# ECCHacks

A gentle introduction
to elliptic-curve cryptography

 The clock: Real clock Clock addition
 Finiteness: Finite fields Finite clocks Clock crypto
 Elliptic curves: Edwards curves Edwards addition

## Clock cryptography

The sum of n copies of a clock point P is written nP. Computing nP given n and P is called scalar multiplication; the integer input n is called the scalar.

Scalar multiplication is easy even if the scalar is very large, since you can jump from nP to 2nP with just a single addition:

```     def scalarmult(n,P):
# caveat: caller must ensure that n is nonnegative
# caveat: n is limited by python's recursion limit
if n == 0: return (Fp(0),Fp(1))
if n == 1: return P
Q = scalarmult(n//2,P)
if n % 2: Q = clockadd(P,Q)
return Q

# examples:
p = 1000003
Fp = F(p)
P = (Fp(1000),Fp(2))
print scalarmult(6,P)
# output: (780000, 1351)
print scalarmult(1000004,P)
# output: (0, 1)
print scalarmult(123456789123456789123456789,P)
# output: (541230, 236193)
```

The clock Diffie–Hellman protocol uses scalar multiplication as follows:

• Alice generates a large integer as her secret key and multiplies this integer by a standard base point on a standard safe clock to obtain her public key.
• Bob generates a large integer as his secret key and multiplies this integer by the same standard base point to obtain his public key.
• Alice multiplies her secret key by Bob's public key to obtain a secret shared between Alice and Bob.
• Bob multiplies his secret key by Alice's public key to obtain the same secret.
• Alice and Bob then use the shared secret to authenticate and encrypt any number of messages.

The following example uses the clock modulo 1000003 (which is not safe for serious cryptography, most obviously because it is much too small) and the base point P=(1000,2) shown above:

```     # toy example of clock DH:
import random

alicesecret = random.randrange(2**256)
alicepublic = scalarmult(alicesecret,P)

bobsecret = random.randrange(2**256)
bobpublic = scalarmult(bobsecret,P)

aliceshared = scalarmult(alicesecret,bobpublic)
bobshared = scalarmult(bobsecret,alicepublic)
print aliceshared == bobshared
```

Version: This is version 2014.12.27 of the clockcrypto.html web page.