CRYPTOGRAPHIC PROTOCOLS
USING ELLIPTIC CURVE OVER
FINITE FIELDS
D. SRAVANA KUMAR
Reader in Physics, SVLNS Government College, Bheemunipatnam, Visakhapatnam Dt., India skdharanikota@gmail.com
CH. SUNEETHA
Assistant Professor in Engineering Mathematics, GITAM University , Visakhapatnam, India, gurukripachs@gmail.com
A.CHANDRASEKHAR
Professor in Engineering Mathematics, GITAM University, Visakhapatnam, India acs@gitam.edu
Abstract:
Cryptology is the study of techniques for ensuring the secrecy and authentication of the information.
Public –key encryption schemes are secure only if the authenticity of the public-key is assured. Elliptic curve arithmetic can be used to develop a variety of elliptic curve cryptographic (ECC) schemes including key exchange, encryption and digital signature. The principal attraction of elliptic curve cryptography compared to RSA is that it offers equal security for a smaller key-size, thereby reducing the processing overhead. In the present paper we propose a new encryption algorithm using Elliptic Curve.
Keywords: Elliptic Curve Cryptography, public-key, secret key, encryption, decryption
1. Introduction:-The study of elliptic curves by algebraists, algebraic geometers and number theorists dates back to the middle of the nineteenth century. Elliptic Curve Cryptography (ECC) was discovered in 1985 by Neil Koblitz and Victor Miller [6, 8]. Elliptic Curve Cryptography (ECC) schemes are public-key mechanisms that provide the same functionality as RSA schemes. However, their security is based on the hardness of a different problem, namely the Elliptic Curve Discrete Logarithmic Problem (ECDLP). Most of the products and standards that use public-key cryptography for encryption and digital signatures use RSA schemes. The competing system to RSA is elliptic curve cryptography. An elliptic curve E over a field R of real numbers is defined by an equation
E y
:
2
a xy
1
a y
3
x
3
a x
2 2
a x
4
a
6………..(1)Here a1, a2, a3 , a4, a6 are real numbers belong to R, x and y take on values in the real numbers. If L is an
extension field of real numbers, then the set of L-rational points on the elliptic curve E is
2 3 2
1 3 2 4 6
( )
{( , )
:
0}
{ }
E L
x y
LXL y
a xy
a y
x
a x
a x a
where
the point is at infinity. Equation (1) is called Weierstrass equation. For the purpose of the encryption and decryption using elliptic curves it is sufficient to consider the equation of the formy
2
x
3
ax b
. Here the elliptic curve E is defined over the field of integers K, because a1, a2, a3 , a4, a6 are integers. If E is defined over the field of integersK, then E is also defined over any extension field of K. The condition
0
ensures that the elliptic curve is “smooth”. i.e., there are no points at which the curve has two or more distinct tangent lines. The point
is the only point on the line at infinity that satisfies the projective form of the Weierstrass equation [1, 7, 9]. In the present paper it suffices to limit the study of elliptic curve of third degree over the field of integers K having the formy
2
x
3
ax b
. For the given values of a and b the plot consists of positive and negative values of y for each value of x. Thus this curve is symmetric about the x-axis.1.1Group laws ofE(K):- Let EK(a,b) be an elliptic curve defined over the field of integers K. There is a
chord-and-tangent rule for adding two points in EK(a,b), to give the third point. Together with this addition operation,
1.2Geometric rules of Addition:- Let P(x1,y1) and Q(x2,y2) be two points on the elliptic curve E. The sum R is
defined as : First draw a line through P and Q, this line intersects the elliptic curve at a third point. Then the reflection of this point of intersection about x-axis is R which is the sum of the points P and Q.
The same geometric interpretation also applies to two points P and –P, with the same x-coordinate. The points are joined by a vertical line, which can be viewed as also intersecting the curve at the infinity point. We therefore have P + (-P) =
,the identity element which is the point at infinity.1.3Doubling the point on the elliptic curve:-
First draw the tangent line to the elliptic curve at P which intersects the curve at a point. Then the reflection of this point about x-axis is R. The addition of two points and doubling of a point are shown in the following figures 1 and 2 for the elliptic curve y2 = x3-x.
Figure 1. Geometric addition Figure 2. Geometric doubling
1.4 Identity:-P +
=
+P = P for all EK(a,b) , where
is the point at infinity.1.5Negatives:- Let P (x,y) EK(a,b) then (x,y) + (x,-y) =
. Where (x,-y) is the negative of P denoted by –P.1.6 Point addition:- Let P(x1,y1) and Q(x2,y2) EK(a,b) where P ≠ Q. Then P + Q = (x3,y3)
3 3
P + Q =( ,
x y
)
where2
2 1
3 1 2
2 1
y
y
x
x
x
x
x
and
2 1
3 1 3 1
2 1
y
y
y
x
x
y
x
x
1.7 Points Doubling:- Let P(x1,y1) EK(a,b) where P ≠ -Pthen
2
2 2
1 1
3 3 3 1 3 1 3 1
1 1
3
3
2
( ,
) where
2 and
2
2
x
a
x
a
P
x y
x
x
y
x
x
y
y
y
1.8 Point Multiplication:- Let P be any point on the elliptic curve EK(a,b where K is the field of integers. Then
the operation multiplication of P is defined as repeated addition. kP = P + P + ……… k times 1.9 Elliptic Curve Cryptography:-
Elliptic Curve Cryptography (ECC) [2, 3,4,5,6 10] makes use of the elliptic curve in which the variables and coefficients are all restricted to elements of the finites fields. Two families of elliptic curves are used in cryptographic applications: Prime curves over
Z
p and binary curves(2 )
mGF
. For a prime curveover
Z
p, we use a cubic equation in which the variables and the coefficients all take on values in the set ofintegers from 0 through p-1 and the calculations are performed with respect to modulo p.
