ICGST- CNIR, Volume (7), Issue (I), July 2007
Hybrid Cryptographic Algorithm for Robust Network Security
Janakiraman V S, Ganesan R, Gobi M
Department of Computer Science and Applications, PSG College of Arts and Science,
Avinashi Road, Coimbatore – 641 014.
vsjraman@gmail.com, emailnesan@yahoo.co.in, mgobimail@yahoo.com
Abstract
It is widely recognized and accepted that data security
will play a crucial and critical role in modern times for
businesses will be transacted over the Internet through e-
commerce and m-commerce channels. To address these
security concerns, various security protocols that are of
symmetric-key and asymmetric-key type have been
developed. In this paper, we present a software
implementation of a hybrid algorithm that combines both
the symmetric key algorithm of AES and the asymmetric-
key algorithm of Elliptic Curve Cryptography (ECC).
This hybrid algorithm that has been implemented also
considers takes care of the integrity of data using MD5
algorithm. The paper also presents future trends of
research.
Keywords: Authenticity, Integrity, Non-Reputability,
Advanced Encryption Standard (AES), Elliptic Curve
Cryptosystems (ECC), Message Digest version 5 ( MD5),
Symmetric Key, Asymmetric Key
1. Introduction
E-commerce and m-commerce transactions are growing
at an explosive rate. The success of these depends on
how transactions are carried out in the most secured
manner. The prime requirements for any e-commerce and
m-commerce transactions are Privacy, Authentication,
Integrity maintenance and Non-Repudiation.
Cryptography helps us in achieving these prime
requirements. Today, various cryptographic algorithms
have been developed. These are broadly classified as
symmetric key (DES, TDES, Blowfish, CAST, IDEA,
RC4, RC6, AES) and asymmetric key (RSA, ECC)
algorithms. In this paper, we present an hybrid algorithm
for enhanced network security.
The organization of the paper is as follows. In section 2,
we present the basics of symmetric key encryption
techniques and describe the AES algorithm in detail. In
section 3 we explain the essentials of asymmetric key
encryption techniques. Elliptic Curve Cryptography is
described in section 4. In section 5, the hybrid algorithm
is presented. We conclude the paper with directions for
33
future research. Appendix A, B & C provides the
algorithms for an ECC, AES and MD5 respectively.
2. Symmetric-Key Encryption Techniques
In any symmetric-key encryption technique, both
encryption and decryption process are carried out using a
single key. These algorithms are efficient, are secure,
execute at high speeds, and consume less computer
resources of memory and processor time.
However, symmetric key cryptographic techniques suffer
from the disadvantages of Key distribution problem, Key
management problem and inability to digitally sign a
message. (Schneier [13], Stallings [14]).
Despite these drawbacks, numerous secure symmetric
key encryption algorithms such as DES, TDES, Blowfish,
CAST, IDEA, RC4, and RC6 have been developed. In
recent times, National Institute of Standards (NIST)
selected Rijndael algorithm as the Advanced Encryption
Standard (AES). Details on various symmetric key
algorithms including AES can be had from (Schneier [13],
Stallings [14]).
3. Asymmetric Key Encryption Techniques
The problems associated with symmetric-key
cryptographic techniques were solved when asymmetric
encryption mechanism was implemented. Here, instead
of a single key, every person has a pair of keys. One key,
called the public key is known to everyone and the other
one, the private key is known only to the owner. There is
a mathematical relationship between both these keys.
Thus, if any message ‘m’ is encrypted using any of the
key, it can be decrypted by the other portion. Various
asymmetric encryption algorithms (RSA, Elgamal) have
been implemented. Details on the working of
asymmetric encryption techniques can be had from
Schneier [13], Stallings[14].
Asymmetric encryption algorithms are broadly divided
into three families:
1. Algorithms based on the integer factorization
problem (e.g. RSA)
2. Algorithms based on the discrete logarithm problem
(e.g. DLP)
3. Algorithms based on Elliptic Curves
 ICGST- CNIR, Volume (7), Issue (I), July 2007
Despite these differences, one thing that is common
among all these three families is that they all perform
extensive and complex operations on numbers, typically
modular exponentiation
4. Elliptic Curve Cryptosystems (ECC)
An elliptic curve E over a field F is defined by the
Weierstrass equation:
E/F:y2 + a1xy + a3y = x3 + a2x2 + a4x + a6 with a1, a2, a3,
a4, a6 ∈ F.
Mathematical operations involving elliptic curves include
addition of two points, scalar multiplication, determining
