add oakley groups

author: Andreas Müller <andreas.mueller@ost.ch> 2021-04-15 16:43:09 +0200
committer: Andreas Müller <andreas.mueller@ost.ch> 2021-04-15 16:43:09 +0200
commit: 91284841f585ad2e5bf5002ce10ee4f3baa93b95 (patch)
tree: 9b39f5a8d824114cd554a8c3bc5009dd7ca765cd
parent: more ec slides (diff)
download: SeminarMatrizen-91284841f585ad2e5bf5002ce10ee4f3baa93b95.tar.gz
SeminarMatrizen-91284841f585ad2e5bf5002ce10ee4f3baa93b95.zip
15 files changed, 326 insertions, 15 deletions
diff --git a/vorlesungen/07_msecrypto/slides.tex b/vorlesungen/07_msecrypto/slides.tex
index bdd4087..0f62d18 100644
--- a/vorlesungen/07_msecrypto/slides.tex
+++ b/vorlesungen/07_msecrypto/slides.tex
@@ -15,16 +15,18 @@
 \folie{a/dc/beispiel.tex}
 
 \section{Elliptische Kurven}
-% XXX Idee
-%\folie{a/ecc/gruppendh.tex}
-% XXX Was ist eine elliptische Kurve (char 0 Bild)
-%\folie{a/ecc/kurve.tex}
-% XXX Involution/Inverse
-%\folie{a/ecc/inverse.tex}
-% XXX Verknüpfung
-%\follie{a/ecc/operation.tex}
-% XXX Quadrieren
-%\folie{a/ecc/quadrieren.tex}
+% Idee
+\folie{a/ecc/gruppendh.tex}
+% Was ist eine elliptische Kurve (char 0 Bild)
+\folie{a/ecc/kurve.tex}
+% Involution/Inverse
+\folie{a/ecc/inverse.tex}
+% Verknüpfung
+\folie{a/ecc/operation.tex}
+% Quadrieren
+\folie{a/ecc/quadrieren.tex}
+% XXX Oakley Gruppe
+%\folie{a/ecc/oakley.tex}
 
 \section{AES}
 % XXX Byte-Operationen
diff --git a/vorlesungen/slides/a/Makefile.inc b/vorlesungen/slides/a/Makefile.inc
index 45e22fc..9dba93f 100644
--- a/vorlesungen/slides/a/Makefile.inc
+++ b/vorlesungen/slides/a/Makefile.inc
@@ -11,6 +11,9 @@ chaptera =								\
 	../slides/a/ecc/gruppendh.tex					\
 	../slides/a/ecc/kurve.tex					\
 	../slides/a/ecc/inverse.tex					\
+	../slides/a/ecc/operation.tex					\
+	../slides/a/ecc/quadrieren.tex					\
+	../slides/a/ecc/oakley.tex					\
 									\
 	../slides/a/chapter.tex
 
diff --git a/vorlesungen/slides/a/chapter.tex b/vorlesungen/slides/a/chapter.tex
index 270aa0d..84ee609 100644
--- a/vorlesungen/slides/a/chapter.tex
+++ b/vorlesungen/slides/a/chapter.tex
@@ -11,4 +11,7 @@
 \folie{a/ecc/gruppendh.tex}
 \folie{a/ecc/kurve.tex}
 \folie{a/ecc/inverse.tex}
+\folie{a/ecc/operation.tex}
+\folie{a/ecc/quadrieren.tex}
+\folie{a/ecc/oakley.tex}
 
