An Inconvenient Truth
It’s the time to be aware, and respond to THIS!!!
Let’s go into action!
Updates from April, 2008 Toggle Comment Threads | Keyboard Shortcuts
-
CG
-
CG
Characteristic of a ring
The characteristic of a ring is the number of times you must add the multiplicative identity element in order to get the additive identity element.
If adding the multiplicative identity element to itself, no matter how many times, never gives us the additive identity element, we say the characteristic is 0. Otherwise, there must exist an integer p such that p ร n = 0 for all n. The value of p is then the characteristic of the ring.
In a ring of characteristic 2, the elements 2, 4, etc., are all equal to 0. In a ring of characteristic 3, the elements 3, 6, etc., are all equal to 0.
-
Budi Sulistyo
Iya2 saya jadi lebih ngerti… Berarti ring bilangan integer itu karakteristiknya 0 ya?
-
chikaradirghsa
“Berarti ring bilangan integer itu karakteristiknya 0 ya?”
>> iya
-
pbasari, 
chikaradirghsa, 
CG
Curves avoided for cryptography
Supersingular curves are to be avoided for cryptography because they are vulnerable to the MOV attack. (more about it later)
As with the supersingular curves, elliptic curves that are singular are to be avoided for cryptography .
CG
Supersingularity and singularity
Supersingularity is not to be confused with singularity.
When an elliptic curve is de๏ฌned over real numbers, singularity of the curve is related to its smoothness. More speci๏ฌcally, a curve is singular if its slope at a point is not de๏ฌned.
Supersingularity, on the other hand, is related to the order of E2^n and how this order relates to the number of points in the underlying ๏ฌnite ๏ฌeld.
jasonhenle, 
Roby are discussing. -
Roby
sorry nggak nyambung.
tapi lu tuh bener2 mengingatkan jaman2 gw di itb.
singularity maenan gw selama di itb. -
chikaradirghsa
cerita dong singularity lu yang kayak gimana?
kalau udah jadi maenan mah mustinya lu bisa bantuin gue mikirin konsep2x kayak gini atuh! sip!
-
jasonhenle
The Singularity is Near is being made into a movie for next year! The Singularity is Near Movie.
CG
Why GF(2^n)?
Binary ๏ฌnite ๏ฌelds more convenient for hardware implementations because the elements of GF (2^n) can be represented by n-bit binary code words. Thus GF(2^n) is common for hardware implementations.
The addition operation in GF (2^n) is like the XOR operation on bit ๏ฌelds. That is x + x = 0 for all x โ GF (2^n). This implies that a ๏ฌnite ๏ฌeld of form GF (2^n) is of characteristic 2.
CG
NSA's ECC License Agreement with Certicom
Several important things about ECC and some standards on GF(p) or GF(2^m) from this document :
What is excluded from an NSA sublicense?
The ๏ฌeld is restricted to GF(p) where p is a prime number greater than 2^255.
If you wish to use smaller ๏ฌeld size or the binary ๏ฌeld GF(2^m) in your products, then these products would be excluded from the sublicense.
Why the GF(p) ๏ฌeld size?
GF(p) was chosen because it has been well studied over the last 20 years. For national security applications, the NSA would like to see key sizes of at least 256 bits which is why they specify that p is a prime number greater than 2^255.
Why did the NSA not license the binary ๏ฌeld GF(2^m)?
The binary ๏ฌeld has been well studied over the last 20 years as well and is perfectly secure; however we believe the NSA wanted to limit the implementation choices. The NSAโs stated goal is to foster interoperability amongst secure communications equipment used across various government organizations. By limiting the implementation choices, this interoperability is easier to achieve.
What is Suite B?
The NSA announced Suite B at the RSA Conference February 2005. Suite B has two different levels of security, one for classi๏ฌed information and one for sensitive but unclassi๏ฌed information. The algorithms are as follows:
Why has the NSA de๏ฌned a Suite B?
We believe Suite B was de๏ฌned to take advantage of the cryptographic strength of ECC, and to narrow the choices in crypto algorithms. One of the goals is to facilitate sharing of information securely between government organizations which can only be accomplished by setting clear cryptographic standards for systems.
We believe another of the goals is to address the issue of homogeneous cryptographic strengths for symmetric and asymmetric algorithms. For example AES at 128 bits should be paired with ECC at 256 bits and SHA at 256 bits in order to have the whole system at one cryptographic level. Today there are no such rules, and as a result, there are widespread poor cryptographic practices such as using RSA 1024 to exchange keys for AES 128.
Why does the NSA like ECC?
