椭圆曲线版本的 Diffie-Hellman 密码学如何工作?
椭圆曲线 diffie hellman 计算看起来与此处定义的标准计算有什么不同:
/*
* The basic Diffie-Hellman Key Agreement Equation
*
* The client initiates
* A = g^a mod p
*
* Sends (g p A) to the server
*
* The server calculates B
* B = g^b mod p
*
* Sends B back to client
*
* The client calculates K
* K = B^a mod p
*
* The server calucaltes K
* K = A^b mod p
*
*/
或者它只是选择 g、a、p 和 b 的一种特定方法? g、a、p 和 b 是如何选择的?
Does the Elliptic curve diffie hellman calculation look any different from the standard one defined here:
/*
* The basic Diffie-Hellman Key Agreement Equation
*
* The client initiates
* A = g^a mod p
*
* Sends (g p A) to the server
*
* The server calculates B
* B = g^b mod p
*
* Sends B back to client
*
* The client calculates K
* K = B^a mod p
*
* The server calucaltes K
* K = A^b mod p
*
*/
Or is it just a specific way of selecting g, a, p and b? How are g,a,p and b selected anyway?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
基本原理是相同的,但私钥的选择和公钥的计算方式有很大不同。此外,每个人都必须事先就使用的椭圆曲线达成一致。
如前所述,在 Diffie-Hellman 的椭圆曲线版本中,您首先决定要使用哪条椭圆曲线。这决定了许多称为域参数的独立参数。在不涉及太多技术性的情况下,事实证明,对于加密目的,某些曲线比其他曲线更好,因此参数实际上是仔细选择的,而不是随机选择的。这有点类似于选择好的素因数。
有两组域参数:
E 和 G 对于描述您需要的所有信息来说是必要且充分的。
在 ECC-DH 中,私钥 d 是通过在区间
[1, n-1]上随机选择一个数字来计算的,其中n是阶G< /em>。公钥Q是通过Q = dG计算出来的。之后的总体思路是相同的,只不过不是尝试解决困难的整数分解问题< /a>,您正在尝试解决一个困难的离散对数问题。The basic principle is the same, but the selection of the private key and how the public key are computed are significantly different. In addition, everyone has to agree beforehand on the elliptic curve to use.
As noted, in the elliptic-curve version of Diffie-Hellman, you first decide which elliptic curve you're using. That determines a number of independent parameters called the domain parameters. Without getting too technical, it turns out that some curves are better than others for cryptographic purposes, so the parameters are actually chosen carefully rather than at random. This is somewhat analogous to picking good prime factors.
There are two sets of domain parameters:
E and G are necessary and sufficient to describe all the information you need.
In ECC-DH, the private key d is computed by taking a randomly selected number on the interval
[1, n-1], wherenis the order of G. The public key Q is computed by takingQ = dG. After that the general idea is the same, except that instead of trying to solve a hard integer factorization problem, you're trying to solve a hard discrete logarithm problem.