An interactive intro to Elliptic Curve Cryptography

(growingswe.com)

27 points by vismit20004 hours ago

4 comments

celurian9235 minutes ago
TBH i needed this when i was working on my undergrad thesis with ECC and ECDHA but thanks author for making this. Helped me remember all the fundamentals.
Kovah2 hours ago
I'm really not into math and got really lost in the second half of "Adding points on a curve". Just don't understand what the author wants to tell me with the grouping and the role of the identity element, which is called infinity but is zero?However, after looking at the next section and playing with the chart I immediately got the idea where the whole article is heading. Interesting to see how this works.
- boldslogan1 hour ago
 There is a slight bug on the interaction. When you set P=Q or for example you can't get the one P at the top and Q at the bottom. The lines disappear.Basically you need the "infinite/zero" point to compensate for a situation when you have two points completely perpendicular to the x-axis. AKA it is not intersecting a third point. So it intersects this special "infinite" point.And conceptually why you need this "infinite" point is that without it you can't add points together properly.Say for counter argument instead of doing this "flip or mirror" across the x-axis (in the interaction it is the red dot appearing). And instead the red dot just appears on the same side as the two points being added on the curve - without the flipping.If P1+P2 = Q instead of this Q' that is flipped. And P2+Q = P1If you try and add P1+P2+Q you would get either Q+Q or P1+P1 depending on if you did (P1+P2)+Q or adding up P1+(P2+Q) which are not equal.so you need this red dot flipping thing happening in the interaction. However, if you have this flipping that means P1+P2 = Q' which is the mirror flip of Q.So Q'+Q need to equal this special infinite/zero point to ensure associativity works.
nickvec2 hours ago
Seeing the below error when visiting the site.“This site can’t provide a secure connectiongrowingswe.com sent an invalid response.ERR_SSL_PROTOCOL_ERROR”
pestatije3 hours ago
there must be tons of functions that are easy to process one way but almost impossible the other.i get the feeling there is more to it than finding such a function, but the article doesnt get into that
- edflsafoiewq1 hour ago
 You also need the group structure, ie. a(bG) = b(aG) = (ab)G.But AFAICT, elliptic curve groups really are the best known groups where DH is hard. The "Why curves win" section talks about it terms of key size, but the reason other groups require larger keys is they have some kind of structure which can be exploited to attack the "hard" direction (eg. in a finite field, the ability to factor over primes can be used to solve discrete logs), so the group size has to go up to compensate.
- ggm2 hours ago
 Would there not be an infinite number?
 - tux31 hour ago
 You can make as many slight variations as you want by creating a specific instantiation of a hard problem with different constants. But we don't know how many meaningfully different hard problems exist.These are problems that have been studied for many years, that are more-or-less central to mathematics, and where we have good reason to think that an efficient solution would be extremely surprising.If you have much lower standards, there's going to be infinely many that I can't personally solve. Or if you have impractically high standards, there could be zero hard problems, if they just so happen to all have efficient solutions that we haven't found yet. We can't formally prove any of these are hard.
 - ggm7 minutes ago
 I'd be very surprised if the number of meaningfully hard problems is capable of being bounded. As a proposition it feels opposite to almost everything else we believe about numbers. But, that's just my naieve view.