Discrete Methods in Mathematical Informatics Lecture 1: What is Elliptic Curve? 9 th October 2012...

Discrete Methods in Mathematical InformaticsLecture 1: What is Elliptic Curve?

9th October 2012

Vorapong Suppakitpaisarnhttp://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/

[email protected], Eng. 6 Room 363Download Slide at: https://www.dropbox.com/s/xzk4dv50f4cvs18/Lecture

%201.pptx?m

First Section of This Course [5 lectures]

Lecture 1: What is

Elliptic Curve?

Lecture 2: Elliptic Curve

Cryptography

Lecture 3-4:

Fast Implementation

for Elliptic Curve Cryptography

Lecture 5: Factoring

and Primality Testing

L. C. Washington, “Elliptic Curves: Number Theory and Cryptography”, Chapman &

Hall/CRC, 2003.

• Lecture 1: Chapter 1, Chapter 2 (2.1, 2.2)

• Lecture 2: Chapter 6 (6.1 – 6.6)

• Lecture 5: Chapter 7

Recommended Reading

H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F. Vercauteren, "Handbook of Elliptic and Hyperelliptic

Curve Cryptography", Chapman & Hall/CRC, 2005.

A. Cilardo, L. Coppolino, N. Mazzocca, L. Romano, "Elliptic Curve Cryptography Engineering", Proc. of IEEE Vol. 94,

No. 2, pp. 395-406 (2006).

In each lecture, 1-2 exercises will be given,

Choose 3 Problems out of them.

Submit to

[email protected]

before 31 Dec 2012

Grading

Problem 1: The Artillerymens Dilemma (is not a) Puzzle

http://cashflowco.hubpages.com/

?

Height = 0: 0 Ball Square

Height = 1: 1 Ball Square

Height = 2: 1 + 4 = 5 Balls Not Square

Height = 3: 1 + 4 + 9 = 14 Balls Not Square

Height = 4: 1 + 4 + 9 + 16 = 30 Balls Not Square

2232222

6

1

2

1

3

1

6

121321 yxxx

)x)(x(xx...

Elliptic Curve

Problem 1: The Artillerymens Dilemma (is not a) Puzzle (cont.)

223

6

1

2

1

3

1yxxx

(0,0)

(1,1)

y = x

223

6

1

2

1

3

1xxxx

02

1

2

3 23 xxx

0)()(

0))()((23

abcxbcacabxcbax

cxbxax

a,b,c

equation the of roots

are that Suppose

solution. another is 2

1 y ,

2

1 x thatknow We

2

12

310

c

ccba

(1/2,1/2)

Problem 1: The Artillerymens Dilemma (is not a) Puzzle (cont.)

223

6

1

2

1

3

1yxxx

(0,0)

(1,1)

y = x

(1/2,1/2)

(1/2,-1/2)

y = 3x-2

223 )23(6

1

2

1

3

1 xxxx

0...2

51 23 xx

2

511

2

1 x

70,24 yx

2222 7024...21

70 Length Square for 24 Height Pyramid

Problem 2: Right Triangle with Rational Sides

We want to find a right triangle with rational sides

in which area = 5

3

4

5

6

15

8

17

60

15/2

4

17/2

155

5

510

Problem 2: Right Triangle with Rational Sides (cont.)

a

b

c

ab/2 = 5

22210 cb, aab

524

102

4

2

2

22222

ccbababa

524

102

4

2

2

22222

ccbababa

numbers rational of square are 2

c

2

c

numbers rational are

5,2

,5

2,

2,

2222

c

bacba

23 25)5()5( yxxxxx

Elliptic Curve

4

25x

num rational of square

a not is 4

5 but

curve,elliptic of

solution a is

4

45,

Note


23 25 yxx

(-4,6)12

23

)6(2

25)4(3

2

253

2)253(

)()25(

22

2

23

y

x

x

y

yyxx

yxx

3

41)4(

12

23)6(

12

23

c

cxy3

41

12

23 xy


23 )3

41

12

23(25 xxx

0...144

529 23 xx

0)()(

0))()((23

abcxbcacabxcbax

cxbxax

a,b,c

equation the of roots

are that Suppose

2

6

41

144

1681

144

52944

0)))(4())(4((

x

x

cxxx

23 25 yxx

(-4,6)

3

41

12

23 xy

(1681/144,62279/1728)


22

22

22

212

49

144

24015

212

31

144

9615

212

41

bax

bax

cx

2

3,

3

206

492

12

496

312

12

316

412

12

41

ba

ba

ba

c

20/3

3/2

41/6

5

23 25 yxx

(-4,6)

3

41

12

23 xy

(1681/144,62279/1728)

Exercises

5. area withtriangle right another find to

at line tangent the Use )1728

62279,

144

1681(),( yx

Exercise 1

Exercise 2

numbers. rational of squares are

that such point a in curve the intersects

at curve this to line tangent the then , and

satisfying numbers rational are if thatShow integer. an be Let

nn,x,xx),y(x(x,y)

n,xxnxy

x, yn

11111

232 0,

Problem 3: Fermat’s Last Theorem

http://wikipedia.com/

nnn cba

a,b,c

n

that such

integers nonzero no is there

, Given 3

• Conjectured by Pierre de Fermat in Arithmetica (1637).

