# <center>**Elliptic Curve Cryptography**<center/>
---

## What is an Elliptic Curve?

### Elliptic Curve Fundamentals

An elliptic curve $E$ over a field $F$ is a collection of points $(x, y)$ where $x,y\in F$ satisfying the following equation:
$$y^2=x^3+ax+b$$
and containing the "point at infinity" $O$.

#### Identitites and Inverses

The point at infinity is the additive identity. That is, for all points $P\in F$, $P+O=P$

Let us also say that $P=(x, y)$. Then we will define $-P=(x,-y)$. We then say that $P+(-P)=O$

#### Addition

We define addition for two distinct points $P$ and $Q$ as $P+Q$ on an elliptic curve by first calculating the secant line between $P$ and $Q$. We then follow that line until it next intersects the curve. Let us call this point $J$. We then say that $P+Q=-J$. A graphical interpretation of addition is shown below:

<br/><br/>
<img src="images/addition_distinct.png" alt="Addition along an Elliptic Curve">
<br/><br/>

For point doubling ($2P=P+P$) we perform the same process but now with line tangent to the elliptic curve at point $P$ instead of the secant line.

### Elliptic Curves over Finite Fields

In the examples and images we looked at above, all calculations were done over the field of the real numbers, $\mathbb{R}$. However, for our purposes we will work exclusively with elliptic curves over the field $\mathbb{Z}/p\mathbb{Z}$ (the integers modulo a prime $p$). This means our elliptic curve equation above will now look like this:
$$y^2=x^3+ax+b\mod{p}$$
These finite fields are much easier for computers to work with, but are much less intuitive. Here is an example of an elliptic curve over a finite field:

<br/><br/>
<img src="images/finite_ec.png" alt="Elliptic Curve over finite field">
<br/><br/>

### **Notice how not every x-coordinate contains a point on the elliptic curve.**

### Testing Elliptic Curves Out

An elliptic curve implementation is available in the file `ec/elliptic_curve.py`. Let's test it out:

In [7]:
from ec.elliptic_curve import EllipticCurve

In [8]:
ecurve = EllipticCurve(0, 3, 23) # x^3 + 3x (mod 23)

p = (12, 11)
q = (1, 2)

print(ecurve.add_points(p, ecurve.PTATINF)) # P + O
print(ecurve.add_points(p, ecurve.add_points(q, ecurve.neg(p)))) # P + (Q - P) should give Q


(12, 11)
11
7
(1, 2)


## Uses of an Elliptic Curve

There are many uses for elliptic curves and their math in cryptography, we'll go over the two that we chose to implement here: Elliptic Curve Diffie-Helmann and an Elliptic Curve El Gamal encryption-decryption system.

### Elliptic Curve Diffie-Helmann

The idea behind this is quite simple. Alice and Bob agree upon a curve $E$ and a point $P$ on that curve. Then they each choose a scalar private key which well call $a$ and $b$, respectively. Alice and Bob each compute their respective public keys $aP$ and $bP$, which are both points on the elliptic curve. Then Alice takes Bob's public key and forms the point $a(bP)$ while Bob uses Alice's public key to form the point $b(aP)$. Because the points on an elliptic curve form a group, $a(bP)=b(aP)$. This means that Alice and Bob will both end up with the same shared key without ever knowing the other person's private key.

Let's look at an example using our libraries. It is important to note that the `ECDH` classes randomly select a private key, which means this code is nondeterministic.

In [11]:
from ecdh.ecdh import ECDH

In [12]:
alice = ECDH(p, ecurve)
bob = ECDH(p, ecurve)

a_pub = alice.get_public()
b_pub = bob.get_public()

print("Alice's public key: ", a_pub)
print("Bob's public key: ", b_pub)

print("Alice's shared key: ", alice.get_shared(b_pub))
print("Bob's shared key: ", bob.get_shared(a_pub))

16
6
22
42
14
32
14
22
42
-1
14
Alice's public key:  (0, 7)
Bob's public key:  (11, 0)
0


ValueError: base is not invertible for the given modulus