Professional Documents
Culture Documents
Eliptic Curve Implementation
Eliptic Curve Implementation
Eliptic Curve Implementation
1. INTRODUCTION
1.1 OVERVIEW OF THESIS
Abstract
Strong public-key cryptography is often considered to be too computationally
expensive for small devices if not accelerated by crypto-graphic hardware. We revisited
this statement and implemented elliptic curve point multiplication for 160-bit, 192-bit,
and 224-bit NIST/SECG curves over GF (p) and RSA-1024 and RSA-2048 on two 8-bit
micro-controllers. To accelerate multiple-precision multiplication, we propose a new
algorithm to reduce the number of memory accesses. Implementation and analysis led
to three observations:
2. The relative performance advantage of ECC point multiplication over RSA modular
exponentiation increases with the decrease in processor word size and the increase in
key size.
Introduction
As the Internet expands, it will encompass not only server and desktop systems,
but also large numbers of small devices ranging from PDAs and cell phones to
appliances and networked sensors. Inexpensive radio transceivers, integrated or attached
to small processors, will provide the basis for small devices that can exchange
information both locally with peers and, through gateway devices, globally with entities
on the Internet.
Page 1 of 84
Implementation of Elliptic Curve Cryptography
Therefore, they may not be desirable for low-cost implementations. Only few
publications have considered public-key cryptography on small devices without
coprocessors. Hasegawa et al. implemented ECDSA signature generation and
verification on a 10MHz M16C micro computer. The implementation requires 4KB of
code space and uses a 160-bit field prime p = 65112 * 2144 - 1 chosen to accommodate
the 16-bit processor architecture.
Signatures can be generated in 150ms and verified in 630ms. Based on the ECC
integer library, the authors also estimate 10s for RSA-1024 signature generation and
400ms for verification using e =216 +1.
Page 2 of 84
Implementation of Elliptic Curve Cryptography
Bailey and Paar suggest the use of optimal extension fields (OEFs) that enable
efficient reduction when subfield primes are chosen as pseudo-Mersenne primes close to
the word size of the targeted processor An implementation of this concept for elliptic
curve point multiplication over GF ((28 - 17)17) on n8-bit 8051 processor architecture
is described by Woodbury, Bailey and Paar.
On a 12MHz 8051 with 12 clock cycles per instruction cycle, the authors
measured 8.37s for general point multiplication using the binary method and 1.83s for
point multiplication with a fixed base point.
The code size was 13KB and 183 bytes of internal and 340 bytes of external
RAM were used. Pietil ainen evaluated the relative performance of RSA and ECC on
smart cards.
An elliptic curve E over the complex numbers is the set of points (x, y)
satisfying the equation
E: y2 = x3 + ax + b,
Page 3 of 84
Implementation of Elliptic Curve Cryptography
Authentication: A merchant must know the identity of the customer. For some kinds of
businesses it is not sufficient that the customer authenticates herself by the use of a
password. In these cases an electronic version of today is identity or credit card is
required. The recipient of a message or an order should know the identity of the sender
and should also be sure that the data wasn’t altered during its transmission. These
challenges, the authentication of the user and the integrity of the sent messages, are met
using various cryptographic methods.
Privacy:. The exchange of data between the merchant and the customer in most cases
should be kept secret. No unauthorized party should be able to read or copy such a
communication. This challenge, confidentiality, is met using encryption.
Page 4 of 84
Implementation of Elliptic Curve Cryptography
ECC devices require less storage, less power, less memory and less bandwidth
than other system. This allows you to implement cryptography in platforms that are
constrained, such as wireless devices, handheld computers, smart cards and thin-clients.
It also provides a big win in situations where efficiency is important.
For example, the current key-size recommendation for legacy public schemes is
2048 bits. A vastly smaller 224-bit ECC key offers the same level of security. These
advantage only increases with security level – for example, a 3072 bit legacy key and a
256 bit ECC key are equivalent – Something that will be important as stronger security
systems become mandated and devices get smaller.
Page 5 of 84
Implementation of Elliptic Curve Cryptography
2. BACKGROUND STUDY
Since the beginning of public key cryptography there are two major
cryptosystems (RSA and El-Gamal ) that seem to defeat all attacks. For this reason,
these two cryptosystems are the most respected and wildly used public key
cryptosystems nowadays. One can use both cryptosystems for encryption/decryption and
digital signatures. All important security standards cover those cryptosystems, so it
should be safe to use implementations of them.
First of all, elliptic curve cryptosystems (ECC ) aren’t that new anymore. They
were invented around 1985 independently by Miller and Koblitz. Since their
introduction a broad discussion on their security and efficiency has been carried on. It is
this very efficiency that makes them so interesting for us today. This is due to the fact
that information technology is developing very fast. For example, most computers today
dont look like the old fashioned personal computers anymore.
We use handhelds and mobile phones and of course we have a need in securing
communications on these devices. But in this case there have to be several constraints
taken into account: there is very limited memory and computing power on these devices,
and it is not possible to spend much bandwidth for communications overhead. What we
need is a cryptosystem with small keys, and a small signature size.
Page 6 of 84
Implementation of Elliptic Curve Cryptography
Elliptic curves have been used to factories numbers and in primality proving.
More recently, elliptic curves attracted attention for their part in the solution to Fermat’s
Last Theorem. However, elliptic curves have also inspired a new type of cryptosystem
providing alternatives for implementation of digital signatures, key exchange and
confidentiality.
Background
Elliptic curves have been the subject of intensive study for over a century but
apart from a recent link with the solution of Fermat’s Last Theorem they remain a
relatively unfamiliar branch of mathematics.