ECC is the only proven pubic key technology that scales in a practical way over time. As computing power increases, it becomes easier to break all cryptosystems so cryptographic keys must increase in size to maintain their strength. The NIST chart below demonstrates this clearly. As you can see, in order to match the AES key strength at 256 bits, you would need to use RSA keys of size 15360 bits. Keys at this size are unusable. With ECC you can use a key size of 512 bits to offer equivalent security.
Why has the US Government endorsed ECC for both classi๏ฌed and sensitive but unclassi๏ฌed?
We believe the NSA is trying to promote the notion of sharing information securely between Government departments at all levels of communication for Homeland Security. This was a key point in the presentation by Mr. Daniel G. Wolf, the National Security Agencyโs Director of Information Assurance, at the 14th Annual RSA Conference in 2005. Setting clearly de๏ฌned cryptographic standards & protocols are crucial for interoperability and making the sharing of information securely a reality.
Is the US alone in selecting ECC?
No. The NESSIE project (New European Schemes for Signatures, Integrity and Encryption) (2000-2003) did extensive evaluation on crypto algorithms. For more information, visit: https://www.cosic.esat.kuleuven.ac.be/nessie/ They recommend ECDSA as a signature scheme and published a chart of key size recommendations that proposes even larger keys than the one above for RSA algorithms.
In addition, in 2001, the Government of Japan formed the CRYPTREC Evaluation Committee which is composed of eminent Japanese cryptographers. They have aggressively evaluated various cryptographic techniques to recommend the optimum cryptographic techniques necessary for the security of future e-Government systems. They recommend a number of ECC-based protocols including ECDSA and ECDH. http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html
Is ECC found in standards?
Yes. ECC is found in many standards. Here is a brief list.
CG
Projects planned
These are the “projects” we (me and Intan) agreed to do:
1. Do the same thing as Baier for F(2^m)
2. Find the connection between non maximal imaginary quadratic order and elliptic curve
3. Find the effect of the reduction on finite fields
Wish us luck!
-
Budi Sulistyo
Pokoke semangat!
-
Budi Rahardjo
yeah! I need a lot of luck to understand all of that. ha ha ha.
-
chikaradirghsa
@BR & Budi Sulis: i need you guys for back ups!
-
Intan
Chik, bad news ๐ฆ in Baier diss p.33 GISA restricts to finite prime fields and finite fields of char 2. In the latter case point counting is superior to our approach.
SO, that is WHY he only did the prime field of char not 2 or 3 case. -
Intan
Chik, one more question, is there another agency like GISA who also can give some conditions for security of ECC?
-
chikaradirghsa
“one more question, is there another agency like GISA who also can give some conditions for security of ECC?”
>> there is.
>> i’ll find more about that ๐
>>[will report the result here] -
chikaradirghsa
“Chik, bad news ๐ฆ in Baier diss p.33 GISA restricts to finite prime fields and finite fields of char 2. In the latter case point counting is superior to our approach.
SO, that is WHY he only did the prime field of char not 2 or 3 case.”>> does that mean that point counting in finite fields
>> of char 2 is harder to do than in finite prime
>> fields?
>> d*mn, so what to do now?
>>[i still really want to explore finite fields of char 2..] -
intan
ga dibilang sih harder ngganya, yang jelas untuk binary field, point counting lebih efisien – jadi buat apa pakai cm-method (lihat postingan sebelumnya tentang 2 cara menentukan ellcurv)
-
chikaradirghsa
ok tan, weekend ini gue baca paper2x dan teori yang berkaitan dengan itu ya
CG
Introduction to Cryptography – Johannes A. Buchmann
A new reference for the research. Written by the author of several papers have been used as references. A must read piece of excellent work of the supervisor of Harald Baier while he was doing his dissertation.
-
Budi Sulistyo
Punya? Ngopi dong…
-
chikaradirghsa
ok, kebetulan mau ngopi. dikopiin 2 skalian ya
CG
Characteristic of a field
The order of a finite field is the number of elements in the field. There exists a finite field F of order q if and only if q is a prime power, i. e. , q=p^m where p is a prime number called the characteristic of F, and m is a positive integer.
If m=1, then F is called a prime field. If m >= 2, then F is called an extension field. For any prime power q, there is essentially only one finite field of order q; informally, this means that any two finite fields of order q are structurally the same except that the labelling used to represent the field elements may be different.
Any two finite fields of order q are isomorphic and denote such a field by Fq.
-
Budi Sulistyo
“There exists a finite field F of order q if and only if q is a prime power, i. e. , q=p^m where p is a prime number called the characteristic of F, and m is a positive integer.”
