Top Banner
1 Lal Bahadur Shastri Institute of Management Comparative Study of Key Exchange Algorithms Submitted By- Gaurav Rawat (085) Manish (078) Prakash Singh (103) Vivek Verma(090)
20
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: GP Report(Key Exchange)

1

Lal Bahadur Shastri Institute of Management

Comparative Study of Key Exchange

Algorithms

Submitted By-

Gaurav Rawat (085)

Manish (078)

Prakash Singh (103)

Vivek Verma(090)

Page 2: GP Report(Key Exchange)

2

TABLE OF CONTENTS

1. INTRODUCTION……………………………………………………………………………4

1.1. Background…………………………………………………………………………….4

1.2. Objective of the report…………………………………………………………………5

2. DIFFIE HELLMAN KEY EXCHANGE ALGORITHM……………………………………5

2.1. Algorithm Steps………………………………………………………………………..5

2.2. Security of Diffie-Hellman…………………………………………………………….6

2.3. Discrete Logarithm Problem…………………………………………………………...6

2.4. Diffie Hellman Problem……………………………………………………………….7

3. RSA ALGORITHM………………………………………………………………………...7

3.1. Key Generation………………………………………………………………………..8

3.2. Encryption……………………………………………………………………………..8

3.3. Decryption……………………………………………………………………………..8

3.4. Digital Signing………………………………………………………………………...8

3.5. Digital Verification…………………………………………………………………….8

3.6. Security of RSA……………………………………………………………………….8

3.7. RSA Problem……………………………………………………………......................9

4. ELLIPTIC CURVE ALGORITHM…………………………………………………………9

4.1 ECC Key Generation………………………………………………………………….10

4.2. Security of Elliptic Curve Algorithm………………………………………………....10

4.3. The Elliptic Curve Discrete Logarithm Problem……………………………………....10

5. IMPLEMENTATION OF KEY EXCHANGE ALGORITHMS……………………………11

5.1. Diffie – Hellman……………………………………………………………………….11

5.2. RSA……………………………………………………………………………………14

6. COMPARATIVE ANALYSIS OF KEY EXCHANGE ALGORITHMS…………………..16

6.1. Performance Factor……………………………………………………………………16

6.1.1. Tunability……………………………………………………………………...16

6.1.2. Computational Speed………………………………………………………….17

6.1.3. Key Length ………………………………………………………………........17

6.1.4. Security Issues…………………………………………………………………17

6.1.5. Encryption Ratio……………………………………………………………....17

Page 3: GP Report(Key Exchange)

3

6.2. The Difference between the RSA and Diffie-Hellman key Exchange………………..18

6.3. Compaison of ECC to RSA and Diffie Hellman………………………………………18

7. CONCLUSIONS…………………………………………………………………………….19

8. REFERENCES………………………………………………………………………………20

Page 4: GP Report(Key Exchange)

4

1. INTRODUCTION

1.1. BACKGROUND

Internet these days is a major source of accessing valuable data on the global

stage. Its services are not only used by legal users but also by hackers, data thieves and

network sniffers.

Network security is becoming very crucial aspect when the volume of the data is large

and complex. So need of the hour is the data confidentiality for secure data

communication over the internet; protecting data from being disclosed to unintended

parties while being communicated b/w the authorized entities. So to improve the security

of the data being transmitted various techniques are being employed. These days

commonly the utilization of Symmetric Encryption is there. Here a common key is

shared for encryption of large amount of data by 2 or more parties. Using a key exchange

protocol which involves exchanging messages over an open channel. Thus,

Authentication is must in order to prevent the sniffers from obtaining a copy of the key.

Man-in-middle attacks are to be avoided which means preventing the trusted server to be

impersonated by a malicious server. Therefore, the key exchange protocols are associated

with authentication protocols.

Some of the other attacks on the encryption techniques are Chosen-plain text attacks,

Brute force attacks, Linear cryptanalysis, etc. To avoid such attacks needed security

measures have been enhanced with the encryption in this technique. The strength of the

Encryption Algorithms is based on how it is vulnerable to the attacks made on it .

