a c cryptosystems with elliptic curve ryptography … · 2018. 9. 12. · 1 a comparative study of...
TRANSCRIPT
1
A COMPARATIVE STUDY OF CRYPTOSYSTEMS WITH ELLIPTIC CURVE
CRYPTOGRAPHY USING DIGITAL SIGNATURE
*Shipra Shukla,
**Dharmendra Lal Gupta, ***Anil Kumar Malviya
*Pursuing M.Tech in Deptt. of Computer Science & Engineering ,K N I T
Sultanpur, U.P., India-228118,
email: [email protected]
**Research Scholar, Deptt. of Computer Science & Engineering , Mewar
University Chittorgarh,Rajasthan.,India , email: [email protected]
***Associate Professor, Deptt. of Computer Science & Engineering ,K N I T
Sultanpur,U.P.,India -228118,
email:[email protected]
Abstract:
Elliptic Curve Cryptography (ECC) is coming forth as an attractive public key cryptosystem for mobile/wireless environments
compared to conventional cryptosystems like RSA and DSA. ECC provides better security with smaller key sizes, which results
in faster computations, lower power consumption, as well as memory and bandwidth savings. However, the true impact of any
public-key cryptosystem can only be evaluated in the perspective of a security protocol. The digital signature is the requisite way
to ensure the security of web services and has great implication in practical applications. By using a digital signature algorithm we
can provide authenticity and validation to the electronic document. ECDSA and ECDH use the concept of ECC. In this article we
present ECC and most popular algorithms such as RSA, ECDH, ECES and ECDSA and based on observation a comparative
study of all these algorithms have been done.
Keywords: RSA, Digital Signature, ECDSA, ECDH, ECC, ECES
1. INTRODUCTION:
Authentication is an essential requirement for any secure
online transactions such as e-commerce, stock trading and
banking. These transactions employ a combination of public-
key and symmetric key cryptography to authenticate
participants and guarantee the integrity and confidentiality of
information in transit. In cryptography for security and
authentication with much shorter keys, we use digital
signature. Any new security technology can be widely
adopted, if it is integrated into end-user applications like email
and web browsing. Most importantly, the new technology
must demonstrate a compelling value proposition to offset the
cost and inconvenience of migration.
Elliptic Curve Cryptography (ECC), have been proposed by
independently in 1985 by Neal Koblitz [15] and Victor Miller
[3]. It has been used in cryptographic algorithms for a variety
of security purposes such as key exchange and digital
signature.ECC is emerging as an attractive alternative to
traditional public-key cryptosystems such as RSA, DSA, and
DH. Compared to traditional integer based public-key
algorithms; ECC algorithms can achieve the same level of
security with much shorter keys. For example, 160-bit
Elliptic-curve Digital Signature Algorithm (ECDSA) has a
security level equivalent to 1024-bit Digital Signature
Algorithm (DSA). Because of the shorter key length, ECC
algorithms run faster, require less space, and consume less
energy. More specially, ECC offers equivalent security with
smaller key sizes, in less computation time and with less
memory.
As a result, ECC offers higher throughput on the server side
[7] and smaller implementations on the client side. By saving
system resources ECC is particularly well suited for small
devices such as mobile phones, PDAs and smart cards.
ECC technology is ready for deployment as, in addition to its
technical merits, standards have been put in place and
reference implementations have been made available. Several
standards have been created to specify the use of ECC. The
US government has adopted the Elliptic Curve Digital
Signature Algorithm (ECDSA [5.1], the Elliptic Curve variant
of DSA) and recommended a set of curves.
Additional curves for commercial use were recommended by
the Standards. Now a days various application such as
banking, sale-purchase and stock trading are increasing day by
day and emphasizing on electronic transaction to minimize the
operational cost and increasing the services. This need has
lead to the development of the new notion of electronic
document that can be generated, processed and stored in
computers and transmitted over net. The information
transmitted over these documents can be susceptible and thus
need to be protected by the intruders and malicious third
parties. Traditionally in paper document this kind of
protection is provided by the written signature and thus it
authenticate the document for the communicating parties. For
electronic documents this facility is provided by the means of
DIGITAL SIGNATURE, by using a digital signature
algorithm we can provide authenticity and validation to the
electronic document. The security of a digital signature system
is dependent on maintaining the secrecy of users' private keys.
