Elliptic Curve Cryptography & Diffie-Hellman

Nice! Helped me a lot understanding the graphical view of this exchange. It's one thing to see the equations, another to see the points visually. Thanks for the great explanation!

LapFox

Dude you are simply the best. Clean and simple explanation

ndabenhlemhlongo

The beginning explanation of point additions makes rest of the presentation easy to understand. Amazingly explained. thanks to you.

yashavantharao

It would also be nice if you'd talk about why it is easy to create the public key, but hard for an attacker to compute it...
Which is the main reason why a cryptographic system should be used.

It would be also nice if you have really took a "String" and take some parameters and show the whole process like you have done in the previous video "Intro to Cryptography"

SaDa-fpdk

"It's obvious that it's computationally infeasible..." It's not obvious because, as you mentioned, after decades of thoughts, no one has found a good solution, but also no one has proved any degree of difficulty.

kmacdough

very good explanation, helped me remember it since I didn't used it for a while

nightwolf

This is a very well done and informative video. Thanks a lot!

claudioasfilho

Question: Since each point such as A represent a point in plane, say (x, y), what does A+B represent?

vksingh

One thing I can't understand. How is it feasible to multiply generator point by private key (P = d x G), considering `d` is a very large number? Do you need to calculate it step by step with point addition or is there any shortcut to do the multiplication?

pumbo_nv

Where does they exchanged message? I dont see any message was exchanged.... All I can see that they just computed same point R.

maheshbabuundru

Nice, so the difference between DH and ECDH is in DH we are using the exponential function to produce a public key but in ECDH we are using the multiplication function. Still not understandable how ECDH is having a significance.

geekelectronics

Everything made sense, but the process of encrypting and decrypting the message seems to be mostly missing.

JAVIonics

Hey, that was a great explanation, is there any way u could help me, in order to Know more about that generator point (G),

muralidharang

Is there a known fact with regards to Eve and Alice in terms of the difficulty to obtain Bob's private key? All lectures always mention that Eve cannot do this and that. But since Alice possessed more information than Eve, is there a proof whether Eve's difficulty is greater than Alice in getting Bob's private key? Or that, Alice and Eve have equal difficulty. Or that Alice has lesser difficulty because she has more information.

cardsigner

Does G require to be regenerate every time Bob and Alice want to exchange key, or G is fixed number.?

ayman

I dont understand why the log problem is difficult here... I dont understand why finding the private keys is hard. I understand why it is in standard DHKE, but not in ECC DHKE. Its the ECC thats bothering me here.

The starting point G on the curve is public knowledge, right?
Each party chooses a random positive integer n and finds n*G, right?
So since each party does this anyway, the computation must be relatively easy to achieve relatively quickly, right?
And it must be a simple enough computation for any eavesdropper to also do, since they also have G.
So why cant an eavesdropper simply repeatedly add G to its previous sum until it finds a sum that works?
The eavesdropper is systematically bound to find an n that works.

I know that "Alice and Bob" randomly choose an integer n for themselves. So what? We know the upper bound on what n can be because its public knowledge, and because generator G will eventually lead to infinity anyway.
Alice and Bob do NOT computer n*G directly.... rather they systematically add G+G+G+G... n times.
An attacker doesnt have to guess at n. They just go through the same arithmetical process that Alice and Bob both have to go through anyway, which means its a very linear process.
A process that anyone can do.
Just stop when you find an n*G that works.

If all an attacker has to do is add G+G+G+G+.... = P, in this linear process that Alice and Bob were both perfectly capable of doing themselves, then finding n is a triviality. And you know that n is small enough to be computationally feasible and within the bounds set by p and G. Who said you had to find n directly using some inverse operation? No, you find it indirectly by going through the same direct, forward process.

The benefit of standard DHKE is that it involves large primes and the difficulty of factor checking to be so effective. I dont see the benefit of ECC DHKE.

leesweets

hey can i use some pictures of your video as pictures for my work in university?

Ill give credit of course

Tetrisboyz

How can sum of two positive points A and B result in negative value C??/

alijohnnaqvi

10:43 I understood how they secretly passed each other value R, but this value depends only on their private keys, I don't understand how this can be used to pass some kind of message or even just a number. Anyone?

universumpi