[Cryptography] Attacking Elliptic Curve Crypto on the infinity symbol
Bill Cox
waywardgeek at gmail.com
Sun Oct 25 09:22:38 EDT 2015
On Sat, Oct 24, 2015 at 2:16 AM, covariant <covariant at i2pmail.org> wrote:
>
> That's because it's not clear what you actually want to compute. You say
> you want an integral or a length, without actually defining what you
> mean by any of those two concepts.
Actually, it all works out mathematically. I'm just trying to show people
a cool geometric interpretation of ECC. I'm not claiming to have any new
insight for cracking ECC.
You surely know this, but for others reading, generally algebraic
expressions make sense mod p. For example sqrt(2) is irrational, but since
3*3 == 2 mod 7, we can say sqrt(2) = 3 mod 7. Similarly, i is imaginary,
so how can it make sense mod 5? Well, -1 == 2*2 mod 5, so clearly i == 2
mod 5. Most people think we pick rational points on the curve for
generators, when in fact, only X is typically rational. The point used in
Ed25519 has an X coordinate of 4/5, but the Y coordinate, when mapped back
to a regular Edwards curve, is both imaginary and irrational, but mod p,
it's an integer.
Consider arc-lengths on the unit circle. The equation is:
arc-length(x) = integrate 1/sqrt(1 - t^2) dt from 0 to x.
This is the arcsin function, mapping rational x values to non-algebraic
arc-lengths. Did you know that arcsin(x) is an algebraic expression of
integers, x and pi? In fact, simply using uints such as degrees, which are
fractions of pi makes arcsin(x) a regular algebraic expression of x, which
makes sense mod p.
The same is true here. In fact, you can do point addition on the
Lemniscate using a ruler and compass, which is modulo arithmetic friendly.
I think I have defined everything correctly, or close to it.
I hope this geometric insight will be interesting to some people. What I
have not offered is any insight on how to speed up computing ECDLP, which
is why I started with "Please _do_ continue to use ECC with confidence".
We know there is an algebraic expression for Alice's public key point (X,
Y). We know it corresponds to an algebraic expression for the arc-length
on then Lemniscate, and that mod p, that expression is simply m when using
units of the arc length of h. Finding that expression is obviously
equivalent to solving ECDLP in this case (d == -1).
I've simply transformed ECC for this case into another form. I think it is
a very interesting form, one where people can go, "So... we're really just
adding arc-lengths mod p."
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151025/6514d557/attachment.html>
More information about the cryptography
mailing list