Users must therefore lookout against the unauthorized
Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16
IJCTA | JAN-FEB 2012 Available [email protected]
9
ISSN:2229-6093
2
acquisition of their private keys. While it is the objective of
this standard to specify general security requirements for
generating digital signatures, conformance to this standard
does not assure that a particular implementation is secure [4].
Authenticity is the process of certifying the sender of the
document while verification is the process of certifying the
content of the document. Thus digital signature must provide
following features:
It must be easy to generate and retain the copy of
digital signature.
It must be computationally infeasible to forge a
digital signature.
It must authenticate and verified the document
It should be accepted by both the communicating
parties.
It should not be easy to alter the digital signature.
Since digital signature is just a sequence of zeroes and ones it
must be a bit pattern that depends on the message being signed
(it must used some information that is unique to the sender)
Digital signature can guarantee message integrity and
authenticity in an open network [9]. In order to generate the
signature sender first calculate the digest of the message using
a hash function. In practice instead of using the whole
message, a hash function is applied to the arbitrary sized
message plus some private information held by sender which
will generate fixed sized output. Commonly used hashed
functions are MD5 and SHA [8]. Then the sender encrypts the
digest with his private key to generate the signature. Receiver
first decrypts the sender‟s signature into a digest using the
sender‟s public key. Then the receiver calculate the digest
from the sender‟s message and compare it with the decrypted
digest if they matches then this message is indeed from the
sender and unaltered. There are three types of commonly used
digital signature algorithm: RSA, DSA and ECDSA.
The rest of the paper is organized as follows, Section 2
describes about related work. In Section 3 ECC have been
shown thoroughly and in section 4 we briefly describe RSA.
ECDSA and ECDH relevant algorithms have been described
in section 5. ECES has been described in section 6. In Section
7, we have given our observation in ECC algorithms. Section
8 concludes the article and tells about future work.
2. RELATED WORK
This section reviews some of the most relevant previous
contributions in implementations of various cryptosystems.
The capabilities of cryptosystems such as of RSA and Diffie-
Hellman are inadequate due the requirement of large number
of bits. The cryptosystem based on Elliptic Curve
Cryptography (ECC) is becoming the recent trend of public
key cryptography.
S. Maria Celestin Vigila et al. [16] have described about the
implementation of ECC by first transforming the message into
an affine point on the Elliptic Curve (EC), over the finite field
GF(p). The process of encryption/decryption of a text message
has been used. It is almost infeasible to attempt a brute force
attack to break the cryptosystem using ECC.
V. Miller [3] has described about various types of elliptic
curves and their basic implementation. Public key processor
supports both the RSA and ECC cryptosystems and other
algorithms such as DSA or DH which could be easily
supported through firmware without requiring any hardware
modifications. The RSA algorithm uses modular
exponentiation which can be implemented through repeated
multiplication and squaring. The equivalent core function for
the ECC cryptosystem is called point multiplication.
Anoop Ms [10] has provided a significant work on ECC. A
double and add algorithm for point multiplications over fields
GF(p) and Montgomery Scalar Multiplication[6] for point
multiplications over fields GF(2m). Projective coordinates are
used for GF (2m) and mixed coordinates for GF(p) [1].
Ahmad Khaled et al. [18] have presented a background on
ECC including the basics and some ECC techniques. They
have described about smart cards, their constraints and ECC
implementation options using digital signature.
Hou huifang Huang kaizhi et al. [14] has proposed the scheme
which greatly reduces the computation and communication
overhead. It has provided the expected security which
symmetric key protocols can't provide. ECC is used to encrypt
information, construct digital signature and generate the
session key. Analysis shows that the proposed scheme
provides the security of the authentication and key agreement
mechanism.
