Photo by Andrés Gómez on Unsplash

Password Juggling in Discrete Logs and Elliptic Curves

I love implementing things in discrete logs and then converting them into elliptic curve methods. Basically a exponentiation (g^x mod p) becomes a multiplication (xG), a multiplication (g^x g^y mod p) becomes a point addition (xG+yG), and a division (g^x /g^y mod p) becomes a point subtraction (xG-yG). In this article I will show all three of these operations, and show how we can convert from discrete logs into elliptic curve methods.

J-PAKE (Password Authenticated Key Exchange by Juggling) was created by Hao and Ryan [1]. It is a Password Authentication Key Exchange method, and where Bob and Alice share the same secret password. They can then generate a shared secret key. It involves two stages: a one-time key establishment; and a key confirmation stage. Overall, it does not need access to the PKI infrastructure.

In Round 1, Alice then generates two random values: x_1 and x_2. These are kept secret, and where Alice will send the following to Bob:

Bob then generates two random values: x_3 and x_4. These are kept secret, and where Bob will send the following to Alice:

In Round 2, Alice then calculates the following and sends to Bob:

Bob then calculates the following and sends to Alice:

Alice then calculates the shared key as:

Bob then calculates the shared key as:

The following is the code [here]:

And a sample run [here]::

In Round 1, Alice then generates two random values: x_1 and x_2. These are kept secret, and where Alice will send the following points to Bob:

Bob then generates two random values: x3 and x4. These are kept secret, and where Bob will send the following points to Alice:

In Round 2, Alice then calculates the following point and sends to Bob:

Bob then calculates the following point and sends to Alice:

Alice then calculates the shared key as:

Bob then calculates the shared key as:

The following is the code [here]:

And a sample run [here]:

And that’s it! You can try here:

and:

[1] Hao, F., & Ryan, P. Y. (2008, April). Password authenticated key exchange by juggling. In International Workshop on Security Protocols (pp. 159–171). Springer, Berlin, Heidelberg [here].

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store