This is a counter example:
Let me choose p=2 (…2 is a prime number) and m=2 (…m is a positive integer). Then we have q=p^m=4, with q is the order of the field. So, the field have 4 elements and it will be isomorphic with finite integer modulo 4: the set={0,1,2,3}, the operation=+,*.But, 2*2=0. Such operation is impossible for a field.
It is just because there is a fact that if A is a field then A has no divisors of zero, i.e. for any x belong to A and x are not equal to zero, if x*y=0 then y=0.
-
chikaradirghsa
โThere exists a finite field F of order q if and only if q is a PRIME POWER, i. e. , q=p^m where p is a prime number called the characteristic of F, and m is a positive integer.โ
So for q = p^m = 2 ^ 2, q=2. The order of the finite fields is 2. {0,1} -> field
-
Tommi
So, the characteristic prime determines the order of the field?
You do say that q = p^m and q determines the order of the field, even though it seems to be p (the prime number) that determines the order.
-
chikaradirghsa
@tommi: yes, the p (prime number) determines the order of the field. the prime power determines the order, to be exact
-
Intan
The characteristic of a field F is the smallest integer n such that na = for all a in F.
e.g the characteristic of Z_5 is 5 because 5.0 = 5.1 = 5.2 = 5.3 = 5.4 = 0.Finite field of order p^m has char p.
e.g for p = 2 F_4 + F_2^2 is the finite field of 4 elements : 0v + 0w, 0v +1w, 1v + 0w and 1v+1w with {v,w} basis of F_2^2 over F_2 as vect sp.
Then for all element of F_4 :
2(0v + 0w) = 0,
2(0v +1w) = 2.0v + 2.1w = 0 (because 2.1 = 0),
2(1v + 0w) = 0 and
2(1v+1w) = 0.
So the char of F_4 is 2.F_4 IS NOT Z_4 = {0,1,2,3}. Z_4 is not a field
(chik sori bikin catatan disini, biar gw ga lupa ๐ )
-
chikaradirghsa
thanks so much partner for the back ups!
yea we really should write more notes here!
CG
About Group, Ring and Field
Group:
G1) Closure under addition [if a and b belong to S, then a+b is also in S]
G2) Associativity of addition [a+(b+c) = (a+b)+c for all a, b, c in S]
G3) Additive identity [There is an element 0 in R such that a+0=0+a=a for all a in S]
G4) Additive inverse [For each a in S there is an element -a in S such that a+(-a)=(-a)+a=0]
Abelian Group:
AG) Commutativity of addition [a+b=b+a for all a, b in S]
Ring:
R1) Closure under multiplication [If a and b belong to S, then ab is also in S]
R2) Associativity of multiplication [a(bc)=(ab)c for all a, b, c in S]
R3) Distributive laws [a(b+c)=ab+ac for all a, b, c in S (a+b)c=ac+bc for all a,b, c in S]
Commutative Ring:
CR) Commutativity of multiplication [ab=ba for all a, b in S]
Integral Domain:
ID1) Multiplicative identity [There is an element 1 in S sucht that a1=1a=a for all a in S]
ID2) No zero divisors [If a, b in S and ab = 0, then either a=0 or b=0]
Field:
F) Multiplicative invers [if a belongs to S and a != 0, there is an element 1/a in S such that (a)(1/a)=(1/a)(a)=1]
[more updating …]
Crypto Code 
naungancinta 11:27 am on April 29, 2008 Permalink |
Kebanyakan manusia pengennya enak ndiri, maunya dapet manfaat dan untung dari alam, tapi ga mau merawat dan memperlakukan alam dengan baik, jadinya ya gitu, Yang Punya jadi marah dan membalas ketidaknyamanan alam tsb kepada manusia…
Mbak pernah nonton liputan yang membahas tentang global warming effect dengan studi kasus di indonesia ga? tapi aku lupa siapa yang bikin, itu tuh bikin gemes bangetttt!
~ someone else called Chika ^_^
chikaradirghsa 10:08 pm on April 29, 2008 Permalink |
halah! siska???
ha ha ha ha hello another chika!
belum pernah nonton yang studi kasus di indonesia! pinjem atuh euy filmnya uy
Rindu 1:45 am on May 1, 2008 Permalink |
Saya janji akan menjaga alam … setidaknya menjaga air yang saya gunakan untuk mandi ๐ [kenapa hanya mandi, karena kan pake air terbanyak saat mandi]
chikaradirghsa 8:09 am on May 1, 2008 Permalink |
@3 sip!!! kalau ga perlu mandi ga usah mandi sering2x hi hi hi
pbasari 10:33 am on May 1, 2008 Permalink |
mandi?
hemat air? ya udah, kebetulan saya memang belum mandi..