(Difficult) I was left with a few unresolved questions regarding the elliptic curve Diffie-Hellman Key Exchange: First of all, if Alice and Bob Choose N(a) and N(b) such that N(a)N(b)G = "infinity", this would yield a useless key. In choosing the point G and the Elliptic curve E, would it be better to verify that the only multiples kG for which kG = "infinity" on E is when k is extremely large, or would this limitation weaken the security of the system? Secondly, is there a size limitation on the values they pick for N(a) and N(b)? For example N(a)N(b) < p, where p is the modulo of our elliptic curve.
(Reflective) After reading about many of the uses of elliptic curves in cryptography, it seems to me that elliptic curves may be even more useful than RSA or ElGamal. The only thing that has not been mentioned here is the performance of each system. That is, which method best preserves security while remaining fast and efficient. We saw with RSA that making our two primes slightly larger would greatly increase the time required to perform a brute force attack. Are elliptic curves quicker to calculate then fast modular exponentiation?
Tuesday, December 7, 2010
Friday, December 3, 2010
Section 16.4 due Dec. 6th
(Difficult)
When looking at the laws associated with GF(4), I was unsure on how they determined the relationships between each element in GF(4). Are these laws derived from the structure of the field? That is, can we construct these laws for any GF(2^n) knowing how the field is structured?
(Reflective)
I was amazed at the end of the section that they talked about using fields of GF(2^n) with n around 150 for cryptographic purposes. Every other system we have studied is severely weakened when we place limitations on the field, like when we reduce n in RSA, or reduce p in ElGamal. This left me wondering why this does not leave elliptic systems vulnerable to such attacks like brute force attacks or birthday attacks.
When looking at the laws associated with GF(4), I was unsure on how they determined the relationships between each element in GF(4). Are these laws derived from the structure of the field? That is, can we construct these laws for any GF(2^n) knowing how the field is structured?
(Reflective)
I was amazed at the end of the section that they talked about using fields of GF(2^n) with n around 150 for cryptographic purposes. Every other system we have studied is severely weakened when we place limitations on the field, like when we reduce n in RSA, or reduce p in ElGamal. This left me wondering why this does not leave elliptic systems vulnerable to such attacks like brute force attacks or birthday attacks.
Wednesday, December 1, 2010
Section 16.3 due Dec. 3rd
(Difficult)
I was a little confused by the example on pg. 357-358. The example used factorials multiplied by P, such as 10!P. In the previous examples, we were simply adding P + P + P... until we found a value m for which mP = infinity. Do we only find mP = infinity for m, or at every multiple of m. If not, are we guaranteed to find a solution if we are working instead with factorials? That is, will the value of m always be an integer equal to some factorial value? Intuitively it seems it must be at every multiple of m for the factorial method to work, but I don't recall reading this anywhere in this lecture or the previous.
(Reflective)
I found it interesting that the factoring method of elliptic curves was so similar to the p-1 method. It never would have occurred to me just from reading about elliptic curves that the factoring methods were so closely related. In the lecture it mentioned though that elliptic curves are most effective on large composite numbers with one relatively small prime factor. Each method we have discussed has its own advantages and disadvantages, but this made me think about the methods of choosing primes. When we talked about primality testing, we read about many probabilistic tests, but only one definitive method of testing for primality. If a number is choosen as a prime p, but is actually a psuedoprime, would this leave it vulnerable to any factoring methods?
I was a little confused by the example on pg. 357-358. The example used factorials multiplied by P, such as 10!P. In the previous examples, we were simply adding P + P + P... until we found a value m for which mP = infinity. Do we only find mP = infinity for m, or at every multiple of m. If not, are we guaranteed to find a solution if we are working instead with factorials? That is, will the value of m always be an integer equal to some factorial value? Intuitively it seems it must be at every multiple of m for the factorial method to work, but I don't recall reading this anywhere in this lecture or the previous.
(Reflective)
I found it interesting that the factoring method of elliptic curves was so similar to the p-1 method. It never would have occurred to me just from reading about elliptic curves that the factoring methods were so closely related. In the lecture it mentioned though that elliptic curves are most effective on large composite numbers with one relatively small prime factor. Each method we have discussed has its own advantages and disadvantages, but this made me think about the methods of choosing primes. When we talked about primality testing, we read about many probabilistic tests, but only one definitive method of testing for primality. If a number is choosen as a prime p, but is actually a psuedoprime, would this leave it vulnerable to any factoring methods?
Subscribe to:
Posts (Atom)