The applicability of elliptic curves to cryptography was realized in 1985 with two
keynote discoveries.
The factorization technique was interesting but proved fruitless when applied to
problems where the factors were large, e.g., RSA. It is suitable for determining small
prime factors only.
Page 7 of 84
Implementation of Elliptic Curve Cryptography
The second proposal aroused a little more interest. The elliptic curves cryptosystem
appeared to require a much shorter key than that required by RSA. But this was of
academic interest only. RSA was easy to understand, fairly easy to implement and key
size were not an issue -then.
However, in 1966, the release of a paper by Andrew Odlyzko caused a major increase
in the length of RSA keys. Suddenly 64 byte keys were no longer acceptable for secure
applications. Overnight 128 bytes became the new norm; bandwidth and performance
became issues for many systems.
Term Definition
Exclusive OR.
DH The Diffie-Hellman protocol enables two parties to establish a shared secret in
a secure fashion using a public communication channel.
DSA Digital Signature Algorithm.
EC Elliptic Curve.
EC-n An elliptic curve where the underlying field elements are n bits long.
ECC Elliptic Curve Cryptosystems.
ECDPL Elliptic Curves Discrete Log Problem.
ECDSA Elliptic Curve DSA.
RSA Rivest Shamir Adleman.
RSA-n The RSA algorithm implemented with an n bit modulus.
Page 8 of 84
Implementation of Elliptic Curve Cryptography
together with a special point O, this is called the ‘point at infinity’ (but really behaves
like a 0 under addition).
Of course, the above is not a precise definition without specifying what kind of
numbers x, y, a and b are. These values are all numbers in a ‘field’.
Informally, the specific ‘useful’ property of a field is the ability to perform division
within it.
For cryptographic applications the elliptic curves defined over finite fields (for
example GF(p) has p elements) are of primary interest and the remaining discussion is
focused on these implementations.
Page 9 of 84
Implementation of Elliptic Curve Cryptography
If we consider the implementation over GF(p), the elliptic curve looks like a
disconnected series of points in the Cartesian Plane.
The collection of points (x,y) which satisfy the elliptic curve equation have the
following useful property. By defining addition of two points in a special way, the
addition of two points on the curve gives another point on the curve. (The mathematical
term for this is closure). However this is not addition as we know it. It is a set of
calculations (actually algebraic equations) involving x and y and calculated in the finite
field.
Now, elliptic curves are not the only mathematical objects with this property.
What makes them special is that the set of calculations reproduced below, involving x
and y are relatively simple.
If P=(x1, y1) is any point on the elliptic curve then the negative of P, -P = (x1, y1) is also
a point on the curve. The addition of these two points gives,
P + (-P) = P – P = O³
If P = (x1, y1) and Q = (x2, y2) are points which satisfy the elliptic curve equation and Q≠-
P then the sum^4
Page 10 of 84
Implementation of Elliptic Curve Cryptography
P + Q = R = (x3, y3)
is defined by
x3 =λ² - x1 - x2
y3 = λ (x1 – x3) – y1
where
It can then be shown that R(x3, y3) satisfies the EC equation y3² = x3² + ax3 + b.
Another important property of this addition rule is the order of addition does not matter.
P(x1, y1) + Q(x2, y2) = R(x3, y3) = Q(x2, y2) + P(x1, y1)
Performance
The computation of λ requires the computation of 1 field inverse and 2 field
multiplications when P = Q and one less field multiplication when P and Q are distinct.
These are followed by a further two fild multiplications to complete the computation of
(x3, y3 ).
Hence, up to 4 field multiplications and 1 field inverse are required each time P +
Q is performed. Field arithmetic, perticularly division, can be computationally intensive
for long arguments, so it can be seen that ECC are only practical because it appears that
comparitively short key lengths give the required level of security.
Page 11 of 84
Implementation of Elliptic Curve Cryptography
If a point P(x,y) on an elliptic curve is repeatedly added to itself, say n times, the
argument in the previous section says that he result, Q(x, y) , will also satisfy the elliptic
curve equation. However given knowledge of P(x,y), Q(x,y) or the elliptic curve used, it
is very difficult to determine ‘n’.
So, if
P + P + P + …+P = nP = Q
n times
This is the discrete log problem over elliptic curves(over the elliptic curve
subgroup to be precise) upon which the security of ECCs is based.
A MIPS year represent one year of a machine capable of performing one million
instruction per second. 1012 MIPS years represents acceptable security at this time. Since
this would require most of the computing power on the planet for a considerable length of
time.
11
It is estimated that an RSA-1024 modules will take 3×10 MIPS years to
factorise.
Page 12 of 84
Implementation of Elliptic Curve Cryptography
significant proportion of the total number available they still have to be ‘wedded out’ in
advance.
As a rule of thumb there are about 2p different elliptic curves over GF(p) and
each of these curves has about p points in it.
The security of an ECC is based upon the EC discrete log problem. This is much
more difficult problem than the integer factorization problem (upon which RSA is based)
or the discrete log problem upon which, say diffie-hellman protocol is based.
Now , the measure of the security of an ECC(based upon the EC discrete log problem) is
given by:
The largest prime divisor, q, of the number of points which satisfy the elliptic
curve equation.
It is NOT the length of the field elements.
For example, a curve in EC-167 might offer the same activity level as a curve in
EC-247.
So how the EC is chosen is very important.
The most efficient techniques currently available to attack the EC discrete log
problem are based upon ‘parallel collision’.
