1 A COMPARATIVE STUDY OF CRYPTOSYSTEMS WITH ELLIPTIC CURVE CRYPTOGRAPHY USING DIGITAL SIGNATURE * Shipra Shukla, ** Dharmendra Lal Gupta, ***Anil Kumar Malviya *Pursuing M.Tech in Deptt. of Computer Science & Engineering ,K N I T Sultanpur, U.P., India-228118, email: [email protected]m **Research Scholar, Deptt. of Computer Science & Engineering , Mewar University Chittorgarh,Rajasthan.,India , email: [email protected]***Associate Professor, Deptt. of Computer Science & Engineering ,K N I T Sultanpur,U.P.,India -228118, email:[email protected]Abstract: Elliptic Curve Cryptography (ECC) is coming forth as an attractive public key cryptosystem for mobile/wireless environments compared to conventional cryptosystems like RSA and DSA. ECC provides better security with smaller key sizes, which results in faster computations, lower power consumption, as well as memory and bandwidth savings. However, the true impact of any public-key cryptosystem can only be evaluated in the perspective of a security protocol. The digital signature is the requisite way to ensure the security of web services and has great implication in practical applications. By using a digital signature algorithm we can provide authenticity and validation to the electronic document. ECDSA and ECDH use the concept of ECC. In this article we present ECC and most popular algorithms such as RSA, ECDH, ECES and ECDSA and based on observation a comparative study of all these algorithms have been done. Keywords: RSA, Digital Signature, ECDSA, ECDH, ECC, ECES 1. INTRODUCTION: Authentication is an essential requirement for any secure online transactions such as e-commerce, stock trading and banking. These transactions employ a combination of public- key and symmetric key cryptography to authenticate participants and guarantee the integrity and confidentiality of information in transit. In cryptography for security and authentication with much shorter keys, we use digital signature. Any new security technology can be widely adopted, if it is integrated into end-user applications like email and web browsing. Most importantly, the new technology must demonstrate a compelling value proposition to offset the cost and inconvenience of migration. Elliptic Curve Cryptography (ECC), have been proposed by independently in 1985 by Neal Koblitz [15] and Victor Miller [3]. It has been used in cryptographic algorithms for a variety of security purposes such as key exchange and digital signature.ECC is emerging as an attractive alternative to traditional public-key cryptosystems such as RSA, DSA, and DH. Compared to traditional integer based public-key algorithms; ECC algorithms can achieve the same level of security with much shorter keys. For example, 160-bit Elliptic-curve Digital Signature Algorithm (ECDSA) has a security level equivalent to 1024-bit Digital Signature Algorithm (DSA). Because of the shorter key length, ECC algorithms run faster, require less space, and consume less energy. More specially, ECC offers equivalent security with smaller key sizes, in less computation time and with less memory. As a result, ECC offers higher throughput on the server side [7] and smaller implementations on the client side. By saving system resources ECC is particularly well suited for small devices such as mobile phones, PDAs and smart cards. ECC technology is ready for deployment as, in addition to its technical merits, standards have been put in place and reference implementations have been made available. Several standards have been created to specify the use of ECC. The US government has adopted the Elliptic Curve Digital Signature Algorithm (ECDSA [5.1], the Elliptic Curve variant of DSA) and recommended a set of curves. Additional curves for commercial use were recommended by the Standards. Now a days various application such as banking, sale-purchase and stock trading are increasing day by day and emphasizing on electronic transaction to minimize the operational cost and increasing the services. This need has lead to the development of the new notion of electronic document that can be generated, processed and stored in computers and transmitted over net. The information transmitted over these documents can be susceptible and thus need to be protected by the intruders and malicious third parties. Traditionally in paper document this kind of protection is provided by the written signature and thus it authenticate the document for the communicating parties. For electronic documents this facility is provided by the means of DIGITAL SIGNATURE, by using a digital signature algorithm we can provide authenticity and validation to the electronic document. The security of a digital signature system is dependent on maintaining the secrecy of users' private keys. Users must therefore lookout against the unauthorized
8
Embed
An Overview & Iss - International Journal of Computer Technology
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
2
acquisition of their private keys. While it is the objective of
this standard to specify general security requirements for
generating digital signatures, conformance to this standard
does not assure that a particular implementation is secure [4].
Authenticity is the process of certifying the sender of the
document while verification is the process of certifying the
content of the document. Thus digital signature must provide
following features:
It must be easy to generate and retain the copy of
digital signature.
It must be computationally infeasible to forge a
digital signature.
It must authenticate and verified the document
It should be accepted by both the communicating
parties.
