 字幕表 動画を再生する

• So when we looked in the last video my security overview for a particular website we noticed he actually wasn't using Diffie Hellman

• it was using elliptic curve diffie-hellman, so this is just going to be a short video

• that explains broadly the difference between the two without going into too much maths although actually the maths of elliptic curves isn't that difficult.

• Let's not go over Diffie-Hellman a third time

• So you and me have some kind of secret key and we use that to talk securely

• Diffie-Hellman is how we get that secret key.

• Every time I talk about Diffie-Hellman

• and use any kind of analogy people were like oh show us the maths so this is for the maths people

• We had a few interesting questions on the Diffie-Hellman video so let's explore

• Remember that Alice here has some public variable g ^ a mod n now

• what's important about this is that in some sense a has been mixed into this generator, so what we can't split it up

• She can send this around,

• without everyone working out

• what a is, which is the important thing. So really what the mathematics behind Diffie-Hellman does, is allow the protocol to send

• messages where you can't extract this private variable and that's exactly what elliptic curves do, they just do it in a slightly different way

• I'll draw a picture elliptic curve ish. Right so this is an elliptic curve

• Elliptic curves are curves in two dimensions

• Cameraman: We need colors on this mark, colors, couple colors

• Mark: It's the future, right!

• So the formula for an elliptic curve is y^2 = x^3 + ax + b.

• and that's the last time we were to talk about it. So the parameters of the curve are a and b

• and then the curve will look something like, hold on I'm going to sort take a bit of artistic license with this

• but something a bit like that. Now they vary in shape depending on what a and b are. The thing about an elliptic

• Curve is in our modular arithmetic we had numbers going around modulo n, right which is just a list of numbers

• it's a cycle of numbers.

• Here we have a cycle of points somewhere on this curve, so our generator will be a point on this curve

• Let's use blue, shall we.

• This is our generator

• That's not a good place for my generator

• It's not a good place my generator, because then my next example of adding things to the generator won't work

• Let's let's do it

• Let's do it there all right ignore that point that can be a different point for later now if this is our generator G

• What we can do, instead of raising things to powers, we just add G to itself. We have 2G 3G

• 3G is G Plus G Plus G. Yeah, so what we can do is we can add

• G to itself. To do that what you do is you draw a line

• At the tangent of this curve all the way until it hits another point on the curve

• You flip it over to the other dimension, and this is 2g over here

• 3G would be the line between these two. Find out where it intersects and flip it over here

• So this is 3G. 3G plus G, would be, it goes along here like this

• Intersects the curve somewhere else flips over and it's over here, so this is 4G.

• Now we won't look at it anymore right the actual formula for this is just

• mathematics to do with lines and the tangent of this curve

• It's actually not very complicated the point is what we're doing is by multiplying G

• By various numbers or adding it to itself this point addition. We're moving around this curve sort of seemingly at random

• Right a bit like how we were moving around our clock face seemingly at random so the nice thing is that if you're adding points

• together one elliptic curve

• You will always intersect only one other point

• Which means that you've never got a choice of two or three points where you could go so that helps a lot?

• When you're doing this so if I give you a point on the curve here

• And I say question mark G right how many multiples of G

• Is that then any ideas no no idea at all right? It could be 50 G. It. Could be 5 billion G

• We don't we you know it

• There's no way of knowing that is our private number, and that's the thing we can't extract back out here

• We couldn't get our a if I give you a G

• That's all I'm gonna capitalize it now G. Plus G Plus G Plus G a times on this curve

• I give you that point and ask you to tell me what the private variable was oh

• No idea, you know for a small curve. You might get it off a few attempts for a big curve

• You're never going to get it. Oh, it's going to take you so long and you won't bother

• So what?

• Elliptic curves, do is literally a plug in replacement for the mathematics that a modular arithmetic mathematics involved in normal

• difficulty late B

• G and their shared secret will end up being a B G and it's very very similar now

• Just to give you someone. We also do this all modulo n because why wouldn't you?