diff --git a/vorlesungen/slides/a/ecc/inverse.tex b/vorlesungen/slides/a/ecc/inverse.tex
index f66101d..c50f698 100644
--- a/vorlesungen/slides/a/ecc/inverse.tex
+++ b/vorlesungen/slides/a/ecc/inverse.tex
@@ -40,7 +40,7 @@ Y(Y+X) &= X^3 + aX + b}
 \\
 \uncover<8->{&&\Rightarrow X+Y&\mapsto -Y}
 \end{align*}
-Spezialfall $\mathbb{F}_2$: $Y\leftrightarrow X+Y$
+\uncover<9->{Spezialfall $\mathbb{F}_2$: $Y\leftrightarrow X+Y$}
 \end{block}}
 \end{column}
 \end{columns}
diff --git a/vorlesungen/slides/a/ecc/oakley.tex b/vorlesungen/slides/a/ecc/oakley.tex
new file mode 100644
index 0000000..6980c10
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/oakley.tex
@@ -0,0 +1,85 @@
+%
+% oakley.tex -- Oakley Gruppen
+%
+% (c) 2021 Prof Dr Andreas Müller, OST Ostschweizer Fachhochschule
+%
+\bgroup
+\begin{frame}[t]
+\setlength{\abovedisplayskip}{5pt}
+\setlength{\belowdisplayskip}{5pt}
+\frametitle{Oakley-Gruppen}
+\only<1>{%
+\small
+\verbatiminput{../slides/a/ecc/oakley1.txt}
+$\approx 1.55252\cdot 10^{231}$
+}
+\only<2>{%
+\begin{block}{$\mathbb{F}_p$}
+Endlicher Körper mit $p = $
+\verbatiminput{../slides/a/ecc/prime1.txt}
+\end{block}
+}
+\only<3>{%
+\small
+\verbatiminput{../slides/a/ecc/oakley2.txt}
+}
+\only<4>{%
+\begin{block}{$\mathbb{F}_p$}
+Endlicher Körper mit $p = $
+\verbatiminput{../slides/a/ecc/prime2.txt}
+$\approx 1.7977\cdot 10^{308}$
+\end{block}
+}
+\only<5>{%
+\small
+\verbatiminput{../slides/a/ecc/oakley3.txt}
+}
+\only<6>{%
+\begin{block}{Oakley Gruppe 3}
+\begin{align*}
+m(x) &= x^{155} + x^{62} + 1
+\\
+a    &= 0
+\\
+b    &= \texttt{0x07338f}
+\\
+g_x  &= 0x7b = x^6 + x^5 + x^4 + x^3 + x + 1
+\\
+&=
+x^{18}+x^{17}+x^{16}
++
+x^{13}+x^{12}
++
+x^{9}+x^{8}+x^{7}
++
+x^{3}+x^{1}+x^{1}+1
+\\
+|G|&=45671926166590716193865565914344635196769237316 = 4.5672\cdot 10^{46}
+\\
+\log_2|G|&=155\,\text{bit}
+\end{align*}
+\end{block}}
+\only<7>{%
+\small
+\verbatiminput{../slides/a/ecc/oakley4.txt}
+}
+\only<8>{%
+\begin{block}{Oakley Gruppe 4}
+\begin{align*}
+m(x) &= x^{185} + x^{69} + 1
+\\
+a    &= 0
+\\
+b    &= \texttt{0x1ee9} = x^{12} + x^{11}+x^{10}+x^9 + x^7+x^6+x^5 + x^3+1
+\\
+g_x  &= \texttt{0x18} = x^4+x^3
+\\
+|G| &= 49039857307708443467467104857652682248052385001045053116
+\\
+&= 4.9040\cdot 10^{55}
+\\
+\log_2|G| &= 185
+\end{align*}
+\end{block}}
+\end{frame}
+\egroup
diff --git a/vorlesungen/slides/a/ecc/oakley1.txt b/vorlesungen/slides/a/ecc/oakley1.txt
new file mode 100644
index 0000000..4cc31ae
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/oakley1.txt
@@ -0,0 +1,14 @@
+6.1 First Oakley Default Group
+
+   Oakley implementations MUST support a MODP group with the following
+   prime and generator. This group is assigned id 1 (one).
+
+      The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
+      Its hexadecimal value is
+
+         FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
+         29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
+         EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
+         E485B576 625E7EC6 F44C42E9 A63A3620 FFFFFFFF FFFFFFFF
+
+      The generator is: 2.
diff --git a/vorlesungen/slides/a/ecc/oakley2.txt b/vorlesungen/slides/a/ecc/oakley2.txt
new file mode 100644
index 0000000..ddb2d2a
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/oakley2.txt
@@ -0,0 +1,16 @@
+6.2 Second Oakley Group
+
+   IKE implementations SHOULD support a MODP group with the following
+   prime and generator. This group is assigned id 2 (two).
+
+   The prime is 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+   Its hexadecimal value is
+
+         FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
+         29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
+         EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
+         E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
