Chapter 3 Cryptography 75
Cryptography Overview
The following calculations are really just a series of substitutions that can be made by
looking back at the definition. You may find it more convincing to go through the
substitution steps yourself, by glancing back at the preceding sections Creating the
Key Pair, Signing a Message, and Verifying a Signature.
If the message has been signed correctly, then s = s’. Expanding the elliptic curve
point (x
1
,y
1
)=u
1
P +u
2
Q calculated by the recipient, we see that:
u
1
P +u
2
Q =es
–1
P + rs
-1
Q
=s
–1
(eP +rQ)
Recall that Q =dP, so:
u
1
P +u
2
Q =s
–1
(eP +rQ)
=s
–1
(eP +rdP)
=s
–1
(e + rd)P
=s
–1
(e + dr)P
Now recall that s = k
–1
(e+dr)mod n, so:
u
1
P +u
2
Q =s
–1
(e + dr)P
=[k
–1
(e+dr)]
-1
(e + dr)P
= (k
–1)–1
(e+dr)
–1
(e+dr)P
= kP
This is the point calculated by the recipient. But this is also the point generated by the
sender. The recipient then checks that the x-coordinate of the calculated point is in fact
the x-coordinate that was received.
Elliptic Curve Authenticated Encryption Scheme
(ECAES)
You can use elliptic curves to create an authenticated encryption scheme with a
public/private key pair.
As always with elliptic curves, we assume that the elliptic curve parameters have
been defined in advance. Suppose Bob has a key pair based on these parameters. The
pair is (Q,k
2
), where Q = k
2
P, where P is the base point of prime order specified in the
elliptic curve parameters. The point Q is the public value and the number k
2
is the
private value.
