I have fixed delay audio in the lecture: kzbin.info/www/bejne/rHrcqqqFgd50bbs

Awesome teacher! Awesome lectures! Thank you very much for posting these and I hope you will post the other crypto courses that you teach! I also really really apreciated the fact that he tried to be "a nice teacher" a derive the formulas (in all lectures) and not to throw them on the blackboard, as many of my university teachers did! Again...awesome course! Thanks a lot for making it available to the public! Looking forward to look at the lectures of "Implementation of Cryptography" you teach in semester 5!

You realize how old these lectures are, when he describes blackberries as part of the "sexy new applications" 😂 Great lecture!

Thanks Professor. That is so helpful. Reading all this stuff from slides and books was so much painful. Your videos just made it so clear and simple .. Vielen Dank!

In case you want to sync the audio up using a chrome extension the delay is -7500 ms

Everyone in the comments section is learning for their exams and I am learning for starting into Blockchain. I just want to know if this much cryptography is needed in blockchain I mean should I go more advance?

Today I learned ECC thoroughly thanks to Prof.Paar

It would be nice if you add subtitles for German speaking part than all of understand what is the professor saying in his native tongue

Prof. Paar is a good teacher.

good lecture, in english we use y = mx + b for equation for line

Sound and video is not synchronised

Well, I was holding well throughout all of these lectures, but while trying to understand O (point in infinity), with proving property 3 and, 4 my head finally exploded. Now I'm cleaning my floor of confetti, popcorn and some brain nuggets.

Warum wird RSA immer noch verwendet?

18P + P = 19P = Identity. so 18P is the inverse of P?, But the co-ordinates of 18P is different from -P

What happens when P not = Q but x1=x2 so that slope s is not defined?

Looks like audio encrypted with ECC whole video with RSA

professor, how P+Q=R?

Excellent lecture, thanks!

how to calculate 101(2, 2) ??

enjoy the homework lol

fix it

y^2 = x^3 -x modulo p, (p+1)/4 ist eine Primzahl, mindestens 160 Bits. Mit G' = 4 * G haben wir eine Untergruppe deren Ordnung eine Primzahl ist. Es gibt praktisch unendlich viele Primzahlen p mit diesen Eigenschaften, die wir wählen können. Perfekt - besser geht es nicht! Mehr brauchen wir nicht. Wir drehen uns nur im Kreis, wenn wir nach weiteren Verfahren suchen, denn es kann keine besseren geben. Es gibt ja auch bereits genügend Primzahlen p, die wir wählen können. Standardkurven? Blödsinn - brauchen wir nicht. Je weniger der Hacker weiss, um so besser.

>title and tags in English >video in german

"What the heck"

Your actions in this video are lagging with your sound sir.so it's hectic to understand.While other videos are quite good and ur awesome professor

1:59 english starts... :) I was worry..

Best lecture on EC ever. Thanks loads.

Thank you very much Christof Paar, you are the best Professor I have ever seen in my life! Yes, that's really what I think of you. For me you are very smart, so pedagogical, so clear, so humble (necessary for any teaching) and so funny too! I discovered this course in 2014 in Morocco when I started my studies on Cryptography at the University of Rabat, Morocco. I really enjoyed this course at that time, and I can't tell you how it helped me to understand these topics that seemed very complicated (unfortunately due to the lack of explanation by other professors). You made them very easy for me, like magic. Your method is really inspiring and I really appreciate it. And I know if I am now working in this field as a security analyst with a background in cryptography, it is somehow thanks to your wonderful courses! After seven years, I still enjoy these courses and now I decided to go back to this elliptic curve course because I am interested in CHESS-2021 this year about white box cryptography based on elliptic curves. Thanks again my best professor

for anyone worried about the audio sync, install 'KZbin Audio/Video Sync extension' and set audio delay to -8026 ms.

Excellent lecture. the audio sync was a little distracting

The audio and video are several seconds out of synch for me. Anyone else?

Intro to Elliptic Curves 7:00 Group operation 36:00

Professor Christof Paar, i can't find the words to thank you you are one of the best, today this morning it was easy for me to answer my final exam after watching the whole course i really adore you Mr.Paar :) my regards from Palestine :)

Free advice: Download the clip Delay the audio by 0.1s using vlc continue watching

6 days to the final so switching to x1.5 playback speed. Great course by the way!

The voice matching algorithm messed up a little.

Audio isn't in sync for you too?.

Copy the URL and play it in VLC media player. It will solve the audio lag problem automatically.

Professor - at 1.14.30 - How does (2) -1 become 9 ? (2 inverse becomes 9)

Why choose your own P and Q for EC? Why not let the NSA do all the hard work and choose P and Q for you?

why didn't you show how to find points on the elliptic curve using perfect squares.of x in mod p.

The content is perfect, but there is a delay in voice, to avoid this, one may open the video on another tab and play it 6-7 seconds after. Keep its voice open and the main one's closed, by doing that it will sound like real time.

If it enables me understand Prof. Christof Paar's lecture, I really do not mind taking extra efforts to learn German. Prof., After listening to your lectures only, I understand the advanced topics in Cryptology like ECC, DH, DLP etc. Thanks and Regards. - Hannah.

Please disregard my previous questions, I found the reasoning I was looking for.

Prof. Paar, Excellent videos.... Do you also have videos of your 5th semester class "Implementation of Cryptography" which you mentioned about in this video lecture? That will be a great continuation to the classes in this series. Thanks again, for your outreach to help us all learn and understand.

