Placeholder Image

字幕表 動画を再生する

  • So when we looked in the last video my security overview for a particular website we noticed he actually wasn't using Diffie Hellman

  • it was using elliptic curve diffie-hellman, so this is just going to be a short video

  • that explains broadly the difference between the two without going into too much maths although actually the maths of elliptic curves isn't that difficult.

  • Let's not go over Diffie-Hellman a third time

  • So you and me have some kind of secret key and we use that to talk securely

  • Diffie-Hellman is how we get that secret key.

  • Every time I talk about Diffie-Hellman

  • and use any kind of analogy people were like oh show us the maths so this is for the maths people

  • We had a few interesting questions on the Diffie-Hellman video so let's explore

  • Remember that Alice here has some public variable g ^ a mod n now

  • what's important about this is that in some sense a has been mixed into this generator, so what we can't split it up

  • She can send this around,

  • without everyone working out

  • what a is, which is the important thing. So really what the mathematics behind Diffie-Hellman does, is allow the protocol to send

  • messages where you can't extract this private variable and that's exactly what elliptic curves do, they just do it in a slightly different way

  • I'll draw a picture elliptic curve ish. Right so this is an elliptic curve

  • Elliptic curves are curves in two dimensions

  • Cameraman: We need colors on this mark, colors, couple colors

  • Mark: It's the future, right!

  • So the formula for an elliptic curve is y^2 = x^3 + ax + b.

  • and that's the last time we were to talk about it. So the parameters of the curve are a and b

  • and then the curve will look something like, hold on I'm going to sort take a bit of artistic license with this

  • but something a bit like that. Now they vary in shape depending on what a and b are. The thing about an elliptic

  • Curve is in our modular arithmetic we had numbers going around modulo n, right which is just a list of numbers

  • it's a cycle of numbers.

  • Here we have a cycle of points somewhere on this curve, so our generator will be a point on this curve

  • Let's use blue, shall we.

  • This is our generator

  • That's not a good place for my generator

  • It's not a good place my generator, because then my next example of adding things to the generator won't work

  • Let's let's do it

  • Let's do it there all right ignore that point that can be a different point for later now if this is our generator G

  • What we can do, instead of raising things to powers, we just add G to itself. We have 2G 3G

  • 3G is G Plus G Plus G. Yeah, so what we can do is we can add

  • G to itself. To do that what you do is you draw a line

  • At the tangent of this curve all the way until it hits another point on the curve

  • You flip it over to the other dimension, and this is 2g over here

  • 3G would be the line between these two. Find out where it intersects and flip it over here

  • So this is 3G. 3G plus G, would be, it goes along here like this

  • Intersects the curve somewhere else flips over and it's over here, so this is 4G.

  • Now we won't look at it anymore right the actual formula for this is just

  • mathematics to do with lines and the tangent of this curve

  • It's actually not very complicated the point is what we're doing is by multiplying G

  • By various numbers or adding it to itself this point addition. We're moving around this curve sort of seemingly at random

  • Right a bit like how we were moving around our clock face seemingly at random so the nice thing is that if you're adding points

  • together one elliptic curve

  • You will always intersect only one other point

  • Which means that you've never got a choice of two or three points where you could go so that helps a lot?

  • When you're doing this so if I give you a point on the curve here

  • And I say question mark G right how many multiples of G

  • Is that then any ideas no no idea at all right? It could be 50 G. It. Could be 5 billion G

  • We don't we you know it

  • There's no way of knowing that is our private number, and that's the thing we can't extract back out here

  • We couldn't get our a if I give you a G

  • That's all I'm gonna capitalize it now G. Plus G Plus G Plus G a times on this curve

  • I give you that point and ask you to tell me what the private variable was oh

  • No idea, you know for a small curve. You might get it off a few attempts for a big curve

  • You're never going to get it. Oh, it's going to take you so long and you won't bother

  • So what?

  • Elliptic curves, do is literally a plug in replacement for the mathematics that a modular arithmetic mathematics involved in normal

  • difficulty late B

  • G and their shared secret will end up being a B G and it's very very similar now

  • Just to give you someone. We also do this all modulo n because why wouldn't you?

