The Nearest Thing To True Beauty In Cybersecurity? Elliptic Curve Cryptography (ECC)

The Nearest Thing To True Beauty In Cybersecurity? Elliptic Curve Cryptography (ECC)

We love things that are beautifully crafted and design. Unfortunately the world of cybersecurity is often tainted by cybercriminals, Tor networks hiding drug dealing, and cryptocurrency mining on our computers. But there is beauty to be found, and that beauty lies in the heart of elliptic curve cryptography (ECC). While some may want to spy on your every on-line action, it is ECC that is currently holding up our rights to privacy, and to properly identity our transactions and our identities.

Few things in this world holds up our rights to privacy than ECC.

You must thus thank ECC whenever you connect to your corporate wifi network, or to your VPN server in your local coffee shop. Behind them is ECC working hard in generating a new encryption key every time you connect to a Web site (ECDH), and leaving those who want to spy on us scratching their heads. And for our transactions, it is ECC again which makes sure that we properly identity senders and receivers. ECC cares little for a world build with false trust identities — such as with IBAN and CVV2 numbers — and signs for things with true digital trust.

If you are interested, here is some of the basics around ECC:

And so we end up with these values that define an elliptic curve (p,a,b,gx,gy,n), and where a and b are the values used in:

y² = x³+ax +b

and all our operations are performed with (mod p), and where (gx,gy) is the base point.

And so can we just take any old p value, or any a and b value? No! The standard curves have been beautifully crafted for performance and for our security. A small variation in any of the parameters will significantly reduce the security level of the curve.

The most popular (and trusted) curves are NIST P-256, Curve25519 (Tor), and secp256k1 (Bitcoin) [here], but other ones are defined as:

if (type=="P-192"):
	p = 2**192-2**64-1
	a=-3
	b=2455155546008943817740293915197451784769108058161191238065

if (type=="P-224"):
	b=18958286285566608000408668544493926415504680968679321075787234672564
	p = 2**224 - 2**96 + 1 
	a=-3

if (type=="P-256"):
	p = 2**256 - 2**224 + 2**192 + 2**96 - 1 
	a=-3
	b=41058363725152142129326129780047268409114441015993725554835256314039467401291

if (type=="P-384"):
	a=-3
	b=27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575
	p = 2**384 - 2**128 - 2**96 + 2**32 - 1 

if (type=="Curve25519"):
	a=486662
	b=1
	p = 2**255 - 19 

if (type=="secp256k1"):
	a=0
	b=7
	p = 2**256 - 2**32 - 977 

if (type=="M-221"):
	a=117050
	b=1
	p = 2**221 - 3 

if (type=="BN(2,254)"):
	a=0
	b=2
	p = 16798108731015832284940804142231733909889187121439069848933715426072753864723  

if (type=="M-383"):
	a=2065150
	b=1
	p = 2**383 - 187

If we take NIST P-192, and start searching for x-axis points from 1 upwards we get [here]:

Elliptic curve is: P-192
Finding elliptic point closest to: 1
Prime number: 6277101735386680763835789423207666416083908700390324961279
a,b -3 2455155546008943817740293915197451784769108058161191238065
(2, 1126956676167578795924565825825899020268914906345645360775L)
(3, 2476168101441297080746512578325117519920374855425678540834L)
(5, 936760824408609109609580731987662341845728162027345586443L)
(6, 61374494507529673497365598443020935064779457192199494327L)
(8, 1539168359597512271047259505090133446672063593980132990812L)
(12, 3464753203279792192409824182683870253677262339932562461307L)
(13, 3288234558942609973454802567986887155175778959720199156770L)
(15, 4548834217212027584647316131131523554591911664904227806291L)
(17, 2148916484007672061843886225501299518817815267521173400039L)
(18, 1600977792967480259538850281480651298625682822208237361467L)
(22, 1682016893107185458056834822961338463540516386180178478778L)

If I were to change the b value in this case by 1, we would not be able to quickly find these points, as they would be sparsely distributed, and thus reduce the security of the curve.

Conclusions

If you use the on-line page, you will find that it provides fairly fast analysis of the curves, as these curves have been selected for their speed, and that is one of the core requirements for public key cryptography. Along with this, you will see that each method reveals (x,y) points are fairly densely packed. This enhances security, as there are too many points for a spy to try, and thus our 160-bit ECC is equivalent to a pure 128-bit AES encryption key process.