International Journal of Innovative Research in Information Security (IJIRIS)

Volume 1 Issue 2 (August 2014)

ISSN: 2349-7017(O)
ISSN: 2349-7009 (P)
http://www.ijiris.com

Implementation and Secured Authentication Key using

Elliptic Curve Cryptography
Thangarasu.N1 ,
1

Research Scholar in Department of Computer Science

Bharathiyar University-Coimbatore

Dr. Arul Lawrence Selvakumar2

2

Rajiv Gandhi Institute of Technology-Bangalore

Dean & Professor Department of Computer Science

Abstract -- The Elliptic Curve Cryptosystem (ECC) is an emerging alternative for traditional public key cryptosystem like
RSA, DSA and Diffie-Hellman. It provides the highest strength- per-bit of any Cryptosystem known today with smaller
key sizes resulting in faster computation and memory. Diffie Hellman key exchange the protocol based on Elliptic curve
cryptography. ECC techniques such as RSA is that the best known algorithm for solving ECDL the underlying hard
mathematical in Scalar multiplication problem in ECC.
Keywords - Elliptic Curve Cryptography (ECC), Scalar Multiplication, Diffie Hellman key Exchange, Levels of Security

1. Introduction
Elliptic Curve (EC) systems as applied to cryptography were first proposed in 1985 independently by Neal Koblitz and
Victor Miller. The discrete logarithm problem on elliptic curve groups is believed to be more difficult than the corresponding
problem in the underlying finite field [13][14][15].Elliptic Curve Cryptography provides level of security with a 164-bit key
that RSA require a 1,024-bit key to achieve, Because ECC helps to establish equivalent security with lower computing power
and battery resource usage. The ECC covers all primitives of public key cryptography like digital signature ,key exchange,
key transport ,key management .Presently ECC has been commercially adopted by many standardize organization such as
NIST ,ISO ,and ANSI [1] .ECC covers the discipline of mathematics and computer science and engineering. It can widely
used for electronic commerce, secure communication, etc. The security of the Elliptic Curve Cryptography depends on the
difficulty of finding the value K, given KP where K is the large number and P is the random point on the elliptic curve [11].
This is Elliptic Curve Discrete Logarithm problem. The Elliptic Curve parameter for cryptographic schemes should be
carefully chosen in order to resist all known attacks of Elliptic curve Discrete Logarithmic problem[5][9].
2.

Principles of Public key cryptosystems

The fundamental goal of cryptography has historically been to achieve privacy. i.e., to enable two people, A(Alice
and B(Bob), to send each other messages over an ensure channel in such a that only the intended recipient can read the
message. Let M denote the set of all possible plaintext message C the set of all possible cipher text message (encrypted
message), and K the set of all possible keys[6][7]. A private key cryptosystem consists of a family of pair of function Ek
:MC,Dk: CM,KK, such that Dk(Ek(m))= m for all mM and k K. To use such a system A and B initially agree upon
a secret key k K.

Receiver B

Sender A

Message m
Encrypt

ENCab(m)

Message m
Decrypt

DEC ab(m)

Fig:1 Encryption/ Decryption with public key Cryptosystem(PKC).

3.

Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) was first introduced by victor Miller, Who was then at IBM, and Neil Koblitz
from the university of Washington independently in 1985. The principal attraction of ECC compared to RSA is that it offers
_____________________________________________________________________________________________________
2014, IJIRIS- All Rights Reserved
Page - 66

International Journal of Innovative Research in Information Security (IJIRIS)

Volume 1 Issue 2 (August 2014)

ISSN: 2349-7017(O)
ISSN: 2349-7009 (P)
http://www.ijiris.com

equal security for a far smaller key size, theory reducing processing overhead. The advantages of ECC over the public key
cryptography techniques such as RSA is that the best known algorithm for solving ECDLP the underlying hard mathematical
problem in ECC takes the fully exponential time and so far there is a lack of sub exponential attack on ECC. ECC is based on
Discrete Logarithmic problem over the points on an elliptic curve [6][7][8][9].
An elliptic curve is the set of Weierstrass equations of the form
B2=a3+xa+Y
B2+ab=a3+xa2+Y
B2+a=a3+xa+y

(1)
(2)
(3)

or
or

Where A and B are variables, x and y are constants. For cryptography purposes we always use a finite field.
The following Weirstrass equations gives the points on the curve Ep(x,y)[6]
Algorithm of elliptic points (p, x,y)
{
a=1
while(a<=p)
{
W=( a3+xa+y) mod p;
if(w is not a perfect square in zp) then
{
else
{
(W is a perfect square in zp);
}
Output((a,w),(a,-w));
a=a+1;
}
}
}
4.

