Abstract

Elliptic curves (EC) are widely studied due to their mathematical and cryptographic properties. Cryptographers have used the properties of EC to construct elliptic curve cryptosystems (ECC). ECC are based on the assumption of hardness of special instances of the discrete logarithm problem in EC. One of the strong merits of ECC is providing the same cryptographic strength with smaller key size compared to other public key cryptosystems. A 256 bit ECC can provide similar cryptographic strength as a 3072 bit RSA cryptosystem. Due to smaller key sizes, elliptic curves are an attractive option in devices with limited storage capacity. It is therefore essential to understand how to generate these curves, verify their correctness and assure that they are resistant against attacks.

The security of an EC cryptosystem is determined by the choice of the curve that is used in that cryptosystem. Over the years, a number of elliptic curves were introduced for cryptographic use. Elliptic curves such as FRP256V1, NIST P-256, Secp256k1 or SM2 curve are widely used in many applications like cryptocurrencies, transport layer protocol and Internet messaging applications. Another type of popular curves are Curve25519 introduced by Dan Bernstein and Curve448 introduced by Mike Hamburg, which are used in an end to end encryption protocol called Signal. This protocol is used in popular messaging applications like WhatsApp, Signal Messenger and Facebook Messenger. Recently, there has been a growing distrust among security researchers against the previously standardized curves. We have seen backdoors in the elliptic curve cryptosystems like the DUAL_EC_DRBG function that was standardized by NIST, and suspicious "random seeds" that were used in NIST P-curves. We can say that many of the previously standardized curves lack transparency in their generation and verification.

We focus on transparent generation and verification of elliptic curves. We generate curves based on NIST standards and propose new standards to generate special types of elliptic curves. We test their resistance against the known attacks that target the ECC. Finally, we demonstrate ECDLP attacks on small curves with weak structure.

Publication Date

2-2021

Document Type

Thesis

Student Type

Graduate

Degree Name

Computer Science (MS)

Department, Program, or Center

Computer Science (GCCIS)

Advisor

Stanislaw Radziszowski

Advisor/Committee Member

Monika Polak

Advisor/Committee Member

Anurag Agarwal

Campus

RIT – Main Campus

Share

COinS