Bin Yu [19] says that, the cryptosystem of elliptic curve had
been put forward by Miller and Koblitz solely in 1985. The
cryptosystem of elliptic curve owns three special advantages
in terms of recent research: 1.It has larger flexibility when it
chooses groups; 2. there wouldn‟t be any effective sub-index
arithmetic to attack it if the cryptosystem of elliptic curve is
suitably chosen; 3. it has a short key.
3. Overview of ECC:
Some public key algorithm may require „Domain Parameter‟
i.e. a set of predefined constants to be known by all the
devices taking part in the communication.
3.1 Basic Equation of ECC
The mathematical operations of ECC are defined over the
elliptic curve.[10]
y2 = x
3 + ax + b, where 4a
3 + 27b
2 ≠ 0 (eq. 3.a)
Each value of the „a‟ and „b‟ gives a different elliptic curve.
All points (x, y) which satisfies the above equation plus a
point at infinity lies on the elliptic curve. The public key is a
point in the curve and the private key is a random number.
The public key is obtained by multiplying the private key with
the generator point G in the curve. The generator point G, the
curve parameters „a‟ and „b‟, together with few more constants
constitutes the domain parameter of ECC. The EC domain
parameters are explained in section 3.9.1
Commonly-used elliptic curves are defined in either a prime
field GF(p) or a finite field of characteristic two GF (2m),
Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16
IJCTA | JAN-FEB 2012 Available [email protected]
10
ISSN:2229-6093
3
which is also called a binary field [10]. The elliptic curves
over binary field are of special interest to cryptography
because the operations in a binary field are faster and easier to
implement than those in prime fields.
3.2 Discrete Logarithm Problem:
The security of ECC lies on the difficulty of Elliptic Curve
Discrete Logarithm Problem. Let P and Q be two points on an
elliptic curve. Given P and Q, it is computationally infeasible
to obtain k, if k is sufficiently large. The core arithmetic of
ECC is Q=kp, which is called elliptic scalar multiplication.
The result Q is a point on the elliptic curve and is the sum of k
copies of point P. Elliptic multiplication can be expressed as a
sum of serial elliptic addition and elliptic doubling. k is the
discrete logarithm of Q to the base P.
Hence the main operation involved in ECC is point
multiplication that is multiplication of a scalar k with any
point P on the curve to obtain another point Q on the curve.
3.3. Point multiplication
In point multiplication a point P on the elliptic curve is
multiplied with a scalar k using elliptic curve equation to
obtain another point Q on the same elliptic curve i.e. Q=kP.
According to Bin Yu [17], If we add the same points together,
then we can get P+P+… +P is KP, which is called Multiple.
The fast KP operation is one of the research hotspots of
elliptic curve cryptosystem in recent years. Besides, the
multiple operations on the elliptic curve towards large integer
(for example 100 digits) is quite a time consuming task.
Therefore, this makes the working efficiency of the elliptic
curve cryptosystem and its real applied area in reality directly
Point multiplication is achieved by two basic elliptic curves
operations.
Point addition, adding two points S and T to obtain
another point U i.e., U = S + T.
Point doubling, adding a point S to itself to obtain
another point U i.e. U =2S.
Point addition and doubling are explained in sections 3.4 and
3.5 respectively.
3.4. Point addition
Point addition is the addition of two points S and T on an
elliptic curve to obtain another point U on the same elliptic
curve.
Geometrical explanation
Consider two points S and T on an elliptic curve as shown
in figure 3.4. (a).
If T ≠ -S then a line drawn through the points S and T will
intersect the elliptic curve at exactly one more point –U.
The reflection of the point –U with respect to x-axis gives
the point U, which is the result of addition of points S and
T. Thus on an elliptic curve U = S + T.
If T = -S the line through this point intersect at a point at
infinity O. Hence S + (-S) = O. This is shown in figure 3.4.(b).
O is the additive identity of the elliptic curve group. A
negative of a point is the reflection of that point
with respect to x-axis.
Fig 3.4 Point addition
3.5. Point doubling
Point doubling is the addition of a point S on the elliptic curve
to itself to obtain another point U on the same elliptic curve.
Geometrical explanation:
To double a point S to get U, i.e. to find U = 2S, consider a
point S on an elliptic curve as shown in figure 3.5.(a).
