A C CRYPTOSYSTEMS WITH ELLIPTIC CURVE RYPTOGRAPHY … · 2018. 9. 12. · 1 A COMPARATIVE STUDY OF CRYPTOSYSTEMS WITH ELLIPTIC CURVE CRYPTOGRAPHY USING DIGITAL SIGNATURE *Shipra Shukla,

1

A COMPARATIVE STUDY OF CRYPTOSYSTEMS WITH ELLIPTIC CURVE

CRYPTOGRAPHY USING DIGITAL SIGNATURE

*Shipra Shukla,

**Dharmendra Lal Gupta, ***Anil Kumar Malviya

*Pursuing M.Tech in Deptt. of Computer Science & Engineering ,K N I T

Sultanpur, U.P., India-228118,

email: [email protected]

**Research Scholar, Deptt. of Computer Science & Engineering , Mewar

University Chittorgarh,Rajasthan.,India , email: [email protected]

***Associate Professor, Deptt. of Computer Science & Engineering ,K N I T

Sultanpur,U.P.,India -228118,

email:[email protected]

Abstract:

Elliptic Curve Cryptography (ECC) is coming forth as an attractive public key cryptosystem for mobile/wireless environments

compared to conventional cryptosystems like RSA and DSA. ECC provides better security with smaller key sizes, which results

in faster computations, lower power consumption, as well as memory and bandwidth savings. However, the true impact of any

public-key cryptosystem can only be evaluated in the perspective of a security protocol. The digital signature is the requisite way

to ensure the security of web services and has great implication in practical applications. By using a digital signature algorithm we

can provide authenticity and validation to the electronic document. ECDSA and ECDH use the concept of ECC. In this article we

present ECC and most popular algorithms such as RSA, ECDH, ECES and ECDSA and based on observation a comparative

study of all these algorithms have been done.

Keywords: RSA, Digital Signature, ECDSA, ECDH, ECC, ECES

1. INTRODUCTION:

Authentication is an essential requirement for any secure

online transactions such as e-commerce, stock trading and

banking. These transactions employ a combination of public-

key and symmetric key cryptography to authenticate

participants and guarantee the integrity and confidentiality of

information in transit. In cryptography for security and

authentication with much shorter keys, we use digital

signature. Any new security technology can be widely

adopted, if it is integrated into end-user applications like email

and web browsing. Most importantly, the new technology

must demonstrate a compelling value proposition to offset the

cost and inconvenience of migration.

Elliptic Curve Cryptography (ECC), have been proposed by

independently in 1985 by Neal Koblitz [15] and Victor Miller

[3]. It has been used in cryptographic algorithms for a variety

of security purposes such as key exchange and digital

signature.ECC is emerging as an attractive alternative to

traditional public-key cryptosystems such as RSA, DSA, and

DH. Compared to traditional integer based public-key

algorithms; ECC algorithms can achieve the same level of

security with much shorter keys. For example, 160-bit

Elliptic-curve Digital Signature Algorithm (ECDSA) has a

security level equivalent to 1024-bit Digital Signature

Algorithm (DSA). Because of the shorter key length, ECC

algorithms run faster, require less space, and consume less

energy. More specially, ECC offers equivalent security with

smaller key sizes, in less computation time and with less

memory.

As a result, ECC offers higher throughput on the server side

[7] and smaller implementations on the client side. By saving

system resources ECC is particularly well suited for small

devices such as mobile phones, PDAs and smart cards.

ECC technology is ready for deployment as, in addition to its

technical merits, standards have been put in place and

reference implementations have been made available. Several

standards have been created to specify the use of ECC. The

US government has adopted the Elliptic Curve Digital

Signature Algorithm (ECDSA [5.1], the Elliptic Curve variant

of DSA) and recommended a set of curves.