Keylength
Whenever the term EC-k is used, the k refers to the length of x and y, or the
elements in the underlying field, e.g.EC-161. However, k is sometimes referred to as the
‘keylength’. This is confusing as the actual measure of security is not based upon k at all.
But if the elliptic curve has been selected well the measure of strength, describe above,
will be k-1 bits at most.
So a security level of k-1 bits implies that a curve in EC-k or grater is required.
Page 13 of 84
Implementation of Elliptic Curve Cryptography
It is also unclear how the length of the key varies between implementations, i.e.,
how does the keylength in a GF(2n) implementation differ from the keylength in a GF(p)
implementation.
This question can be answered in terms of the cost required to build special
purpose architectures to attack each type of implementation. One (GF(2n), assumes a
hardware approach ,the other , GF(p), might be tackled using distributed software.
Using this approach, recent results, based upon comparison with RSA-1024,
suggest that GF(p) implementation, where p is 162 bits, offers similarly security to a
GF(2n) implementation where n ranges from 171 to 180 bits.
Page 14 of 84
Implementation of Elliptic Curve Cryptography
3.3 IMPLEMENTATIONS
There are two common ways of implementing elliptic curve cryptosystems over
finite fields.
o Over GF(p) (the integer modulo p),
o Over GF(2n) (n-dimensional binary vectors)
We want to perform addition, subtraction, multiplication and division in the finite
field of implementation.
GF(p)
Algorithm for performing arithmetic modulo p are well known. These are
necessary for existing implementations based on modular arithmetic e.g. RSA, Fiat-
shamir, DSA and Diffie-Hellman.
GF(2n)
Over GF(2n) these operations are completely different. The mathematics is based
around manipulation of polynomials with binary coefficients, or objects which look like,
for example.
1+X+X3+X5 = 1+1X+0X2+1X3+0X4+1X5.
This polynomial corresponds to the binary vector (1,1,0,1,0,1). Note that a point
on the EC now exists of a pair of binary vectors.
Page 15 of 84
Implementation of Elliptic Curve Cryptography
However the similarity stops there. There is no compatibility between the two
systems and a device dedicated specifically to arithmetic over GF(2n) might be
disadvantaged if alternative cryptosystems, such as RSA, need also to be implemented. If
blazing performance is not an issue , a perfectly adequate ECC performance might be
achieved in software with no hardware support, both for GF(p) and GF(2n). This is of
specific interest for, say, smartcards for which additional mathematical coprocessor is
absolutely mandatory to perform the demanding computations for RSA.
Page 16 of 84
Implementation of Elliptic Curve Cryptography
Page 17 of 84
Implementation of Elliptic Curve Cryptography
Set p=11(a prime of manageable size) and consider the elliptic curve equation
given by:
Y2 = x3 + 10x+10MOD11
We want to find pairs(x0,y0) which satisfy this equation. Any old pair won’t do.
For example (0,) does not satisfy the equation and hence does not lie on the curve.
One way to do this is to find x0 and y0 for which y 02MOD 11 is equal to
x03+10x0+10MOD11.
x x3+10x+10MOD11 y y2MOD11
0 10 0 0
1 10 1 1
2 5 2 4
3 1 3 9
4 4 4 5
5 9 5 3
6 0 6 3
7 5 7 5
8 8 8 9
9 4 9 4
10 10 10 1
Table 1
By referring Table 1 a list of such points(x,y) can be created, for example (5,3)
and (5,8) both result in y02 MOD 11 = x03+10x0+10 MOD 11 = 9.
Using this approach the entire set of points which satisfy the equation can be
calculated. There are 13 points for which y02 MOD 11 = x03+10x0+10 MOD 11 as
follows:
Page 18 of 84
Implementation of Elliptic Curve Cryptography
Table 2
These points (x, y) may now be plotted. These points, together with the point of
infinity 0, make up the elliptic curve group of 14 points. Note that there are two prime
divisors of 14: 7 and 2. The security of this EC depends upon the largest of these
numbers, i.e. 7.
Negatives of Points
Page 19 of 84
Implementation of Elliptic Curve Cryptography
P -P
(6, 0) (6, 0)
(3, 1) (3, 10)
(3, 10) (3, 1)
(4, 2) (4, 9)
(4, 9) (4, 2)
(2, 4) (2, 7)
(2, 7) (2, 4)
(7, 4) (7, 7)
(7, 7) (7, 4)
(5, 3) (5, 8)
(5, 8) (5, 3)
(9, 2) (9, 9)
(9, 9) (9, 2)
Table 3
Addition of points
Now if any of these points is selected and added to itself (doubled) the result is
another point on the curve. To see this recall the addition rule for Elliptic curves for two
points P(x1, y1) and Q(x2, y2) on the curve. Then,
Page 20 of 84
Implementation of Elliptic Curve Cryptography
where
λ = (y2 – y1)/ (x2 – x1) P≠Q
= (3 x12 + a) / 2 y1 P=Q
The effect of addition is to ‘bounce’ around the elliptic curve.
Addition when P = Q
As an example consider the sum of P = (3, 1) and Q = (3, 1). This is the case P = Q.
Then
x1 = 3 = x2, y1 = 1 = y2
and λ =(3 x12 + a) / 2 y1 MOD 11
= (3*9+10)/(2*1) = (27 +10)/2 = (37/2) MOD 11
Addition when P ≠ Q
Page 21 of 84
Implementation of Elliptic Curve Cryptography
Page 22 of 84
Implementation of Elliptic Curve Cryptography
Menezes and Jurisic compared the time required to break the ECC with the time
required to break RSA for various modulus sizes using the best general algorithm
known. Values were computed in MIPS years, which represents a computing time of one
year on a machine capable of performing one million instructions per second.