If two communicating parties Alice and Bob want to communicate the messages then they agree upon to use an elliptic curve Ep (a,b) where p is a prime number, a generator G and any random point A on the elliptic curve
Ep (a,b).
2. Proposed Method of Encryption:- Alice selects a large number k less than the order of G and a point B on the elliptic curve Ep (a,b). She computes H = kG, and U = A + kB . She keeps the random number k and the
point B as her private keys and publishes H and U as her public keys.
PRA1 = Alice’s private key 1 = k, a large random number less than the order of the generator G
PRA2 = Alice’s private key 2 = a point B on the elliptic curve Ep (a,b)
PUA1 = Alice’s public key 1 = a point H on the elliptic curve Ep (a,b)
PUA2 = Alice’s public key 2 = a point U on the elliptic curve Ep (a,b)
Similarly Bob also selects a large random number l on the elliptic curve and a random point C on the elliptic curve Ep (a,b). He computes I = lG, and V = A + lC. He keeps the random number l and the point C as his
private keys and publishes I and V as his public keys.
PRB1 = Bob’s private key 1 = l, a large random number less than the order of the generator G
PRB2= Bob’s private key 2 = C, a random point on the elliptic curve Ep (a,b)
PUB2 = Bob’s public key 2 = V, a point on the elliptic curve Ep (a,b)
2.1 Encryption:- If Bob wants to communicate the message M then all the characters of the message are converted to the points on the elliptic curve Ep (a,b). Then each message point is encrypted to a pair of cipher
points E1,E2 . He uses a random number s which is different for the encryption of different message points.
E1 = sG
E2 = M + (l + s) H +U + lC
2.2 Decryption by Alice: - Alice after receiving the cipher text as a pair of points (E1,E2) and for each character
decrypts the message as follows. M = E2- kE1 –kI – V – kB
2.3 Decryption works out properly:- M = E2- kE1 –kI – V - kB
= M + (l + s) H +U + lC - k sG -(A + lC) – kB
= M + (l+s) kG +(A+kB) +lC – ksG –klG – A – lC – kB = M +lkG + ksG + A + kB + lC – ksG –klG – A – lC – kB = M
For example consider the elliptic curve whose equation is y2=x3+4x+20.
Since
16[4
a
3
27 ]
b
2
176896
4 mod(29)
≠ 0, the elliptic curve is nonsingular. The graph of the curve y2=x3+4x+20 is shown below in figure 3.The set of all points on the elliptic curve E29 (4,20) are
{
,(0,7), (0,22), (1,5), (1,24), (2,6), (2,23), (3,1), (3,28), (4,10), (4,19), (5,7), (5,22), (6,12), (6,17), (8,10), (8,19), (10,4), (10,25), (13,6), (13,23), (14,6), (14,23), (15,2), (15,27), (16,2), (16,27), (17,10), (17,19), (19,13), (19,16), (20,3), (20,26), (24,7), (24,22), (27,2), (27,27) }.The above set contains 37 elements which is a prime number. So, E29(4,20) is a cyclic group and any point on
E29(4,20) except the identity element is a generator. Let G = (1,5) is the generator of the cyclic group E29(4,20) 3. Example: - Alice and Bob agree upon to use the elliptic curve E29(4,20), the generator G = (1,5), a random
point A = (4,19)
Alice selects k = 23, B = (2, 6), then she computes H = kG = 23 (1,5) = (5,7).
U = A + kB = (4, 19) + 23 (2,6) = (6,17). She keeps the number k and the point B as her secret keys and publishes H and U and her public keys.
Similarly Bob selects a random number l = 17 and C = (24,22) and computes
I = lG = (27,2) and V = A + lC = (13,23). He keeps the number l and the point C as his private keys and publishes I and V as his public keys.
3.1 Encryption:-
If Bob wants to send the message “cipher” to Alice first he converts all the text characters of the message into the points on the elliptic curve using the agreed upon code table given below.
space
∞ (1,5) #
* (4,19) a (20,3) b (15,27) c (6,12) d (17,19) e (24,22) F (8,10) g (14,23) h (13,23) i (10,25) j (19,13) k (16,27) L (5,22) m (3,1) n (0,22) o (27,2) p (2,23) q (2,6) R (27,27) s (0,7) t (3,8) u (5,7) v (16,2) w (19,16) X (10,4) y (13,6) z (14,6) $ (8,19) € (24,7) ^ (17,10) > (6,17) < (15,2) , (20,26) . (4,10) - (1,24)
Then he encrypts each character of the message as follows. 1) c = the point (6,12) on the elliptic curve. Let s = 9 E1 = sG = (14,23) corresponds to ‘g’ in the code table
E2 = M + (l + s) H +U + lC = (5,22), corresponds to ‘l’ in the code table. So, the message character ‘c’ is
encrypted to the pair of characters {g,l}.