Additional curves for commercial use were recommended by

the Standards. Now a days various application such as

banking, sale-purchase and stock trading are increasing day by

day and emphasizing on electronic transaction to minimize the

operational cost and increasing the services. This need has

lead to the development of the new notion of electronic

document that can be generated, processed and stored in

computers and transmitted over net. The information

transmitted over these documents can be susceptible and thus

need to be protected by the intruders and malicious third

parties. Traditionally in paper document this kind of

protection is provided by the written signature and thus it

authenticate the document for the communicating parties. For

electronic documents this facility is provided by the means of

DIGITAL SIGNATURE, by using a digital signature

algorithm we can provide authenticity and validation to the

electronic document. The security of a digital signature system

is dependent on maintaining the secrecy of users' private keys.

Users must therefore lookout against the unauthorized

Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16

IJCTA | JAN-FEB 2012 Available [email protected]

9

ISSN:2229-6093

2

acquisition of their private keys. While it is the objective of

this standard to specify general security requirements for

generating digital signatures, conformance to this standard

does not assure that a particular implementation is secure [4].

Authenticity is the process of certifying the sender of the

document while verification is the process of certifying the

content of the document. Thus digital signature must provide

following features:

It must be easy to generate and retain the copy of

digital signature.

It must be computationally infeasible to forge a

digital signature.

It must authenticate and verified the document

It should be accepted by both the communicating

parties.

It should not be easy to alter the digital signature.

Since digital signature is just a sequence of zeroes and ones it

must be a bit pattern that depends on the message being signed

(it must used some information that is unique to the sender)

Digital signature can guarantee message integrity and

authenticity in an open network [9]. In order to generate the

signature sender first calculate the digest of the message using

a hash function. In practice instead of using the whole

message, a hash function is applied to the arbitrary sized

message plus some private information held by sender which

will generate fixed sized output. Commonly used hashed

functions are MD5 and SHA [8]. Then the sender encrypts the

digest with his private key to generate the signature. Receiver

first decrypts the sender‟s signature into a digest using the

sender‟s public key. Then the receiver calculate the digest

from the sender‟s message and compare it with the decrypted

digest if they matches then this message is indeed from the

sender and unaltered. There are three types of commonly used

digital signature algorithm: RSA, DSA and ECDSA.

The rest of the paper is organized as follows, Section 2

describes about related work. In Section 3 ECC have been

shown thoroughly and in section 4 we briefly describe RSA.

ECDSA and ECDH relevant algorithms have been described

in section 5. ECES has been described in section 6. In Section

7, we have given our observation in ECC algorithms. Section

8 concludes the article and tells about future work.

2. RELATED WORK

This section reviews some of the most relevant previous

contributions in implementations of various cryptosystems.

The capabilities of cryptosystems such as of RSA and Diffie-

Hellman are inadequate due the requirement of large number

of bits. The cryptosystem based on Elliptic Curve

Cryptography (ECC) is becoming the recent trend of public

key cryptography.

S. Maria Celestin Vigila et al. [16] have described about the

implementation of ECC by first transforming the message into

an affine point on the Elliptic Curve (EC), over the finite field

GF(p). The process of encryption/decryption of a text message

has been used. It is almost infeasible to attempt a brute force

attack to break the cryptosystem using ECC.

V. Miller [3] has described about various types of elliptic

curves and their basic implementation. Public key processor

supports both the RSA and ECC cryptosystems and other

algorithms such as DSA or DH which could be easily

supported through firmware without requiring any hardware

modifications. The RSA algorithm uses modular

exponentiation which can be implemented through repeated

multiplication and squaring. The equivalent core function for

the ECC cryptosystem is called point multiplication.

Anoop Ms [10] has provided a significant work on ECC. A

double and add algorithm for point multiplications over fields

GF(p) and Montgomery Scalar Multiplication[6] for point

multiplications over fields GF(2m). Projective coordinates are

used for GF (2m) and mixed coordinates for GF(p) [1].

Ahmad Khaled et al. [18] have presented a background on

ECC including the basics and some ECC techniques. They

have described about smart cards, their constraints and ECC

implementation options using digital signature.

Hou huifang Huang kaizhi et al. [14] has proposed the scheme

which greatly reduces the computation and communication

overhead. It has provided the expected security which

symmetric key protocols can't provide. ECC is used to encrypt

information, construct digital signature and generate the

session key. Analysis shows that the proposed scheme

provides the security of the authentication and key agreement

mechanism.

