Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Group Theory in CS
Cryptography, Diffie Hellman, and Elliptic Curves

Mihir Vahanwala 1

1 Indian Institute of Technology, Bombay

Autumn 2021

1/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Outline

Introduction

Hard Problems Over Groups

Diffie-Hellman Key Exchange

Elliptic Curves

References

2/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Cryptography

• The art and science of ensuring that only intended recipients can learn from the
information at hand.

• Consider texting! Alice and Bob must understand each other’s messages to have a
conversation.

• However, the messages are transmitted over the Internet: there are channels that
eavesdropper Eve can tap into.

• Can we encrypt messages, so that Eve doesn’t learn anything from the data she
gets hold of?

3/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Perfect Secrecy?

Shannon, the pioneer of information theory, proved that in order to have perfectly
secret conversations, Alice and Bob must encrypt their messages with equally long
random secret keys.

• What if the message is a 2 gigabyte video?

• How do Alice and Bob agree on a secret key, if they’ve never met before?

4/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

This Discussion

• The first issue is solved by Pseudo-Random Generators: given a short seed,

they stretch it to a longer string of bits that would look perfectly random to Eve,
assuming she had bounded computational power.

• We will see how we solve the second issue. Alice and Bob can publicly exchange
a shared secret, and Eve, with her bounded computational power, stands a
negligible chance of recovering the secret.

5/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Easy to Compute, Hard to Invert

• The plan: Alice and Bob reveal information that is some easy to compute function
of their secret; however, this function is is to invert.

• Consider a cyclic group G = (SG , ·) generated by g

• g k is easy to compute: with repeated squaring, we need to perform the group

operation at most 2 log2 k times.

• But can we reverse the exponentiation easily?

6/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Discrete Logarithm Problems

Definition (Discrete Log)

log : SG → Z is defined such that log b is the smallest integer k such that g k = b,
where g is a fixed generator.

Definition (Computational Diffie Hellman Problem)

Given g , g x , g y , compute g xy .

Finding efficient solutions to these interrelated problems over general groups are open
problems in mathematics and computer science. We typically study these problems
over Z∗p , multiplicative groups of finite fields, and elliptic curve groups.

7/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

The Protocol

The algorithm is simple; but its implementation is the cornerstone of all secure
Internet traffic today.
• Known Publicly: The group G , the generator g .
• Secret to Alice: Private key a ∈ Z, 0 ≤ a < |G |
• Secret to Bob: Private key b ∈ Z, 0 ≤ b < |G |
• Alice computes g a (her public key) and sends it to Bob over the public channel.
• Likewise, Bob computes g b (his public key) and sends it to Alice over the public
channel.
• Alice then computes (g b )a = g ab . Likewise Bob computes (g a )b = g ab .
• g ab is the shared secret.

8/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Security

• Only g , g a , g b are known to Eve. Since it is infeasible for her to solve the Discrete
Log problem, she can’t recover a and b.

• Eve also can’t solve the Computational Diffie Hellman Problem to deduce g ab

• If the group is Z∗p for large prime p, p is chosen such that (p − 1)/2 is also prime,
to prevent the Pohlig-Hellman attack.

• However, this is still susceptible to the Logjam attack in practice, so it is

recommended we turn to Elliptic Curve groups for Cryptography.

9/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Elliptic Curves
• An elliptic curve is a smooth projective algebraic curve over a
field, and can be presented in extended Weierstrass form as
• The set of planar points (x, y ) ∈ F2 satisfying the cubic
equation

F (X , Y ) := Y 2 + a1 XY + a3 Y − X 3 − a2 X 2 − a4 X − a6 = 0

• The special marked point O, called its point at infinity.

• Points on an elliptic curve form an abelian group. O is the
group identity. We do cryptography on large finite prime order
subgroups of elliptic curve groups.
• Supersingular Isogeny Diffie-Hellman (SIDH) is a protocol
that resists Eve’s attacks even when she’s armed with a
quantum computer.
10/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Isogenies

• Isogenies are group homomorphisms between elliptic curves, and coordinates

across the map are related by rational functions.

• Given certain conditions, the degree of the rational function is equal to the order
of the kernel of the homomorphism.

• An elliptic curve group and a finite subgroup uniquely determine the isogeny
whose kernel is the subgroup.

11/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

References

• Overview of Cryptography: CS 406 Lecture Notes, Prof Manoj Prabhakaran

• The Discrete Logarithm Problem: Wikipedia
• The Diffie-Hellman Problem: Wikipedia
• Diffie-Hellman Key Exchange: Wikipedia
• Facts about Elliptic curves and Isogenies: arXiv version of a really cool, very
recent paper about another algebraic application about elliptic curves. Referred to
Section 4

12/13
Introduction Hard Problems Over Groups Diffie-Hellman Key Exchange Elliptic Curves References

Thank you for your attention.

13/13