(Difficult) I was left with a few unresolved questions regarding the elliptic curve Diffie-Hellman Key Exchange: First of all, if Alice and Bob Choose N(a) and N(b) such that N(a)N(b)G = "infinity", this would yield a useless key. In choosing the point G and the Elliptic curve E, would it be better to verify that the only multiples kG for which kG = "infinity" on E is when k is extremely large, or would this limitation weaken the security of the system? Secondly, is there a size limitation on the values they pick for N(a) and N(b)? For example N(a)N(b) < p, where p is the modulo of our elliptic curve.
(Reflective) After reading about many of the uses of elliptic curves in cryptography, it seems to me that elliptic curves may be even more useful than RSA or ElGamal. The only thing that has not been mentioned here is the performance of each system. That is, which method best preserves security while remaining fast and efficient. We saw with RSA that making our two primes slightly larger would greatly increase the time required to perform a brute force attack. Are elliptic curves quicker to calculate then fast modular exponentiation?
Tuesday, December 7, 2010
Friday, December 3, 2010
Section 16.4 due Dec. 6th
(Difficult)
When looking at the laws associated with GF(4), I was unsure on how they determined the relationships between each element in GF(4). Are these laws derived from the structure of the field? That is, can we construct these laws for any GF(2^n) knowing how the field is structured?
(Reflective)
I was amazed at the end of the section that they talked about using fields of GF(2^n) with n around 150 for cryptographic purposes. Every other system we have studied is severely weakened when we place limitations on the field, like when we reduce n in RSA, or reduce p in ElGamal. This left me wondering why this does not leave elliptic systems vulnerable to such attacks like brute force attacks or birthday attacks.
When looking at the laws associated with GF(4), I was unsure on how they determined the relationships between each element in GF(4). Are these laws derived from the structure of the field? That is, can we construct these laws for any GF(2^n) knowing how the field is structured?
(Reflective)
I was amazed at the end of the section that they talked about using fields of GF(2^n) with n around 150 for cryptographic purposes. Every other system we have studied is severely weakened when we place limitations on the field, like when we reduce n in RSA, or reduce p in ElGamal. This left me wondering why this does not leave elliptic systems vulnerable to such attacks like brute force attacks or birthday attacks.
Wednesday, December 1, 2010
Section 16.3 due Dec. 3rd
(Difficult)
I was a little confused by the example on pg. 357-358. The example used factorials multiplied by P, such as 10!P. In the previous examples, we were simply adding P + P + P... until we found a value m for which mP = infinity. Do we only find mP = infinity for m, or at every multiple of m. If not, are we guaranteed to find a solution if we are working instead with factorials? That is, will the value of m always be an integer equal to some factorial value? Intuitively it seems it must be at every multiple of m for the factorial method to work, but I don't recall reading this anywhere in this lecture or the previous.
(Reflective)
I found it interesting that the factoring method of elliptic curves was so similar to the p-1 method. It never would have occurred to me just from reading about elliptic curves that the factoring methods were so closely related. In the lecture it mentioned though that elliptic curves are most effective on large composite numbers with one relatively small prime factor. Each method we have discussed has its own advantages and disadvantages, but this made me think about the methods of choosing primes. When we talked about primality testing, we read about many probabilistic tests, but only one definitive method of testing for primality. If a number is choosen as a prime p, but is actually a psuedoprime, would this leave it vulnerable to any factoring methods?
I was a little confused by the example on pg. 357-358. The example used factorials multiplied by P, such as 10!P. In the previous examples, we were simply adding P + P + P... until we found a value m for which mP = infinity. Do we only find mP = infinity for m, or at every multiple of m. If not, are we guaranteed to find a solution if we are working instead with factorials? That is, will the value of m always be an integer equal to some factorial value? Intuitively it seems it must be at every multiple of m for the factorial method to work, but I don't recall reading this anywhere in this lecture or the previous.
(Reflective)
I found it interesting that the factoring method of elliptic curves was so similar to the p-1 method. It never would have occurred to me just from reading about elliptic curves that the factoring methods were so closely related. In the lecture it mentioned though that elliptic curves are most effective on large composite numbers with one relatively small prime factor. Each method we have discussed has its own advantages and disadvantages, but this made me think about the methods of choosing primes. When we talked about primality testing, we read about many probabilistic tests, but only one definitive method of testing for primality. If a number is choosen as a prime p, but is actually a psuedoprime, would this leave it vulnerable to any factoring methods?
Monday, November 29, 2010
Section 16.2 due Dec. 1st
(Difficult)
In 16.2.3 the author discusses how we can take a plaintext (single numerical value) and represent such a message in an elliptic curve. I see how the example worked, but I had a few questions about details on finding the elliptic curve representation:
1.) If we are not guaranteed that the message will work on the elliptic curve, wouldn't that limit the use of elliptic curves for cryptographic purposes?
2.) When looking at elliptic curves we are dealing with square roots, so is there a standard by which we decide which square root to pick?
