[back] [prev] [next] [index] [root]

 

EccDecrypt

Decrypt a message that was encrypted using the ElGamal public key cryptosystem and a subgroup of the group of an elliptic curve.

Syntax: 

P := EccDecrypt(K,E,a,M);

finite field 
  K
list 
  E
integer 
  a
list 
  M
list 
  P

See also:  EccPointsAdd, EccIntPointMult, EccPointIsOnCurve, EccEncrypt, FF

Description:

Let E be an elliptic curve over a finite field K, let B be a basepoint of a subgroup of the group of E. Bob chooses an integer a, as his secret key. The message M=[P_1,P_2] consisting of two points on E is decrypted to a point P by setting P=P_1-acdot P_2. The elliptic curve E is either given by a list of two or five elements of K or integers. If the equation of E is y^2=x^3+a_4 x+a_6 the curve is represented by [a_4,a_6], if the equation of E is y^2+a_1 xy+a_3y=x^3+a_2x^2+a_4 x+a_6 then the representation is [a_1,a_2,a_3,a_4,a_6]. Points on the curve are given by a pair of elements of K or integers; the point at infinity is represented by the empty list [\;].

Example: 


kash> field := FF(751);
Finite field of size 751
kash> ec := [0,0,1,-1,0];
[ 0, 0, 1, -1, 0 ]
kash> base_point := [0,0];
[ 0, 0 ]
kash> secret_key := 58;
58
kash> public_key := EccIntPointMult(field,ec,secret_key,base_point);
[ 201, 380 ]
kash> plaintext := [[562,576],[581,395],[484,214],[501,220],[1,0]];
[ [ 562, 576 ], [ 581, 395 ], [ 484, 214 ], [ 501, 220 ], [ 1, 0 ] ]
kash> k := [254,180,99,472,275];
[ 254, 180, 99, 472, 275 ]
kash> ciphertext := List([1..5], \
> x-> EccEncrypt(field,ec,base_point,public_key,k[x],plaintext[x]));
[ [ [ 268, 146 ], [ 378, 547 ] ], [ [ 680, 469 ], [ 409, 94 ] ], 
  [ [ 710, 395 ], [ 195, 432 ] ], [ [ 747, 222 ], [ 101, 371 ] ], 
  [ [ 13, 246 ], [ 386, 303 ] ] ]
kash> List(ciphertext, x-> EccDecrypt(field,ec,secret_key,x));
> [ [ 562, 576 ], [ 581, 395 ], [ 484, 214 ], [ 501, 220 ], [ 1, 0 ] ]

<- back[back] [prev] [next] [index] [root]