the inverse of a given point on the curve.
The two most common choices for implementation of
ECC are:
1. Galois Field GF(2m), also known as characteristic
two or even (containing 2m elements, where m is an
integer greater than one). In this case, equation (1)
becomes E/F: y2+xy=x3+ax+b where a and b ∈ F,
b≠0 together with a point at infinity ο
2. Galois Field GF(p), also known as integers modulo p,
odd, or odd prime (containing p elements, where p is
an odd prime number). In this case, equation (1) can
be simplified to the form E/F : y2 = x3 + ax + b
where a and b ∈ F and 4a3 + 27b2 ≠ 0 together
with a point at infinity(ο)
An important characteristic of elliptic curves is that the
points on the elliptic curves form a group. Details on
ECC can be had from Blake [1], Cohen [3], Enge [5],
Hankerson [6], Koblitz [9], Menezes [10], Menezes [11],
Rosing [12], Washington [16].
Various researchers (Certicom[2], DeWin [4]) have
proved that ECC requires more time to break as
compared to RSA and DSA. Certicom[2] summarizes the
results of their study as: ECC provides greater efficiency
than either integer factorization systems or discrete
logarithm systems, in terms of computational overheads,
key sizes, and bandwidth. In implementations, these
savings mean higher speeds, lower power consumption,
and code size reductions. ECC has been accepted as a
standard by various bodies. Some of them are ANSI
(American National Standards Institute), FIPS (Federal
Information Processing Standards), IEEE P1363
(Institution of Electrical & Electronic Engineers), and
WAP (Wireless Application Protocol).
In this work, we have adopted GF(p) and have
implemented the system.
5. Hybrid Algorithm Combining AES &
ECC
The algorithm we present here combines the best features
of both symmetric and asymmetric encryption techniques.
The data (plain text) that is to be transmitted is encrypted
using the AES algorithm. Details on AES can be had
from [7] and [15]. The AES key which is used to encrypt
the data is encrypted using ECC. The cipher text of the
message and the cipher text of the key are then sent to the
receiver.
To ensure integrity of the data that is transmitted, the data
is subjected to MD5 hash algorithm. The message digest
34
obtained by this process is also encrypted using ECC
technique. Thus the sender sends a) Cipher text of the
message, b) Ciphertext of the AES key, and c) Ciphertext
of the message digest. The receiver upon receiving
a) Cipher text of the message, b) Ciphertext of the AES
key, and c) Ciphertext of the message digest, first
decrypts the Ciphertext of the AES key to obtain the AES
key. This is then used to decrypt the cipher text of the
message to obtain the plain text. The plaintext is again
subjected to MD5 hash algorithm. This process yields a
message digest. The ciphertext of the message digest is
decrypted using ECC technique to obtain the message
digest sent by the sender. This value is compared with the
computed message digest. If both of them are equal, the
message is accepted else rejected. Figure 1 shows the
sequence of operation. This hybrid algorithm is a
combination of symmetric and asymmetric encryption
techniques.
6. Implementation Details
The entire implementation was carried out in Java 2,
Standard Edition (J2SE) v 1.4.0.
J2SE has the built-in classes for AES, and MD5. These
classes are available in the Java packages of java.security,
javax.crypto, javax.crypto.spec. Details on java security
architecture can be had from [8].
The code uses these packages and the header files have
the following header.
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.io.*;
We developed methods in Java for elliptic curve
generation, base point generation, keys (both public and
private) generation and encryption and decryption using
ElGamal method.
We also used the Java class of BigInteger to handle large
integers and the method of IsProbablePrime to determine
whether the large integer is prime or not. The software
was running on Celeron machine @ 1.0 Ghz and 256 MB
RAM.
7. Results
We tested this hybrid algorithm on a test data of various
sizes. Table 1 provides details on the time taken for
encryption, decryption and calculation of MD5 message
digest process. Table 2 provides information on
Encryption & Decryption of 128 bit AES key and MD5
message digest using ECC. Figure 2 & 3 gives the
graphical output of the results.
Table 1: Time in milliseconds for 128 bit AES encryption
and decryption and calculation of MD5 message digest
File 128 bit 128 bit MD5
Size AES AES Message
Encryption Decryption Digest
50Kb 1902 1987 1364
100Kb 2275 2543 1505
150Kb 3572 3427 1632
 ICGST- CNIR, Volume (7), Issue (I), July 2007