+         EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381
+         FFFFFFFF FFFFFFFF
+
+   The generator is 2 (decimal)
diff --git a/vorlesungen/slides/a/ecc/oakley3.txt b/vorlesungen/slides/a/ecc/oakley3.txt
new file mode 100644
index 0000000..ab2c78f
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/oakley3.txt
@@ -0,0 +1,17 @@
+6.3 Third Oakley Group
+
+   IKE implementations SHOULD support a EC2N group with the following
+   characteristics. This group is assigned id 3 (three). The curve is
+   based on the Galois Field GF[2^155]. The field size is 155. The
+   irreducible polynomial for the field is:
+          u^155 + u^62 + 1.
+   The equation for the elliptic curve is:
+           y^2 + xy = x^3 + ax^2 + b.
+
+   Field Size:                         155
+   Group Prime/Irreducible Polynomial:
+                    0x0800000000000000000000004000000000000001
+   Group Generator One:                0x7b
+   Group Curve A:                      0x0
+   Group Curve B:                      0x07338f
+   Group Order: 0X0800000000000000000057db5698537193aef944
diff --git a/vorlesungen/slides/a/ecc/oakley4.txt b/vorlesungen/slides/a/ecc/oakley4.txt
new file mode 100644
index 0000000..3ec20cc
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/oakley4.txt
@@ -0,0 +1,17 @@
+6.4 Fourth Oakley Group
+
+   IKE implementations SHOULD support a EC2N group with the following
+   characteristics. This group is assigned id 4 (four). The curve is
+   based on the Galois Field GF[2^185]. The field size is 185. The
+   irreducible polynomial for the field is:
+           u^185 + u^69 + 1. The
+   equation for the elliptic curve is:
+           y^2 + xy = x^3 + ax^2 + b.
+
+   Field Size:                         185
+   Group Prime/Irreducible Polynomial:
+                    0x020000000000000000000000000000200000000000000001
+   Group Generator One:                0x18
+   Group Curve A:                      0x0
+   Group Curve B:                      0x1ee9
+   Group Order: 0X01ffffffffffffffffffffffdbf2f889b73e484175f94ebc
diff --git a/vorlesungen/slides/a/ecc/operation.tex b/vorlesungen/slides/a/ecc/operation.tex
new file mode 100644
index 0000000..61ef95d
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/operation.tex
@@ -0,0 +1,68 @@
+%
+% operation.tex -- Gruppen-Operation auf einer elliptischen Kurve
+%
+% (c) 2021 Prof Dr Andreas Müller, OST Ostschweizer Fachhochschule
+%
+\bgroup
+\begin{frame}[t]
+\setlength{\abovedisplayskip}{5pt}
+\setlength{\belowdisplayskip}{5pt}
+\frametitle{Gruppenoperation}
+\vspace{-20pt}
+\begin{columns}[t,onlytextwidth]
+\begin{column}{0.40\textwidth}
+\begin{center}
+\includegraphics[width=\textwidth]{../../buch/chapters/90-crypto/images/elliptic.pdf}
+\end{center}
+\vspace{-23pt}
+\uncover<8->{%
+\begin{block}{Verifizieren}
+\begin{enumerate}
+\item<9-> Assoziativ?
+\item<10-> Neutrales Element $\mathstrut=\infty$
+\item<11-> Involution = Inverse?
+\end{enumerate}
+\end{block}}
+\end{column}
+\begin{column}{0.56\textwidth}
+\begin{block}{Gerade}
+$g_1,g_2\in G$, $t\in \Bbbk$
+\begin{align*}
+g(t)
+&=
+tg_1+(1-t)g_2
+\\
+\uncover<2->{
+\begin{pmatrix}X(t)\\Y(t)\end{pmatrix}
+&=
+t\begin{pmatrix}x_1\\y_1\end{pmatrix}
++
+(1-t)\begin{pmatrix}x_2\\y_2\end{pmatrix}
+\in\Bbbk^2
+}
+\end{align*}
+\end{block}
+\vspace{-13pt}
+\uncover<3->{%
+\begin{block}{3. Schnittpunkt}
+$g(t)$ einsetzen in die elliptische Kurve
+\[
+p(t)
+=
+Y(t)^2+X(t)Y(t)-X(t)^3-aX(t)-b=0
+\]
+\vspace{-12pt}
+\begin{enumerate}
+\item<4->
+kubisches Polynom mit Nullstellen $t=0,1$
+\item<5->
+$p(t) $ ist durch $t(t-1)$ teilbar
+\item<6->
+$p(t) = t(t-1)(Jt+K)=0
+\uncover<7->{\Rightarrow t=-K/J$}
+\end{enumerate}
+\end{block}}
+\end{column}
+\end{columns}
+\end{frame}
+\egroup
diff --git a/vorlesungen/slides/a/ecc/prime1.txt b/vorlesungen/slides/a/ecc/prime1.txt
new file mode 100644
index 0000000..eb4515d