Bin Yu [19] says that, the cryptosystem of elliptic curve had

been put forward by Miller and Koblitz solely in 1985. The

cryptosystem of elliptic curve owns three special advantages

in terms of recent research: 1.It has larger flexibility when it

chooses groups; 2. there wouldn‟t be any effective sub-index

arithmetic to attack it if the cryptosystem of elliptic curve is

suitably chosen; 3. it has a short key.

3. Overview of ECC:

Some public key algorithm may require „Domain Parameter‟

i.e. a set of predefined constants to be known by all the

devices taking part in the communication.

3.1 Basic Equation of ECC

The mathematical operations of ECC are defined over the

elliptic curve.[10]

y2 = x

3 + ax + b, where 4a

3 + 27b

2 ≠ 0 (eq. 3.a)

Each value of the „a‟ and „b‟ gives a different elliptic curve.

All points (x, y) which satisfies the above equation plus a

point at infinity lies on the elliptic curve. The public key is a

point in the curve and the private key is a random number.

The public key is obtained by multiplying the private key with

the generator point G in the curve. The generator point G, the

curve parameters „a‟ and „b‟, together with few more constants

constitutes the domain parameter of ECC. The EC domain

parameters are explained in section 3.9.1

Commonly-used elliptic curves are defined in either a prime

field GF(p) or a finite field of characteristic two GF (2m),

Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16

IJCTA | JAN-FEB 2012 Available [email protected]

10

ISSN:2229-6093

3

which is also called a binary field [10]. The elliptic curves

over binary field are of special interest to cryptography

because the operations in a binary field are faster and easier to

implement than those in prime fields.

3.2 Discrete Logarithm Problem:

The security of ECC lies on the difficulty of Elliptic Curve

Discrete Logarithm Problem. Let P and Q be two points on an

elliptic curve. Given P and Q, it is computationally infeasible

to obtain k, if k is sufficiently large. The core arithmetic of

ECC is Q=kp, which is called elliptic scalar multiplication.

The result Q is a point on the elliptic curve and is the sum of k

copies of point P. Elliptic multiplication can be expressed as a

sum of serial elliptic addition and elliptic doubling. k is the

discrete logarithm of Q to the base P.

Hence the main operation involved in ECC is point

multiplication that is multiplication of a scalar k with any

point P on the curve to obtain another point Q on the curve.

3.3. Point multiplication

In point multiplication a point P on the elliptic curve is

multiplied with a scalar k using elliptic curve equation to

obtain another point Q on the same elliptic curve i.e. Q=kP.

According to Bin Yu [17], If we add the same points together,

then we can get P+P+… +P is KP, which is called Multiple.

The fast KP operation is one of the research hotspots of

elliptic curve cryptosystem in recent years. Besides, the

multiple operations on the elliptic curve towards large integer

(for example 100 digits) is quite a time consuming task.

Therefore, this makes the working efficiency of the elliptic

curve cryptosystem and its real applied area in reality directly

Point multiplication is achieved by two basic elliptic curves

operations.

Point addition, adding two points S and T to obtain

another point U i.e., U = S + T.

Point doubling, adding a point S to itself to obtain

another point U i.e. U =2S.

Point addition and doubling are explained in sections 3.4 and

3.5 respectively.

3.4. Point addition

Point addition is the addition of two points S and T on an

elliptic curve to obtain another point U on the same elliptic

curve.

Geometrical explanation

Consider two points S and T on an elliptic curve as shown

in figure 3.4. (a).

If T ≠ -S then a line drawn through the points S and T will

intersect the elliptic curve at exactly one more point –U.

The reflection of the point –U with respect to x-axis gives

the point U, which is the result of addition of points S and

T. Thus on an elliptic curve U = S + T.

If T = -S the line through this point intersect at a point at

infinity O. Hence S + (-S) = O. This is shown in figure 3.4.(b).

O is the additive identity of the elliptic curve group. A

negative of a point is the reflection of that point

with respect to x-axis.

Fig 3.4 Point addition

3.5. Point doubling

Point doubling is the addition of a point S on the elliptic curve

to itself to obtain another point U on the same elliptic curve.

