[Cryptography] Introduction to EC that is actually an introduction?

CodesInChaos codesinchaos at gmail.com
Sat Jan 31 05:54:15 EST 2015

Unless your audience has a lot of mathematical background and already
knows that, I'd spend a lot of time on explaining (finite) groups.

In particular:

* The additive group modulo n

   This group is very helpful for understanding the implications of
the group order. Prime vs. composite order, subgroups, when scalar
multiplication is lossy etc. This is probably the most intuitive
finite group, the main property it lacks is that DLP is easy (modular
inverse via extended euclidean). Operations on scalars are always
performed in this group.

* The generic group model

   Here group elements are simply a blackbox around scalars that only
allows a few select operations. Now DLP is hard and you can do
Diffie-Hellman, Schnorr signatures, etc.
   Generic attacks like Pollard rho work, which explains why the
security is at most the square-root of the order.

Then introduce elliptic curves as a concrete way to construct a good
approximation of the blackbox used in the generic group model.

More information about the cryptography mailing list