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/prime1.txt
@@ -0,0 +1,5 @@
+                     15 52518 09230 07089 35130 91813 12584
+81755 63133 40494 34514 31320 23511 94902 96623 99491 02107
+25866 94538 76591 64244 29100 07680 28886 42291 50803 71891
+80463 42632 72761 30312 82983 74438 08208 90196 28850 91706
+91316 59317 53674 69551 76311 98433 71637 22100 72105 77919
diff --git a/vorlesungen/slides/a/ecc/prime2.txt b/vorlesungen/slides/a/ecc/prime2.txt
new file mode 100644
index 0000000..13458fb
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/prime2.txt
@@ -0,0 +1,8 @@
+                                                 1797 69313
+48623 15907 70839 15679 37874 53197 86029 60487 56011 70644
+44236 84197 18021 61585 19368 94783 37958 64925 54150 21805
+65485 98050 36464 40548 19923 91000 50792 87700 33558 16639
+22955 31362 39076 50873 57599 14822 57486 25750 07425 30207
+74477 12589 55095 79377 78424 44242 66173 34727 62929 93876
+68709 20560 60502 70810 84290 76929 32019 12819 44676 27007
+
diff --git a/vorlesungen/slides/a/ecc/primes b/vorlesungen/slides/a/ecc/primes
new file mode 100644
index 0000000..3feea29
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/primes
@@ -0,0 +1,13 @@
+#! /bin/bash
+#
+# primes
+# 
+# (c) 2021 Prof Dr Andreas Müller, OST Ostschweizer Fachhochschule
+#
+bc <<EOF
+ibase=16
+FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF
+
+FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF
+
+EOF
diff --git a/vorlesungen/slides/a/ecc/quadrieren.tex b/vorlesungen/slides/a/ecc/quadrieren.tex
new file mode 100644
index 0000000..942c73b
--- /dev/null
+++ b/vorlesungen/slides/a/ecc/quadrieren.tex
@@ -0,0 +1,59 @@
+%
+% quadrieren.tex -- Quadrieren 
+%
+% (c) 2021 Prof Dr Andreas Müller, OST Ostschweizer Fachhochschule
+%
+\bgroup
+\begin{frame}[t]
+\setlength{\abovedisplayskip}{5pt}
+\setlength{\belowdisplayskip}{5pt}
+\frametitle{Quadrieren}
+\vspace{-20pt}
+\begin{columns}[t,onlytextwidth]
+\begin{column}{0.40\textwidth}
+\begin{block}{Problem}
+\( g = g_1 = g_2 \)
+$\Rightarrow$
+Tangente
+\\
+\uncover<2->{{\color{red}ohne Analysis!}}
+\end{block}
+\begin{center}
+\includegraphics[width=\textwidth]{../../buch/chapters/90-crypto/images/elliptic.pdf}
+\end{center}
+\end{column}
+\begin{column}{0.56\textwidth}
+\uncover<3->{%
+\begin{block}{Lösung}
+Finde $h\in G$ derart, dass 
+\begin{align*}
+g(t)
+&=
+tg + (1-t)h
+\\
+\uncover<4->{%
+\begin{pmatrix}X(t)\\Y(t)\end{pmatrix}
+&=
+t\begin{pmatrix}x_g\\y_g\end{pmatrix}
++(1-t) \begin{pmatrix}x_h\\y_h\end{pmatrix}
+}
+\end{align*}
+\uncover<5->{eingesetzt
+\[
+p(t)
+=
+Y(t)^2+X(t)Y(t)-X(t)^3-aX(t)-b
+=
+0
+\]}%
+\uncover<6->{%
+Nullstellen $0$ (doppelt) und $1$ hat:}
+\[
+\uncover<7->{p(t) = c(t^3-t)}
+\]
+\uncover<8->{Koeffizientenvergleich: einfachere Gleichungen für $x_h$ und $y_h$}
+\end{block}}
+\end{column}
+\end{columns}
+\end{frame}
+\egroup
diff --git a/vorlesungen/slides/test.tex b/vorlesungen/slides/test.tex
index 8a7c0a7..bc1744b 100644
--- a/vorlesungen/slides/test.tex
+++ b/vorlesungen/slides/test.tex
@@ -9,10 +9,11 @@
 %\folie{a/dc/beispiel.tex}
 
 %\folie{a/ecc/gruppendh.tex}
-\folie{a/ecc/kurve.tex}
-\folie{a/ecc/inverse.tex}
-%\folie{a/ecc/operation.tex}
-%\folie{a/ecc/quadrieren.tex}
+%\folie{a/ecc/kurve.tex}
+%\folie{a/ecc/inverse.tex}
+\folie{a/ecc/operation.tex}
+\folie{a/ecc/quadrieren.tex}
+\folie{a/ecc/oakley.tex}
 
 %\folie{a/aes/bytes.tex}
 %\folie{a/aes/blockes.tex}
author	Andreas Müller <andreas.mueller@ost.ch>	2021-04-15 16:43:09 +0200
committer	Andreas Müller <andreas.mueller@ost.ch>	2021-04-15 16:43:09 +0200
commit	91284841f585ad2e5bf5002ce10ee4f3baa93b95 (patch)
tree	9b39f5a8d824114cd554a8c3bc5009dd7ca765cd
parent	more ec slides (diff)
download	SeminarMatrizen-91284841f585ad2e5bf5002ce10ee4f3baa93b95.tar.gz SeminarMatrizen-91284841f585ad2e5bf5002ce10ee4f3baa93b95.zip