What? That’s what you call a progress???

This is exactly what was happening to me today when I met my advisor/supervisor. Hi hi hi…

And he gave a bunch of questions and a long to-do-list, result in an expanding mind maps of mine! Aaaaaaaaa!!!!

Fermat’s Last Theorem

Some of my favorites book arrived today. One of the is this book

But the funny thing is, it has different cover with those I found on the web:

Is it because they’re from different publishers, or there are different versions, I will find out

Ready to enjoy the book… (the piles is getting higher, adding more distractions for me, hi hi hi…)

Quals – postponed

Forgot to inform that my academic supervisor #1 adviced me to postpone the quals until I’m ready with the “hands-on experience” (in this case will be coding). He suggested me to stop reading papers and start to implement the theory has been gathered.

So I will stop those “endless paper-hunting” activity for a while and focusing on building a small cryptosystem and make it work!

Large integers

Have been doing some coding on large integers for the last couple of weeks.

The integers are represented in a half of 32 bytes words.

So far the program has been verified for the addition, substraction, multiplication and division operations.

Functions for converting ascii to large integer or vice versa have also been built and verified.

Next step will be developing some functions for basic number theory like GCD, modular arithmetic, Fermat’s theorem, finite fields and generators.

Still a long way to go, even for a simple cryptosystem to convert a word into a point in elliptic curve.

Current to do list

I will just scribble notes here about what I got from the regular discussion today:

1. Is it relevant to observe the input and output class groups? Which condition regarding to this correlation should be considered as “secure”?
2. How many class numbers will be needed to be considered as “secure”? How does the number affects the security? Any research on that?
3. Generating curve, then choose the generator, or vice versa? Observe the effect of applying different generators
4. Is it possible (if possible, is it necessary?) to apply some feedback to the system?
5. Find the most convenient way to convert plaintext to point in ECC
6. Find out more about cryptanalysis on ECC
7. Getting ready for quals! QUALS!!!

Converting text to point in ECC

I’m now building some simple codes for converting plain text character to a point on an elliptic curve.

Here’s how I’m gonna do it, based on Mike Rosing’s hints:

1. Take the data, and treat it as an x value
2. If x value fit on the curve, then find y. Each x value has two y values associated with it.
3. If x value does not fit on the curve, add extra bits to the data (but make sure not to mess with the raw data)
4. Check again
5. Repeat until the combination of the raw data and extra bits does fit on the curve.

To get the x value back, just mask off the extra bits to recover the raw data.

Presentation at Math Dept.

Going to give a presentation at the Math Dept. tomorrow. Talking about cryptography and ECC and ECDLP. Will avoid explaining about those math equations, otherwise the students will eat me alive, hi hi hi

Wish me luck

ECC and diffusion?

After spending hours googling and reading some pdf and presentation files, I still cannot find the correlation between the term “diffusion” with ECC.

For now I do really think that the term “diffusion” is only for symmetric-key system.

Will find out more about it later. Hmmm….

Cryptanalysis of ECC

To make sure that your cryptosystem is secure, then you have to do cryptanalysis.

The known attacks for ECC are:

* The Pohlig-Hellman algorithm (which reduces the problem to subgroups of prime order)

* Shanks’ baby-step-giant-step method

* Pollard’s methods, the rho method and the kangaroo method, both of which have parallel versions due to van Oorschot and Wiener

* The Menezes-Okamoto-Vanstone (MOV) attack using the Weil pairing

* The Frey-Rueck attack using the Tate pairing

* The attacks on anomalous elliptic curves (i.e., elliptic curves over F_p which have p points) due to Semaev, Satoh-Araki and Smart

* Weil descent (for some special finite fields)

* Algebro-geometric attack

Next step will be to choose which attacks to be used for measuring the level of security of ECC.

Confusion and Diffusion

Diffusion means many bits of the plaintext (possibly all) affect each bit of the ciphertext.
Confusion means there is a low statistical bias of bits in the  ciphertext.

Question: the diffusion behaviour for ECC in encryption process?