  • Know because that's how the mathematics works. That's what we do so in fact. It doesn't really look like a curve anymore

  • I'll show you a picture of one so this is an example of elliptic curve. I just looked on internet right modulo something like

  • 460 this is some curve

  • I don't know what the parameters are now you can see if this was a generator

  • The points are just gonna dot around all over the place eventually

  • They'll go back to the start and cycle background again

  • But not for a long long time so if I give you this point and tell you what was my private number

  • That's how it's secure. It's very hard

  • to undo that and in fact

  • It's very mathematically quite easy to calculate some multiple of G and move around

  • But it's difficult to undo that process that's the private part of elliptic curves. You know I'm going to ask you though

  • Why why, would you bother with this? So this looks like it's are being unnecessary complication. Yeah well

  • It's a notice in some sense slightly more complicated, but actually

  • Mathematically, it's much more efficient the so elliptic curves are a little bit harder to solve this elliptic curve discrete logarithm problem

  • Which is what we call it?

  • It's slightly harder to solve in some sense than the regular discrete logarithm problem

  • Which means that elliptic curves can get away with shorter key sizes?

  • And that just means less computation when you're calculating a to the G or B to the G

  • To give you an example, so let's imagine that I use a different key was three thousand bits long

  • I would get the same security from an elliptic curve where my

  • prime n is only 256 bits long which is much much shorter the matter is much easier to compute much much faster, so

  • There was a strong tendency to use elliptic curves for that reason if you've got to imagine if you're a server

  • Performing these key exchanges all the time because people come into your shop or something like this

  • Then that kind of savings actually quite useful. It doesn't really matter if you're doing on your home

  • PC

  • But you know that many

  • You might as well use it with the flip side of that question that yeah is anyone still using the other way

  • Yep

  • so there are a few people who are a little bit suspicious of elliptic curves and

  • certain elliptic curves for example the NIST P 256 curve has its disk trap

  • Detractors because they're not absolutely sure where things like this a and B came from and so on okay

  • Maybe I mean for what it's worth big companies are also using that curve, and they seem to be fond of it

  • Other curves are available to give you an example

  • I've used a publicly available cryptography library to generate a couple essentially equivalent to

  • G to the a and a G just so you can see the difference in this sort of size

  • We're talking about here if I run this Python script

  • We've established a generator and a large prime

  • And this prime is 2048 bits so this is our a and this is our G to the a mod N

  • And you can see I mean this will be slightly shorter, but the idea you can see they're there

  • They're quite long approaching two thousand bits so that on a fast version you can see it didn't take very long to compute

  • But it took a little time to compute if I've run the same thing using elliptic curve. Cryptography on the NIST P 256 curve

  • We'll see it should be a lot shorter, okay

  • There we go right much shorter the missing 256 bit number much much shorter. You can see our private key is actually a number

  • Because it's a number a the number of times

  • We've jumped around our elliptic curve, and this is our actual XY coordinate of our point on the curve

  • So you can see it's split into here's the first part, and then the second part here

  • So this is X and this is y?

  • What you would normally do in this kind of situation if you were driving a key from this is

  • Scrap the Y and just use the X because it's long enough and secure enough

  • But that will depend on your situation there are debates that I had over

  • What curves are safe to use a lot of people use the NIST PT five six curve?

  • But some people other researchers don't think that secure because it may be made they've taken shortcuts on some of the parameters for efficiency reasons

  • They're not sure where somebody's parameters came from and that isn't without precedent

  • There was a situation where an elliptic curve random number generator was found to essentially have a backdoor

  • Which might be for a different video so the x.25 five one nine. Curve is quite well-regarded because they've gone to great lengths to

  • Demonstrate how they came up with their variables, and why it's used you know if you're if you're intricate to graphic research

  • This is something that comes concern. You who's just using the web probably don't worry about it

  • Heed the message hello computer file pop up, so it's getting the data of various things and we see here hello computer file

  • We've been able to do this by accessing a value that we shouldn't be able to access this code this if statement should stop us

  • Being able to access this past the end of this array

So when we looked in the last video my security overview for a particular website we noticed he actually wasn't using Diffie Hellman

字幕と単語

動画の操作 ここで「動画」の調整と「字幕」の表示を設定することができます

B1 中級

楕円曲線 - コンピュータマニア (Elliptic Curves - Computerphile)

  • 3 0
    林宜悉 に公開 2021 年 01 月 14 日
動画の中の単語