If y coordinate of the point S is not zero then the tangent line
at S will intersect the elliptic curve at exactly one more
point –U [10]. The reflection of the point –U with respect to x-
axis gives the point U, which is the result of doubling the
point S. Thus U = 2S.
If y coordinate of the point S is zero then the tangent at this
point intersects at a point at infinity O. Hence 2S = O when
ys = 0. This is shown in figure 3.5. (b).
Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16
IJCTA | JAN-FEB 2012 Available [email protected]
11
ISSN:2229-6093
4
Fig 3.5 Point Doubling
3.6 Finite Fields
The elliptic curve operations can be defined on real numbers.
The operations which can be performed over the real numbers
are slow and inexact due to round-off error. Cryptographic
operations need to be faster and exact. To make operations on
elliptic curve accurate and more efficient, the curve
cryptography is defined over two finite fields.
Prime field (FP)
Binary field (F2m )
We choose the field with finitely large number of points suited
for cryptographic operations. Section 3.7 and 3.8 explains the
Elliptic Curve operations on finite fields. The operations in
these sections are defined on affine coordinate system. Affine
coordinate system [1] is the normal coordinate system that we
are familiar with in which each point in the coordinate system
is represented by the vector (x, y)
3.7 Prime field Fp on Elliptic Curve:
The equation of the elliptic curve on a prime field Fp :
y2 mod p= x
3 + ax + b mod p where, 4a
3 + 27b
2 mod p ≠0
(eq.3.7.a)
Here finite field elements are integers between 0 and p – 1.
All the operations such as addition, subtraction, division,
multiplication which is known as modular arithmetic involves
integers between 0 and p – 1. The p (prime number) is chosen
such that there is finitely large number of points on the elliptic
curve to make the cryptosystem secure. SEC specifies curves
with p ranging between 112-521 bits [5].
The graph for this elliptic curve equation is not a smooth
curve. Hence the geometrical explanation of point addition
and doubling as in real numbers will not work here. However,
the algebraic rules for point addition and point doubling can
be adapted for elliptic curves over Fp.
3.8. Binary field F2m
on Elliptic Curve:
The equation of the elliptic curve on a binary field F2m:
y2 + xy = x
3 + ax
2 + b, where b ≠ 0 (eq. 3.8. a)
Here the elements of the finite field are integers of length at
most m bits. These numbers can be considered as a binary
polynomial of degree m – 1.
In binary polynomial the coefficients can only be 0 or 1. All
the operation such as addition, subtraction, division,
multiplication involves polynomials of degree m – 1 or lesser.
The m is chosen such that there is finitely large number of
points on the elliptic curve to make the cryptosystem secure.
SEC specifies curves with m ranging between 113-571 bits
[5].The graph for this equation is not a smooth curve. Hence
the geometrical explanation of point addition and doubling as
in real numbers will not work here. However, the algebraic
rules for point addition and point doubling can be adapted for
elliptic curves over F2m
[6].
3.9 Domain parameters of Elliptic Curve:
Apart from the curve parameters a and b, there are other
parameters that must be agreed by both parties involved in
secured and trusted communication using ECC. These are
domain parameters. The domain parameters for prime fields
and binary fields are described below. Generally the protocols
implementing the ECC specify the domain parameters to be
used.
3.9.1. Domain parameters for EC over field Fp:
The domain parameters for Elliptic curve over Fp are p, a, b,
G, n and h. p is the prime number defined for finite field Fp. a and b are
the parameters defining the curve
y2 mod p= x
3 + ax + b mod p (eq. 3.9.1.a)
G is the generator point (xG, y G), a point on the elliptic curve
chosen for cryptographic operations, n is the order of the
elliptic curve. The scalar for point multiplication is chosen as
a number between 0 and n – 1. h is the cofactor where h = #E
(Fp)/n. #E(Fp) is the number of points on an elliptic curve.
Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16
IJCTA | JAN-FEB 2012 Available [email protected]
12
ISSN:2229-6093
5
3.9.2 Domain parameters for EC over field F2m
The domain parameters for elliptic curve over F2m
are m, f(x),
a, b, G, n and h. m is an integer defined for finite field F2m
.
