[Cryptography] Can someone explain small order subgroups?
Phillip Hallam-Baker
phill at hallambaker.com
Tue Mar 7 10:37:18 EST 2017
I was trying to work out quite why my code was behaving oddly and then I
discovered that I was calculating the order of the group wrongly.
What I am trying to do/have done is to make proxy re-encryption (and some
other related tricks) work in Elliptic Curve. Right now I am working on the
Edwards curve Ed25519 but the same scheme could work for Montgomery with
some additional math to recover the X point and permit addition to be
defined.
So the basic idea is that
Normal DH agreement: x.y.B = y.x.B
Split DH agreement: x.y.B = a.y.B + b.y.B where x = a + b
In the DH case, the same scheme works for x = a + b mod (p-1) since e^(p-1)
= 1 mod p.
In elliptic curve:
q.X = Neutral
Where q is the small order subgroup.
I am trying to get my head around what this means geometrically.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170307/1415ab94/attachment.html>
More information about the cryptography
mailing list