Documente Academic
Documente Profesional
Documente Cultură
33
ICGST- CNIR, Volume (7), Issue (I), July 2007
Despite these differences, one thing that is common obtained by this process is also encrypted using ECC
among all these three families is that they all perform technique. Thus the sender sends a) Cipher text of the
extensive and complex operations on numbers, typically message, b) Ciphertext of the AES key, and c) Ciphertext
modular exponentiation of the message digest. The receiver upon receiving
a) Cipher text of the message, b) Ciphertext of the AES
4. Elliptic Curve Cryptosystems (ECC) key, and c) Ciphertext of the message digest, first
An elliptic curve E over a field F is defined by the decrypts the Ciphertext of the AES key to obtain the AES
Weierstrass equation: key. This is then used to decrypt the cipher text of the
message to obtain the plain text. The plaintext is again
E/F:y2 + a1xy + a3y = x3 + a2x2 + a4x + a6 with a1, a2, a3, subjected to MD5 hash algorithm. This process yields a
a4, a6 ∈ F. message digest. The ciphertext of the message digest is
Mathematical operations involving elliptic curves include decrypted using ECC technique to obtain the message
addition of two points, scalar multiplication, determining digest sent by the sender. This value is compared with the
the inverse of a given point on the curve. computed message digest. If both of them are equal, the
The two most common choices for implementation of message is accepted else rejected. Figure 1 shows the
ECC are: sequence of operation. This hybrid algorithm is a
1. Galois Field GF(2m), also known as characteristic combination of symmetric and asymmetric encryption
two or even (containing 2m elements, where m is an techniques.
integer greater than one). In this case, equation (1)
becomes E/F: y2+xy=x3+ax+b where a and b ∈ F, 6. Implementation Details
b≠0 together with a point at infinity ο The entire implementation was carried out in Java 2,
2. Galois Field GF(p), also known as integers modulo p, Standard Edition (J2SE) v 1.4.0.
odd, or odd prime (containing p elements, where p is J2SE has the built-in classes for AES, and MD5. These
an odd prime number). In this case, equation (1) can classes are available in the Java packages of java.security,
be simplified to the form E/F : y2 = x3 + ax + b javax.crypto, javax.crypto.spec. Details on java security
where a and b ∈ F and 4a3 + 27b2 ≠ 0 together architecture can be had from [8].
The code uses these packages and the header files have
with a point at infinity(ο)
the following header.
An important characteristic of elliptic curves is that the
points on the elliptic curves form a group. Details on
import java.security.*;
ECC can be had from Blake [1], Cohen [3], Enge [5],
import javax.crypto.*;
Hankerson [6], Koblitz [9], Menezes [10], Menezes [11],
import javax.crypto.spec.*;
Rosing [12], Washington [16].
import java.io.*;
Various researchers (Certicom[2], DeWin [4]) have
proved that ECC requires more time to break as
We developed methods in Java for elliptic curve
compared to RSA and DSA. Certicom[2] summarizes the
generation, base point generation, keys (both public and
results of their study as: ECC provides greater efficiency
private) generation and encryption and decryption using
than either integer factorization systems or discrete
ElGamal method.
logarithm systems, in terms of computational overheads,
We also used the Java class of BigInteger to handle large
key sizes, and bandwidth. In implementations, these
integers and the method of IsProbablePrime to determine
savings mean higher speeds, lower power consumption,
whether the large integer is prime or not. The software
and code size reductions. ECC has been accepted as a
was running on Celeron machine @ 1.0 Ghz and 256 MB
standard by various bodies. Some of them are ANSI
RAM.
(American National Standards Institute), FIPS (Federal
Information Processing Standards), IEEE P1363
(Institution of Electrical & Electronic Engineers), and 7. Results
WAP (Wireless Application Protocol). We tested this hybrid algorithm on a test data of various
In this work, we have adopted GF(p) and have sizes. Table 1 provides details on the time taken for
implemented the system. encryption, decryption and calculation of MD5 message
digest process. Table 2 provides information on
Encryption & Decryption of 128 bit AES key and MD5
5. Hybrid Algorithm Combining AES &
message digest using ECC. Figure 2 & 3 gives the
ECC graphical output of the results.
The algorithm we present here combines the best features
of both symmetric and asymmetric encryption techniques. Table 1: Time in milliseconds for 128 bit AES encryption
The data (plain text) that is to be transmitted is encrypted and decryption and calculation of MD5 message digest
using the AES algorithm. Details on AES can be had File 128 bit 128 bit MD5
from [7] and [15]. The AES key which is used to encrypt Size AES AES Message
the data is encrypted using ECC. The cipher text of the Encryption Decryption Digest
message and the cipher text of the key are then sent to the 50Kb 1902 1987 1364
receiver.