Geometrical explanation:

To double a point S to get U, i.e. to find U = 2S, consider a

point S on an elliptic curve as shown in figure 3.5.(a).

If y coordinate of the point S is not zero then the tangent line

at S will intersect the elliptic curve at exactly one more

point –U [10]. The reflection of the point –U with respect to x-

axis gives the point U, which is the result of doubling the

point S. Thus U = 2S.

If y coordinate of the point S is zero then the tangent at this

point intersects at a point at infinity O. Hence 2S = O when

ys = 0. This is shown in figure 3.5. (b).

Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16

IJCTA | JAN-FEB 2012 Available [email protected]

11

ISSN:2229-6093

4

Fig 3.5 Point Doubling

3.6 Finite Fields

The elliptic curve operations can be defined on real numbers.

The operations which can be performed over the real numbers

are slow and inexact due to round-off error. Cryptographic

operations need to be faster and exact. To make operations on

elliptic curve accurate and more efficient, the curve

cryptography is defined over two finite fields.

Prime field (FP)

Binary field (F2m )

We choose the field with finitely large number of points suited

for cryptographic operations. Section 3.7 and 3.8 explains the

Elliptic Curve operations on finite fields. The operations in

these sections are defined on affine coordinate system. Affine

coordinate system [1] is the normal coordinate system that we

are familiar with in which each point in the coordinate system

is represented by the vector (x, y)

3.7 Prime field Fp on Elliptic Curve:

The equation of the elliptic curve on a prime field Fp :

y2 mod p= x

3 + ax + b mod p where, 4a

3 + 27b

2 mod p ≠0

(eq.3.7.a)

Here finite field elements are integers between 0 and p – 1.

All the operations such as addition, subtraction, division,

multiplication which is known as modular arithmetic involves

integers between 0 and p – 1. The p (prime number) is chosen

such that there is finitely large number of points on the elliptic

curve to make the cryptosystem secure. SEC specifies curves

with p ranging between 112-521 bits [5].

The graph for this elliptic curve equation is not a smooth

curve. Hence the geometrical explanation of point addition

and doubling as in real numbers will not work here. However,

the algebraic rules for point addition and point doubling can

be adapted for elliptic curves over Fp.

3.8. Binary field F2m

on Elliptic Curve:

The equation of the elliptic curve on a binary field F2m:

y2 + xy = x

3 + ax

2 + b, where b ≠ 0 (eq. 3.8. a)

Here the elements of the finite field are integers of length at

most m bits. These numbers can be considered as a binary

polynomial of degree m – 1.

In binary polynomial the coefficients can only be 0 or 1. All

the operation such as addition, subtraction, division,

multiplication involves polynomials of degree m – 1 or lesser.

The m is chosen such that there is finitely large number of

points on the elliptic curve to make the cryptosystem secure.

SEC specifies curves with m ranging between 113-571 bits

[5].The graph for this equation is not a smooth curve. Hence

the geometrical explanation of point addition and doubling as

in real numbers will not work here. However, the algebraic

rules for point addition and point doubling can be adapted for

elliptic curves over F2m

[6].

3.9 Domain parameters of Elliptic Curve:

Apart from the curve parameters a and b, there are other

parameters that must be agreed by both parties involved in

secured and trusted communication using ECC. These are

domain parameters. The domain parameters for prime fields

and binary fields are described below. Generally the protocols

implementing the ECC specify the domain parameters to be

used.

3.9.1. Domain parameters for EC over field Fp:

The domain parameters for Elliptic curve over Fp are p, a, b,

G, n and h. p is the prime number defined for finite field Fp. a and b are

the parameters defining the curve

y2 mod p= x

3 + ax + b mod p (eq. 3.9.1.a)

G is the generator point (xG, y G), a point on the elliptic curve

chosen for cryptographic operations, n is the order of the

elliptic curve. The scalar for point multiplication is chosen as

a number between 0 and n – 1. h is the cofactor where h = #E

(Fp)/n. #E(Fp) is the number of points on an elliptic curve.

Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16

IJCTA | JAN-FEB 2012 Available [email protected]

12

ISSN:2229-6093

5

3.9.2 Domain parameters for EC over field F2m

The domain parameters for elliptic curve over F2m

are m, f(x),

a, b, G, n and h. m is an integer defined for finite field F2m

.

The elements of the finite field F2m

are integers of length at

most m bits. f(x) is the irreducible polynomial of degree m

used for elliptic curve operations and a and b are the

parameters defining the curve

y2 + xy = x

3 + ax

2 + b (eq. 3.9.2.a)

G is the generator point (xG, yG), a point on the elliptic curve

chosen for cryptographic operations. n is the order of the

elliptic curve. The scalar for point multiplication is chosen as

a number between 0 and n – 1. h is the cofactor where h = #E

(F2m)/n. #E (F2

m) is the number of points on an elliptic

curve[6].

4. RSA: RIVEST, SHAMIR, ADLEMAN ALGORITHM

RSA operations are modular exponentiations of large integers

with a typical size of 512 to 2048 bits. Many cryptography

protocols can be designed based on RSA cryptosystem, such

as encryption, decryption scheme and digital signature

scheme. The length of private key will inevitably improves the

complexity of computation in software and hard ware

application, and the system overheads regarding key

management will be correspondingly much higher. RSA

encryption generates a cipher text C from a message M based

on a modular exponentiation C =Me mod n. Decryption

regenerates the message by computing M=Cd mod n. Among

the several techniques that can be used to accelerate RSA, we

specially focused on those applicable under the constraints of

8-bit devices.

5. Elliptic Curve Cryptography

An overview of Elliptic Curve cryptographic algorithms for

key agreement and digital signature are explained below.

5.1 ECDSA - Elliptic Curve Digital Signature Algorithm:

Signature algorithm is used for authentication of a device or a

message sent by the device. For example think about two

devices A and B. If we want to authenticate a message sent by

A, the device A signs the message using its private key. Then

the device A sends the message and the signature to the device

B. Now in next stage we verify the signature, this signature

can be verified only by using the public key of device A. The

public key is a point on the elliptic curve defined by the

parameters [2]. Since the device B knows A‟s public key, it

can verify whether the message is certainly send by A or not.

ECDSA is a variant of the Digital Signature Algorithm (DSA)

that operates on elliptic curve groups. If we want to send a

signed message from A to B then both have to agree up on

Elliptic Curve domain parameters. Sender „A‟ contain a key

pair consisting of a private key dA (a integer less than n which

is selected randomly, where the order of the curve is n, an

elliptic curve domain parameter) and a public key

QA =d A*G (G is the generator point, an elliptic curve domain

parameter). An overview of ECDSA process [10] is defined

below in 5.1.A and 5.1.B

5.1. A. Signature Generation

For signing a message m by sender A, using A‟s private key

dA

1. Calculate e= HASH (m), where HASH is a

cryptographic hash function, such as SHA-1

2. Select a random integer k from [1,n − 1]

3. Calculate r = x1 (mod n), where (x1, y1) = k * G. If

r= 0, go to step 2

4. Calculate s= k-1

(e +da r)(mod n)

5. If s=0, goto step 2

6. The signature is the pair (r,s)

5.1. B. Signature Verification

For B to authenticate A's signature, B must have A‟s public

key QA

1. Verify that r and s are integers in [1, n − 1]. If not, the

signature is invalid.

2. Calculate e = HASH (m), where HASH is the same

function used in the signature generation

3. Calculate w = s −1

(mod n)

4. Calculate u1=ew(modn) and u2= rw(mod n)

5. Calculate (x1, y1) = u1G + u2QA

6. The signature is valid if x1 = r(mod n), invalid , otherwise

5.2 ECDH – Elliptic Curve Diffie Hellman:

ECDH is a key agreement protocol which allows two parties

to establish a shared secret key that can be used for private key

algorithms. Both parties exchange some public information to

each other. Using this public key and their own private key

these parties calculates their shared secret key. This secret

should be quite long; currently defined key exchange methods

exchange secrets which range from 48 to 128 bytes in length

[8].Any third party, who doesn‟t have admittance to the

private details of each device, will not be able to calculate the

shared secret from the available public information.