@48:55: In English, the equation of a line is usually denoted as "y = mx + b", where m is the slope and b in the y-intercept.

Is it me or is the audio wildly out of sync?

guys, what's the name of the text book he use in this class? Any download or amazon link will be helpful!

Thank you Prof. Paar. I am trying to find a deeper explanation for the exclusion of "4a cubed + 27b squared mod p = 0". I thought perhaps the curve might intersect itself or otherwise create an ambiguity but I was unsuccessful in finding a consistent definable problem. Can you point me to a reference? I have your textbook in kindle format and the search function fails me. "I'm awake ! I'm awake!" Alice

you are a very responsible and patient teacher! Thank you for sharing the video!

Thank you Professor for this great lecture on EC and wish you a happy new year as well. I have a question though. In @1:18:25 it's mentioned that P = (5, 1) is generator for E and that |E| = 19. My question is how could one determine the cardinality of such a group (i.e. Elliptic Curve) and the generators of the group as well since we are dealing here with points (i.e. a pair of integers) and not only integers?

Anyway we could get a fixed version so the audio is in sync?

Good Course and Good Teacher

In English, at least American English, we use y = mx + b for the line equation. Where m and b comes from, I haven't the slighted idea. Can any of my UK brethren chime in if this is shared with the King's math?

i am good at english but i don't understand german and i wonder what he says when you start to speak german :?

Prof. Paar: Great lecture. I am so inspired that I am going to start with lecture 1 (after lecture 17 - where you build the EC crypto system) and really learn about the crypto that I have been using as a programmer. Your English is excellent, and I am happy to say that I am picking up bits of German (important for mathematical heritage). Thank you for making these excellent lectures publicly available.

This (and the next video) is a nice introduction to Eliptic Curves. Unfortunately, some important details are skipped. Most importantly: 1) Why is the defined group operation associative? 2) How to do encryption/decryption with it? (Or do we never do encryption/decryption with it because it's cheaper to do key exchange and then use AES?) If anyone knows nice but also detailed/in-depth explanation of the subject, it would be highly appreciated!

Great lecture professor, It might help to refer to the inverse of P as P' to avoid the confusion of the signs. Also perhaps referring to the group operation as addition causes some confusion, since it is really just an arbitrarily defined operation. One question I had, is the geometric interpretation in R the source of the definition of the group operation, or was the group operation defined in Zp and the geometric interpretation in R just emerged from that?

Ich schaue es mir noch einmal an, denn ellpitische Kurven sind viel interessanter als ich dachte. Es gibt nämlich ein Faktorisierungsverfahren auf Basis der elliptischen Kurven, das offenbar fast niemand verstanden hat. Es hat fast niemand verstanden. Wer es verstanden hat, erkennt sofort, dass der Geheimdienst RSA schon immer knacken konnte.

means the definition of generator for EC is when the order plus itself until it find point of infinity?

I haven't seen such kind of professor wordless jxt great man and i love the moment when u called nxt 60 second or so u awake

Great lecture Prof. It is highly inspiring.

It would be great if you can add a lecture on ECDSA after the ECC lecture

Hello Professor, In this lecture, while calculating "s" in case of doubling (P+P), wats a? Is it a constant or to be calculated?

Thanks alot.

Why do we need the group to be cyclic? The subgroup generated by a base element that we choose to be part of the public key is always cyclic.

Deep mistery

Sir y do v take the mirror image after addition?

From this picoCTF 2014 problem: Cryptosystem: Elliptic Curve: y^2 ≡ x^3 + ax + b mod n a = 0 b = 268892790095131465246420 n = 928669833265826932708591 Encryption: C = e * M mod n Decryption: M = d * C mod n e = 141597355687225811174313 d = 87441340171043308346177 C = (236857987845294655469221, 12418605208975891779391) For this particular Elliptic Curve based cryptosystem, e is the encryption key and d is the decryption key. The original base-point C is reached as a result of e * d * C mod n, so I'm guessing that "e" and "d" have to be related in some way. If they are, how are the integers "e" and "d" related, and how do I generate two such integers that are related in this manner?

Bitcoin brought me here.

great lecture! do you know by any chance any basic reference for "Elliptic curves on the complex numbers C"? instead of Z_p Thank you very much

7:13

Mr Paar Thank you for your lectures they very useful and I just wanted to know what year students in that your teaching

1:12:26 Example 9.4: isn't the point P=(5,1) NOT on the curve y^2=x^3+2x+2(mod17) ? To do 'point doubling', shouldn't the point be on the curve?

You are really amazing...

Professor, I want to learn this theory where can I start

Thank you very much for your very helpful lecture. I'm just wondering, when you talk about the identity property of EC group, why didn't you consider that the mirror point is -P : P + 0 = P ==> P + (-P) = 0. such that if P = (x, y), then -P = (x, -y) Similarly, when add two points P (x1, y1) and Q (x2, y2), the result we get, by extending the line, before taking the mirror is presumably - (P+Q) ; (x3, -y3)!

There are two points on every elliptic curve that have no other intersection points. Its tangent never intersects the curve again. They are where the curve changes from convex to concave. At these points, does (P + P) = P ?? Or are these points never part of the group? Is this the equivalent of a cycle with order one? Alice

nice work sir., can u please send me the matlab code for elliptical curve cryptography....it will be very useful for my project....thank you

Prof. in advanced cryptography talks about security... and then he uses Windows XP.

iS HE SPEAKING GERMAN?

encrüption?