(Reflective)
In 16.2.2 we look at the example of a "discrete log" on elliptic curves. The author discusses briefly the difficulties of attacking a discrete log problem on elliptic curves, but nothing is mentioned as to the use of discrete logs on elliptic curves for cryptography. The lecture leads us to believe it would provide us with a fairly secure method of encryption, but does not give us details on how it would work. Is our main focus on elliptic curves used for a factorization method, or will we be using elliptic curves as a method of encryption as well?
In 16.2.3 the author discusses how we can take a plaintext (single numerical value) and represent such a message in an elliptic curve. I see how the example worked, but I had a few questions about details on finding the elliptic curve representation:
1.) If we are not guaranteed that the message will work on the elliptic curve, wouldn't that limit the use of elliptic curves for cryptographic purposes?
2.) When looking at elliptic curves we are dealing with square roots, so is there a standard by which we decide which square root to pick?
(Reflective)
In 16.2.2 we look at the example of a "discrete log" on elliptic curves. The author discusses briefly the difficulties of attacking a discrete log problem on elliptic curves, but nothing is mentioned as to the use of discrete logs on elliptic curves for cryptography. The lecture leads us to believe it would provide us with a fairly secure method of encryption, but does not give us details on how it would work. Is our main focus on elliptic curves used for a factorization method, or will we be using elliptic curves as a method of encryption as well?
Tuesday, November 23, 2010
Section 16.1 due Nov. 29th
(Difficult)
I was a little confused by the use of the point at infinity as an additive identity. I understand that not all groups have the same additive or multiplicative identities ( we are most familiar with zero as the additive identity, and one as the multiplicative identity, under normal addition and multiplication), but I am not sure I understand the explanation of why infinity is the additive identity.
(Reflective)
I am glad that the book clearly stated the fact that elliptic curves form an Abelian group. This was something I think I would not have noticed on my own, but it gives elliptic curves a lot of great characteristics for use in cryptography. As we saw with previous cryptosystems, systems which form groups have many advantages, and often a few disadvantages as well. In our examples of DES, it was critical that DES was not a group for Double DES or Triple DES to be effective. I am curious how Abelian groups fit into cryptography.
I was a little confused by the use of the point at infinity as an additive identity. I understand that not all groups have the same additive or multiplicative identities ( we are most familiar with zero as the additive identity, and one as the multiplicative identity, under normal addition and multiplication), but I am not sure I understand the explanation of why infinity is the additive identity.
(Reflective)
I am glad that the book clearly stated the fact that elliptic curves form an Abelian group. This was something I think I would not have noticed on my own, but it gives elliptic curves a lot of great characteristics for use in cryptography. As we saw with previous cryptosystems, systems which form groups have many advantages, and often a few disadvantages as well. In our examples of DES, it was critical that DES was not a group for Double DES or Triple DES to be effective. I am curious how Abelian groups fit into cryptography.
Monday, November 22, 2010
Section 2.12 due Nov. 23rd
(Difficult) In reading about the Enigma machine, I was a little confused about the method of encryption. It obviously was not a substitution cipher, but of the cryptosystems we have studied so far, it reminded me most of a one-time pad. With that in mind it would explain the weakness of encoding multiple messages with the same key.There also seemed to be some obvious limitations on the permutations of a given message, at least when compared to substitution ciphers, vigenere ciphers, etc.
(Reflective) It was nice to read a little about disjoint cycles of permutations in the lecture. This was another topic covered in Abstract Algebra which left me wondering, "when will we ever use this?" I also found it interesting that the cycle lengths each appeared an even number of times. Does this have to do with the design of the enigma machine itself, or more to do with properties of cycles?
(Reflective) It was nice to read a little about disjoint cycles of permutations in the lecture. This was another topic covered in Abstract Algebra which left me wondering, "when will we ever use this?" I also found it interesting that the cycle lengths each appeared an even number of times. Does this have to do with the design of the enigma machine itself, or more to do with properties of cycles?
Sunday, November 21, 2010
Section 19.3 due Nov. 22nd
(Difficult) For me the hardest part to follow in Shor's Algorithm was the Fourier Transform. Although I had briefly seen Fourier Transforms used in the EE department, The way it is presented here was far different than what I remembered from my electrical engineering class. If I understand correctly, we are using the individual frequencies in order to determine the period of a periodic sequence.
(Reflective) In reading about quantum computing, I thought a little about what the implications of a quantum computer would be. Although in theory it is a great idea, we obviously need more progress in quantum computing. it seems we have the math theory ready for facing quantum mechanics, but now fields like engineering, physics, and computer programming may be necessary to truly implement such a computer system.
(Reflective) In reading about quantum computing, I thought a little about what the implications of a quantum computer would be. Although in theory it is a great idea, we obviously need more progress in quantum computing. it seems we have the math theory ready for facing quantum mechanics, but now fields like engineering, physics, and computer programming may be necessary to truly implement such a computer system.
Subscribe to:
Posts (Atom)