Public-key cryptography is the commonly used method for encrypting a message

in a form that can be read only by the intended recipient.

This approach is based on Asymmetric Key Algorithms i.e. the non-message

information (public key) needed to change the message to a protected form in different

from the information required to reverse the process(private key).

Unlike symmetric algorithm, a public key algorithm does not involve secure initial

exchange of one or more secret keys b/w the sender and receiver.

In this report we will be focusing on the study and examination of the key exchange

protocols so as to quantify their security level, computational time and data transmission

time; which would in turn will help us to decide the most suitable or appropriate protocol

for the use in an application.

In this report, we have chosen 3 Key Exchange Algorithms:

Diffie-Hellman Key Exchange

Rivest Shamir and Adleman Key Exchange(RSA)

Elliptic Curve Cryptography(ECC)

Page 5: GP Report(Key Exchange)

5

In various sections of the report we have provided the following information:-

Description of Various Key Exchange Algorithms.

The Various problems associated in Key Exchange Algorithms.

Implementation of Key Exchange Algorithms.

Security & Complexity levels of each Key Exchange Algorithms.

Conclusions.

1.2. OBJECTIVE OF THE REPORT

The objective of this report is to provide an overview of various key exchange

algorithms and a comparison between them is made on the basis of Key size, security,

Cost, computational speed and the type of attacks on the security issues are provided. As

a result, the better solution to the symmetric key encryption and for the asymmetric key

encryption is provided.

2. DIFFIE HELLMAN KEY EXCHANGE ALGORITHM

The Diffie-Hellman key agreement protocol (also called exponential key agreement) was

developed by Whitfield Diffie and Martin Hellman in 1976 and published in the ground-breaking

paper "New Directions in Cryptography".

The purpose of the Diffie-Hellman algorithm is to make it possible for two or more parties to

create and share an identical, secret session key by sharing information over a network that is not

secure. The information that gets shared over the network is in the form of a couple of constant

values and a Diffie-Hellman public key.

2.1. Algorithm Steps

Suppose that party1 and party2 want to agree on a shared secret key using the Diffie-

Hellman key agreement protocol. The process used by two key-exchange parties is as

follows:

First, Alice generates a random private value a and Bob generates a random

private value b.

Alice and Bob agree on a prime number p and a natural number g such that g is a

primitive root mod p. These numbers may be public.

Alice’s public value is A= ga mod p and Bob’s public value is B= g

b mod p. They

then exchange their public values.

Alice computes the key KA = Ba mod p.

Bob computes the key KB = Ab mod p.

Finally, The two keys match because KA ≡ Ba ≡ (g

b) a ≡ g

ba ≡ g

ab ≡ (g

a)b ≡ A

b ≡

KB mod p. Alice and Bob now have a shared secret key k.

Page 6: GP Report(Key Exchange)

6

Figure1. Diffie - Hellman Key Exchange

(Source: International Journal of Computer Application (0975-8887), Volume 7 – No. 5, 2010)

2.2. Security of Diffie-Hellman

The protocol depends on the discrete logarithm problem for its security. It

assumes that it is computationally not easy to calculate the shared secret key

k = gab

mod p given the two public values ga mod p and g

b mod p when the prime p is

sufficiently too large. Let's assume eavesdropper has access to all the communication

between the two parties. Hence he knows the values of g, p, A and B, but not those of a

or b since a is only known to Alice and b is only known to Bob and they are never

exchanged. Eavesdropper wants to know the key, i.e. the value gab

mod p. Eve can

achieve this by finding a or b and then working out gba

mod p. The task of finding a or b

is a well-known problem, called the discrete logarithm problem.

2.3. Discrete Logarithm Problem

Given a prime p, a base g and a number A ≡ ga mod p, find the value of a. The

number a is then called the discrete logarithm to base g of A mod p. essentially, the

difficulty is to find a suitable exponent a. If Eve can solve the DLP, she can obtain the

secret key and thus break the Diffie-Hellman key exchange protocol. Therefore it is often

said that the security of a Diffie-Hellman key exchange depends on the hardness of the

DLP.

