# Re: Elliptic curves

• From: mm <nowhere@net>
• Date: Thu, 06 Aug 2009 18:38:30 +0200

pubkeybreaker a écrit :
On Aug 6, 5:59 am, mm <nowhere@net> wrote:
a écrit :

mm <nowhere@net> wrote:
But I was not writing a math paper, [...]
Correctness still matters.
Like telling me that we cannot use ECs to mimic RSA because computing
"e'th roots (at least for small e) on an elliptic curve over a finite
field" is easy?

Yes. That is what he is telling you. And he is correct.

No. You are wrong. You are wrong because I never said that, in order to
mimic RSA, one should use an EC over a finite field.

In short, you do not even know what I am thinking of

I doubt whether you are capable of thinking at all.

but that's not what can prevent you to explain me why it cannot work!

This sentence is gibberish.

My English is not good enough for you? I am sorry.

Correctness still matters... :-)

The only goal of my post to E. Söylemez was that we can make RSA with
ECs because we need a group, not a ring.

And the only point of the reply was to indicate that you are totally
WRONG.
RSA works because the exponentiation is done in a group of UNKNOWN
ORDER.

Wrong. How can you write this while claiming that "EXACTNESS is
necessary"?
RSA is based on a group but the exponentiation is NOT DONE ONLY in
this group. Let's say N = pq, p and q primes and 2 < p < q, if a
message m = ap (0 <= a < q), we have that ((ap)^e)^d = ap mod N but
ap doesn't belong to the group of the invertibles U(Z/NZ).
As a matter of fact, RSA, as a crypto system, works precisely because
the exponentiation also works with elements that do not belong to the
group U(Z/NZ), otherwise, if it would crash on messages of the type
0, kp or hq, RSA would be unusable.

For EC, once you have the coefficients of the curve, and have
specified the finite
field, the group order becomes KNOWN. Computing it is easy.

So? I never said that we have to use the group of an EC over a finite
field. Is it an obsession?

You CAN NOT make an RSA encryption scheme using elliptic curves.

Yes, we can. :-)

Between us, instead of claiming that I cannot, wouldn't it be more
sensible to ask me how one can do? After all maybe I am wrong.

Now, maybe I should have
written "a group with the good properties",

And if you had done so, you would have been writing GIBBERISH.
And you would still be wrong.

:-)

it would have been
sufficiently fuzzy to avoid misplaced comma hunters.

Unfortunately, you do not seem to understand that exactness is
NECESSARY.

See above, your "RSA works because the exponentiation is done in a
group of UNKNOWN ORDER".

I suggest that you quit while you are behind.

And I suggest that you keep quiet when you do not understand what
people say. All what you wrote in your post is either trivial or wrong
but, in any case, totally useless.
.