Documente Academic
Documente Profesional
Documente Cultură
Shreeja Vasudevan et al, Int. J. Comp. Tech. Appl., Vol 2 (4), 1025-1034
In Public key cryptography a message is sent after applying key is used for both functions, the difficulty with this
the digital signature and encryption techniques by the approach is that of the distribution of the key.
sender. These techniques are used so that the message The public key cryptography technique employs two
properties such as confidentiality, integrity and keys that are mathematically related. One key is used to
unforgeability are maintained and the non-repudiation can encrypt the plaintext and the other key is used to decrypt the
be ensured at the receiving end. The digital signatures and ciphertext. One key is called the private key which is kept
encryption mechanisms can be combined to form a single secret and other key is designated as the public key and may
logical step called Signcryption. In this paper a be advertised as widely as the owner wants. In this scheme
Signcryption scheme is suggested which is based on Elliptic there is no difficulty regarding the distribution of keys. But
Curve Cryptography (ECC). The scheme provides the computational cost is greater than symmetric key
additional security features which include the property of cryptography.
forward secrecy, public verifiability and counter steps for Now-a-days public key cryptography is used extensively
resistance to Side Channel Attacks (SCAs) are also taken. due its stronger security features than symmetric key
The proposed scheme provides better performance aspect cryptography. The public key cryptography technique relies
for the security feature provided; compared to the upon the digital signatures and encryption methods to send a
traditional Signature-then-Encryption schemes based on message ensuring the confidentiality, integrity,
ECC. unforgeability and non-repudiation of communication.
Accordingly the steps involved in the traditional method of
Signature-then-Encryption are:-
Keywords- Signcryption, Elliptic Curve Cryptography, public
verifiability, forward secrecy, Side Channel Attacks.
The Sender first digitally signs and then encrypts the
message.
Receiver verifies the S
the encrypted message.
Security in computers means that the information is
protected from unauthorized or accidental disclosure while
The digitally signing and encrypting steps can be
the information is in transit (either electronically or
combined into a single logical step, called Signcryption.
physically) and while information is in storage.
The public key cryptographic technique has evolved and
One essential aspect for secure communications is that of
ECC has been proved to be better in terms of security
cryptography. Cryptography not only protects data from
provided per bit compared to the traditional technique, such
theft or alteration, but can also be used for user
as RSA. Similarly the adoption of ECC in Signcryption
authentication. The common cryptographic schemes
schemes has also proved out to be beneficial.
typically used are secret key (or symmetric) cryptography
Signcryption is relatively a new term in the literature;
and public-key (or asymmetric) cryptography.
introduced in 1996. The efficacy of Signcryption became
With secret key cryptography, a single key is used for
evident in 1997 when Yuliang Zheng [1] illustrated that the
both encryption and decryption. The sender uses the key in
Cost (Signcryption) << Cost (Signature) + Cost
order to encrypt the plaintext and sends the ciphertext to the
(Encryption) in terms of computational cost as well as
receiver. The receiver applies the same key in order to
communicational overhead. The Signcryption scheme was
decrypt the message to recover the plaintext. Since a single
point at infinity and the points, which satisfy the multiplicative inverse operation is required. The
Elliptic Curve equation. The standard domain number of scalar multiplications required in the case of
parameters are defined [13]. The protocols projective coordinate system is more in contrast to the
implementing ECC can also specify the domain affine coordinate system. Thus scalar multiplications on
parameters. projective coordinates should be more efficient
compared to the multiplicative inverse operation. The
ECC follows the group law and Standard projective coordinates and the Jacobian
logarithm problem. From the ECDL problem it is evident projective coordinates are defined as follows: -
that the major operation involved in ECC is point
multiplication. i.e. multiplication of a scalar k with a point P Standard projective coordinate in the field Fq: Here
on the curve to obtain another point Q on the curve. a point is represented as (X, Y, Z) and the
corresponding affine coordinate point is (X/Z, Y/Z).