The results are listed in Table. As a bench- mark, it is generally accepted that
1012 MIPS years represents reasonable security at this time, since this would require
most of the computing power on the planet to work for a considerable amount of time.
Menezes and Jurisic found that to achieve reasonable security, RSA would need
to employ a 1024-bit modulus, whereas a 160-bit modulus should be sufficient for the
ECC. They found that ECC required a smaller modulus than RSA and that the security
gap between the systems grew as the key size increased. For example, 300-bit ECC is
significantly more secure than 2000-bit RSA, because the ECDLP problem is judged to
be the harder problem.
Another way to look at this security issue is to compare the equivalent strength of
RSA keys and ECC keys for smart card applications. The Table 5.4 shows that in smart
card applications requiring higher levels of security, ECC is able to offer security
without a great deal of additional system resources. In September 1999, nearly 200
people using 740 computers managed to crack a message encrypted with 97-bit elliptic
Page 23 of 84
Implementation of Elliptic Curve Cryptography
curve cryptography. The process took 16,000 MIPS-years of computing, about twice as
much as used by the team that recently cracked a 512-bit RSA encryption key.
The ECC2K-108 challenge was solved using the parallelized Pollard Rho method
and exploiting orbits of the negation and Frobenius maps. This method was developed in
1998 independently by Certicom researchers Rob Gallant, Rob Lambert, and Scott
Vanstone and by Harley s team. The amount of work required to solve the ECC2K- 108
challenge was about 50 times more than that required to solve the 512-bit RSA
cryptosystem, that is about 50 8000 MIPS-years.
Page 24 of 84
Implementation of Elliptic Curve Cryptography
Efficiency
State-of-the-art implementations of the systems from Certicom show that with all
of these efficiencies in place, ECC is an order of magnitude (roughly 10times) faster
than RSA. The use of a short public exponent in RSA can make RSA encryption and
signature verification timings (but not RSA decryption and signature generation timings)
comparable with timings for these processes using the ECC.
Space Requirements
Page 25 of 84
Implementation of Elliptic Curve Cryptography
The following table lists the comparison results of the size of the system
parameters and selected key pairs for the different systems, and presents evidence that
the system parameters and key pairs are shorter for the 160-bit ECC than for 1024-bit
RSA.
Space requirements
System Public key (bits) Private key (bits)
parameters (bits)
1024-bit RSA n/a 1088 2048
160-bit ECC 481 161 160
Certicom claims that both of the systems have similar bandwidth requirements
when they are used to encrypt or sign long messages, but say this situation changes for
the case where short messages are being transformed. Public key cryptographic systems
are often employed to transmit short messages, for example to transmit session keys for
use in a private key cryptographic system.
For the sake of this comparison, both schemes are being used to sign a 2000-bit
message, or to encrypt a 100-bit message The encryption algorithm used in encrypting
100-bit message is an ElGamal variant with point compression.
Therefore it would appear from this comparison that ECC offers considerable
bandwidth savings over the RSA when being used to transform short messages.
Page 26 of 84
Implementation of Elliptic Curve Cryptography
Summary
In summary, ECC provides greater efficiency than either integer factorization
systems, in terms of computational overheads, key sizes and bandwidth. In
implementations, these savings mean higher speeds, lower power consumption, and code
size reductions. However, the RSA system is globally accepted in vendor offerings and
may dominate the field until more research information about ECC becomes available.
Times are changing, though, and recently, in 1998, RSA Inc. announced the inclusion of
ECC technology in its basic cryptographic tool kit.
Page 27 of 84
Implementation of Elliptic Curve Cryptography
6. PROBLEM FORMULATION
The elliptic curve cryptography is used as a highly secured cryptographic system for
encryption and decryption. The research work is to identify cryptographic technique
which uses minimum space requirements and efficiency of the system is achievable.
Key distribution problem: As described above, the two users have to select a key in
secret before they can start communications over an insecure channel. A secure channel
for selecting a key may not be available.
Key management problem: In a network of n users, every pair of users must share a
secret key, for a total of n (n - 1)/2 keys. If n is large, then the number of keys becomes
unmanageable.
Page 28 of 84
Implementation of Elliptic Curve Cryptography
The basic idea that led to public key algorithms was that keys could come in
pairs of an encryption and decryption key and that it could be impossible to compute one
key given the other. Since then, many public key algorithms have been proposed, most
of them insecure or impractical. All public key algorithms are very slow compared to
secret key algorithms. The RSA algorithm takes about 1000 times longer than the
popular private key encryption algorithm, DES, when implemented in hardware, and
100 times longer in software to encrypt the same amount of data.
However, public key algorithms have a big advantage when used for ensuring
privacy of communication. Public key algorithms use different keys for signing and
decryption, and for encryption and signature verification. The private key may only be
known to its owner and must be kept in secret. It may be used for generation of digital
signatures or for decrypting private information encrypted with the public key. The
public key may be used for verifying digital signatures or for encrypting information. It
needs not to be kept secret, because it is infeasible to compute the private key from a
given public key. Thus, users can post their public key to a directory, where everybody
who wants to send an encrypted message or verify a signature can look it up. Each entity
in the network only needs to store its own private key and a public directory can store
the public keys of all entities, which is practical even in large networks.
Today, public key cryptosystems may be broadly characterized as belonging to
one of three mathematical areas. These are:
Integer factorization, such as the RSA scheme, discrete logarithm schemes, such as the
USA s DSA, or Digital Signature Algorithm, and Elliptic curve cryptosystems, or more
accurately the elliptic curve discrete logarithm scheme.
