I don't know ECC at all. But a note:<p>Finite fields are of two types: "Prime Fields" (such as the mod 19 field discussed in this blogpost), and "Extension Fields" (which would be prime^n, such as 19^2 or 361. Or more commonly, the 2^x fields, such as 2, 4, 8, 16, 32, 64... 256... 65536 ... because the 2^x fields correspond very closely with binary numbers).<p>Prime fields can be taught very quickly: maybe 30 minutes of study and examples is all you really need to really get what is going on. Be it a 2, 5, or 19 field, its really cool and simple.<p>The "leap" from prime fields into extension fields takes a few hours of dedicated study (which probably will be done over a week to a month if you're a busy adult like me) if you plan to do it rigorously. A lot of blogposts, textbooks, and other reference material will handwave the extension field because its... really hard math.<p>My best advice is "believe in the textbooks", extension fields are possible. And this is one of those situations where you can just "believe in the math" and learn the details of extension fields AFTER you understand the applications of them. "Extension Fields are like prime fields but way more tricky". They behave like a prime field in almost every way that's important, but its just way harder to understand.<p>--------<p>I do recommend making the leap at some point, and truly understanding the extension fields. Once you get there, you finally understand the underlying math behind CRC32, AES, GCM mode, and ECC. Its a very worthwhile endeavor, but you really need to dedicate yourself to quiet study for some time to really get the concepts.
I was hanging out with a friend of mine from high school, who is now a tenured math professor in Colorado, about a decade ago. This was just as ECC was getting popular among security people but hadn't really entered nerd mainstream yet.<p>He mentioned that he was working on elliptic curves, so I asked him how his work applies to ECC, and he asked me, "what's ECC?".<p>He had no idea his work was being used for security research. He just liked studying the properties of elliptic curves. After we chatted he did en up learning about how elliptic curves are used in cryptography.
If you want to see a real implemention of arbitrary sized integer math, mbedTLS is a great example:<p><a href="https://github.com/ARMmbed/mbedtls/blob/development/library/bignum.c" rel="nofollow">https://github.com/ARMmbed/mbedtls/blob/development/library/...</a><p>All of the ECC code in that library relies on this code, which can be accelerated by dedicated hardware.<p>Here is multi-precision multiplication:<p><a href="https://github.com/ARMmbed/mbedtls/blob/f1eb4257823ae4c3b3ac4a0b0ae1876df4e8b643/library/bignum.c#L1652-L1688" rel="nofollow">https://github.com/ARMmbed/mbedtls/blob/f1eb4257823ae4c3b3ac...</a>
For those interested in "Warp Speed", I've written a tutorial about how to exploit group laws to implement fast scalar multiplication: <a href="https://loup-vaillant.fr/tutorials/fast-scalarmult" rel="nofollow">https://loup-vaillant.fr/tutorials/fast-scalarmult</a><p>As a bonus, there are remarks about secure implementations as well.
I used this explanation back in the day when I had to explain it to moderately-technically proficient people:<p>Diffie-Hellman and a lot of the asymmetric crypto ecosystem can be done on /any/ multiplicative cyclic groups (special sets associated by an operation that have certain properties, namely commutativity)<p>obviously not all cyclic groups are equal, some <i>happen</i> to have one-way-ness backed by some fundamental cryptographic conjecture that it is hard to solve but easy to prove.<p>the OG diffie-hellman used prime number modulo cyclic groups, but you can do that in any other cyclic group provided that it is secure.<p>turns out when you make a cyclic group using ECC very carefully and using a crazy roundabout procedure (shown in the article), it has cryptographic security.
I can also offer this video as an explanation (personally how I understood it). <a href="https://www.youtube.com/watch?v=NF1pwjL9-DE" rel="nofollow">https://www.youtube.com/watch?v=NF1pwjL9-DE</a>
> Pick two different random points with different x value on the curve, connect these two points with a straight line, let’s say A
A
and B
B
. Then you will notice the line touches the curve at a third point.<p>I seem to always get hung up on this part of the explanation. Looking at the graph, I can see points along the curve, where a line would only intersect with 2 points on the curve.<p>What do you do in that case? Is this a matter of, yes those points are there, but they are rare enough that we just pick another set of random points and try again, or is there another solution to the issue?
> Yes, a point adding itself holds the same rule, using the tangent line on the finite field to connect the third<p>How in discrete metric space do you create a tangent line on a set of points in a finite field?
Past comments: <a href="https://news.ycombinator.com/item?id=21182982" rel="nofollow">https://news.ycombinator.com/item?id=21182982</a>
Looks like a good reference, thanks for sharing.<p>Another explanation I enjoyed from 2013, but have since mostly forgotten: <a href="https://arstechnica.com/information-technology/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/" rel="nofollow">https://arstechnica.com/information-technology/2013/10/a-rel...</a>
Here's another great resource on the topic: <a href="https://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/" rel="nofollow">https://andrea.corbellini.name/2015/05/17/elliptic-curve-cry...</a>
Someone knowledge, does elliptic curve math and factoring math linked in any way to each other? Does solving one automatically solve the other also? I am asking because these are the only two approach securing the website transit right now.