So the most important question to answer at this point is: How difficult is solving the

discrete logarithm problem? You may have noticed that solving the DLP may not be the

only way of breaking the Diffie-Hellman key exchange protocol. It is not explicitly

Page 7: GP Report(Key Exchange)

7

required that Eve find out a or b, he really just has to find the key K ≡ gab

mod p

somehow.

2.4. Diffie Hellman Problem

We described how solving the discrete logarithm easily would allow Eve to arrive

at the secret key. There is another problem Eve can solve to arrive at the secret key—

namely, the Diffie-Hellman Problem. The Diffie-Hellman Problem comes in two flavors,

the computational and the decisional. The Computational Diffie-Hellman Problem is

defined as follows: Let p be a prime and let g be a primitive root mod p . Given

ga(mod p) and g

b (mod p), find g

ab(mod p).Recall that Eve has access to both g

a and g

b

as they are both made public during the exchange. It is not currently known whether or

not this problem is easier than computing discrete logs . A related problem, known as the

Decisional Diffie-Hellman Problem, is defined as follows: Let p be a prime and let g

be a primitive root mod p . Given ga (mod p) and g

b(mod p) and B!=0 (mod p), decide

whether or not k==gab

(mod p). In other words, if someone offers a number to Eve and

claims it is K , can Eve decide whether or not that person is telling the truth with the

information captured in the unsecure channel? Like the computational Diffie-Hellman

problem, the decisional Diffie-Hellman problem has yet to be solved. It is unknown

whether a method for solving the decisional problem will lead to a solution for the

computational problem.

3. RSA ALGORITHM

The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adelman, who

invented it in 1977. The basic technique was first discovered in 1973 by Clifford Cocks of CESG

(part of the British GCHQ) but this was a secret until 1997. The patent taken out by RSA Labs

has expired. The RSA cryptosystem is the most widely-used public key cryptography algorithm

in the world. It can be used to encrypt a message without the need to exchange a secret key

separately. The RSA algorithm can be used for both public key encryption and digital signatures.

Its security is based on the difficulty of factoring large integers. Party A can send an encrypted

message to party B without any prior exchange of secret keys. A just uses B's public key to

encrypt the message and B decrypts it using the private key, which only he knows. RSA can also

Page 8: GP Report(Key Exchange)

8

be used to sign a message, so A can sign a message using their private key and B can verify it

using A's public key.

3.1. Key Generation

Generate two large random primes, p and q, of approximately equal size.

Compute n = pq.

Let m = (p-1)(q-1).

Choose a small number e, co prime to m.

Find d, such that de % m = 1.

Distribute e and n as the public key(n,e).

Keep d and n as the secret key.

3.2. Encryption

Sender A does the following:-

Obtains the recipient B's public key (n, e).

Represents the plaintext message as a positive integer m, 1 < m < n.

Computes the cipher text C = pe mod n.

Sends the cipher text C to B.

3.3. Decryption

Recipient B does the following:-

Uses his private key (n, d) to compute P = Cd mod n.

Extracts the plaintext from the message representative P.

3.4. Digital Signing

If the message is M, then the text with signature is S = Cd mod n.

3.5. Digital Verification

If the text with signature is S, then the original message is P = Se mod n.

3.6. Security of RSA

RSA gets its security from factorization problem. Difficulty of factoring large

numbers is the basis of security of RSA. Factoring is required to break the system.

Factoring is inherently computationally intractable or alternatively factoring is hard and

any approach that can be used to break the system is at least as hard as factoring. Positive

integer n, find its prime factors: n = p1 p2 ... pi where pi is positive distinct prime number

Page 9: GP Report(Key Exchange)

9

Example: 257603 = 41 * 61 * 103

3.7. RSA Problem

Given an RSA public key (n, e) and a cipher text C = Pe (mod n), to compute P.

The RSA Assumption is that the RSA Problem is hard to solve when the modulus n is

sufficiently large and randomly generated, and the plain-text P (and hence the cipher text

C) is a random integer between 0 and n − 1. The RSA Problem is the basis for the

security of RSA public-key encryption as well as RSA digital signature schemes.

