RSA Laboratories

2.3.10 What are elliptic curves?

Elliptic curves are mathematical constructions from number theory and algebraic geometry, which in recent years have found numerous applications in cryptography.

An elliptic curve can be defined over any field (for example, real, rational, complex), though elliptic curves used in cryptography are mainly defined over finite fields. An elliptic curve consists of elements (x, y) satisfying the equation

y2 = x3 + ax + b

together with a single element denoted O called the "point at infinity," which can be visualized as the point at the top and bottom of every vertical line. The elliptic curve formula is slightly different for some fields.

Figure 2.9: Elliptic curve addition (click for a larger image).

The set of points on an elliptic curve forms a group under addition, where addition of two points on an elliptic curve is defined according to a set of simple rules. For example, consider the two points p1 and p2 in Figure 2.9. Point p1 plus point p2 is equal to point p4 = (x,-y), where (x,y) = p3 is the third point on the intersection of the elliptic curve and the line L through p1 and p2. The addition operation in an elliptic curve is the counterpart to modular multiplication in common public-key cryptosystems, and multiple addition is the counterpart to modular exponentiation. Elliptic curves are covered in more recent texts on cryptography, including an informative text by Koblitz [Kob94].

Top of the page