Diffie- Hellman key Exchange

IN 1976, Diffie and Hellman in their seminal paper[1] on public key cryptography described a protocol, where by
two people, A and B, can derive and share a common piece of secret information Over an insecure communications channels.
They can then use this secret as their key in a private key cryptosystem such as DES. We describe this protocol known as the
Diffie-Hellman key exchange in terms of an arbitrary group[1].

(Set up) A and B publicly select a (multiplicatively written) finite group G and an element G.
A generates a random integer a, computes a in G, and transmits a to B over a public communications channels.
B generates a random integer b, computes b in G, and transmits b to A over the same channel.
A receives b and computes (b)a.
B receives a and computes (a)b.

A and B now share the common group element ab. We comment that this not an authenticated key exchange since any
third party C could impersonate either A or B. However the protocol, can easily be modified by requiring a control
trusted authority to certify (sign) a head of time the element a for each user A. This certification can be accomplished
using one of the techniques for digital signature.
Generating public and private keys using Elliptic Curve Diffie-Hellman Scheme(ECDH)
The original Diffie-Hellman algorithm requires 1024 bits to achieve sufficient security but Diffie-Hellman based on
elliptic Curve can achieve the same security level with 160 bit[2].

User A choose E(a,b) with an elliptic curve .

User A choose a generator point , e1(x1,y1) on the curve.
User A choose an integer Ka.
User A calculates e2a(x2,y2)=ka*e1(z1,y1). Multiplication here means multiple additions of points.

_____________________________________________________________________________________________________
2014, IJIRIS- All Rights Reserved
Page - 67

International Journal of Innovative Research in Information Security (IJIRIS)

Volume 1 Issue 2 (August 2014)

ISSN: 2349-7017(O)
ISSN: 2349-7009 (P)
http://www.ijiris.com

User A announces e2a(x2,y2) as his public key: hw keeps Ka as his private key.
Similar process is carried out for User B.
Finally the session/ secret key is generated with the help of Diffie-Hellman key exchange as R=ka*Kb*e1 where Ka
= Private key of User A
Kb= Private Key of User B.

UserUSER A

Public key e2a=ka*e1

USER B
Private Key
Kb

Private Key
Ka

Public key e2b= kb*e1

Shared secret key

R= Ka* Kb*e1

Shared secret key

R= Kb* Ka*e1

Fig:2 Diffie-Hellman protocol based on ECC[2].

5.

Discrete methods to represent Scalars are as follows:

6.1 Single Scalar Multiplication:- Let E be an elliptic curve over a field K, P a point in the group E(K), a positive integer K
[1,n-1], where n is the order of E(K). Then the computation of[K], P is called single scalar multiplication.
6.2 Double Scalar Multiplication:- Let E be an elliptic curve over field K,P and Q two distinct points in the group E(k),K.
Two distinct positive integers in the interval [1,n-1] where n is the group order of E(k). Then the computation of [k]P+[1]Q is
called double scalar multiplication.
Scalar multiplication is the computationally heaviest operation in signature verification in elliptic curve based cryptosystem.
The most important objective of scalar multiplication is to improve the speed of both types of scalar multiplication. In
general, there are several approaches to accomplish the purpose selection is discussed [3][4] that focuses on:
6.3 Proper usage of coordinate system.
Selecting arithmetic efficient curves.
Combination of operations, sometimes point addition and point multiplication performed together to reduce the
number of field operation.
Different representation for scalars.
For the implementation of scalar multiplication following forms are used such as Right-to-left binary method. Left-to-right
binary method, Non adjacent form, Width w Nonadjacent form Joint Sparse Form, Double and add form, Addition chains,
Fibonacci and add , Montgomery method.
Implementation of point multiplication can be separated into three distinct layers like Finite field arithmetic, Elliptic curve
point addition and doubling, Point multiplication scheme makes secure against attacks, various methods have been suggested
using special point representations for specifically chosen elliptic curve [5] recommended by NIST and SECG. Also provides
efficiency advantages over earlier proposals.