4. ELLIPTIC CURVE ALGORITHM

Elliptic Curve Cryptography (ECC) was discovered in 1985 by Victor Miller (IBM) and

Neil Koblitz (University of Washington) as an alternative mechanism for implementing public-

key cryptography. Unlike other popular algorithms such as RSA, ECC is based on discrete

logarithm that is much more difficult to challenge at equivalent key lengths. Elliptic Curve

Cryptography (ECC) is a public key cryptography. Public key cryptography, unlike private key

cryptography, does not need any shared secret between the communicating parties but it is much

slower than the private key cryptography.

An elliptic curve is given by an equation in the form of:

y2 = x3 + ax + b

where, 4a3 + 27b2 ≠ 0

Many interesting problems arise from the set of points on elliptic curves over a finite field under

group operations. The finite fields that are commonly used are those over primes (Fp) and binary

fields (F2n). The security of ECC is based on the elliptic curve discrete logarithm problem

(ECDLP). This problem is defined as:

Given points X, Y on the elliptic curve, find z such that:

X = zY

The discrete logarithm problem over this group in a finite field is a good one-way function

because there are currently no known polynomial time attacks for solving the problem. The

methods for computing the solutions to the ECDPL are much less efficient than that of factoring,

so ECC can provide the same security as RSA with smaller key lengths.

ECC was developed independently by Neal Koblitz and Victor Miller in 1985.

Page 10: GP Report(Key Exchange)

10

4.1 ECC Key Generation

To generate a public and private key pair for use in ECC communications, an

entity would perform the following steps:

Find an elliptic curve E(K), where K is a finite field such as Fp or F2n,

and a find point Q on E(K). n is the order of Q. Recommended domain

parameters for E(K) are suggested in [11].

Select a pseudo random number x such that 1 ≤ x ≤ (n - 1).

Compute point P = xQ.

Your ECC key pair is (P, x), where P is your public key, and x is your

private key.

According to National Security Agency (NSA) at RSA Conference 2005, they

announced that ECC exclusively uses for Digital Signature Generation and Key

Exchange i.e (ECDH and ECDSA).

4.2. Security of Elliptic Curve Algorithm

The security of ECC depends on the difficulty of Elliptic Curve Discrete

Logarithm Problem. Let P and Q be two points on an elliptic curve such that kP = Q,

where k is a scalar. Given P and Q, it is computationally infeasible to obtain k, if k is

sufficiently large. k is the discrete logarithm of Q to the base P. Hence the main operation

involved in ECC is point multiplication. i.e. multiplication of a scalar k with any point P

on the curve to obtain another point Q on the curve.

4.3. The Elliptic Curve Discrete Logarithm Problem

In the multiplicative group Zp*, the discrete logarithm problem is: given elements

r and q of the group, and a prime p, find a number k such that r = qk mod p. If the elliptic

curve groups is described using multiplicative notation, then the elliptic curve discrete

logarithm problem is: given points P and Q in the group, find a number that Pk = Q; k is

called the discrete logarithm of Q to the base P. When the elliptic curve group is

described using additive notation, the elliptic curve discrete logarithm problem is: given

points P and Q in the group, find a number k such that Pk = Q

Example:

In the elliptic curve group defined by

y2 = x

3 + 9x + 17 over F23,

What is the discrete logarithm k of Q = (4,5) to the base P = (16,5)?

One (naïve) way to find k is to compute multiples of P until Q is found. The first few

multiples of P are:

Page 11: GP Report(Key Exchange)

11

P = (16,5) 2P = (20,20) 3P = (14,14) 4P = (19,20) 5P = (13,10) 6P = (7,3) 7P = (8,7) 8P =

(12,17) 9P = (4,5)

Since 9P = (4,5) = Q, the discrete logarithm of Q to the base P is k = 9.

In a real application, k would be large enough such that it would be infeasible to

determine k in this manner.

5. IMPLEMENTATION OF KEY EXCHANGE ALGORITHMS

In this section we are presenting the implementation of two popular key exchange algorithms -Diffie-Hellman and RSA. We have implemented both the algorithms in java Language using NetBeans IDE 7.2.