Point Multiplication: Points P and Q lie on the elliptic The equation for the elliptic curve is:
curve such that when P is multiplied with a scalar k to
obtain the point Q, Y2 Z = X3 + aXZ2 + bZ3,
In terms of
In terms of M,S,A and I
M
Jacobian
Algorithm 1 (Add and Double) - (4M + 6S) (n-1)+(12M + 4S) (n-1) / 2 2607.6M
Projective
Jacobian
Algorithm 1 (Add and Double) 3 , Z =1 - (4M + 6S) (n-1)+(8M + 3S) (n-1) / 2 2289.2M
Projective
Jacobian
Algorithm 1 (Add and Double) a= - (4M + 4S) (n-1)+(12M + 4S) (n-1) / 2 2353.2M
Projective
Jacobian
Algorithm 1 (Add and Double) a= 3,Z=1 - (4M + 4S) (n-1)+(8M + 3S) (n-1) / 2 2034.8M
Projective
Algorithm 2 (Improved Coron (13n+7)M + (4n+1)S + 1I 2629.8M
Standard
Montgomery ladder ) + 3
Projective Joye -Tymen (13n+14)M + (4n+3)S + 1I 2638.4M
Algorithm A.1(xECADDDBL)
Algorithm 2 (Improved
Standard
Montgomery ladder ) + a= 3 Coron (11n+9)M + (4n+1)S + 1I 2311.8M
Projective
Algorithm A.1(xECADDDBL)
Algorithm A.2 ( y-coordinate Standard
- - 13M+2S+1I 44.6M
recovery ) Projective
Integrity If the message content is changed then the respectively which are used in the Signcryption and
ciphertext C is changed to and consequently a value Unsigncryption phases.
is obtained, instead of v. This change is detected at Algorithm 2 (SCA resistant) is not used in the point
the time of verification and the message gets rejected. multiplication operations involved in calculating; .
So the integrity of the message is confirmed. So the values of s and v can be obtained by the adversary
through SCA. Even then the security properties are
Unforgeability For forging the message the private maintained by the scheme since the random number r
key of Bob (dB) is required, which is kept secured with remains secret.
Bob. Thus the property of unforgeability is maintained heme [7] are also removed
with the secrecy of the secret key dB. by the protocol, by carefully selecting the parameters and
deriving the secret key from random number r, and
Non-repudiation In the case of denial by Alice including the identifiers of the communicating parties.
regarding the sending of the message, Bob can send the In TABLE II, the comparison of the Signcryption
parameters (R, C, s) required by the judge to verify and schemes which were introduced earlier and the proposed
ensure the property of non - repudiation. Signcryption scheme is shown. The comparison is based on
the key security features. The description Directly in the
Forward secrecy of message confidentiality The Non-repudiation column means that the Signcryption
disclosure of the private key of Alice, dA is not enough scheme provides the property of Non-repudiation without
to decrypt the previous messages encrypted by Alice. the need of zero knowledge proof protocol.
The parameters r and v both should also be known to
decrypt the messages. For each message the values of r
and v are different. For obtaining r and v the ECDLP The costs involved in the Signcryption schemes are
have to be solved. represented in the terms of the computational cost and the
communication overhead. The operational costs involving
Publicly verifiability The steps involved in machine cycles take the form of the computational cost. The
verification does not involve the session keys or the additional bits which are transferred excluding the message
secret keys of any party. So any entity can verify bits, is referred to as the communication overhead. The
without the need of decryption of the message. compliance of the proposed scheme with the condition of
efficiency (Section 2.3 (3)) of the Signcryption scheme is
Resistance against the SPA and DPA attacks Point presented as follows.
multiplication performed using Algorithm 2 along with
the randomization of parameters using Coron or Joye
Tymen method for parameter randomization, provides The computational cost is the most for the point
resistance from the SPA and DPA attacks respectively. multiplication operation. TABLE III presents the
mathematical operations involved in the different
Thus the security features provided by the Signcryption schemes. The traditional Signature-then-
Signcryption scheme, mainly depends on the secrecy of Encryption method based on ECC involves 6 point
r and dB, which are the empirical and static secret keys,
TABLE II. COMPARISION O F THE SIGNCRYPTION SCHEMES BASED ON THE SECURITY FEATURES
Figure 2. Comparison of the various Signcryption schemes Figure 4. Comparison of the various Signcryption schemes
with a 3 and Z with a = 3 and Z 1.
Figure 3. Comparison of the various Signcryption schemes Figure 5. Comparison of the various Signcryption schemes
with a 3 and Z = 1. with a = 3 and Z = 1.