Generation, Verification, and Attacks on Elliptic Curves and their Applications in Signal Protocol

Elliptic curves (EC) are widely studied due to their mathematical and cryptographic properties. Cryptographers have used the properties of EC to construct elliptic curve cryptosystems (ECC). ECC are based on the assumption of hardness of special instances of the discrete logarithm problem in EC. One of the strong merits of ECC is providing the same cryptographic strength with smaller key size compared to other public key cryptosystems. A 256 bit ECC can provide similar cryptographic strength as a 3072 bit RSA cryptosystem. Due to smaller key sizes, elliptic curves are an attractive option in devices with limited storage capacity. It is therefore essential to understand how to generate these curves, verify their correctness and assure that they are resistant against attacks. The security of an EC cryptosystem is determined by the choice of the curve that is used in that cryptosystem. Over the years, a number of elliptic curves were introduced for cryptographic use. Elliptic curves such as FRP256V1, NIST P-256, Secp256k1 or SM2 curve are widely used in many applications like cryptocurrencies, transport layer protocol and Internet messaging applications. Another type of popular curves are Curve25519 introduced by Dan Bernstein and Curve448 introduced by Mike Hamburg, which are used in an end to end encryption protocol called Signal. This protocol is used in popular messaging applications like WhatsApp, Signal Messenger and Facebook Messenger. Recently, there has been a growing distrust among security researchers against the previously standardized curves. We have seen backdoors in the elliptic curve cryptosystems like the DUAL_EC_DRBG function that was standardized by NIST, and suspicious random seeds that were used in NIST P-curves. We can say that many of the previously standardized curves lack transparency in their generation and verification. We focus on transparent generation and verification of elliptic curves. We generate curves based on NIST standards and propose new standards to generate special types of elliptic curves. We test their resistance against the known attacks that target the ECC. Finally, we demonstrate ECDLP attacks on small curves with weak structure

Secure elliptic curves in cryptography

Elliptic Curve Cryptography (ECC) is a branch of public-key cryptography based on the arithmetic of elliptic curves. In the short life of ECC, most standards have proposed curves defined over prime finite fields using the short Weierstrass form. However, some researchers have started to propose as a more secure alternative the use of Edwards and Montgomery elliptic curves, which could have an impact in current ECC deployments. This chapter presents the different types of elliptic curves used in Cryptography together with the best-known procedure for generating secure elliptic curves, Brainpool. The contribution is completed with the examination of the latest proposals regarding secure elliptic curves analyzed by the SafeCurves initiative.Acknowledgements: This work has been partly supported by Ministerio de Economía y Competitividad (Spain) under the project TIN2014-55325-C2-1-R (ProCriCiS), and by Comunidad de Madrid (Spain) under the project S2013/ICE-3095-CM (CIBERDINE), cofinanced with the European Union FEDER funds

BINARY EDWARDS CURVES IN ELLIPTIC CURVE CRYPTOGRAPHY

Edwards curves are a new normal form for elliptic curves that exhibit some cryp- tographically desirable properties and advantages over the typical Weierstrass form. Because the group law on an Edwards curve (normal, twisted, or binary) is complete and unified, implementations can be safer from side channel or exceptional procedure attacks. The different types of Edwards provide a better platform for cryptographic primitives, since they have more security built into them from the mathematic foun- dation up. Of the three types of Edwards curves—original, twisted, and binary—there hasn’t been as much work done on binary curves. We provide the necessary motivation and background, and then delve into the theory of binary Edwards curves. Next, we examine practical considerations that separate binary Edwards curves from other recently proposed normal forms. After that, we provide some of the theory for bi- nary curves that has been worked on for other types already: pairing computations. We next explore some applications of elliptic curve and pairing-based cryptography wherein the added security of binary Edwards curves may come in handy. Finally, we finish with a discussion of e2c2, a modern C++11 library we’ve developed for Edwards Elliptic Curve Cryptography

Efficient Arithmetic for the Implementation of Elliptic Curve Cryptography

The technology of elliptic curve cryptography is now an important branch in public-key based crypto-system. Cryptographic mechanisms based on elliptic curves depend on the arithmetic of points on the curve. The most important arithmetic is multiplying a point on the curve by an integer. This operation is known as elliptic curve scalar (or point) multiplication operation. A cryptographic device is supposed to perform this operation efficiently and securely. The elliptic curve scalar multiplication operation is performed by combining the elliptic curve point routines that are defined in terms of the underlying finite field arithmetic operations. This thesis focuses on hardware architecture designs of elliptic curve operations. In the first part, we aim at finding new architectures to implement the finite field arithmetic multiplication operation more efficiently. In this regard, we propose novel schemes for the serial-out bit-level (SOBL) arithmetic multiplication operation in the polynomial basis over F_2^m. We show that the smallest SOBL scheme presented here can provide about 26-30\% reduction in area-complexity cost and about 22-24\% reduction in power consumptions for F_2^{163} compared to the current state-of-the-art bit-level multiplier schemes. Then, we employ the proposed SOBL schemes to present new hybrid-double multiplication architectures that perform two multiplications with latency comparable to the latency of a single multiplication. Then, in the second part of this thesis, we investigate the different algorithms for the implementation of elliptic curve scalar multiplication operation. We focus our interest in three aspects, namely, the finite field arithmetic cost, the critical path delay, and the protection strength from side-channel attacks (SCAs) based on simple power analysis. In this regard, we propose a novel scheme for the scalar multiplication operation that is based on processing three bits of the scalar in the exact same sequence of five point arithmetic operations. We analyse the security of our scheme and show that its security holds against both SCAs and safe-error fault attacks. In addition, we show how the properties of the proposed elliptic curve scalar multiplication scheme yields an efficient hardware design for the implementation of a single scalar multiplication on a prime extended twisted Edwards curve incorporating 8 parallel multiplication operations. Our comparison results show that the proposed hardware architecture for the twisted Edwards curve model implemented using the proposed scalar multiplication scheme is the fastest secure SCA protected scalar multiplication scheme over prime field reported in the literature

The nature of pulsar radio emission

High-quality averaged radio profiles of some pulsars exhibit double, highly symmetric features both in emission and absorption. It is shown that both types of features are produced by a split-fan beam of extraordinary-mode curvature radiation (CR) that is emitted/absorbed by radially-extended streams of magnetospheric plasma. With no emissivity in the plane of the stream, such a beam produces bifurcated emission components (BFCs) when our line of sight passes through the plane. A distinct example of double component created in that way is present in averaged profile of the 5 ms pulsar J1012+5307. We show that the component can indeed be very well fitted by the textbook formula for the non-coherent beam of curvature radiation in the polarisation state that is orthogonal to the plane of electron trajectory. The observed width of the BFC decreases with increasing frequency at the rate that confirms the curvature origin. Likewise, the double absorption features (double notches) are produced by the same beam of the extraordinary-mode CR, when it is eclipsed by thin plasma streams. The intrinsic property of CR to create bifurcated fan beams explains the double features in terms of very natural geometry and implies the curvature origin of pulsar radio emission. (abbreviated)Comment: 16 pages, 18 figures, accepted by MNRAS after minor revisio