5.1. Diffie – Hellman

package diffiehellman;

import java.util.*;

import java.lang.*;

public class DiffieHellman {

public static void main(String argv[])

{

//Create two separate instances of the DH object.

int q,alpha=0,xa,xb,ya,yb,ka,kb, x,y,z,count;

Scanner in = new Scanner(System.in);

int[][] ai= new int[20][20];

System.out.println("Enter a Prime Number \"q\":");

q = in.nextInt();

System.out.println("Enter a No \"xa\" which is lessthan value of q:");

xa = in.nextInt();

System.out.println("Enter a No \"xb\" which is lessthan value of q:");

xb = in.nextInt();

for(x=0;x<q-1;x++) //Primitive Root Calculation

for(y=0;y<q-1;y++)

ai[x][y] = ((int)Math.pow(x+1,y+1))%q;

for(x=0;x<q-1;x++)

{

count = 0;

for(y=0;y<q-2;y++)

{

for(z=y+1;z<q-1;z++)

if(ai[x][y] == ai[x][z])

{

count = 1;

Page 12: GP Report(Key Exchange)

12

break;

}

if(count == 1)

{ break;

}

if (count == 0 )

{

alpha = x+1;

break;

}

}

System.out.println("alpha = " + alpha);

ya = ((int)Math.pow(alpha,xa))%q;

yb = ((int)Math.pow(alpha,xb))%q;

ka = ((int)Math.pow(yb,xa))%q;

kb = ((int)Math.pow(yb,xb))%q;

System.out.println("ya = "+ ya);

System.out.println("yb = " +yb);

System.out.println("ka = " + ka);

System.out.println("kb = " + kb);

if(ka == kb)

System.out.println("The keys exchanged are same");

else

System.out.println("The keys exchanged are not same");

}

}

CASE 1

Page 13: GP Report(Key Exchange)

13

CASE 2

The output of Diffie Hellman key exchange algorithm is shown below. Here we have

discussed two cases as shown below. In The first Case 1 it is shown that keys exchanged

are not same so no encryption decryption will take place ,whereas in the Case 2 where

both keys are same encryption and decryption of messages can be done at both sender

and receiver side.

Implementation takes in prime number (p) and a secret number (xa,xb) for both the

parties and calculate the primitive root i.e. the base value alpha. The algorithm then

calculates ya and yb by using formula, (alpha)xa

mod p for one party and (alpha)xb

mod p

for other.

Then the secret key is calculated i.e. ka and kb by using formula (ya)xa

mod p and (yb)xb

mod p for both the parties respectively.

Implementation is tested by taking input as :

Prime number:17 prime number: 17

Xa: 9 xa: 12

Xb: 5 xb: 12

And calculated :

Alpha:3 alpha: 3

Ya: 14 ya: 4

Yb: 5 yb: 4

Ka: 12 ka: 1

Kb: 14 kb: 1

Result is:

Page 14: GP Report(Key Exchange)

14

Keys exchanged are not same keys exchanged are same

5.2. RSA

package rsa;

import java.math.BigInteger;

import java.util.Random;

import java.io.*;

public class RSA {

private BigInteger p;

private BigInteger q;

private BigInteger N;

private BigInteger phi;

private BigInteger e;

private BigInteger d;

private int bitlength = 1024;

private int blocksize = 256; //blocksize in byte

private Random r;

public RSA() {

r = new Random();

p = BigInteger.probablePrime(bitlength, r);

q = BigInteger.probablePrime(bitlength, r);

N = p.multiply(q);

phi = p.subtract(BigInteger.ONE).multiply(q.subtract(BigInteger.ONE));

e = BigInteger.probablePrime(bitlength/2, r);

while (phi.gcd(e).compareTo(BigInteger.ONE) > 0 && e.compareTo(phi) < 0 ) {

e.add(BigInteger.ONE);

}

d = e.modInverse(phi);

}

public RSA(BigInteger e, BigInteger d, BigInteger N) {

this.e = e;

this.d = d;

this.N = N;