• Know because that's how the mathematics works. That's what we do so in fact. It doesn't really look like a curve anymore

• I'll show you a picture of one so this is an example of elliptic curve. I just looked on internet right modulo something like

• 460 this is some curve

• I don't know what the parameters are now you can see if this was a generator

• The points are just gonna dot around all over the place eventually

• They'll go back to the start and cycle background again

• But not for a long long time so if I give you this point and tell you what was my private number

• That's how it's secure. It's very hard

• to undo that and in fact

• It's very mathematically quite easy to calculate some multiple of G and move around

• But it's difficult to undo that process that's the private part of elliptic curves. You know I'm going to ask you though

• Why why, would you bother with this? So this looks like it's are being unnecessary complication. Yeah well

• It's a notice in some sense slightly more complicated, but actually

• Mathematically, it's much more efficient the so elliptic curves are a little bit harder to solve this elliptic curve discrete logarithm problem

• Which is what we call it?

• It's slightly harder to solve in some sense than the regular discrete logarithm problem

• Which means that elliptic curves can get away with shorter key sizes?

• And that just means less computation when you're calculating a to the G or B to the G

• To give you an example, so let's imagine that I use a different key was three thousand bits long

• I would get the same security from an elliptic curve where my

• prime n is only 256 bits long which is much much shorter the matter is much easier to compute much much faster, so

• There was a strong tendency to use elliptic curves for that reason if you've got to imagine if you're a server

• Performing these key exchanges all the time because people come into your shop or something like this

• Then that kind of savings actually quite useful. It doesn't really matter if you're doing on your home

• PC

• But you know that many

• You might as well use it with the flip side of that question that yeah is anyone still using the other way

• Yep

• so there are a few people who are a little bit suspicious of elliptic curves and

• certain elliptic curves for example the NIST P 256 curve has its disk trap

• Detractors because they're not absolutely sure where things like this a and B came from and so on okay

• Maybe I mean for what it's worth big companies are also using that curve, and they seem to be fond of it

• Other curves are available to give you an example

• I've used a publicly available cryptography library to generate a couple essentially equivalent to

• G to the a and a G just so you can see the difference in this sort of size

• We're talking about here if I run this Python script

• We've established a generator and a large prime

• And this prime is 2048 bits so this is our a and this is our G to the a mod N

• And you can see I mean this will be slightly shorter, but the idea you can see they're there

• They're quite long approaching two thousand bits so that on a fast version you can see it didn't take very long to compute

• But it took a little time to compute if I've run the same thing using elliptic curve. Cryptography on the NIST P 256 curve

• We'll see it should be a lot shorter, okay

• There we go right much shorter the missing 256 bit number much much shorter. You can see our private key is actually a number

• Because it's a number a the number of times

• We've jumped around our elliptic curve, and this is our actual XY coordinate of our point on the curve

• So you can see it's split into here's the first part, and then the second part here

• So this is X and this is y?

• What you would normally do in this kind of situation if you were driving a key from this is

• Scrap the Y and just use the X because it's long enough and secure enough

• But that will depend on your situation there are debates that I had over

• What curves are safe to use a lot of people use the NIST PT five six curve?

• But some people other researchers don't think that secure because it may be made they've taken shortcuts on some of the parameters for efficiency reasons

• They're not sure where somebody's parameters came from and that isn't without precedent

• There was a situation where an elliptic curve random number generator was found to essentially have a backdoor

• Which might be for a different video so the x.25 five one nine. Curve is quite well-regarded because they've gone to great lengths to

• Demonstrate how they came up with their variables, and why it's used you know if you're if you're intricate to graphic research

• This is something that comes concern. You who's just using the web probably don't worry about it

• Heed the message hello computer file pop up, so it's getting the data of various things and we see here hello computer file

• We've been able to do this by accessing a value that we shouldn't be able to access this code this if statement should stop us

• Being able to access this past the end of this array

So when we looked in the last video my security overview for a particular website we noticed he actually wasn't using Diffie Hellman

B1 中級

楕円曲線 - コンピュータマニア (Elliptic Curves - Computerphile)

• 3 0
林宜悉 に公開 2021 年 01 月 14 日