The last two schemes should be considered to be related since both their security
depends on the difficulty of solving the discrete logarithm problem. At present, the most
commonly used public key cryptosystem is the Rivest-Shamir-Adleman encryption
scheme, RSA (the recommended key size for it is at least 1024bits), which can be used
to create digital signatures and to encrypt messages. The most common private key
cryptosystem is probably Data Encryption Standard, DES, but because private key
Page 29 of 84
Implementation of Elliptic Curve Cryptography
cryptosystems can not be used to create digital signatures this thesis ignores them. It is
believed that ECC will become even more popular than RSA, because the key sizes
needed with ECC are much smaller (about 163 bits) than with RSA. The key size affects
the speed of the cryptographic operations, making them faster than RSA operations.
Page 30 of 84
Implementation of Elliptic Curve Cryptography
6.3 METHODOLOGY
The methodology to implement Elliptic curve cryptography is that the base point
should be generated and the public and the private keys are generated and finally he data
is encrypted and decrypted using the keys generated.
An elliptic curve E over the complex numbers is the set of points (x, y)
satisfying the equation
y2 = x3 + ax + b
For the given values a and b the equation should satisfy the following criteria:
4a³ + 27 b²≠ O
together with a special point O, this is called the ‘point at infinity’ (but really behaves
like a 0 under addition).A prime value P is generated with which the curve points are
generated. Using the prime values the pairs of point that satisfies the equation
y2 = x3 + ax + b MOD P is generated.
Using the curve points, the elliptic curve group points that satisfy the equation is
identified. The addition of points is done which satisfies the condition that the resultant
added point should also lie on the curve.
With these base points the public and the private keys are generated for
encryption and decryption.
Page 31 of 84
Implementation of Elliptic Curve Cryptography
6.3.1 MODULES
The System implements the following modules for generating elliptic curve points.
The base point generation module is used to generate the base point for generating
the key values.
The Big integer method is developed to implement the big integers for the number
generation. The Big integer method is implemented in a DLL file and this is capable of
doing all basic arithmetic operations. The input is accepted as the string input and the
validations are done.
The big integer method gets the input which the user typed and invokes the
following methods in it: Big integer add, Big integer Subtract, Big integer compare, Big
integer multiplication, Big integer power, Big integer divider.
All methods has a common function of Check for the numeric input, truncates
unwanted zeros, Checks for the sign of the input.
This module is designed to generate the curve points and identify the base point
with which the keys are generated. The elliptic curve formula y2 = x3 + ax + b is used to
generate the curve points and identify the base point. The a and b values (either signed
or unsigned) are accepted from the user. The a and b values should satisfy the following
Page 32 of 84
Implementation of Elliptic Curve Cryptography
condition: 4a³ + 27 b²≠ O The check option checks for these values to satisfy the above
mentioned condition.
A P value (prime value) is generated. The option is added to generate the prime
either bit wise or lengthwise. The manual entry of prime number also is given and the
manual entry is also validated for prime. The big integer method is called to perform the
operations. The manual entry for prime is validated with the Isprobableprime method of
the Big integer method.
The validated a and b values together with the prime value is used to generate the
curve points. The x and the y pair values are generated in table with x and y as follows:
x3 + ax + b MOD P (1)
y2 MOD P (2)
The points on the curve are identified when the equations (1) and (2) are equal.
The maximum prime number in the points is identified. The security of the Elliptic curve
depends on this largest prime value. The maximum prime and the base point are stored
in a text file.
The modules can be selected and executed with the help of the menu.
Page 33 of 84
Implementation of Elliptic Curve Cryptography
The base point generation module generates the curve points, maximum prime
and the base points and the form appears as follows:
The base points are saved as a separate text file and the form appears as:
Page 34 of 84
Implementation of Elliptic Curve Cryptography
Key Generation
A secret key is used for both encryption and decryption. The Key Pair consisting
of a public key and private key uses the public key for decryption and the private key for
encryption. When the key pair is generated, an association between the public key and
private key is generated, so that only that specific public key will decryption messages
with that specific private key. The public key is distributed to users for decrypting the
messages. The private key is not for distribution but kept by the owner of the key to
encrypt the messages.
The key agreement is how the key is exchanged or distributed to a user so that he
or she may decrypt the message or data. The key used for encryption, in most cases,
should not be distributed unless there are no other choices. Sometimes the keys may also
be used for digital signatures. The secret key produces only one key for the encryption
and decryption; a generic, not a Java code, method will be a pseudocode like the
following:
Cipher text=Encrypt( secretKey, Plaintext);
Plain text=Decrypt (secretKey, Cipher text);
The key generation module is used to generate the keys from the base point
which is obtained from the previous module. The private key which is the prime value is
generated. The option of the manual entry of the prime number is given which is verified
by the isprime function. The base key is opened with which the public key is generated.
The keys generated are stored in a separate text file for public and private key.
The public and the private keys are generated and saved based on the base point
that is generated. The form appears as follows:
Page 35 of 84
Implementation of Elliptic Curve Cryptography
Page 36 of 84
Implementation of Elliptic Curve Cryptography
Encryption
The public key encryption is implemented for encrypting the files. The private
key of the sender and the public key of the receiver is used to encrypt the selected file.
The encrypted file is stored in a separate text file.
The Encryption module encrypts the text file and saves the encrypted text. The private
key of the sender and the public key of the receiver is used to encrypt the text file.
]
Page 37 of 84
Implementation of Elliptic Curve Cryptography
Page 38 of 84
Implementation of Elliptic Curve Cryptography
Decryption
The encrypted file that is being stored is located. The decryption is done with the
receiver’s private key and the sender’s public key. The decrypted file is stored as a
separate text file.