}

public static void main (String[] args) throws IOException

{

RSA rsa = new RSA();

Page 15: GP Report(Key Exchange)

15

DataInputStream in=new DataInputStream(System.in);

String teststring ;

System.out.println("Enter the plain text:");

teststring=in.readLine();

System.out.println("Encrypting String: " + teststring);

System.out.println("String in Bytes: " + bytesToString(teststring.getBytes()));

// encrypt

byte[] encrypted = rsa.encrypt(teststring.getBytes());

System.out.println("Encrypted String in Bytes: " + bytesToString(encrypted));

// decrypt

byte[] decrypted = rsa.decrypt(encrypted);

System.out.println("Decrypted String in Bytes: " + bytesToString(decrypted));

System.out.println("Decrypted String: " + new String(decrypted));

}

private static String bytesToString(byte[] encrypted) {

String test = "";

for (byte b : encrypted) {

test += Byte.toString(b);

}

return test;

}

public byte[] encrypt(byte[] message) {

return (new BigInteger(message)).modPow(e, N).toByteArray();

}

public byte[] decrypt(byte[] message) {

return (new BigInteger(message)).modPow(d, N).toByteArray();

}

}

Page 16: GP Report(Key Exchange)

16

The output of RSA key exchange algorithm is shown below. Here the string to be

encrypted is first converted into bytes, then it is encrypted into a string in bytes that is

large enough, so that any third party will find difficult to tap the message in between. At

the receiver side the string is decrypted back and the receiver is able to see the message

as send by the sender.

The prime numbers are generated randomly and then further keys are calculated on the basis of random prime numbers.

Encrypted String in Bytes: 778288-3648-12610111110-43-26-1146491871-5-

3610751676595-2576-12465-96-87875-106122-123-11784-20-3911611680-691048893-

76-2123-46-2-50-59-120-100-40-71-10162-62-122-33-97-12-882-82-4-70-4106-96-28-

104-63-3637-9524755596125-6790-127-660671243356-2652-4121-21-80394128103-

862211-543113-50-46-61-60117-60-504-5584124-59-46-67-43-61-952134-128-117-5-

46103-954764-10573-43-1211-7862120-605497358-50-5436187-85842-106-25-

99281671-10099-10474-76-2-3822-9861-19-60107-31-112296788125-20-54-11797-

6527125117117-119-125-2067-1241226518141078844-1277-802899-103-1148560-123-

4073-126761114-100-5368745062829113119-375644-73-67-127-12109-102667051-

1056011033-13125-46-7-8283-5810-48-9492117

6. COMPARATIVE ANALYSIS OF KEY EXCHANGE ALGORITHMS

The complete comparative analysis of various key algorithms will be studied on the basis

of performance factors and the basic difference between ECC and RSA and Diffie-Hellman will

be described in the section 5.2 and 5.3.

6.1. Performance Factor

The performance factors are described below:

6.1.1. Tunability

Dynamic tunability defines flexible usability of algorithms that defines

the encrypted part and the parameters with respect to different applications and

requirements. The static tunability limits usability of key exchange algorithms to a

restricted set of applications.

Page 17: GP Report(Key Exchange)

17

6.1.2. Computational Speed

It defines how fast the algorithm is in order to meet the real time

requirements.

6.1.3. Key Length

The key management is very important aspect in the encryption

methodologies that shows how the data is encrypted. In cryptography, key

size or key length is the size measured in bits of the key used in a cryptographic

algorithm (such as a cipher). The symmetric algorithm uses a variables key length

which is of the longer. Hence, the key management is a considerable aspect in

encryption processing.

6.1.4. Security Issues

Cryptographic security defines whether encryption scheme is secure

against brute force and different plaintext-cipher text attack? For highly valuable

multimedia application, it is really important that the encryption scheme should

satisfy cryptographic security.

6.1.5. Encryption Ratio

The encryption ratio is the measure of the amount of data that is to be

encrypted. Encryption ratio should be minimized to reduce the complexity on

computation.