“I have discovered a marvellous proof to this theorem, that this margin

is too narrow to contain”

• There are more than 1,000 attempts, but

the theorem is not proved until 1995 by

Andrew Wiles.

• One of his main tools is Elliptic Curve!!!

Problem 3: Fermat’s Last Theorem (cont.)

nnn cba

a,b,c

n

that such integers nonzero no is there

, Given 3

• Fermat kindly provided the proof for the case when n = 4

2

22

2

22 )(4,

a

cbby

a

cbx

xxy 432 Elliptic Curve

By several elliptic curves techniques, Fermat found that all rational solutions of the elliptic curve are (0,0),

(2,0), (-2,0)

Formal Definitions of Elliptic Curve

0274 2332 BABAxxy when

B}AxxL|yL{(x,y)}{E(L) 32

223

6

1

2

1

3

1yxxx

(0,0)

(1,1)

y = x

(1/2,1/2)

(1/2,-1/2)

Weierstrass Equation

Elliptic Curve

.

)(),(),,(

33

33

21

2211

)y,(xQP

),y(xR

QP

Q Pxx

LEyxQyxP

3.

curve. the cut line the that

point another , point Find 2.

and point pass that line aDraw 1.

:follows as define we, If

Point Addition

)2

1,

2

1()1,1()0,0(

Formal Definitions of Elliptic Curve (cont.)

.

)(),(),,(

33

33

21

2211

)y,(xQP

),y(xR

QP

Q Pxx

LEyxQyxP

3.

curve. the cut line the that

point another , point Find 2.

and point pass that line aDraw 1.

:follows as define we, If

Point Addition

)( 11

12

12

xxmyy

xx

yym

0...

))((223

311

32

xmx

BAxxyxxm

BAxxy

212

3 xxmx

1133 )( yxxmy


223

6

1

2

1

3

1yxxx

x = 1/2

(1/2,1/2)

(1/2,-1/2)

QPyyxx

LEyxQyxP

, , If 2121

2211 )(),(),,(

Point Addition

,PP

)y, (xP P PQ P

),y(xR

yyxx

LEyxQyxP

33

33

221

2211

2

)(),(),,(

3.

curve. the cut

line the that point another Find 2.

P. point at curve the touching line aDraw 1.

, If 1

Point Double

1728

62279,

144

1681)6,4()6,4()6,4(2

23 25 yxx

(-4,6)

3

41

12

23 xy

(1681/144,62279/1728)


Point Double

)( 11 xxmyy

0...

))((223

311

32

xmx

BAxxyxxm

BAxxy

12

3 2xmx

1133 )( yxxmy

)y, (xP P PQ P

),y(xR

yyxx

LEyxQyxP

33

33

221

2211

2

)(),(),,(

3.

curve. the cut

line the that point another Find 2.

P. point at curve the touching line aDraw 1.

, If 1

y

Ax

x

ym

xAxyy

BAxxy

2

3

)3(22

2

32

First Section of This Course [5 lectures]

Lecture 1: What is

Elliptic Curve?

Lecture 2: Elliptic Curve

Cryptography

Lecture 3-4:

Fast Implementation

for Elliptic Curve Cryptography

Lecture 5: Factoring

and Primality Testing

L. C. Washington, “Elliptic Curves: Number Theory and Cryptography”, Chapman &

Hall/CRC, 2003.

• Lecture 1: Chapter 1, Chapter 2 (2.1, 2.2)

• Lecture 2: Chapter 6 (6.1 – 6.6)

• Lecture 5: Chapter 7

Recommended Reading

H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F. Vercauteren, "Handbook of Elliptic and Hyperelliptic

Curve Cryptography", Chapman & Hall/CRC, 2005.

A. Cilardo, L. Coppolino, N. Mazzocca, L. Romano, "Elliptic Curve Cryptography Engineering", Proc. of IEEE Vol. 94,

No. 2, pp. 395-406 (2006).

In each lecture, 1-2 exercises will be given,

Choose 3 Problems out of them.

Submit to

[email protected]

before 31 Dec 2012

Grading

Exercises

5. area withtriangle right another find to

at line tangent the Use )1728

62279,

144

1681(),( yx

Exercise 1

Exercise 2

numbers. rational of squares are

that such point a in curve the intersects

at curve this to line tangent the then , and

satisfying numbers rational are if thatShow integer. an be Let

nn,x,xx),y(x(x,y)

n,xxnxy

x, yn

11111

232 0,

Thank you for your attention

Please feel free to ask questions or comment.

Scalar Multiplication• Scalar Multiplication on Elliptic Curve

S = P + P + … + P = rP

when r1 is positive integer, S,P is a member of the curve• Double-and-add method• Let r = 14 = (01110)2

Compute rP = 14P r = 14 = (0 1 1 1 0)2 Weight = 3

P 3P 7P 14P

6P2P 14P

3 – 1 = 2 Point Additions

4 – 1 = 3 Point Doubles

r times

O

Discrete Methods in Mathematical Informatics Lecture 1: What is Elliptic Curve? 9 th October 2012...

Documents

Transcript of Discrete Methods in Mathematical Informatics Lecture 1: What is Elliptic Curve? 9 th October 2012...