_square:
points.append((x, y))
return points
def cal_k(point_A, point_B, p):
"""
计算斜率k
"""
if point_A == point_B:
son = 3 * pow(point_A[0], 2) + a
mother = 2 * point_A[1]
# 费马小定理求分数取模
return (son * pow(mother, p - 2)) % p
else:
son = point_B[1] - point_A[1]
mother = point_B[0] - point_A[0]
# 费马小定理求分数取模
return (son * pow(mother, p - 2)) % p
def cal_add(point_A, point_B, p, k):
"""
椭圆曲线加法
计算A+B的结果坐标
:param k: 斜率
"""
# A+B=C,计算c的坐标
cx = (k ** 2 - point_A[0] - point_B[0]) % p
cy = (k * (point_A[0] - cx) - point_A[1]) % p
return cx, cy
def cal_NA(key, point_A, point_B, p):
"""
椭圆曲线乘法
计算NA
"""
# 执行0~key-1共key次
for i in range(key - 1):
k = cal_k(point_A, point_B, p)
point_B = cal_add(point_A, point_B, p, k)
return point_B
def encryption(r, Q, m, p):
"""
加密
"""
cx = cal_NA(r, A, B, p)
rQ = cal_NA(r, Q, Q, p)
k = cal_k(m, rQ, p)
cy = cal_add(m, rQ, p, k)
return cx, cy
def decryption(cplantext, key, p):
"""
解密
"""
kc2 = cal_NA(key, cplantext[0], cplantext[0], p)
# 减法即关于x轴对称点的坐标
kc2 = (kc2[0], -kc2[1])
k = cal_k(cplantext[1], kc2, p)
result = cal_add(cplantext[1], kc2, p, k)
return result
# 测试-------------------------------------------------------------------
# 椭圆曲线的a,b
a = 1
b = 6
# 有限域的阶
p = 11
# 私钥k
key = 7
# 散点表
points = get_points(a, b, p)
print("散点表中的元素:")
print(points, end='')
print("\n-------------------------------------------------------------------")
# ------------------------------------------------------------------------
# A是基点,为散点表中的一点,B是另一个交点,这里初始时相同
A = (2, 7)
B = (2, 7)
# 公钥Q=7A
Q = cal_NA(key, A, B, p)
# 随机数r
r = 3
# --------------------------------------------------------------------------
# 消息
message = (10, 9)
print(f"原始消息:{
message}")
# 密文
c = encryption(r, Q, message, p)
print(f"加密后的结果:{
c}")
# 解密
result = decryption(c, key, p)
print(f"解密后的结果:{
result}")
6. Running results
I am also in the process of learning.
Reference link: