Implementation and Secured Authentication Key using Elliptic Curve Cryptography

International Journal of Innovative Research in Information Security (IJIRIS) ISSN: 2349-7017(O)
Volume 1 Issue 2 (August 2014) ISSN: 2349-7009 (P)
http://www.ijiris.com
_____________________________________________________________________________________________________
© 2014, IJIRIS- All Rights Reserved Page - 66
Implementation and Secured Authentication Key using
Elliptic Curve Cryptography
Thangarasu.N1
, Dr. Arul Lawrence Selvakumar2
1
Research Scholar in Department of Computer Science 2
Rajiv Gandhi Institute of Technology-Bangalore
Bharathiyar University-Coimbatore Dean & Professor Department of Computer Science
Abstract -- The Elliptic Curve Cryptosystem (ECC) is an emerging alternative for traditional public key cryptosystem like
RSA, DSA and Diffie-Hellman. It provides the highest strength- per-bit of any Cryptosystem known today with smaller
key sizes resulting in faster computation and memory. Diffie – Hellman key exchange the protocol based on Elliptic curve
cryptography. ECC techniques such as RSA is that the best known algorithm for solving ECDL the underlying hard
mathematical in Scalar multiplication problem in ECC.
Keywords - Elliptic Curve Cryptography (ECC), Scalar Multiplication, Diffie Hellman key Exchange, Levels of Security
1. Introduction
Elliptic Curve (EC) systems as applied to cryptography were first proposed in 1985 independently by Neal Koblitz and
Victor Miller. The discrete logarithm problem on elliptic curve groups is believed to be more difficult than the corresponding
problem in the underlying finite field [13][14][15].Elliptic Curve Cryptography provides level of security with a 164-bit key
that RSA require a 1,024-bit key to achieve, Because ECC helps to establish equivalent security with lower computing power
and battery resource usage. The ECC covers all primitives of public key cryptography like digital signature ,key exchange,
key transport ,key management .Presently ECC has been commercially adopted by many standardize organization such as
NIST ,ISO ,and ANSI [1] .ECC covers the discipline of mathematics and computer science and engineering. It can widely
used for electronic commerce, secure communication, etc. The security of the Elliptic Curve Cryptography depends on the
difficulty of finding the value K, given KP where K is the large number and P is the random point on the elliptic curve [11].
This is Elliptic Curve Discrete Logarithm problem. The Elliptic Curve parameter for cryptographic schemes should be
carefully chosen in order to resist all known attacks of Elliptic curve Discrete Logarithmic problem[5][9].
2. Principles of Public key cryptosystems
The fundamental goal of cryptography has historically been to achieve privacy. i.e., to enable two people, A(Alice
and B(Bob), to send each other messages over an ensure channel in such a that only the intended recipient can read the
message. Let M denote the set of all possible plaintext message C the set of all possible cipher text message (encrypted
message), and K the set of all possible keys[6][7]. A private key cryptosystem consists of a family of pair of function Ek
:M→C,Dk: C→M,K∑K, such that Dk(Ek(m))= m for all m∑M and k ∑K. To use such a system A and B initially agree upon
a secret key k ∑K.
Message m Message m
ENCab(m) DEC ab(m)
Fig:1 Encryption/ Decryption with public key Cryptosystem(PKC).
3. Elliptic Curve Cryptography
Elliptic Curve Cryptography (ECC) was first introduced by victor Miller, Who was then at IBM, and Neil Koblitz
from the university of Washington independently in 1985. The principal attraction of ECC compared to RSA is that it offers
Sender A
Receiver B
Encrypt
Decrypt

_____________________________________________________________________________________________________
equal security for a far smaller key size, theory reducing processing overhead. The advantages of ECC over the public key
cryptography techniques such as RSA is that the best known algorithm for solving ECDLP the underlying hard mathematical
problem in ECC takes the fully exponential time and so far there is a lack of sub exponential attack on ECC. ECC is based on
Discrete Logarithmic problem over the points on an elliptic curve [6][7][8][9].
An elliptic curve is the set of Weierstrass equations of the form
B2
=a3
+xa+Y (1) or
B2
+ab=a3
+xa2
+Y (2) or
B2
+a=a3
+xa+y (3)
Where A and B are variables, x and y are constants. For cryptography purposes we always use a finite field.
The following Weirstrass equations gives the points on the curve Ep(x,y)[6]
Algorithm of elliptic points (p, x,y)
{
a=1
while(a<=p)
{
W=( a3
+xa+y) mod p;
if(w is not a perfect square in zp) then
{
else
{
(W is a perfect square in zp);
}
Output((a,√w),(a,-√w));
a=a+1;
}
}
}
4. Diffie- Hellman key Exchange
IN 1976, Diffie and Hellman in their seminal paper[1] on public key cryptography described a protocol, where by
two people, A and B, can derive and share a common piece of secret information Over an insecure communications channels.
They can then use this secret as their key in a private key cryptosystem such as DES. We describe this protocol known as the
Diffie-Hellman key exchange in terms of an arbitrary group[1].
 (Set up) A and B publicly select a (multiplicatively written) finite group G and an element α∑G.
 A generates a random integer a, computes αa
in G, and transmits αa
to B over a public communications channels.
 B generates a random integer b, computes αb
in G, and transmits αb
to A over the same channel.
 A receives αb
and computes (αb
)a
.
 B receives αa
and computes (αa
)b.
A and B now share the common group element αab
. We comment that this not an authenticated key exchange since any
third party C could impersonate either A or B. However the protocol, can easily be modified by requiring a control
trusted authority to certify (sign) a head of time the element αa
for each user A. This certification can be accomplished
using one of the techniques for digital signature.
Generating public and private keys using Elliptic Curve Diffie-Hellman Scheme(ECDH)
The original Diffie-Hellman algorithm requires 1024 bits to achieve sufficient security but Diffie-Hellman based on
elliptic Curve can achieve the same security level with 160 bit[2].
 User A choose E(a,b) with an elliptic curve .
 User A choose a generator point , e1(x1,y1) on the curve.
 User A choose an integer Ka.
 User A calculates e2a(x2,y2)=ka*e1(z1,y1). Multiplication here means multiple additions of points.

_____________________________________________________________________________________________________
 User A announces e2a(x2,y2) as his public key: hw keeps Ka as his private key.
 Similar process is carried out for User B.
 Finally the session/ secret key is generated with the help of Diffie-Hellman key exchange as R=ka*Kb*e1 where Ka
= Private key of User A
Kb= Private Key of User B.
User Public key e2a=ka*e1
Public key e2b= kb*e1
Fig:2 Diffie-Hellman protocol based on ECC[2].
5. Discrete methods to represent Scalars are as follows:
6.1 Single Scalar Multiplication:- Let E be an elliptic curve over a field K, P a point in the group E(K), a positive integer K
[1,n-1], where n is the order of E(K). Then the computation of[K], P is called single scalar multiplication.
6.2 Double Scalar Multiplication:- Let E be an elliptic curve over field K,P and Q two distinct points in the group E(k),K.
Two distinct positive integers in the interval [1,n-1] where n is the group order of E(k). Then the computation of [k]P+[1]Q is
called double scalar multiplication.
Scalar multiplication is the computationally heaviest operation in signature verification in elliptic curve based cryptosystem.
The most important objective of scalar multiplication is to improve the speed of both types of scalar multiplication. In
general, there are several approaches to accomplish the purpose selection is discussed [3][4] that focuses on:
6.3 Proper usage of coordinate system.
 Selecting arithmetic efficient curves.
 Combination of operations, sometimes point addition and point multiplication performed together to reduce the
number of field operation.
 Different representation for scalars.
For the implementation of scalar multiplication following forms are used such as Right-to-left binary method. Left-to-right
binary method, Non adjacent form, Width – w Nonadjacent form Joint Sparse Form, Double and add form, Addition chains,
Fibonacci and add , Montgomery method.
Implementation of point multiplication can be separated into three distinct layers like Finite field arithmetic, Elliptic curve
point addition and doubling, Point multiplication scheme makes secure against attacks, various methods have been suggested
using special point representations for specifically chosen elliptic curve [5] recommended by NIST and SECG. Also provides
efficiency advantages over earlier proposals.
USER A
Private Key
Ka
USER B
Private Key
Kb
Shared secret key
R= Ka* Kb*e1
Shared secret key
R= Kb* Ka*e1

_____________________________________________________________________________________________________
Fig:3 Hierarchy of Scalar Multiplication.
6. Security of Elliptic curve Cryptography
AS RSA depends on the difficulty of large- number factorization for its security, ECC depends on the difficulty of the large
number discrete logarithm calculation This is referred to as the Elliptic Curve Discrete Logarithm Problem (ECDLP). Elliptic
curves for which the total numbers of points on the curve equals the number of essentials in the primary finite field are also
considered cryptographically pathetic. Again the security of ECC depends upon how to calculate K when the point is given
scalar multiplication [10][3].
TABLE: 1 Key size for various Algorithms Based on same level of Security.
Symmetric
Scheme(key
Size in bits)
Elliptic Curve Cryptography based
Schemes(key size in bits)
RSA/DSA (Modules size in
bits)
56 112 512
80 160 1024
112 224 2048
128 256 3072
192 384 7680
256 512 15360
7. Security Consideration
Security is the most attractive feature of elliptic curve cryptography. Elliptic curve cryptosystems also are more
computationally efficient than the first generation public key systems like RSA, DSA and Diffie-Hellman key exchange
algorithm. Table2 gives approximate equivalent key sizes for ECC and RSA algorithm. From the table 1 it is clear to see that
ECC affords the same security as RSA while using significantly smaller key sizes. In Table 2, at all levels of security
including 512 bits, ECC has smaller public key sizes than both RSA and DSA/DH. Because of its smaller key size, ECC
outperforms both RSA and DSA/DH for most routine operations while offering comparable levels of security. The reason is
that ECC provides greater efficiency in terms of computational overheads, key sizes and bandwidth. In implementations,
these savings mean higher speeds, lower power consumption .For efficient cryptosystem implementation ANSI(American
national standard institute)and NIST(national Institute of standard and technology)are producing standards and
technology[13][14] .
Scalar
Multiplication
K*P
Addition SquaringMultiplication Inversion
Point
Addition
P+Q=R
Point
Doubling
2P=R

_____________________________________________________________________________________________________
Tabel: 2. Security Consideration of ECC
Time to break in MIPS
years
RSA/DSA key
exchange
ECC Key size RSA/ECC key size ratio
104
512 106 5:1
108
768 132 6:1
1011
1024 163 7:1
1020
2043 210 10:1
1078
21000 600 35:1
8. PERFORMANCE PARAMETERS FOR ELLIPTIC CURVE CRYPTOGRAPHY IMPLEMENTATION
Although RSA ,El-GAMAL and Diffie –Hellman are secure asymmetric key cryptosystem, their security comes with a
price ,their large keys. So researchers have looked for providing substitute that provides the same level of security with
smaller keys. For Elliptic Curve Cryptography implementation following consideration should meet [12][13][14] :
 Suitability of methods available for optimizing finite field arithmetic like addition, multiplication, squaring, and
inversion.
 Suitability of methods available for optimizing elliptic curve arithmetic like point addition, point doubling, and
scalar multiplication.
 Application platform like software, hardware, or firmware.
 Constraints of a particular computing environment e.g., processor speed, storage, code size, gate count, power
consumption.
 Constraints of a particular communications environment e.g., bandwidth, response time.
Efficiency of ECC is depends upon factors such as computational overheads ,key size, bandwidth ,ECC provides higher-
strength per- bit which include higher speeds, lower power consumption, bandwidth savings, storage efficiencies, and smaller
certificates.
9. APPLICATION OF ELLIPTIC CURVE CRYPTOGRAPHY
Many devices are constrained devices that have small and limited storage and computational power, for constrained
devices ECC can be applied [16][17][23].
 For wireless communication devices like PDA’s multimedia cellular phones ECC can apply.
 It can be used for security of Smart cards, wireless sensor networks, wireless mesh Networks.
 Web servers that need to handle many encryption sessions.
 Any kind application where security is needed for our current cryptosystems.
10. CONCLUSION
Elliptic Curve Cryptography offers the highest strength-per-key-bit of any known public-key system of first generation
techniques like RSA, Diffie-Hellman. ECC offers the same level of security with smaller key sizes, computational power is
high. Integrated circuit space is limited for smart card, wireless devices. The ongoing development of standards is a very
important position for the use of a cryptosystem. Standards help to ensure security and interoperability of different
implementations of one cryptosystem. There are several major organizations that develop standards like International
Standards Organization (ISO), American National Standards Institute (ANSI), Institute of Electrical and Electronics
Engineers (IEEE), Federal Information Processing Standards (FIPS).The most important for
security in information technology are the in addition secure communication, Elliptic curve cryptography (ECC) enabling
technology for numerous wireless sensor networks.
Reference :
[1] Cryptography using the public key encryption and decryption in the author [Alfred J.Menezes].
[2] Pritam Gajkumar shah, Xu Huang, and Dharmendra Sharma “Analytical study of implementation issues of Elliptic curve
cryptography for wireless sensor networks” 2010 IEEE 24th
International conference on Advanced Information
Networking and Applications Workshops, pp,589-592,2010.
[3] Sameer Hasan Al-Bakri, M.L. Mat kiah, A.A. Zaidan, B.B.Zaidan and Gazi Mahabubul Alam,”Securing peer-to-peer
mobile communications using public key cryptography: New security strategy,”International Journal of the Physical
Sciences.Vol, 6(4),pp.930-938,February,2011.
[4] William stallings, “Cryptography and Network Security Principles and Practices ,Fourth Edition”, Prentice Hall, 2006.
[5] Sonali U Nimbhorkar, Dr.L.G.Malik” A Survey on Elliptic Curve Cryptography(ECC)” International journal of advanced
studies in computers, Science and Engineering(IJASCSE), vol 1 issue 1 ISSN 2278-7917.

_____________________________________________________________________________________________________
[6] Ranbir Soram, “Security using Elliptic Curve Cryptosystem”, IJCSNS Inter National Journal of Computer Science and
Network Security, vol.9 no.6,pp.30-38,june 2009.
[7] Aarti Singh, Dimple Juneja and A.K.Sharma, “Elliptic Curve Cryptography Based Security Engine for Multiagent System
Operating in Semantic Cyperspace,” International Journal of research and Reviews in Computer Science (IJRRCS)
vol1.2,no.2,pp.283-290, april 2011.
[8] Alpesh R. Sankaliya, V.Mishra and Abhilash Mandloi “Implementation of Cryptographic Algorith for GSM and UMTS
System” International Journal of Network Security & its Applications(IJNSA), vol.3, no.6,pp.1-5, November 2011.
[9] Moncef Amara. Amar Said “Elliptic Curve Cryptography and its Applications” 2011 &th international workshop on
system, signal processing and their application(WOSSPA).
[10] http:// www.certicom.com.
[11] Mathias Schmalisch, Drik Timmermann “Algorithm for finite fields, The IASTED International Conference on
communication, Network, and Information Security. CNIS 2003, December 10-12,2003 Newyork, USA.
[12]Pardeep Malik “Elliptic Curve Cryptography For Security Inwireless Networks” Statistics 2011 Canada: 5th
Canadian Conference in Applied Statistics/ 20th conference of the Forum for Interdisciplinary Mathematics -
Interdisciplinary Mathematical Statistical Techniques, July 1-4-2011, Concordia University, Montreal, Quebec,Canada.
[13] Michael Naehrig “Pairings on elliptic curves – parameter selection and efficient computation”, Workshop on Elliptic
Curve Computation ,Redmond, 19 October 2010.
[14] Dr.R.Shanmugalakshmi, M.Prabu” Research Issues on Elliptic Curve Cryptography and Its applications ”IJCSNS
International Journal of Computer Science and Network Security, VOL.9 No.6, June 2009.
[15]Tingdingchen,Huiyun Li,Keke Wu,Fengqi Yu ”Evaluation criterion of side channel countermeasures for elliptic
cryptography devices” DOI10.1109/ICCCS.2009.13.
[16]Xue Sun,Mingping Xia “An improved proxy signature based on elliptic curve
cryptography”DOI10.1109/ICCCS.2009.36.

Implementation and Secured Authentication Key using Elliptic Curve Cryptography

More Related Content

What's hot (17)

Viewers also liked (20)

Similar to Implementation and Secured Authentication Key using Elliptic Curve Cryptography (20)

Recently uploaded (20)

Implementation and Secured Authentication Key using Elliptic Curve Cryptography