Page 39 of 84
Implementation of Elliptic Curve Cryptography
Page 40 of 84
Implementation of Elliptic Curve Cryptography
Start
Getting a,b
4a3+27b2<>0
no
Getting p
stop
Page 41 of 84
Implementation of Elliptic Curve Cryptography
Start
Process A(Bx,By)
Stop
Page 42 of 84
Implementation of Elliptic Curve Cryptography
Start
Getting
cipher text
(xc,yc)
Getting public
key (Ax,Ay)
Getting private
key of B
Process B (Ax,Ay)
Process B (x1,y1) to
original text
Stop
Page 43 of 84
Implementation of Elliptic Curve Cryptography
Hardware Specification
software specification
Page 44 of 84
Implementation of Elliptic Curve Cryptography
Application:
A collection of code and visual elements that work together as a single Program.
Developers can build and run application within the Integrated Development
Environment (IDE). When users usually run application as executable files outside the
development Environment.
Code Window:
The code window is where you write visual basic code for your application. Code
window consists of language stats, constants and declaration. Listing the code window,
you can quickly view and edit any of the code in your application.
MDI form:
A window that makes up the background of a multiple-document interface(MDI)
application. The MDI for is the container for any MDI child forms in the application.
Page 45 of 84
Implementation of Elliptic Curve Cryptography
Visual Basic 6.0 provides us a number of custom controls of which ate some ate
databound controls. Active X controls etc. Since a majority of these controls happen to
be active X controls, these custom controls are also called as Active X controls. An
active X control is an object that we place on a form to enable or enhance a users
interaction with an application. Active X controls have events and can be incorporated
into other controls. These controls have an .ocx file name extension.
Active-X Controls:
Apart from VB standard controls a number of Active-x controls are available.
These Active-x controls are registered in the windows platform.
Modules:
Code that is attached to a form is accessible from anywhere on that form, but a
program may have more than one form. It will sometimes be necessary to have program
code that can be reached from any form and in this case that code would be written on a
Page 46 of 84
Implementation of Elliptic Curve Cryptography
module. Module disappear fr4om view when the programs runs, only forms have an on-
screen existence. There may be several modules in one program, and each is saved as a
separation.
Project:
The project holds together the various forms and modules that makeup a program.
Its purpose is primarily one of convenience. When we want to start work on a program
we only have to open the one project file marked by a MAK extension rather than a
whole set of forms and modules.
Procedure:
All the code in a program is written in procedures or subroutines. Most of these
will be attached to a control or more accurately to an event belonging to a control some
will be free standing. All start with the key word sub and close with end sub.
Page 47 of 84
Implementation of Elliptic Curve Cryptography
Feasibility study is a test of proposal to its workability, impact, ability to meet the
user needs and effective use of resources. It is both necessary and prudent to evaluate the
feasibility of a project at the earliest possible time. Feasibility and risk analysis are
related in many ways. If project risk is great, then the feasibility of producing quality
software is reduced.
Is there a better way of performing users work rather than the current
method?
What is the cost involved in going for a new system?
What are the benefits the user could gain over the current system?
What is recommended?
Page 48 of 84
Implementation of Elliptic Curve Cryptography
Feasibility consideration
Feasibility analysis involves three main considerations namely
Technical Feasibility
Behavioral Feasibility
Economic Feasibility
Technical Feasibility
Resource Availability: The resource availability for this technical process is the
necessary software, hardware and the man power with technical skills. All these
resources are satisfied and prove the system technically feasible.
Behavioral Feasibility
Behavioral Feasibility aims at estimating whether the user is able to cope with the
new system. The project has got sufficient support from the management and from the
users. The system was found to be operationally feasible.
Economic Feasibility
This procedure involves the analysis of cost involved to set up the new system
and the cost involved is compared with the benefits that the new system would render.
Page 49 of 84
Implementation of Elliptic Curve Cryptography
A menu is a list of options organized in a specified format that simplifies the data and
access. While designing the menu, the following objectives are followed:
Names for each menu are given clearly in an understandable manner.
Shortcut key is given for each menu for easy selection.
Sub-menus are added whenever necessary to avoid a lengthy list.
Menu Design
The menu is designed with the main motive of user friendliness which allows the
user to navigate through the various modules available in the system. The modules are
compiled by the users with a single click in the menu option. This facilitates the user to
execute the system in an efficient manner. The menu is limited with only the module
options such that all the other activities within the module can be executed at their
location without returning to the menu all the time.
Page 50 of 84
Implementation of Elliptic Curve Cryptography
The quality of system input determines the quality of the system output. Input
design specifies the manner in which data enters the system for processing. Processing
input and designs are done in such a way that it caters to the requirement of the end-users,
extensive care has to be taken to ensure the validity of the input data. It determines the
acceptance of the project by the user. Hence, input design plays a major role in the
development of the system.
Reliability
Operational efficiency
Interaction
The amount of input the user has to type in, should be less without tiring the user
to access the information. The standard input can be provided in the form of selection for
better access. Here, the major interacting input media is through the controls and
hyperlink. Simple and straightforward hyperlinks are provided for easier
understandability of the system flow.
Avoiding Delay
Since, the information is provided as web pages and the length of the page is
made short, the information can be accessed without delay.
Page 51 of 84
Implementation of Elliptic Curve Cryptography
The Inputs are designed in such a way, that even the novice user can use this
project without others support. Improper designing of the input will lead to the
misunderstanding of information. Hence, this phase has been handled with great care in a
well-detailed manner, so that the users are taken along the right path.