Message

MD5 Hashing Encryption AES Key

ECC
ECC ElGamal Encryption Ciphertext of ElGamal
technique
Technique of Message Digest the message Encryption

Ciphertext of the AES key

SENDER’S SIDE
Ciphertext of the message
Ciphertext of Message Digest

Transmitted to the receiver

RECEIVER’S SIDE Ciphertext of the AES key

Ciphertext of the message
Ciphertext of the Message Digest

Ciphertext of Ciphertext of
the AES key Message
Digest

ElGamal ECC
Decryption Technique ElGamal Decryption

Ciphertext of
the message AES Key Message Digest

MD5
Message Hashing
Decryption Message Digest

Accept if same. Else reject. COMPARE

Figure 1 : Sequence of operations

35
 ICGST- CNIR, Volume (7), Issue (I), July 2007

Table 2: Encryption & Decryption of 128 bit AES key From table 3 it is clear that ECC fairs better than RSA in
and MD5 message digest using ECC terms of security.
Encryption Decryption
128 bit AES key 30 34 9. Conclusion
MD5 Message 32 36 In this paper, we have designed and implemented a
digest of the hybrid algorithm in Java combining the best of both
Ciphertext symmetric (AES) and asymmetric (ECC over GF(p))
methodologies. We have tested the algorithm for various
sizes of files. To ensure integrity of the data, we have
Run Time Analysis of AES and MD5 adopted the MD5 hash algorithm.
Runtime analysis of AES and MD5
In this framework, we have adopted a probabilistic
4000 primality checking (isProbablePrime() in Java) to
3500 determine whether the given number is prime or not. To
Encryption (Time in
3000 MilliSec.) determine whether the given number is prime or not, one
Time (in Milliseconds)

2500 has to use AKS algorithm which is deterministic in

Decryption (Time in
2000 MilliSec.) nature. The main limiting factor in AKS algorithm is the
1500
overhead it puts on computation in terms of time and
1000
Message Digest
(MD5) Generated
processor speed. To illustrate, for a 7 digit number,
(Time in MilliSec.) researches have indicated that AKS algorithm takes about
500
20 hours whereas Rabin-Miller gives its verdict in less
0
50Kb 100Kb 150Kb
than a second.
File Size (in Kb)