The elements of the finite field F2m
are integers of length at
most m bits. f(x) is the irreducible polynomial of degree m
used for elliptic curve operations and a and b are the
parameters defining the curve
y2 + xy = x
3 + ax
2 + b (eq. 3.9.2.a)
G is the generator point (xG, yG), a point on the elliptic curve
chosen for cryptographic operations. n is the order of the
elliptic curve. The scalar for point multiplication is chosen as
a number between 0 and n – 1. h is the cofactor where h = #E
(F2m)/n. #E (F2
m) is the number of points on an elliptic
curve[6].
4. RSA: RIVEST, SHAMIR, ADLEMAN ALGORITHM
RSA operations are modular exponentiations of large integers
with a typical size of 512 to 2048 bits. Many cryptography
protocols can be designed based on RSA cryptosystem, such
as encryption, decryption scheme and digital signature
scheme. The length of private key will inevitably improves the
complexity of computation in software and hard ware
application, and the system overheads regarding key
management will be correspondingly much higher. RSA
encryption generates a cipher text C from a message M based
on a modular exponentiation C =Me mod n. Decryption
regenerates the message by computing M=Cd mod n. Among
the several techniques that can be used to accelerate RSA, we
specially focused on those applicable under the constraints of
8-bit devices.
5. Elliptic Curve Cryptography
An overview of Elliptic Curve cryptographic algorithms for
key agreement and digital signature are explained below.
5.1 ECDSA - Elliptic Curve Digital Signature Algorithm:
Signature algorithm is used for authentication of a device or a
message sent by the device. For example think about two
devices A and B. If we want to authenticate a message sent by
A, the device A signs the message using its private key. Then
the device A sends the message and the signature to the device
B. Now in next stage we verify the signature, this signature
can be verified only by using the public key of device A. The
public key is a point on the elliptic curve defined by the
parameters [2]. Since the device B knows A‟s public key, it
can verify whether the message is certainly send by A or not.
ECDSA is a variant of the Digital Signature Algorithm (DSA)
that operates on elliptic curve groups. If we want to send a
signed message from A to B then both have to agree up on
Elliptic Curve domain parameters. Sender „A‟ contain a key
pair consisting of a private key dA (a integer less than n which
is selected randomly, where the order of the curve is n, an
elliptic curve domain parameter) and a public key
QA =d A*G (G is the generator point, an elliptic curve domain
parameter). An overview of ECDSA process [10] is defined
below in 5.1.A and 5.1.B
5.1. A. Signature Generation
For signing a message m by sender A, using A‟s private key
dA
1. Calculate e= HASH (m), where HASH is a
cryptographic hash function, such as SHA-1
2. Select a random integer k from [1,n − 1]
3. Calculate r = x1 (mod n), where (x1, y1) = k * G. If
r= 0, go to step 2
4. Calculate s= k-1
(e +da r)(mod n)
5. If s=0, goto step 2
6. The signature is the pair (r,s)
5.1. B. Signature Verification
For B to authenticate A's signature, B must have A‟s public
key QA
1. Verify that r and s are integers in [1, n − 1]. If not, the
signature is invalid.
2. Calculate e = HASH (m), where HASH is the same
function used in the signature generation
3. Calculate w = s −1
(mod n)
4. Calculate u1=ew(modn) and u2= rw(mod n)
5. Calculate (x1, y1) = u1G + u2QA
6. The signature is valid if x1 = r(mod n), invalid , otherwise
5.2 ECDH – Elliptic Curve Diffie Hellman:
ECDH is a key agreement protocol which allows two parties
to establish a shared secret key that can be used for private key
algorithms. Both parties exchange some public information to
each other. Using this public key and their own private key
these parties calculates their shared secret key. This secret
should be quite long; currently defined key exchange methods
exchange secrets which range from 48 to 128 bytes in length
[8].Any third party, who doesn‟t have admittance to the
private details of each device, will not be able to calculate the
shared secret from the available public information.