100Kb 2275 2543 1505
150Kb 3572 3427 1632
To ensure integrity of the data that is transmitted, the data
is subjected to MD5 hash algorithm. The message digest
34
ICGST- CNIR, Volume (7), Issue (I), July 2007
Message
ECC
ECC ElGamal Encryption Ciphertext of ElGamal
technique
Technique of Message Digest the message Encryption
Ciphertext of Ciphertext of
the AES key Message
Digest
ElGamal ECC
Decryption Technique ElGamal Decryption
Ciphertext of
the message AES Key Message Digest
MD5
Message Hashing
Decryption Message Digest
35
ICGST- CNIR, Volume (7), Issue (I), July 2007
Table 2: Encryption & Decryption of 128 bit AES key From table 3 it is clear that ECC fairs better than RSA in
and MD5 message digest using ECC terms of security.
Encryption Decryption
128 bit AES key 30 34 9. Conclusion
MD5 Message 32 36 In this paper, we have designed and implemented a
digest of the hybrid algorithm in Java combining the best of both
Ciphertext symmetric (AES) and asymmetric (ECC over GF(p))
methodologies. We have tested the algorithm for various
sizes of files. To ensure integrity of the data, we have
Run Time Analysis of AES and MD5 adopted the MD5 hash algorithm.
Runtime analysis of AES and MD5
In this framework, we have adopted a probabilistic
4000 primality checking (isProbablePrime() in Java) to
3500 determine whether the given number is prime or not. To
Encryption (Time in
3000 MilliSec.) determine whether the given number is prime or not, one
Time (in Milliseconds)
10. References
Figure 2: Runtime analysis of AES and MD5 [1] Blake I, G. Seroussi and N. Smart (eds).
Advances in Elliptic Curve Cryptography ,
Run Time Analysis of ECC
Runtime Analysis of ECC Cambridge University Press, 2005
[2] Certicom whitepaper, Remarks on the Security
36 of the Elliptic Curve Cryptosystem.. September
34
1997.
http://www.certicom.com/research/wecc3.html
Time (in 32
Milliseconds)
AES key (128 Bit) [3] Cohen H , Gerhard Frey, Handbook of Elliptic
30 MD5 Hashing
and Hyper-elliptic curve Cryptography,
28 Chapman & Hall /CRC, NW, FL, 2006
26 [4] DeWin E , S. Mister, B. Preneel, and M. Wiener.
Encryption Decryption
On the Performance of Signature Schemes
Based on Elliptic Curves. In J. P. Buhler, editor,
Algorithmic Number Theory: Third
Figure 3: Runtime analysis of ECC International Symposium (ANTS 3), volume
LNCS 1423, pages 252-266. Springer-Verlag,
8. Analysis June 21-25 1998.
With any cryptographic system dealing with 128 bit key, [5] Enge A , Elliptic Curves and Their Applications
the total number of combination is 2128. The time to Cryptography: An Introduction, Kluwer
required to check all possible combinations at the rate of Academic Publishers, Norwell, MA, USA,,1999.
rate 50 billion keys/second is approximately 5 x 1021 [6] Hankerson D, Alfred Menezes, and Scott
years. Vanstone, Guide to Elliptic Curve Cryptography,
Stallings [14] states that the computational complexity Springer-Verlag Professional Computing Series,
for breaking the elliptic-curve cryptosystem for an New York, 2004.
elliptic curve key size of 150 bits is 3.8 x 1010 MIPS [7] http://csrc.nist.gov/publications/fips/fips197/fips
(Million Instructions Per Second years). Moreover, the -197.pdf
recommended key sizes as per National Institute of [8] http://java.sun.com/j2se/1.3/docs/guide/security/
Standards Technology are given in Table 3 CryptoSpec.html
[9] Koblitz N , Algebraic aspects of cryptography,
Table 3: NIST Recommended Key Sizes Springer-Verlag Professional Computing Series,
Symmetric Key RSA Elliptic Curve New York, 1998
Size (bits) Key Size (bits) Key Size [10] Menezes A J, P. C. van Oorschot, and S. A.
(bits) Vanstone. Handbook of Applied Cryptography.
80 1024 160 CRC Press, Boca Raton, Florida, USA, 1997.
112 2048 224 [11] Menezes. A, Elliptic curve public key
128 3072 256 cryptosystems, Kluwer Academic Publishers,
192 7680 384 Norwell, MA, USA, 1994.
256 15360 521
36
ICGST- CNIR, Volume (7), Issue (I), July 2007
[12] Rosing M, Implementing Elliptic Curve Step 1 : Both sender and receiver agree on the elliptic
Cryptography, Manning Publications, 1998. curve E and the base point G with order n. Hence E,G
[13] Schneier B . Applied Cryptography. John Wiley and n are known to everyone.