10. References
Figure 2: Runtime analysis of AES and MD5 [1] Blake I, G. Seroussi and N. Smart (eds).
Advances in Elliptic Curve Cryptography ,
Run Time Analysis of ECC
Runtime Analysis of ECC Cambridge University Press, 2005
[2] Certicom whitepaper, Remarks on the Security
36 of the Elliptic Curve Cryptosystem.. September
34
1997.
http://www.certicom.com/research/wecc3.html
Time (in 32
Milliseconds)
AES key (128 Bit) [3] Cohen H , Gerhard Frey, Handbook of Elliptic
30 MD5 Hashing
and Hyper-elliptic curve Cryptography,
28 Chapman & Hall /CRC, NW, FL, 2006
26 [4] DeWin E , S. Mister, B. Preneel, and M. Wiener.
Encryption Decryption
On the Performance of Signature Schemes
Based on Elliptic Curves. In J. P. Buhler, editor,
Algorithmic Number Theory: Third
Figure 3: Runtime analysis of ECC International Symposium (ANTS 3), volume
LNCS 1423, pages 252-266. Springer-Verlag,
8. Analysis June 21-25 1998.
With any cryptographic system dealing with 128 bit key, [5] Enge A , Elliptic Curves and Their Applications
the total number of combination is 2128. The time to Cryptography: An Introduction, Kluwer
required to check all possible combinations at the rate of Academic Publishers, Norwell, MA, USA,,1999.
rate 50 billion keys/second is approximately 5 x 1021 [6] Hankerson D, Alfred Menezes, and Scott
years. Vanstone, Guide to Elliptic Curve Cryptography,
Stallings [14] states that the computational complexity Springer-Verlag Professional Computing Series,
for breaking the elliptic-curve cryptosystem for an New York, 2004.
elliptic curve key size of 150 bits is 3.8 x 1010 MIPS [7] http://csrc.nist.gov/publications/fips/fips197/fips
(Million Instructions Per Second years). Moreover, the -197.pdf
recommended key sizes as per National Institute of [8] http://java.sun.com/j2se/1.3/docs/guide/security/
Standards Technology are given in Table 3 CryptoSpec.html
[9] Koblitz N , Algebraic aspects of cryptography,
Table 3: NIST Recommended Key Sizes Springer-Verlag Professional Computing Series,
Symmetric Key RSA Elliptic Curve New York, 1998
Size (bits) Key Size (bits) Key Size [10] Menezes A J, P. C. van Oorschot, and S. A.
(bits) Vanstone. Handbook of Applied Cryptography.
80 1024 160 CRC Press, Boca Raton, Florida, USA, 1997.
112 2048 224 [11] Menezes. A, Elliptic curve public key
128 3072 256 cryptosystems, Kluwer Academic Publishers,
192 7680 384 Norwell, MA, USA, 1994.
256 15360 521

