Cryptography Overview

The following calculations are really just a series of substitutions that can be made by looking back at the definition. You may find it more convincing to go through the substitution steps yourself, by glancing back at the preceding sections Creating the Key Pair, Signing a Message, and Verifying a Signature.

If the message has been signed correctly, then s = s’. Expanding the elliptic curve point (x1,y1) = u1P +u2Q calculated by the recipient, we see that:

u1P +u2Q = es–1P+ rs-1Q=s–1(eP+ rQ)

Recall that Q = dP, so:

u1P +u2Q = s–1(eP+ rQ)

=s–1(eP+ rdP)

=s–1(e + rd)P

=s–1(e + dr)P

Now recall that s = k–1(e+dr) mod n, so:

u1P +u2Q = s–1(e + dr)P

=[k–1(e+dr)]-1(e + dr)P

=(k–1)–1(e+dr)–1(e+dr)P

=kP

This is the point calculated by the recipient. But this is also the point generated by the sender. The recipient then checks that the x-coordinate of the calculated point is in fact the x-coordinate that was received.

Elliptic Curve Authenticated Encryption Scheme (ECAES)

You can use elliptic curves to create an authenticated encryption scheme with a public/private key pair.

As always with elliptic curves, we assume that the elliptic curve parameters have been defined in advance. Suppose Bob has a key pair based on these parameters. The pair is (Q,k2), where Q = k2P, where P is the base point of prime order specified in the elliptic curve parameters. The point Q is the public value and the number k2 is the private value.

C h a p t e r 3 C r y p t o g r a p h y

7 5

Page 97
Image 97
RSA Security 5.2.2 manual Elliptic Curve Authenticated Encryption Scheme Ecaes, Recall that Q = dP, so