& Sons Inc., New York, New York, USA, 2nd Step 2 : Sender then encodes the message M as a point.
edition, 1996. Step 3: Sender then generates a random number k. He
[14] Stallings W. Cryptography and Network then computes the value of kG (again a point).
Security. Prentice Hall, Upper Saddle River, Step 4: Sender takes the public key (drG) of the receiver,
New Jersey, USA, second edition, 1999. multiples the same with k (result is a point), and adds
[15] U.S. Department of Commerce / National that with M. The result is again a point.
Institute of Standard and Technology. FIPS Sender sends { kG, M + kdrG } to the receiver
PUB 197, Specification for the Advanced
Encryption Standard (AES), November 2001. Step D: Steps in Decryption
Available at http://csrc.nist.gov/encryption/aes. Receiver gets { kG, M + kdrG } sent by sender
[16] Washington L C , Elliptic Curves: Number
Theory and Cryptography Chapman & Step1: Extracts kG portion.
Hall/CRC, FL, USA. 2003. Step 2 : Multiples the same with his private key dr. He
obtains kGdr.
Appendix A: Elliptic curves in Galois Field GF(p)
Step 3: He then extracts M + kdrG portion. Subtracts the
Elliptic curves can be defined in a finite or Galois field
output of Step 2. i.e. M + kdrG - kGdr. which results in
2 3
GF(p) y mod p = x + ax + b mod p where p is a M, the plain text.
prime number.
Steps in ECC over GF(p) Appendix B: Steps in AES
The following are the steps in performing ECC. The algorithm consists of four stages that make up a
Step A: Determine the Base Point. round, which is iterated 10 times for a 128-bit length key,
Step B : Determine the public key and the 12 times for a 192-bit length key and 14 times for a 256-
private key for the sender and receiver. bit length key.
Step C : Perform Encryption Stage 1: “Sub Bytes” transformation is a non-linear for
Step D : Perform Decryption each byte of the block.
Stage 2: “Shift Rows” transformation cyclically shifts
Step A : Steps in finding the Base Point (permutes) the bytes within the block.
Step 1: Take the Elliptic curve Stage 3: “Mix Columns” transformation groups 4-bytes
y2 mod p= x3 + ax +b mod p where p is a prime number. together forming 4-term polynomials and multiplies the
Step 2 : For values from 0 to p-1, compute LHS and RHS polynomials with a fixed polynomial mod(x^4+1).
Step 3 : Locate points P where LHS = RHS Stage 4: “Add Round Key” transformation adds the
Step 4 : Count the number of points ‘n’. The total number round key with the block of data.
of points is always n + 1 (one point at infinity)
Step 5 : Find the prime factors of (n+1) and choose the Appendix C: Steps in MD5
largest among them. The following are the steps in MD5:
Step 6: Find the negative point for every point computed Input: b-bit message
in step 3.
Step 7 : Now perform addition operation of the each of Step 1: Appending padding bits: Padding is performed
the points obtained in step 3. Addition refers to finding as follows: a single "1" bit is appended to the message,
2P, 3P, 4P, 5P.... and tabulate them and then "0" bits are appended so that the length in bits of
Step 8 : Repeat step 7 until one gets the point at infinity. the padded message becomes congruent to 448, modulo
Step 9 : Identify the largest prime factor from step 5. 512. In all, at least one bit and at most 512 bits are
From the table created in step 7, appended.
locate for what points of P, the value is O (point at Step 2: Append Length: A 64-bit representation of b
infinity) (the length of the message before the padding bits were
Step 10: From the list of points, one can choose any point added) is appended to the result of the previous step. At
which will be the base point. this point, the resulting message has a length that is an
exact multiple of 512-bits.
Step B : Steps in Key Generation Step 3: Initialize the MD Buffer: Four word buffers to
Step 1: Sender and receiver agree on the elliptic curve E compute the Message Digest. Each one is a 32-bit
and the base point G with order n. The order of n must be register.
large. Hence E,G and n are known to everyone. Step 4: Process Message in 16-word block
Step 2: Sender chooses a random number ds which is 1 < Step 5: Output: The message digest produced as output
ds < n-1. He then computes ds * G. For him, ds is the in each of the 4 MD Buffer. Begin with low order byte of
private key and ds * G is the public key. the Buffer and end with the high order byte of the Buffer.
Step 3 : Receiver chooses a random number dr which is 1
< dr < n-1. He then computes dr*G. For him, dr is the
private key and dr * G is
Step C: Steps in Encryption
37
ICGST- CNIR, Volume (7), Issue (I), July 2007
Biographies
Dr Janakiraman V S is Professor of
Computer Science and Applications in
PSG College of Arts & Science,
Coimbatore, India. He earned his PhD
in Computer Science from Bharathiar
University, Coimbatore. He teaches
courses for Master of Computer Applications (MCA).
His research areas of interest include Cryptography,
Knowledge Management and BCP and DRP.
38