# Elliptic Curve Cryptography (ECC)

Elliptic Curve Cryptography (ECC) is a type of public key cryptography that uses the mathematics behind elliptic curves to provide strong security with relatively small keys. ECC is becoming more widely used as it offers the same security as RSA with a smaller key size, which makes it more efficient. The security of ECC is based on the Elliptic Curve Discrete Logarithm Problem (ECDLP). The ECDLP is the hard problem of trying to find the integer `n`, given the points `P`, `Q` on the elliptic curve, where $Q = n \cdot P$. This problem is known to be difficult to solve, which is what provides the basis for the security of ECC.

## Use Cases

### 1. Elliptic Curve Diffie-Hellman (ECDH)

ECDH is a key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key which can then be used to encrypt subsequent communications using a symmetric key cipher.

### 2. Elliptic Curve Digital Signature Algorithm (ECDSA)

ECDSA is a variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography. It is used to create a digital signature of data (a number derived from the secret key and the data) which can be verified by anyone who has the public key, thereby proving that the data came from the person who holds the associated private key.

In summary, ECC is a powerful tool in the field of cryptography, providing efficient and secure methods for encryption, digital signatures, and key agreement.

But what is an elliptic curve?

![Elliptic Curve](img/curve.jpeg)

## Definition

An elliptic curve is a set of points that satisfy the equation:
$$
y^2 = x^3 + ax + b
$$
with `4a³ + 27b² ≠ 0`.

### Calculation Rules

1. **Point Addition**: The sum $R = P + Q$ is the reflection over the $x$-axis of the third point of intersection of the line through $P$ and $Q$ with the curve.

2. **Point Doubling**: $2P$ is the reflection over the $x$-axis of the third point of intersection of the tangent line at $P$ with the curve.

3. **Identity Element**: There is a point at infinity $O$ such that $P + O = P$ for any point `P` on the curve.

4. **Inverse Element**: For every point $P$, there is another point $-P$ such that $P + (-P) = O$.

## Calculation on Elliptic Curves

### Point Addition

Given two points $P$ and $Q$ on the curve, the sum $R = P + Q$ is calculated as follows:
$$ P=(x_1, y_1) \text{ and } Q=(x_2, y_2) $$

- If $P = O$, then $R = Q$.
- If $Q = O$, then $R = P$.
- If $P = -Q$, then $R = O$.
- If $P = Q$, then $R = P+P$: $\lambda = \frac{3x_1^2 + a}{2y_1}$.
- If $P \neq Q$, then $R = P+Q$: $\lambda = \frac{y_2 - y_1}{x_2 - x_1}$.
- $x_3 = \lambda^2 - x_1 - x_2$.
- $y_3 = \lambda(x_1 - x_3) - y_1$.

$$ R = (x_3, y_3) $$

## Elliptic Curve Diffie-Hellman (ECDH) Key Derivation

1. **Key Pair Generation**: Each party generates a public-private key pair. The private key is a random number, $a$ for Alice and $b$ for Bob, and the public key is the corresponding point on the elliptic curve, $A = aP$ for Alice and $B = bP$ for Bob, where $P$ is a point on the curve known to both parties.

2. **Shared Secret Calculation**: Each party multiplies their own private key by the other party's public key. This results in the same point on the curve for both parties, which can be used as the shared secret.

Formulas:
- Public key: $A = aP$ for Alice and $B = bP$ for Bob
- Shared secret: $S = aB = bA$

### Example

- Elliptic curve: $y^2 = x^3 + 2x+2$ over $\mathbb{Z}_{17}$
- Private Key (Alice): $a = 5$
- Private Key (Bob): $b = 9$
- Generator Point: $G = (5,1)$

In [1]:
import ecc

curve = ecc.Curve(2, 2, 17, (5, 1))

# private keys
a = 3
b = 9

# public keys
A = curve.product(a)
print("A =", A)
B = curve.product(b)
print("B =", B)

# calculate shared secret

shared_secret = curve.product(a, B)
print("shared secret =", shared_secret)
shared_secret2 = curve.product(b, A)
print("shared secret2 =", shared_secret2)

A = (10, 6)
B = (7, 6)
shared secret = (13, 7)
shared secret2 = (13, 7)


## Elliptic Curve Digital Signature Algorithm (ECDSA)

ECDSA is a variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography. It is used to create a digital signature of data (a number derived from the secret key and the data) which can be verified by anyone who has the public key, thereby proving that the data came from the person who holds the associated private key.

### Key Pair Generation

1. **Private Key**: A random number, $d$, is generated in the range $[1, n-1]$, where $n$ is the order of the generator point $G$.
2. **Public Key**: The public key is calculated as $Q = d \cdot G$.

### Signature Generation

1. **Random Number**: A random number, $k$, is generated in the range $[1, n-1]$.
2. **Point**: The point $k \cdot G = (x_1, y_1)$ is calculated.
3. **Signature**: The signature is calculated as $(r, s)$, where $r = x_1 \mod n$ and $s = k^{-1}(z + rd) \mod n$, where $z$ is the hash of the message.

### Signature Verification

1. **Point**: The point $s^{-1} \cdot z \cdot G + s^{-1} \cdot r \cdot Q = (x_1, y_1)$ is calculated.
2. **Verification**: The signature is valid if $r = x_1 \mod n$.

In [6]:
# TODO

## Real Elliptic Curves in use (Curve25519)

Curve25519 is an elliptic curve that is widely used in ECC. It is defined over the prime field $\mathbb{Z}_{2^{255} - 19}$ and has the equation $y^2 = x^3 + 486662x^2 + x$. The generator point for Curve25519 is $(9,14781619447589544791020593568409986887264606134616475288964881837755586237401)$. The secret keys are 32 bytes long.

In [None]:
print("p =", 2**255 - 19)
print("a =", 486662)
print("b =", 1)
print(
    "G =",
    (9, 14781619447589544791020593568409986887264606134616475288964881837755586237401),
)