Sunday, May 31, 2009

Multiplicative inverse modulus p

JavaScript snippet that will implement this nicely.

Use approprite html elements that fits the script.

window.onload= initForm;

function initForm(){
document.getElementById("ok").onclick = calcInverse;
}

function calcInverse(){

var n= parseInt(document.getElementById("nn").value);
var p= parseInt(document.getElementById("pp").value);

var x = 1;
var y = 0;
var a=p;
var b=n;
var q,t;
var res;
while (b != 0) {
t = b;
q = Math.floor(a/t);
b = a - q*t;
a = t;
t = x;
x = y - q*t;
y = t;
}
if(y<0){
res= y+p;
}
else{
res=y;
}

document.getElementById("r1").innerHTML="a^-1 er "+res;
return false;

}

The hunt for multiplicative inverses

The inverse of a, a^1=z mod m. Calculation aint easy for large m, this is where all the computing power goes.
a does have an inverse mod m if and only if a*z=1 mod m. Otherwice there is no inverse.
If our finite field is prime, then all members sport this property

We can find the inverse by using euclid. We know that in the Euclidean Algorithm you repeatedly divide the divisor by the remainder until the remainder is 0.
The gcd is then the last non-zero remainder.
We can write
za + mb = 1. This says that za = 1 + (-b)m, which means za=1 (mod m). We dont care about -b in this case of cause. So z is the inverse of a.

The extended version gives us z.
Nice tiny toy example here:
http://www-math.cudenver.edu/~wcherowi/courses/m5410/exeucalg.html

Monday, May 25, 2009

projective space and homogenous coordinates.

Guess I've got the projective space right now. Love the explanation at wiki.
http://en.wikipedia.org/wiki/Projective_space
But its urgent to really understand that and the homogeneous coordinates.
Projective space: really a projection! 3d space projected into a tiny 2d picture. A projection from 3d to 2d.

Quote:'the set of equivalence classes of R3\(0, 0, 0), i.e. 3-space without the origin, where two points P = (x, y, z) and Pˈ = (xˈ, yˈ, zˈ) are equivalent if there is a nonzero real number λ such that P = λ·Pˈ, i.e. x = λxˈ, y = λyˈ, z = λzˈ. The usual way to write an element of the projective plane, i.e. the equivalence class corresponding to an honest point (x, y, z) in R3, is

[x : y : z].

The last formula goes under the name of homogeneous coordinates'

You can homogenize like this: you add z until all parts of the equation have the same degree:

y^2=x^3 + Ax + B becomes y^2z=x^3 + Axz^2+Bz^3

Calculating in projective space gives us a way to work with the point at infinity without just panicking. The point at infinity just becomes a special plane i a 3 dimensional space, where parallel lines meet.
lucky bastards.

Sunday, May 24, 2009

change of language

ok, I'll change the main language of this blog.
Today I found an indonesian girl doing exaclty the same as I, trying to focus and trying to study elliptic curves and implement some cryptography using EC. I was so happy she was not writing in whatever language - indonesian probably..

So if you read this blog, you'll have to deal with my not so perfect language skills.

Feel free to ask me translate any of my articles if some of them seems to be relevant for you.

Suitable curves

english summary:
Curves suitable for cryptography according to Rosing:
Elliptic Curves over Galois Fields.
Meaning curves over F2^n, meaning fields with characteristic 2 - and only nonsupersingular.
y^2 + xy = x^3 + a2x^2 + a6.
a6 cannot be zero
a2 can be zero.
.........
Ifølge Michael Rosing er de eneste kurver der er velegnede til kryptografisk brug kurver over Galois legemer. Dvs kurver på F2^n , med andre ord kurver med karakteristikken 2, og udvidelsesgraden n.- og det da kun hvis de ikke er supersingulære. Med andre ord skal de være af formen:

y^2 + xy = x^3 + a2x^2 + a6.
a6 må IKKE være nul.
a2 kan godt være nul.
Jeg tror fortsat polynominal basis er rarere at regne med end optinormal basis.

Hvordan mon denne klasse af anbefalede kurver matcher de i suite B angivne kurver. To be tested.

Punktaddition

Simpelt demonstationseksempel på R, med værdier max 'integer' størrelse:
Der konstrueres passende felter i html dokument der matcher id'erne i denne kode.
Denne meget lille primitive løsning tester IKKE for om punkterne overhovedet ligger på kurven - det er på eget ansvar. Det er kun i tilfældet P1=p2 hvor y1 er forskellig fra nul at kurvens koeficienter direkte indgår i additionsberegningen - og derfor der fejlkilden skal findes.
fgl placeres i eksternt javascript

window.onload= initForm;
function initForm(){
document.getElementById("ok").onclick = calcPoint;
}
function calcPoint(){
var x1= parseInt(document.getElementById("xx1").value);
var y1= parseInt(document.getElementById("yy1").value);

var x2= parseInt(document.getElementById("xx2").value);
var y2= parseInt(document.getElementById("yy2").value);
if((x2-x1) != 0 ){
var m = (y2-y1)/(x2-x1);
var x3 = (m*m)-x1-x2;
var y3= m*(x1-x3)-y1;
document.getElementById("r1").innerHTML="P3, (x3,y3) er "+x3+","+y3;
}
else if (((x2-x1) == 0) && ((y2-y1) != 0)){
alert("det er farligt at dividere med nul, P1 + P2 giver punktet i uendelig");}
else if ((x2-x1)==0 && (y2-y1)==0){
if(y2 != 0){
var A= parseInt(document.getElementById("AA").value);
var m = ((3*x1*x1)+A)/(2*y1);
var x3 = (m*m)-2*x1;
var y3= m*(x1-x3)-y1;
document.getElementById("r1").innerHTML="P3, (x3,y3) er "+x3+","+y3;
}
else{
alert("P1 + P2 giver punktet i uendelig");
document.getElementById("r1").innerHTML="eternal sunshine in a spotless mind";
}
}
else{
alert("noget gik helt galt");
document.getElementById("r1").innerHTML="42";
}

return false;
}

Saturday, May 23, 2009

Litteraturliste

Så er der en relevant litteraturliste med links til bøgerne på Amazon.co.uk
Alle bøgerne står på min reol og omhandler enten talteori generelt, kryptering generelt eller specifikt matematik og kryptering med elliptiske kurver

Friday, May 22, 2009

support af Suite B i .NET

En stribe interessante muligheder for at få sat strøm i suite B:
Som sædvanlig byder Certicom sig til:
http://www.certicom.com/index.php/net

DOTNET, .NET har nu i version 3.5 fuld understøttelse af div suite B algoritmer
Læse her på MSDN:
http://msdn.microsoft.com/en-us/library/bb332048.aspx
cirka midt på siden.
To relevante klasser er beskrevet her:

Digital Signatur med EC: Elliptic Curve Digital Signature Algorithm (ECDSA).
http://msdn.microsoft.com/en-us/library/system.security.cryptography.ecdsacng.aspx

Diverse kryptografiske operationer med EC Diffie-Hellman
http://msdn.microsoft.com/en-us/library/system.security.cryptography.ecdiffiehellmancng.aspx

Måske trækker det op til lidt applied cryptography..