A general idea of ECDH process is defined below for
generating a shared secret between A and B using ECDH,
both have to agree up on Elliptic Curve domain parameters.
The domain parameters are defined in section 3.9. Both parties
have a key pair consisting of a private key d (a randomly
selected integer less than n, where n is the order of the curve,
an elliptic curve domain parameter) and a public key. G is the
generator point, an elliptic curve domain parameter Q = d * G
Let (dA, QA) be the private key - public key pair of A and
(dB, QB) be the private key - public key pair of B.
1. The end A computes K = (xK, yK) = dA * QB
2. The end B computes L = (xL, yL) = dB * QA
Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16
IJCTA | JAN-FEB 2012 Available [email protected]
13
ISSN:2229-6093
6
Since dAQB= dAdBG=dBdAG=dBQA
4. Therefore K=L and hence xy=xl, Hence the shared secret
key is xK.
Since it is practically impossible to find the private key dA or
dB from the public key K or L, its not possible to obtain the
shared secret for a third party.
6. ELLIPTIC CURVE ENCRYPTION SCHEME:
Compared with public-key cryptosystems (PKC), ECC offers
a better performance because it can achieve the same security
with a smaller key size. However, ECC-based authentication
schemes still have some disadvantages while they are
implemented on mobile devices. In the Elliptic Curve
Encryption Scheme (ECES) User B encrypts message m with
user A‟s public key PKA by the following step [14]:
a) Attach message m into Elliptic Curve to get Pm
b) Choose a random number d € [1, n −1]
c) Computes P1 = d.G and P2 = Pm + d .PKA
d) Sends (P1, P2) to A.
The result is denoted as EPKA (m).
User A decrypts EPKA (m) by computing Pm = P2 − SKAP1 and
converts Pm to m.
7. OBSERVATION:
The security of ECC is based on the difficulty of solving the
Elliptic Curve Discrete Logarithm Problem (ECDLP), i.e.
finding k, given P and Q = kP. ECC standard uses 160-bit
prime fields. When we solve ECDLP over such fields then it is
generally supposed to require an effort that is at least 16
million times as large as for 112-bit prime fields. The runtime
for the 112-bit case implies that, even though the 160-bit ECC
standard is supposed to be phased out by the end of the year
2010, for the next decade no regular user needs to be worried
about the security of 160-bit ECC.
The problem is computationally inflexible for large values of
k. In 2007, Chung et al. [11] proposed an ID-based digital
signature scheme on elliptic curve cryptosystem (ECC). They
claimed that their scheme is secure because it is based upon
the difficulty of elliptic curve discrete logarithm problem
(ECDLP).
Among other things, this makes it possible for two entities to
agree on a shared secret across an insecure communication
channel without enlightening that secret to an eavesdropper.
This secret can then be used as a key to encrypt/decrypt
sensitive information. Each entity generates a key pair and
sends its public key. Each entity multiplies its private key with
the other's public key to compute a shared secret.
Based on above algorithms, which has been presented in
section 4, 5 and 6 the following observations have been
presented here.
1. RSA Algorithm is based on Integer factorization.
There is no requirement of system parameter in RSA.
In the first stage of computing a public/private key
pair which consist the user generating two primes of
the appropriate size and computing the public
modulus n as their product. The second stage for the
user is then to compute the secret exponent d, or
certain information that allows decryption to be
optimized (with Chinese Remainder Theorem
information), from what is usually a fixed public
exponent e. Hence the mathematical problem in RSA
is we have a given a number n and we find its prime
factors. The calculation of the secret exponent is
irrelevant when compared to the time required to
generate the primes.
2. The introduction of cryptosystems based on
factoring and the discrete logarithm problem
encouraged developments in finding solutions to both
problems. These improvements were the
development of the quadratic sieve and a further
improvement with the number field sieve.
3. The running time of these algorithms [13] grows sub-
exponentially in the size of the problem and for the
size of RSA modulo that are typical today they are
far superior for solving the problem than is the
exponential Pollard Rho method.
4. The best known method for solving (running time)
for RSA is number field sieve, exp [1.923(log
n)1/3
(log log n)2/3
] (sub-exponential).