Input Forms
Form 1: Base Point Generation Form
The input form is designed to obtain the curve points and to identify the
base point for the given a and b values. The formula for the elliptic curve is:
y2 = x3 + ax + b,
Page 52 of 84
Implementation of Elliptic Curve Cryptography
plus a special point O that lies infinitely far up the y –axis. The given values a and b
should satisfy the equation 4a³ + 27 b²≠ 0. The prime values are generated either
manually or through the system with the given length or given bit value. With the
obtained prime value the curve points are generated and the maximum Prime on the
generated curve points is identified. With this maximum prime value generated the base
point of the elliptic curve is identified. The obtained base point is saved in a separate text
file with the extension _BasePnt.
Page 53 of 84
Implementation of Elliptic Curve Cryptography
The key generation form id used to generate the public and the private keys. With
the base point obtained in the previous form the keys are generated.
Private Key: The private key is generated by specifying the prime number. The prime
number which acts as the private key is generated either manually by the user or it can be
randomly generated by the system. The private key which is generated is saved in a
separate text file with the extension _pvkey which is used later for the process and
encryption and decryption.
Public Key: The public key generation is generated with the private key and the base
point that has been generated for the elliptic curve. The public key which is generated is
stored in a separate text file with the extension _pbkey which is used during the process
of encryption and decryption.
Page 54 of 84
Implementation of Elliptic Curve Cryptography
The Encryption for is used for the encryption of the text file using the keys that
have been generated. The form is designed to get the input of the text file, the public and
the private keys which is to be used for the process of encryption. The validations are
done to check for the opening of the private and the public keys.
The open file option is used for selecting the text file which is to be encrypted.
The encrypt option encrypts the text file and converts it into the curve points. When the
sender wants to send some text data he encrypts the data with their own private key and
the receivers public key. The encryption is done by the repeated addition of the points to
the number of times in the private key value. The points will be the result of the addition.
The encrypted text file is separately stored in a text file.
Page 55 of 84
Implementation of Elliptic Curve Cryptography
The decryption form is used to decrypt the cipher text using the public and the
private keys. The form has the option to open the cipher text and the keys that are
generated. The receiver decrypts the cipher text with their own private key and the
sender’s public key value. The decrypted text is separately stored in a text file.
Page 56 of 84
Implementation of Elliptic Curve Cryptography
Output design is also one of the important phases in system design. Output,
generally refers to the results and information that are generated by the system. For many
users, output is the main reason for developing the system and it is the basis on which
they will evaluate the usefulness of the application.
The main form of interaction between the users is the output. Hence, the output
should be designed with great attention. The output should be presented in an impressive
form, which will satisfy the user requirement in simple and attractive manner. The
information is organized in a formal manner so that a user can easily identify and fulfill
their requirements. Precise information is provided so that the user can make the utmost
use of this application.
Since, the output is designed keeping in mind the users requirements in the organization
it is designed in such a way that a new user can also easily work in the environment, the
system is found to reach the user effectively.
Page 57 of 84
Implementation of Elliptic Curve Cryptography
Form1: The form that shows the curve points and the base point
Form 2: The form that shows the output of the generated keys
Page 58 of 84
Implementation of Elliptic Curve Cryptography
Page 59 of 84
Implementation of Elliptic Curve Cryptography
8 SYSTEM TESTING
Testing Objectives
Testing is the process of executing a program with the intent of finding an error.
A good testing case is the one that has a high probability of finding an as yet
undiscovered error.
A successful test is one that uncovers an as yet undiscovered error.
Levels of testing
Unit testing: Individual components are tested to ensure that they operate correctly. Each
component is tested independently, without other system components.
1. System Testing: The sub-system is integrated to make up the entire system. The
testing process is concerned with finding errors, which result from un-anticipated
interactions between subsystem components. It is also concerned with validating
the system meets its functional and non-functional requirements.
2. Acceptance Testing: This is the final stage in the testing process before the
system is accepted for operational use. Acceptance testing may reveal error and
omissions in the system requirements definition because real data exercises the
system in different ways from the test data. Acceptance testing may also reveal
requirements problem where the system facilities do not really meet the user’s
need or the system performance is unacceptable.
Page 60 of 84
Implementation of Elliptic Curve Cryptography
TESTING STRATEGIES:
1. Top-down Testing: Top-down testing tests the higher levels of a system testing
its detailed components. The program is represented as a single abstract
component with sub components represented by stubs. Stubs have the same
interface as the components but with very limited functionality. After the top-
level component has been tested, its sub-components are implemented and tested
in the same way. This process continues recursively until the bottom-level
components are implemented. The whole system may then be completely tested.
3. Black box Testing: Knowing the specified function that a product has been
designed to perform, test can be conducted that demonstrates each function that is
fully operational, at the same time searching for errors in each function. Black
Box testing focuses on functional requirements of the software.
Black Box testing attempts to find out error in the following categories:
Page 61 of 84
Implementation of Elliptic Curve Cryptography
4. White Box Testing: Knowing the internal working of a product, test can be
conducted to ensure that all gears mesh that is internal operation performs
according to specification and all internal components have been adequately
exercised. Using white box testing method, the software engineer can derive test
cases that
Page 62 of 84
Implementation of Elliptic Curve Cryptography
Validations
The values of a and b in the Elliptic curve formula should satisfy the equation 4a³
+ 27 b²≠ 0. The check condition is done and the validated resulting formula is displayed
to the user.
The base point that is generated is stored as a separate text file. The validation is done to
check whether the data is stored in a text file separately.