A general idea of ECDH process is defined below for

generating a shared secret between A and B using ECDH,

both have to agree up on Elliptic Curve domain parameters.

The domain parameters are defined in section 3.9. Both parties

have a key pair consisting of a private key d (a randomly

selected integer less than n, where n is the order of the curve,

an elliptic curve domain parameter) and a public key. G is the

generator point, an elliptic curve domain parameter Q = d * G

Let (dA, QA) be the private key - public key pair of A and

(dB, QB) be the private key - public key pair of B.

1. The end A computes K = (xK, yK) = dA * QB

2. The end B computes L = (xL, yL) = dB * QA

Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16

IJCTA | JAN-FEB 2012 Available [email protected]

13

ISSN:2229-6093

6

Since dAQB= dAdBG=dBdAG=dBQA

4. Therefore K=L and hence xy=xl, Hence the shared secret

key is xK.

Since it is practically impossible to find the private key dA or

dB from the public key K or L, its not possible to obtain the

shared secret for a third party.

6. ELLIPTIC CURVE ENCRYPTION SCHEME:

Compared with public-key cryptosystems (PKC), ECC offers

a better performance because it can achieve the same security

with a smaller key size. However, ECC-based authentication

schemes still have some disadvantages while they are

implemented on mobile devices. In the Elliptic Curve

Encryption Scheme (ECES) User B encrypts message m with

user A‟s public key PKA by the following step [14]:

a) Attach message m into Elliptic Curve to get Pm

b) Choose a random number d € [1, n −1]

c) Computes P1 = d.G and P2 = Pm + d .PKA

d) Sends (P1, P2) to A.

The result is denoted as EPKA (m).

User A decrypts EPKA (m) by computing Pm = P2 − SKAP1 and

converts Pm to m.

7. OBSERVATION:

The security of ECC is based on the difficulty of solving the

Elliptic Curve Discrete Logarithm Problem (ECDLP), i.e.

finding k, given P and Q = kP. ECC standard uses 160-bit

prime fields. When we solve ECDLP over such fields then it is

generally supposed to require an effort that is at least 16

million times as large as for 112-bit prime fields. The runtime

for the 112-bit case implies that, even though the 160-bit ECC

standard is supposed to be phased out by the end of the year

2010, for the next decade no regular user needs to be worried

about the security of 160-bit ECC.

The problem is computationally inflexible for large values of

k. In 2007, Chung et al. [11] proposed an ID-based digital

signature scheme on elliptic curve cryptosystem (ECC). They

claimed that their scheme is secure because it is based upon

the difficulty of elliptic curve discrete logarithm problem

(ECDLP).

Among other things, this makes it possible for two entities to

agree on a shared secret across an insecure communication

channel without enlightening that secret to an eavesdropper.

This secret can then be used as a key to encrypt/decrypt

sensitive information. Each entity generates a key pair and

sends its public key. Each entity multiplies its private key with

the other's public key to compute a shared secret.

Based on above algorithms, which has been presented in

section 4, 5 and 6 the following observations have been

presented here.

1. RSA Algorithm is based on Integer factorization.

There is no requirement of system parameter in RSA.

In the first stage of computing a public/private key

pair which consist the user generating two primes of

the appropriate size and computing the public

modulus n as their product. The second stage for the

user is then to compute the secret exponent d, or

certain information that allows decryption to be

optimized (with Chinese Remainder Theorem

information), from what is usually a fixed public

exponent e. Hence the mathematical problem in RSA

is we have a given a number n and we find its prime

factors. The calculation of the secret exponent is

irrelevant when compared to the time required to

generate the primes.

2. The introduction of cryptosystems based on

factoring and the discrete logarithm problem

encouraged developments in finding solutions to both

problems. These improvements were the

development of the quadratic sieve and a further

improvement with the number field sieve.

3. The running time of these algorithms [13] grows sub-

exponentially in the size of the problem and for the

size of RSA modulo that are typical today they are

far superior for solving the problem than is the

exponential Pollard Rho method.