5. There are two discrete logarithms e.g. DSA and DH.
These are based on mathematical problem in which a
given a given prime number N and number g and h
and we find x such that h= gxmodN
. The best known
method for solving (running time) is number field
sieve, which is sub-exponential exp [1.923(log
n)1/3
(log log n)2/3
].
6. Elliptic curve discrete logarithm uses two algorithms
i.e. ECDH and ECDSA. The mathematical problem
which is used in ECDH and ECDSA is that we have
given an elliptic curve and points P and Q we find k
such that Q=kP. The best known method for solving
(running time) is Pollard rho algorithm, and number
field sieve is ec√(log p)(log log p)
(fully-exponential).
7. ECDSA and ECES required some system parameter
over GF(p).
8. One of the applications that the ECC can be used for
is in encryption of large image files. The selection of
the primes and the faster multiplication and doubling
algorithms are main concern.
9. One another application is Smart card [18]. They can
safely contain sensitive data. Example of sensitive
data is the private key which is used to perform
signature or decryption.
10. The private key can be protected by the smart card
since it never leaves the smart card. Smart card is
considered to be ideal cryptographic token. Hence
ECC provides better approach as well as security
from any other cryptosystem.
8. Conclusion and Future work:
This article presents the elliptic curve cryptography system
comparison based on software implementations and their
running time. We first described the algorithms for ECC over
Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16
IJCTA | JAN-FEB 2012 Available [email protected]
14
ISSN:2229-6093
7
binary filed. After comparing these algorithms for the major
field operations that are required in ECC, we identified a set of
efficient method suitable for resource constrained systems. We
also compared the performance of these algorithms for
different word sizes.
There is considerable momentum behind widespread
adoption of the Advanced Encryption Standard (AES) which
specifies the use of 128-bit, 192 bit and 256 bit symmetric
keys. Key sizes for public-key cryptosystems used to establish
AES keys will correspondingly need to increase from current
levels. This would favor the use of ECC over RSA and other
cryptosystems.
Jen-Ho Yang et al. [12] find that Chung‟s scheme has a
security flaw, and thus a feasible attack is possible on Chung
et al.‟s [11] scheme. They proposed attack is based on the
technique for solving the linear Diophantine equation. Using
the proposed technique, an attacker can easily obtain the
signer‟s secret key without facing the difficulty of ECDLP.
There is a wide scope in providing secure transaction by using
less number of bits in keys so that it will be less vulnerable to
any type of attack in future.
References:
[1]H. Cohen, A. Miyaji, and T. Ono., “Efficient elliptic curve
exponentiation using mixed coordinates”. In ASIACRYPT
“Advances in Cryptology”, volume 1514 of Lecture Notes in
Computer Science, pages 51-65, Springer, 1998.
[2] ANSI X9.62, “Elliptic Curve Digital Signature Algorithm”
(ECDSA), American Bankers Association, 1999.
[3]V.Miller, “Use of elliptic curves in Cryptography”, Volume
218/1986, Springer, 1986
[4]U.S. Department of Commerce, National Institute of
Standards and Technology, “Digital Signature Standard
(DSS)”, Federal Information Processing Standards Publication
FIPS PUB 186-2, January 2000.
[5] Certicom Research, SEC 2: “Recommended Elliptic Curve
Domain Parameters”, Standards for Efficient Cryptography,
Version 1.0, September 2000.
[6]S. Chang Shantz, “Euclid's GCD to Montgomery
Multiplication to the Great Divide” , Technical report, Sun
Microsystems Laboratories TR-2001-95, June 2001.
[7] L. Badia, “Real World SSL Benchmarking”, Rainbow
Technologies Whitepaper, Available at
http://www.rainbow.com/insights/whitePDF/RealWorldSSLB
enchmarking.pdf, Sep. 2001
[8]T. Dierks and C. Allen, “The TLS Protocol - Version 1.0.”,
IETF RFC 2246, Available at
http://www.ietf.org/rfc/rfc2246.txt, January 1999.