Page 63 of 84
Implementation of Elliptic Curve Cryptography
The validation is done to check for the prime values that are given manually or when a
random number is given by the user. (Base point generation form)
The validation is done to check for the prime values that are given manually or when a
random number is given by the user. (Key generation form)
Page 64 of 84
Implementation of Elliptic Curve Cryptography
When the user try to generate the key with the wrong value or when the user does not
give the proper base key value, the validation is done and the information is prompted to
the user.
During encryption process when the user tries to open a public key file instead of a
private key file of vice versa the validation is done and the information is intimated to the
user.
Page 65 of 84
Implementation of Elliptic Curve Cryptography
9. IMPLEMENTATION
The implementation plan consists of the methods for changing from the old
system to new one. It includes the activities that take place to convert from the old system
to the new.
Changeover
Changeover is the process where the existing system is converted into the new
system. The changeover from old to new system takes place when:
Direct changeover
Parallel running
Pilot running
Staged changeover
The type of changeover going to be adopted for the system is parallel running.
Parallel running means processing current data by both old and new systems and
crosscheck the results. The old system kept alive and operational until new system is
proved for at least one system cycle, using full live data in the real operational
environment of place, people, equipment and time.
The advantages are that we can access the performance of both the systems and it
will increase the morale of the staff and the management. Since both the systems have to
be maintained at the same time, there are only fewer chances for mistake.
Before installation of the software the hardware specification are checked. If the
hardware specifications are satisfactory then the software is loaded. When the users and
Page 66 of 84
Implementation of Elliptic Curve Cryptography
management are satisfied with the system, the existing system is stopped and the new
system is implemented. This change from the existing system takes place.
Page 67 of 84
Implementation of Elliptic Curve Cryptography
10. CONCLUSION
Currently, Elliptic curve cryptosystem offer a much shorter key size, 160 - 180
bits, for equivalent security to RSA – 1024. However it is important to look also at
performance in addition to security.
This is quite simplistic though. Underlying this are the whole set of knotty issues.
Depending upon how the ECC is implemented. For example will 1 or 2 curves become
standardized or will curves be generated by individuals (For a successful cryptographic
exchange all parties will need to be using the same EC and there are roughly 2p curves
over GF (P)). These are not insurmountable concerns but are nevertheless raised as issues
by those developing such system.
Finally, ECC’s have only been intensively studied over the last 10 years or so.
Although their ‘Newness’ used to be viewed as an obstacle it is much less the case now.
Page 68 of 84
Implementation of Elliptic Curve Cryptography
ECC are being widely accepted and incorporated in the design of new system as an
alternative crypto technology. Moreover, ECC’s have been successfully implemented in
mobile radio and franking applications.
Page 69 of 84
Implementation of Elliptic Curve Cryptography
Page 70 of 84
Implementation of Elliptic Curve Cryptography
BIBLIOGRAPHY
WEBSITES
www.wikipedia.com
REFERENCE BOOK
Ellias Awad, “System Analysis And Design”, Edition II, Galgotia publications.
Page 71 of 84
Implementation of Elliptic Curve Cryptography
APPENDICES
A. SAMPLE SCREENS
Page 72 of 84
Implementation of Elliptic Curve Cryptography
Page 73 of 84
Implementation of Elliptic Curve Cryptography
Page 74 of 84
Implementation of Elliptic Curve Cryptography
Page 75 of 84
Implementation of Elliptic Curve Cryptography
Page 76 of 84
Implementation of Elliptic Curve Cryptography
Page 77 of 84
Implementation of Elliptic Curve Cryptography
Page 78 of 84
Implementation of Elliptic Curve Cryptography
Page 79 of 84
Implementation of Elliptic Curve Cryptography
Page 80 of 84
Implementation of Elliptic Curve Cryptography
B. SAMPLE CODE
Dim bm As New BigIntegerMethods
Dim a As Integer, b As Integer
Dim X As String, Y As String, p As String, mp As String
Dim tot_pnts As String
Dim x3 As String, y3 As String
Dim nx1 As String, ny1 As String
Dim c As Integer
tp_lbl.Visible = False
tt_lbl.Visible = False
If c = 0 Then
ans_lbl.Caption = "Not Satisfying the condition"
'MsgBox "Not Satisfying the condition", vbInformation, "Invalid"
ElseIf c <> 0 Then
ans_lbl.Caption = "The formula is : y^2 = x^3 +" & txt_a.Text & "x + " & txt_b.Text
'MsgBox "The formula is : y^2 = x^3 +" & txt_a.Text & "x + " & txt_b.Text, vbInformation, "valid"
End If
Exit Sub
lab:
MsgBox "Invalid Input", vbExclamation, "Invalid"
End Sub
Page 81 of 84
Implementation of Elliptic Curve Cryptography
BigInteger_Methods1.Visible = True
ans_prime.Caption = ""
If BigInteger_Methods1.BigInteger_IsProbablePrime_RM(txt_prime.Text) = True Then
ans_prime.Caption = "Prime"
Else
ans_prime.Caption = "NotPrime"
End If
BigInteger_Methods1.Visible = False
End Sub
g_rnd_Click
Page 82 of 84
Implementation of Elliptic Curve Cryptography
Wend
For cn = 0 To Me.Controls.Count - 1
Set ob = Me.Controls(cn)
If TypeOf ob Is CommandButton Then
ob.Enabled = True
End If
Next cn
End Sub
End Sub
Page 83 of 84
Implementation of Elliptic Curve Cryptography
Exit Sub
lab:
MsgBox "File copy error", vbExclamation, "Failed"
Page 84 of 84