An Introduction to Elliptic Curve Cryptography - Introduction to Cryptography with Maple

Cryptography Reference

In-Depth Information

The signatures of these messages are the following (note that in the case of the

ASCII message m1 we have to specify messagetype=text ):

> s1 := ECDSASign(dp256, eckey[1], m1, snseed1, messagetype = text);

["1c9852d60e45b864ab2227e66447caf678202c5ce1a13135c2423120b9edc870",

"293f8bd87436edfff89abf5dd72e27bceebd777439b5ab677bfd2fa5a7d38538"]

> s2 := ECDSASign(dp256, eckey[1], m2, snseed2);

["510b4b98b7fad7b33f5ca5ea82cf2c2fdfc1ba90329966cea3a0837fe82427af",

"aed245c193e0448c053e056498a50de461a3ae19bf7a1b93fe3151e69c980f6d"]

The verification of the signatures is then as follows:

> ECDSAVer(dp256, eckey[2], m1, s1, messagetype = text);

"Valid"

> ECDSAVer(dp256, eckey[2], m2, s2);

"Valid"

11.4.4 Elliptic Curve Encryption

The only EC encryption scheme we have mentioned so far is Elgamal but, as is

shown in Sect. 8.5 , this scheme is malleable and hence is not CCA secure. We now

present a more secure encryption scheme which is essentially a hashed version of

Elgamal that also uses a MAC for added protection against active attacks. It is called

“Elliptic Curve Integrated Encryption Scheme” (ECIES) and was introduced in [1]

and subsequently included in several standards.

ECIES is a hybrid encryption scheme in which a Diffie-Hellman protocol is

used to derive two symmetric keys k 1 , k 2 . The first of them is used to encrypt the

plaintext with a symmetric encryption scheme and the second is used to authenticate

the resulting ciphertext with a MAC. Thus, in addition to the EC domain parameters

(

,

)

p

a

b

G

n

h

, the following cryptographic primitives are also required:

•

An encryption function E k and a decryption function D k corresponding to a

private-key encryption scheme such as AES.

•

A key derivation function , KDF, which is built from a hash function and, on input

a pair of points on the elliptic curve (and, possibly, a desired length l ), outputs a

bit string. KDF is usually defined as a concatenation of hash values similar to that

used in the function MGF1 defined in 8.3.7 . Actually, a variant of MGF1 can be

used for this purpose.

•

A message authentication code, generically denoted MAC (for example, HMAC

can be used).

Given these parameters, the ECIES encryption scheme for elliptic curves over a

prime field may be defined as follows (the definition for other fields is similar):

Definition 11.6 The Elliptic Curve Integrated Encryption Scheme is the public-key

encryption scheme:

(

Gen ECIES ,

Enc ECIES ,

Dec ECIES )

ECIES =

,

Introduction to Cryptography with Maple

Search WWH ::

Custom Search

Home