_____________________________________________________________________________________________________
2014, IJIRIS- All Rights Reserved
Page - 68

International Journal of Innovative Research in Information Security (IJIRIS)

Volume 1 Issue 2 (August 2014)

ISSN: 2349-7017(O)
ISSN: 2349-7009 (P)
http://www.ijiris.com

Scalar
Multiplication
K*P

Point
Doubling

Point
Addition

2P=R

P+Q=R

Addition

Multiplication

Squaring

Inversion

Fig:3 Hierarchy of Scalar Multiplication.

6. Security of Elliptic curve Cryptography

AS RSA depends on the difficulty of large- number factorization for its security, ECC depends on the difficulty of the large
number discrete logarithm calculation This is referred to as the Elliptic Curve Discrete Logarithm Problem (ECDLP). Elliptic
curves for which the total numbers of points on the curve equals the number of essentials in the primary finite field are also
considered cryptographically pathetic. Again the security of ECC depends upon how to calculate K when the point is given
scalar multiplication [10][3].
TABLE: 1 Key size for various Algorithms Based on same level of Security.
Symmetric
Elliptic Curve Cryptography based
RSA/DSA (Modules size in
Scheme(key
Schemes(key size in bits)
bits)
Size in bits)
56
112
512
80
160
1024
112
224
2048
128
256
3072
192
384
7680
256
512
15360

7. Security Consideration
Security is the most attractive feature of elliptic curve cryptography. Elliptic curve cryptosystems also are more
computationally efficient than the first generation public key systems like RSA, DSA and Diffie-Hellman key exchange
algorithm. Table2 gives approximate equivalent key sizes for ECC and RSA algorithm. From the table 1 it is clear to see that
ECC affords the same security as RSA while using significantly smaller key sizes. In Table 2, at all levels of security
including 512 bits, ECC has smaller public key sizes than both RSA and DSA/DH. Because of its smaller key size, ECC
outperforms both RSA and DSA/DH for most routine operations while offering comparable levels of security. The reason is
that ECC provides greater efficiency in terms of computational overheads, key sizes and bandwidth. In implementations,
these savings mean higher speeds, lower power consumption .For efficient cryptosystem implementation ANSI(American
national standard institute)and NIST(national Institute of standard and technology)are producing standards and
technology[13][14] .
_____________________________________________________________________________________________________
2014, IJIRIS- All Rights Reserved
Page - 69

International Journal of Innovative Research in Information Security (IJIRIS)

Volume 1 Issue 2 (August 2014)

Time to break in MIPS

years
104
108
1011
1020
1078

8.

ISSN: 2349-7017(O)
ISSN: 2349-7009 (P)
http://www.ijiris.com

Tabel: 2. Security Consideration of ECC

RSA/DSA
key
ECC Key size
RSA/ECC key size ratio
exchange
512
106
5:1
768
132
6:1
1024
163
7:1
2043
210
10:1
21000
600
35:1

