[Cryptography] Why is ECC secure?
Bill Cox
waywardgeek at gmail.com
Tue Jun 2 01:35:43 EDT 2015
On Sun, May 31, 2015 at 5:49 PM, Tony Arcieri <bascule at gmail.com> wrote:
> The underlying mathematics of ECC, much like RSA, are basic arithmetic.
> It's the concepts that are perhaps harder to grasp. Both are difficult to
> implement without timing side-channels.
>
It's certainly harder, at least for me. I have an annoying trait (one of
several): I don't like to believe anything other people tell me. They're
wrong too often. I had to prove Pythagorean's theorem before I could feel
comfortable using it. I still cringe whenever anyone throws around "real
numbers" and "infinity" without any mathematical definition, which is why
Cantor's diagonal proof is wrong.
This is why I'm asking about the security of ECC. I'm not trying to stir
FUD. I just want to understand why you guys who have played with ECC for
years feel comfortable with the security.
Here's my latest dumb attack on Edwards curves, still working the
circle-angle. I know it's a dumb attack...
Points used in cryptography on a curve like Ed25519 correspond to real
points on a real-numbered 2D curve. We start with a point where X == 9,
and use this as the group generator. Just clockwise of the identity
element (0, 1), is going to be the minimal generator, which I'll call G.
The group will include 2G, 3G, 4G, etc, and these points all line up
increasing in the clockwise direction. I do not see why there would be
points in the group between multiples of G. I also don't see why I can't
do a simple binary search to determine m, when given m*G. If that works,
then given the real group generator H, I should be able to find n such that
H = n*G. After that, I think it's basic arithmetic to find o, when given
o*H. I'm making a lot of assumptions, like being able to find G easily. I
know I have an error or invalid assumption. Where is it? This is simple
enough to code, and that's where I always find the flaw...
Thanks,
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150601/79ffba72/attachment.html>
More information about the cryptography
mailing list