[9] C. Coarfa, P. Druschel and D. Wallach, “Performance
Analysis of TLS Web Servers”, Network and Distributed
Systems Security Symposium ‟02, San Diego, California, Feb.
2002.
[10] Anoop MS, Elliptic Curve Cryptography, “An
Implementation Guide”, Available at
http://hosteddocs.ittoolbox.com/AN1.5.07.pdf, January 2007.
[11] Y. F. Chung, K. H. Huang, F. Lai, and T. S. Chen, “ID
based Digital Signature Scheme on Elliptic Curve
Cryptosystem”, Computer Standards and Interfaces, Vol. 29,
2007, pp. 601-604.
[12] Jen-Ho Yang and Chin-Chen Chang, “Cryptanalysis of
ID-Based Digital Signature Scheme on Elliptic Curve
Cryptosystem” 8th
International Conference on Intelligent
Systems Design and Applications, 2008.
[13] Jr., A. K.; Lenstra and Jr. H. W, “Algorithms in number
theory”, Handbook of Theoretical Computer Science:
Algorithms and Complexity (Amsterdam and New York: The
MIT Press) pp- 673–715.
[14] Hou huifang Huang kaizhi and Hou huifang Liu
guangqiang “CPK and ECC-Based Authentication and key
Agreement Scheme for Heterogeneous wireless network”
International Conference on Computer Science and Software
Engineering, 2008
[15] N.Koblitz, “Elliptic Curve Cryptosystems, Mathematics
of Computation”, volA8, 1987, pp-203 -209.
[16] S. Maria Celestin Vigila and K. Muneeswaran
“Implementation of Text based Cryptosystem using Elliptic
Curve Cryptography” IEEE transaction 2010.
[17] Bin Yu, “Establishment of elliptic curve cryptosystem” Information Theory and Information Security (ICITIS), IEEE
International Conference, 2010.
[18] Ahmad Khaled, M. AL-KAYALI, “Elliptic Curve
Cryptography and Smart Cards” GIAC Security Essentials
Certification (GSEC) Practical Assignment, Version 1.4b, 17
February, 2004.
[19] Bin Yu, “Method to Generate Elliptic Curves Based on
CM Algorithm”, Information Theory and information security,
IEEE International Conference, 2011.
Biographies:
Shipra Shukla was born at Kanpur, (U.P.), in India. She
received the B.Tech. degree in Computer
Science and Engineering in 2010 from
Pranveer Singh Institute of Technology,
Kanpur, India. She is currently pursuing
M.Tech in Computer Science and Engineering
from Kamala Nehru institute of Technology Sultanpur, U.P.
India.
Dharmendra Lal Gupta is currently working as an Assistant
Professor in the Department of Computer
Science & Engineering at KNIT,
Sultanpur (U.P.) India. And he is also
pursuing his Ph.D. in Computer Science & Engineering form Mewar University,
Chittorgarh (Rajasthan). He received
B.Tech.(1999) from Kamla Nehru
Institute of Technology (KNIT)
Sultanpur, in Computer Science & Engineering, M.Tech.
Hon‟s (2003) in Digital Electronics and Systems from Kamla
Nehru Institute of Technology (KNIT) Sultanpur. His research
interests are Cryptography and Network Security, Software
Quality Engineering, and Software Engineering.
Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16
IJCTA | JAN-FEB 2012 Available [email protected]
15
ISSN:2229-6093
8
Dr. Anil Kumar Malviya is an Associate Professor in the
Computer Science & Engg.Department at
Kamla Nehru Institute of Technology,
(KNIT), Sultanpur. He received his B.Sc.
& M.Sc. both in Computer Science from
Banaras Hindu University, Varanasi
respectively in 1991 and 1993 and Ph.D.
degree in Computer Science from Dr. B.R.
Ambedkar University; Agra in 2006.He is Life Member of
CSI, India. He has published about 26 papers in
International/National Journals, conferences and seminars. His
research interests are Data mining, Software Engineering,
Cryptography & Network Security.
Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16
IJCTA | JAN-FEB 2012 Available [email protected]
16
ISSN:2229-6093