4. The best known method for solving (running time)

for RSA is number field sieve, exp [1.923(log

n)1/3

(log log n)2/3

] (sub-exponential).

5. There are two discrete logarithms e.g. DSA and DH.

These are based on mathematical problem in which a

given a given prime number N and number g and h

and we find x such that h= gxmodN

. The best known

method for solving (running time) is number field

sieve, which is sub-exponential exp [1.923(log

n)1/3

(log log n)2/3

].

6. Elliptic curve discrete logarithm uses two algorithms

i.e. ECDH and ECDSA. The mathematical problem

which is used in ECDH and ECDSA is that we have

given an elliptic curve and points P and Q we find k

such that Q=kP. The best known method for solving

(running time) is Pollard rho algorithm, and number

field sieve is ec√(log p)(log log p)

(fully-exponential).

7. ECDSA and ECES required some system parameter

over GF(p).

8. One of the applications that the ECC can be used for

is in encryption of large image files. The selection of

the primes and the faster multiplication and doubling

algorithms are main concern.

9. One another application is Smart card [18]. They can

safely contain sensitive data. Example of sensitive

data is the private key which is used to perform

signature or decryption.

10. The private key can be protected by the smart card

since it never leaves the smart card. Smart card is

considered to be ideal cryptographic token. Hence

ECC provides better approach as well as security

from any other cryptosystem.

8. Conclusion and Future work:

This article presents the elliptic curve cryptography system

comparison based on software implementations and their

running time. We first described the algorithms for ECC over

Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16

IJCTA | JAN-FEB 2012 Available [email protected]

14

ISSN:2229-6093

7

binary filed. After comparing these algorithms for the major

field operations that are required in ECC, we identified a set of

efficient method suitable for resource constrained systems. We

also compared the performance of these algorithms for

different word sizes.

There is considerable momentum behind widespread

adoption of the Advanced Encryption Standard (AES) which

specifies the use of 128-bit, 192 bit and 256 bit symmetric

keys. Key sizes for public-key cryptosystems used to establish

AES keys will correspondingly need to increase from current

levels. This would favor the use of ECC over RSA and other

cryptosystems.

Jen-Ho Yang et al. [12] find that Chung‟s scheme has a

security flaw, and thus a feasible attack is possible on Chung

et al.‟s [11] scheme. They proposed attack is based on the

technique for solving the linear Diophantine equation. Using

the proposed technique, an attacker can easily obtain the

signer‟s secret key without facing the difficulty of ECDLP.

There is a wide scope in providing secure transaction by using

less number of bits in keys so that it will be less vulnerable to

any type of attack in future.

References:

[1]H. Cohen, A. Miyaji, and T. Ono., “Efficient elliptic curve

exponentiation using mixed coordinates”. In ASIACRYPT

“Advances in Cryptology”, volume 1514 of Lecture Notes in

Computer Science, pages 51-65, Springer, 1998.

[2] ANSI X9.62, “Elliptic Curve Digital Signature Algorithm”

(ECDSA), American Bankers Association, 1999.

[3]V.Miller, “Use of elliptic curves in Cryptography”, Volume

218/1986, Springer, 1986

[4]U.S. Department of Commerce, National Institute of

Standards and Technology, “Digital Signature Standard

(DSS)”, Federal Information Processing Standards Publication

FIPS PUB 186-2, January 2000.

[5] Certicom Research, SEC 2: “Recommended Elliptic Curve

Domain Parameters”, Standards for Efficient Cryptography,

Version 1.0, September 2000.

[6]S. Chang Shantz, “Euclid's GCD to Montgomery

Multiplication to the Great Divide” , Technical report, Sun

Microsystems Laboratories TR-2001-95, June 2001.

[7] L. Badia, “Real World SSL Benchmarking”, Rainbow

Technologies Whitepaper, Available at

http://www.rainbow.com/insights/whitePDF/RealWorldSSLB

enchmarking.pdf, Sep. 2001

[8]T. Dierks and C. Allen, “The TLS Protocol - Version 1.0.”,

IETF RFC 2246, Available at

http://www.ietf.org/rfc/rfc2246.txt, January 1999.