It should not be easy to alter the digital signature.
Since digital signature is just a sequence of zeroes and ones it
must be a bit pattern that depends on the message being signed
(it must used some information that is unique to the sender)
Digital signature can guarantee message integrity and
authenticity in an open network [9]. In order to generate the
signature sender first calculate the digest of the message using
a hash function. In practice instead of using the whole
message, a hash function is applied to the arbitrary sized
message plus some private information held by sender which
will generate fixed sized output. Commonly used hashed
functions are MD5 and SHA [8]. Then the sender encrypts the
digest with his private key to generate the signature. Receiver
first decrypts the sender‟s signature into a digest using the
sender‟s public key. Then the receiver calculate the digest
from the sender‟s message and compare it with the decrypted
digest if they matches then this message is indeed from the
sender and unaltered. There are three types of commonly used
digital signature algorithm: RSA, DSA and ECDSA.
The rest of the paper is organized as follows, Section 2
describes about related work. In Section 3 ECC have been
shown thoroughly and in section 4 we briefly describe RSA.
ECDSA and ECDH relevant algorithms have been described
in section 5. ECES has been described in section 6. In Section
7, we have given our observation in ECC algorithms. Section
8 concludes the article and tells about future work.
2. RELATED WORK
This section reviews some of the most relevant previous
contributions in implementations of various cryptosystems.
The capabilities of cryptosystems such as of RSA and Diffie-
Hellman are inadequate due the requirement of large number
of bits. The cryptosystem based on Elliptic Curve
Cryptography (ECC) is becoming the recent trend of public
key cryptography.
S. Maria Celestin Vigila et al. [16] have described about the
implementation of ECC by first transforming the message into
an affine point on the Elliptic Curve (EC), over the finite field
GF(p). The process of encryption/decryption of a text message
has been used. It is almost infeasible to attempt a brute force
attack to break the cryptosystem using ECC.
V. Miller [3] has described about various types of elliptic
curves and their basic implementation. Public key processor
supports both the RSA and ECC cryptosystems and other
algorithms such as DSA or DH which could be easily
supported through firmware without requiring any hardware
modifications. The RSA algorithm uses modular
exponentiation which can be implemented through repeated
multiplication and squaring. The equivalent core function for
the ECC cryptosystem is called point multiplication.
Anoop Ms [10] has provided a significant work on ECC. A
double and add algorithm for point multiplications over fields
GF(p) and Montgomery Scalar Multiplication[6] for point
multiplications over fields GF(2m). Projective coordinates are
used for GF (2m) and mixed coordinates for GF(p) [1].
Ahmad Khaled et al. [18] have presented a background on
ECC including the basics and some ECC techniques. They
have described about smart cards, their constraints and ECC
implementation options using digital signature.
Hou huifang Huang kaizhi et al. [14] has proposed the scheme
which greatly reduces the computation and communication
overhead. It has provided the expected security which
symmetric key protocols can't provide. ECC is used to encrypt
information, construct digital signature and generate the
session key. Analysis shows that the proposed scheme
provides the security of the authentication and key agreement
mechanism.
Bin Yu [19] says that, the cryptosystem of elliptic curve had
been put forward by Miller and Koblitz solely in 1985. The
cryptosystem of elliptic curve owns three special advantages
in terms of recent research: 1.It has larger flexibility when it
chooses groups; 2. there wouldn‟t be any effective sub-index
arithmetic to attack it if the cryptosystem of elliptic curve is
suitably chosen; 3. it has a short key.
3. Overview of ECC:
Some public key algorithm may require „Domain Parameter‟
i.e. a set of predefined constants to be known by all the
devices taking part in the communication.
3.1 Basic Equation of ECC
The mathematical operations of ECC are defined over the
elliptic curve.[10]
y2 = x
3 + ax + b, where 4a
3 + 27b
2 ≠ 0 (eq. 3.a)
Each value of the „a‟ and „b‟ gives a different elliptic curve.
All points (x, y) which satisfies the above equation plus a
point at infinity lies on the elliptic curve. The public key is a
point in the curve and the private key is a random number.
The public key is obtained by multiplying the private key with
the generator point G in the curve. The generator point G, the
curve parameters „a‟ and „b‟, together with few more constants
constitutes the domain parameter of ECC. The EC domain
parameters are explained in section 3.9.1
Commonly-used elliptic curves are defined in either a prime
field GF(p) or a finite field of characteristic two GF (2m),
Shipra Shukla et al,Int.J.Comp.Tech.Appl,Vol 3 (1), 9-16