Re: [curves] Fwd: Crash Course on ECC poster

Tue, 07 Jul 2015 23:03:05 -0700 

Nice poster, Tony!

An interesting variant of the "clock cryptography" is to imagine
Diffie-Hellman on the complex unit clock, as described in Bernstein and
Lange's intro.  I think it's a more intuitive analogy to ECC than powers
of the generator, and you don't necessarily need primitive roots.

So pick some amount of time -- 1/q of the day -- and Alice tells Bob
where the clock hands are pointing at a/q of the day, and Bob tells
Alice where they're pointing at b/q of the day.  They can both compute
where the hands are pointing at ab/q of the day, and that's the DH secret.

They express where the hands are pointing as (x,y), where x^2 + y^2 =
1.  The identity is (0,1) = midnight.  The formulas for adding times are
the same as multiplication of complex numbers, except x and y are
swapped because midnight is at the top: (x,y)+(X,Y) = (xY+Xy, yY-xX).

With real numbers this is a pain because of rounding errors.  It
actually works and is not trivially breakable if you do it mod a prime,
particularly a 3-mod-4 prime.  But it's susceptible to index calculus.

Then if you want you can say "... but on a warped clock ..." and get an
Edwards curve.  The Edwards curve has equation x^2 + y^2 = 1 + dx^2y^2. 
It has addition formulas ((xY+Xy)/(1+dxXyY), (yY-xX)/(1-dxXyY)),
limiting to the circle when d=0.  There's also sooort of a way to turn
it into the Weierstrass equation, but it's probably not worth doing.

Just my two cents.

Cheers,
-- Mike


On 07/07/2015 08:12 PM, Tony Arcieri wrote:
> I made this poster for the DEFCON Crypto and Privacy Village. It's
> intended for audiences of mixed ability levels:
>
> https://i.imgur.com/hwbSRHh.png
>
> Would appreciate technical feedback on it. If you'd like to suggest
> copy changes, please consider design constraints (i.e. available room
> on the page).
>
> Thanks!
>
> -- 
> Tony Arcieri
>
>
> _______________________________________________
> Curves mailing list
> [email protected]
> https://moderncrypto.org/mailman/listinfo/curves


_______________________________________________
Curves mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/curves

Reply via email to