[9] C. Coarfa, P. Druschel and D. Wallach, “Performance

Analysis of TLS Web Servers”, Network and Distributed

Systems Security Symposium ‟02, San Diego, California, Feb.

2002.

[10] Anoop MS, Elliptic Curve Cryptography, “An

Implementation Guide”, Available at

http://hosteddocs.ittoolbox.com/AN1.5.07.pdf, January 2007.

[11] Y. F. Chung, K. H. Huang, F. Lai, and T. S. Chen, “ID

based Digital Signature Scheme on Elliptic Curve

Cryptosystem”, Computer Standards and Interfaces, Vol. 29,

2007, pp. 601-604.

[12] Jen-Ho Yang and Chin-Chen Chang, “Cryptanalysis of

ID-Based Digital Signature Scheme on Elliptic Curve

Cryptosystem” 8th

International Conference on Intelligent

Systems Design and Applications, 2008.

[13] Jr., A. K.; Lenstra and Jr. H. W, “Algorithms in number

theory”, Handbook of Theoretical Computer Science:

Algorithms and Complexity (Amsterdam and New York: The

MIT Press) pp- 673–715.

[14] Hou huifang Huang kaizhi and Hou huifang Liu

guangqiang “CPK and ECC-Based Authentication and key

Agreement Scheme for Heterogeneous wireless network”

International Conference on Computer Science and Software

Engineering, 2008

[15] N.Koblitz, “Elliptic Curve Cryptosystems, Mathematics

of Computation”, volA8, 1987, pp-203 -209.

[16] S. Maria Celestin Vigila and K. Muneeswaran

“Implementation of Text based Cryptosystem using Elliptic

Curve Cryptography” IEEE transaction 2010.

[17] Bin Yu, “Establishment of elliptic curve cryptosystem” Information Theory and Information Security (ICITIS), IEEE

International Conference, 2010.

[18] Ahmad Khaled, M. AL-KAYALI, “Elliptic Curve

Cryptography and Smart Cards” GIAC Security Essentials

Certification (GSEC) Practical Assignment, Version 1.4b, 17

February, 2004.

[19] Bin Yu, “Method to Generate Elliptic Curves Based on

CM Algorithm”, Information Theory and information security,

IEEE International Conference, 2011.

Biographies:

Shipra Shukla was born at Kanpur, (U.P.), in India. She

received the B.Tech. degree in Computer

Science and Engineering in 2010 from

Pranveer Singh Institute of Technology,

Kanpur, India. She is currently pursuing

M.Tech in Computer Science and Engineering

from Kamala Nehru institute of Technology Sultanpur, U.P.

India.

Dharmendra Lal Gupta is currently working as an Assistant

Professor in the Department of Computer

Science & Engineering at KNIT,

Sultanpur (U.P.) India. And he is also

pursuing his Ph.D. in Computer Science & Engineering form Mewar University,

Chittorgarh (Rajasthan). He received

B.Tech.(1999) from Kamla Nehru

Institute of Technology (KNIT)

Sultanpur, in Computer Science & Engineering, M.Tech.

Hon‟s (2003) in Digital Electronics and Systems from Kamla

Nehru Institute of Technology (KNIT) Sultanpur. His research

interests are Cryptography and Network Security, Software

Quality Engineering, and Software Engineering.

Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16

IJCTA | JAN-FEB 2012 Available [email protected]

15

ISSN:2229-6093

8

Dr. Anil Kumar Malviya is an Associate Professor in the

Computer Science & Engg.Department at

Kamla Nehru Institute of Technology,

(KNIT), Sultanpur. He received his B.Sc.

& M.Sc. both in Computer Science from

Banaras Hindu University, Varanasi

respectively in 1991 and 1993 and Ph.D.

degree in Computer Science from Dr. B.R.

Ambedkar University; Agra in 2006.He is Life Member of

CSI, India. He has published about 26 papers in

International/National Journals, conferences and seminars. His

research interests are Data mining, Software Engineering,

Cryptography & Network Security.

Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16

IJCTA | JAN-FEB 2012 Available [email protected]

16

ISSN:2229-6093