36
 ICGST- CNIR, Volume (7), Issue (I), July 2007
[12] Rosing M, Implementing Elliptic Curve
Cryptography, Manning Publications, 1998.
[13] Schneier B . Applied Cryptography. John Wiley
& Sons Inc., New York, New York, USA, 2nd
edition, 1996.
[14] Stallings W. Cryptography and Network
Security. Prentice Hall, Upper Saddle River,
New Jersey, USA, second edition, 1999.
[15] U.S. Department of Commerce / National
Institute of Standard and Technology. FIPS
PUB 197, Specification for the Advanced
Encryption Standard (AES), November 2001.
Available at http://csrc.nist.gov/encryption/aes.
[16] Washington L C , Elliptic Curves: Number
Theory and Cryptography Chapman &
Hall/CRC, FL, USA. 2003.
Appendix A: Elliptic curves in Galois Field GF(p)
Elliptic curves can be defined in a finite or Galois field
2 3
GF(p) y mod p = x + ax + b mod p where p is a
prime number.
Steps in ECC over GF(p)
The following are the steps in performing ECC.
Step A: Determine the Base Point.
Step B : Determine the public key and the
private key for the sender and receiver.
Step C : Perform Encryption
Step D : Perform Decryption
Step A : Steps in finding the Base Point
Step 1: Take the Elliptic curve
y2 mod p= x3 + ax +b mod p where p is a prime number.
Step 2 : For values from 0 to p-1, compute LHS and RHS
Step 3 : Locate points P where LHS = RHS
Step 4 : Count the number of points ‘n’. The total number
of points is always n + 1 (one point at infinity)
Step 5 : Find the prime factors of (n+1) and choose the
largest among them.
Step 6: Find the negative point for every point computed
in step 3.
Step 7 : Now perform addition operation of the each of
the points obtained in step 3. Addition refers to finding
2P, 3P, 4P, 5P.... and tabulate them
Step 8 : Repeat step 7 until one gets the point at infinity.
Step 9 : Identify the largest prime factor from step 5.
From the table created in step 7,
locate for what points of P, the value is O (point at
infinity)
Step 10: From the list of points, one can choose any point
which will be the base point.
Step B : Steps in Key Generation
Step 1: Sender and receiver agree on the elliptic curve E
and the base point G with order n. The order of n must be
large. Hence E,G and n are known to everyone.
Step 2: Sender chooses a random number ds which is 1 <
ds < n-1. He then computes ds * G. For him, ds is the
private key and ds * G is the public key.
Step 3 : Receiver chooses a random number dr which is 1
< dr < n-1. He then computes dr*G. For him, dr is the
private key and dr * G is
Step C: Steps in Encryption
37
Step 1 : Both sender and receiver agree on the elliptic
curve E and the base point G with order n. Hence E,G
and n are known to everyone.
Step 2 : Sender then encodes the message M as a point.
Step 3: Sender then generates a random number k. He
then computes the value of kG (again a point).
Step 4: Sender takes the public key (drG) of the receiver,
multiples the same with k (result is a point), and adds
that with M. The result is again a point.
Sender sends { kG, M + kdrG } to the receiver
Step D: Steps in Decryption
Receiver gets { kG, M + kdrG } sent by sender
Step1: Extracts kG portion.
Step 2 : Multiples the same with his private key dr. He
obtains kGdr.
Step 3: He then extracts M + kdrG portion. Subtracts the
output of Step 2. i.e. M + kdrG - kGdr. which results in
M, the plain text.
Appendix B: Steps in AES
The algorithm consists of four stages that make up a
round, which is iterated 10 times for a 128-bit length key,
12 times for a 192-bit length key and 14 times for a 256-
bit length key.
Stage 1: “Sub Bytes” transformation is a non-linear for
each byte of the block.
Stage 2: “Shift Rows” transformation cyclically shifts
(permutes) the bytes within the block.
Stage 3: “Mix Columns” transformation groups 4-bytes
together forming 4-term polynomials and multiplies the
polynomials with a fixed polynomial mod(x^4+1).
Stage 4: “Add Round Key” transformation adds the
round key with the block of data.
Appendix C: Steps in MD5
The following are the steps in MD5:
Input: b-bit message
Step 1: Appending padding bits: Padding is performed
as follows: a single "1" bit is appended to the message,
and then "0" bits are appended so that the length in bits of
the padded message becomes congruent to 448, modulo
512. In all, at least one bit and at most 512 bits are
appended.
Step 2: Append Length: A 64-bit representation of b
(the length of the message before the padding bits were
added) is appended to the result of the previous step. At
this point, the resulting message has a length that is an
exact multiple of 512-bits.
Step 3: Initialize the MD Buffer: Four word buffers to
compute the Message Digest. Each one is a 32-bit
register.
Step 4: Process Message in 16-word block
Step 5: Output: The message digest produced as output
in each of the 4 MD Buffer. Begin with low order byte of
the Buffer and end with the high order byte of the Buffer.
 ICGST- CNIR, Volume (7), Issue (I), July 2007

Biographies
Dr Janakiraman V S is Professor of
Computer Science and Applications in
PSG College of Arts & Science,
Coimbatore, India. He earned his PhD
in Computer Science from Bharathiar
University, Coimbatore. He teaches
courses for Master of Computer Applications (MCA).
His research areas of interest include Cryptography,
Knowledge Management and BCP and DRP.

Ganesan R is Senior Lecturer,

Department of Computer Science and
Applications in PSG College of Arts
& Science, Coimbatore, India. He
teaches courses for B.Sc Computer
Science, BCA and Master of
Computer Applications (MCA). At
present he is pursuing his Ph.D program in Computer
Science. His research areas of interest include
Cryptography, Java and Information Systems Security.

Gobi M is Senior Lecturer,

Department of Computer Science and
Applications in PSG College of Arts
& Science, Coimbatore, India. He
teaches courses for BSc Computer
Science, BCA and Master of
Computer Applications (MCA). At
present he is pursuing his PhD programme in Computer
Science. His research areas of interest include
Cryptography, Java, Software Engineering and
Information Systems Security.

38