The difference among the key exchange algorithms on the basis of performance factors

are shown in the Table 1.

Performance

Factors

Key Exchange Algorithms

RSA

Diffie-Hellman

Elliptic Curve

Tunability yes yes Yes

Computational

Speed

Fast Slow Fast

Key Length >1024 bits Key

Exchange

management

<=512

Security Issues High Very high Low

Encryption Ratio High High Relatively low

Table 1. Comparison among key exchange algorithms on the basis of performance factors

Page 18: GP Report(Key Exchange)

18

6.2. The Difference between the RSA and Diffie-Hellman key Exchange

Diffie and Hellman is a two way key negotiation system that includes the

dynamic exchange of keys for every sender-receiver pair. It is helpful in further

complicating attacks, but requires additional communications overhead. The RSA system

reduces communications overhead with the capability to have static, unchanging keys for

each receiver that are advertised by a recognized `trusted authority' (the hierarchical

model) or distributed in an informal web of trust.

The basic difference between RSA and Diffie-Hellman are shown in the Table 2.

Table 2. Basic Difference between RSA and Diffie-Hellman

6.3. Comparing ECC to RSA and Diffie Hellman

ECC’s effectiveness and security is considered strong enough than RSA and

Diffie Hellman. Since ECC offers security equivalent to RSA than Diffi Hellman

using much smaller key sizes, the performances were tested according to the

following table 3 below .

Table 3 (Source: NIST Recommended Key Sizes)

Basis of

Difference

Key Exchange Algorithms

RSA

Diffie-Hellman

Keys Static exchange Dynamic

Exchange

Communication

Overhead

Relative low Very high

Attacks Prone Timing Attack Man in Middle

Attack

Page 19: GP Report(Key Exchange)

19

As symmetric key sizes increase, the required key sizes for RSA and Diffie-

Hellman increase at a more rapidly rate than the required key sizes for elliptic curve

cryptosystems. An elliptic curve system proposes more security per bit increase in key

size than either RSA or Diffie-Hellman public.Elliptic curve cryptosystems are also more

computationally efficient than the RSA and Diffie-Hellman. It can be seen that ECC is

superior to RSA in terms of the key size and cost.

7. CONCLUSIONS

Elliptic Curve Cryptography provides greater security and more efficient performance

than the key exchange techniques (RSA and Diffie-Hellman). As the ECC key sizes are so much

shorter than comparable RSA keys, the length of both the public key and private key is much

shorter in elliptic curve cryptosystems. This results into faster processing times, and lesser

demands on memory and bandwidth; some studies have found that ECC is faster than RSA for

signing and decryption, but slower for signature verification and encryption.

Page 20: GP Report(Key Exchange)

20

8. REFERENCES

Sui, Huang (0060964), ―How does RSA Works‖, SE 4C03 Winter 2005 Project

Report, April 6th, 2005.

Arun Moorthy(CS 93115), ―RSA Public Key Cryptosystem‖,Department of

Computer Science & Engineering, IIT Madras.

RSA Laboratories, ―Frequently Asked Questions About Today’s

Cryptography(Version 3.0) ‖,(http://www.rsa.com/rsalabs/newfaq/).

Pigatto, da Silva and Castelo Branco , ―Performance Evaluation and Comparison of

Algorithms for Elliptic Curve Cryptography‖, Journal of Applied Computing

Research, 1(2):95-103 July-December 2011.

AniketP.Kate(04305001), PrajaktaS.Kalekar(04329008), DeeptiAgrawal(04329020),

―Weak Keys inDiffie-HellmanProtocol‖, India InstituteofTechnology,Powai,Mumbai-

400076,November15,2004.

M.J.B. Robshaw, Ph.D. and Yiqun Lisa Yin, Ph.D., ― Overview of Elliptic Curve

Cryptosystems‖, An RSA Laboratories Technical Note Revised, June 27, 1997.

(http://www.rsa.com/rsalabs/node.asp?id=2013).

Jean-Fran¸ois Raymond and Anton Stiglic, ―Security Issues in the Diffie-Hellman

Key Agreement Protocol‖.