# Re: Elliptic curves

*From*: mm <nowhere@net>*Date*: Thu, 06 Aug 2009 18:38:30 +0200

pubkeybreaker a écrit :

On Aug 6, 5:59 am, mm <nowhere@net> wrote:

a écrit :

mm <nowhere@net> wrote:Like telling me that we cannot use ECs to mimic RSA because computing

But I was not writing a math paper, [...]Correctness still matters.

"e'th roots (at least for small e) on an elliptic curve over a finite

field" is easy?

Yes. That is what he is telling you. And he is correct.

No. You are wrong. You are wrong because I never said that, in order to

mimic RSA, one should use an EC over a finite field.

In short, you do not even know what I am thinking of

I doubt whether you are capable of thinking at all.

but that's not what can prevent you to explain me why it cannot work!

This sentence is gibberish.

My English is not good enough for you? I am sorry.

Correctness still matters... :-)

The only goal of my post to E. Söylemez was that we can make RSA with

ECs because we need a group, not a ring.

And the only point of the reply was to indicate that you are totally

WRONG.

RSA works because the exponentiation is done in a group of UNKNOWN

ORDER.

Wrong. How can you write this while claiming that "EXACTNESS is

necessary"?

RSA is based on a group but the exponentiation is NOT DONE ONLY in

this group. Let's say N = pq, p and q primes and 2 < p < q, if a

message m = ap (0 <= a < q), we have that ((ap)^e)^d = ap mod N but

ap doesn't belong to the group of the invertibles U(Z/NZ).

As a matter of fact, RSA, as a crypto system, works precisely because

the exponentiation also works with elements that do not belong to the

group U(Z/NZ), otherwise, if it would crash on messages of the type

0, kp or hq, RSA would be unusable.

For EC, once you have the coefficients of the curve, and have

specified the finite

field, the group order becomes KNOWN. Computing it is easy.

So? I never said that we have to use the group of an EC over a finite

field. Is it an obsession?

You CAN NOT make an RSA encryption scheme using elliptic curves.

Yes, we can. :-)

Between us, instead of claiming that I cannot, wouldn't it be more

sensible to ask me how one can do? After all maybe I am wrong.

Now, maybe I should have

written "a group with the good properties",

And if you had done so, you would have been writing GIBBERISH.

And you would still be wrong.

:-)

it would have been

sufficiently fuzzy to avoid misplaced comma hunters.

Unfortunately, you do not seem to understand that exactness is

NECESSARY.

See above, your "RSA works because the exponentiation is done in a

group of UNKNOWN ORDER".

I suggest that you quit while you are behind.

And I suggest that you keep quiet when you do not understand what

people say. All what you wrote in your post is either trivial or wrong

but, in any case, totally useless.

.

**Follow-Ups**:**Re: Elliptic curves***From:*Thomas ***in

**Re: Elliptic curves***From:*pubkeybreaker

**References**:**Elliptic curves***From:*Giuliano Bertoletti

**Re: Elliptic curves***From:*mm

**Re: Elliptic curves***From:*Kristian Gjøsteen

**Re: Elliptic curves***From:*mm

**Re: Elliptic curves***From:*Kristian Gjøsteen

**Re: Elliptic curves***From:*mm

**Re: Elliptic curves***From:*pubkeybreaker

- Prev by Date:
**Applied Computing 2009: 2nd CFP until 21 September** - Next by Date:
**Re: Elliptic curves** - Previous by thread:
**Re: Elliptic curves** - Next by thread:
**Re: Elliptic curves** - Index(es):