E2 = M + (l + s) H +U + lC = (1,5) corresponds to ‘#’ in the code table. So, the message character ‘i’ is
encrypted to the pair of characters {k,#}.
3) p = the point (2,23) on the elliptic curve. Let s = 5 E1 = sG = (6,12) corresponds to ‘c’ in the code table
E2 = M + (l + s) H +U + lC = (14,23), corresponds to ‘g’ in the code table. So, the message character ‘p’ is
encrypted to the pair of characters {c,g}.
4) h = the point (13,23) on the elliptic curve. Let s =29 E1 = sG = (8,19) corresponds to ‘$’ in the code table
E2 = M + (l + s) H +U + lC = (15,2), corresponds to ‘.’ in the code table. So, the message character ‘h’ is
encrypted to the pair of characters {$,.}.
5) e = the point (24,22) on the elliptic curve. Let s = 31 E1 = sG = (17,10) corresponds to ‘^’ in the code table
E2 = M + (l + s) H +U + lC = (15,27), corresponds to ‘b’ in the code table. So, the message character ‘e’ is
encrypted to the pair of characters {^,b}.
6) r = the point (27,27) on the elliptic curve. Let s = 3 E1 = sG = (20,3) corresponds to ‘a’ in the code table
E2 = M + (l + s) H +U + lC = (4,19), corresponds to ‘*’ in the code table. So, the message character ‘r’ is
encrypted to the pair of characters {a,*}.
So, the text message “cipher” is encrypted to “glk#cg$.^ba*”. In Elliptic Curve Cryptography the size of the encrypted message is twice the size of the text message.
3.2 Decryption:- After receiving the cipher text, Alice converts the cipher text characters to the points on the elliptic curve using the code table. “glk#cg$.^ba*” is coded to the points (14,23), (5,22), (16,27), (1,5), (6,12), (14,23), (8,19), (15,2), (17,10), (15,27), (20,3), (4,19). She decrypts the message taking two points at a time as follows
1) Here E1 = (14,23) and E2 = (5,22)
M = E2- kE1 –kI – V – kB = (6,12). This point is coded to the text character ‘c’ using the code table.
2) Here E1 = (16,27) and E2 = (1,5)
M = E2- kE1 –kI – V – kB = (10,25). This point is coded to the text character ‘i’ using the code table.
3) Here E1 = (6,12) and E2 = (14,23)
M = E2- kE1 –kI – V – kB = (2,23). This point is coded to the text character ‘p’ using the code table.
4) Here E1 = (8,19) and E2 = (15,2)
M = E2- kE1 –kI – V – kB = (13,23). This point is coded to the text character ‘h’ using the code table.
5) Here E1 = (17,10) and E2 = (15,27)
M = E2- kE1 –kI – V – kB = (24,22). This point is coded to the text character ‘e’ using the code table.
6) Here E1 = (20,3) and E2 = (4,19)
M = E2- kE1 –kI – V – kB = (27,27). This point is coded to the text character ‘r’ using the code table.
So, the encrypted message “glk#cg$.^ba*” is decrypted to the original message “cipher”
5. References:-
[1] Alfred J. Menezes and Scott A. Vanstone, “Elliptic Curve Cryptosystems and their implementations”, Journal of Cryptology, 1993, Volume-6, Number-4, pages 209-224.
[2] Chandrasekhar et.al. “Some Algebraic Curves in public Key crypto systems”, International Journal of Ultra Scientist of Physical Sciences, 2007.
[3] “Standards for Efficient Cryptography”, Certicom Research, secg.talk@lists.certicom.com, September, 2000. [4] Darrel Hankerson, Alfred Menezes, Scott Vanstone, “A Gide to elliptic curve Cryptography”, Springer, 2004. [5] Enge A. “Elliptic curves and their applications to cryptography”, Norwell, MA: Kulwer Academic publishers 1999.
[6] V.Miller, “Uses of Elliptic curves in Cryptography”. In advances in Cryptography (CRYPTO 1985), Springer LNCS 218,417-4 26, 1985.
[7] G. Mercy Amritha Sagayee, S. Arumugam, S. Anandha Mala “Biometric Encryption Using Elliptic Curve”, International Journal of Research and Reviews in Computer Science, Volume2, No. 5, 2011.
[8] Neil Koblitz, “ An Elliptic Curve implementation of the finite field digital signature algorithm”, in Advances in cryptology, (CRYPTO 1998), Springer Lecture Notes in computer science, 1462, 327- 337, 1998.
[9] Rob Lambert, “Understanding Elliptic Curve Cryptography”, EE Times Design, January 2006, www.eetimes.com [10] Rosing M. “Implementing elliptic curve cryptography”, Greenwich, CT: Manning publications, 1999.