PERFORMANCE PARAMETERS FOR ELLIPTIC CURVE CRYPTOGRAPHY IMPLEMENTATION

Although RSA ,El-GAMAL and Diffie Hellman are secure asymmetric key cryptosystem, their security comes with a
price ,their large keys. So researchers have looked for providing substitute that provides the same level of security with
smaller keys. For Elliptic Curve Cryptography implementation following consideration should meet [12][13][14] :
Suitability of methods available for optimizing finite field arithmetic like addition, multiplication, squaring, and
inversion.
Suitability of methods available for optimizing elliptic curve arithmetic like point addition, point doubling, and
scalar multiplication.
Application platform like software, hardware, or firmware.
Constraints of a particular computing environment e.g., processor speed, storage, code size, gate count, power
consumption.
Constraints of a particular communications environment e.g., bandwidth, response time.
Efficiency of ECC is depends upon factors such as computational overheads ,key size, bandwidth ,ECC provides higherstrength per- bit which include higher speeds, lower power consumption, bandwidth savings, storage efficiencies, and smaller
certificates.
9. APPLICATION OF ELLIPTIC CURVE CRYPTOGRAPHY
Many devices are constrained devices that have small and limited storage and computational power, for constrained
devices ECC can be applied [16][17][23].
For wireless communication devices like PDAs multimedia cellular phones ECC can apply.
It can be used for security of Smart cards, wireless sensor networks, wireless mesh Networks.
Web servers that need to handle many encryption sessions.
Any kind application where security is needed for our current cryptosystems.
10. CONCLUSION
Elliptic Curve Cryptography offers the highest strength-per-key-bit of any known public-key system of first generation
techniques like RSA, Diffie-Hellman. ECC offers the same level of security with smaller key sizes, computational power is
high. Integrated circuit space is limited for smart card, wireless devices. The ongoing development of standards is a very
important position for the use of a cryptosystem. Standards help to ensure security and interoperability of different
implementations of one cryptosystem. There are several major organizations that develop standards like International
Standards Organization (ISO), American National Standards Institute (ANSI), Institute of Electrical and Electronics
Engineers (IEEE), Federal Information Processing Standards (FIPS).The most important for
security in information technology are the in addition secure communication, Elliptic curve cryptography (ECC) enabling
technology for numerous wireless sensor networks.
Reference :
[1] Cryptography using the public key encryption and decryption in the author [Alfred J.Menezes].
[2] Pritam Gajkumar shah, Xu Huang, and Dharmendra Sharma Analytical study of implementation issues of Elliptic curve
cryptography for wireless sensor networks 2010 IEEE 24th International conference on Advanced Information
Networking and Applications Workshops, pp,589-592,2010.
[3] Sameer Hasan Al-Bakri, M.L. Mat kiah, A.A. Zaidan, B.B.Zaidan and Gazi Mahabubul Alam,Securing peer-to-peer
mobile communications using public key cryptography: New security strategy,International Journal of the Physical
Sciences.Vol, 6(4),pp.930-938,February,2011.
[4] William stallings, Cryptography and Network Security Principles and Practices ,Fourth Edition, Prentice Hall, 2006.
[5] Sonali U Nimbhorkar, Dr.L.G.Malik A Survey on Elliptic Curve Cryptography(ECC) International journal of advanced
studies in computers, Science and Engineering(IJASCSE), vol 1 issue 1 ISSN 2278-7917.
_____________________________________________________________________________________________________
2014, IJIRIS- All Rights Reserved
Page - 70

International Journal of Innovative Research in Information Security (IJIRIS)

Volume 1 Issue 2 (August 2014)

ISSN: 2349-7017(O)
ISSN: 2349-7009 (P)
http://www.ijiris.com

[6] Ranbir Soram, Security using Elliptic Curve Cryptosystem, IJCSNS Inter National Journal of Computer Science and
Network Security, vol.9 no.6,pp.30-38,june 2009.
[7] Aarti Singh, Dimple Juneja and A.K.Sharma, Elliptic Curve Cryptography Based Security Engine for Multiagent System
Operating in Semantic Cyperspace, International Journal of research and Reviews in Computer Science (IJRRCS)
vol1.2,no.2,pp.283-290, april 2011.
[8] Alpesh R. Sankaliya, V.Mishra and Abhilash Mandloi Implementation of Cryptographic Algorith for GSM and UMTS
System International Journal of Network Security & its Applications(IJNSA), vol.3, no.6,pp.1-5, November 2011.
[9] Moncef Amara. Amar Said Elliptic Curve Cryptography and its Applications 2011 &th international workshop on
system, signal processing and their application(WOSSPA).
[10] http:// www.certicom.com.
[11] Mathias Schmalisch, Drik Timmermann Algorithm for finite fields, The IASTED International Conference on
communication, Network, and Information Security. CNIS 2003, December 10-12,2003 Newyork, USA.
[12]Pardeep Malik Elliptic Curve Cryptography For Security Inwireless Networks
Statistics 2011 Canada: 5th
Canadian Conference in Applied Statistics/ 20th conference of the Forum for Interdisciplinary Mathematics Interdisciplinary Mathematical Statistical Techniques, July 1-4-2011, Concordia University, Montreal, Quebec,Canada.
[13] Michael Naehrig Pairings on elliptic curves parameter selection and efficient computation, Workshop on Elliptic
Curve Computation ,Redmond, 19 October 2010.
[14] Dr.R.Shanmugalakshmi, M.Prabu Research Issues on Elliptic Curve Cryptography and Its applications IJCSNS
International Journal of Computer Science and Network Security, VOL.9 No.6, June 2009.
[15]Tingdingchen,Huiyun Li,Keke Wu,Fengqi Yu Evaluation criterion of side channel countermeasures for elliptic
cryptography devices DOI10.1109/ICCCS.2009.13.
[16]Xue Sun,Mingping Xia An improved proxy signature based on elliptic curve
cryptographyDOI10.1109/ICCCS.2009.36.

_____________________________________________________________________________________________________
2014, IJIRIS- All Rights Reserved
Page - 71