# Implementation of Elliptic Curve Digital Signature Algorithm

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India ABSTRACT The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the Digital Signature Algorithm (DSA). It was accepted in 1999 as an ANSI standard, and was accepted in 2000 as IEEE and NIST standards. It was also accepted in 1998 as an ISO standard, and is under consideration for inclusion in some other ISO standards. Unlike the ordinary discrete logarithm problem and the integer factorization problem, no sub exponential-time algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strength-per-keybit is substantially greater in an algorithm that uses elliptic curves. This paper describes the implementation of ANSI X9.62 ECDSA over elliptic curve P-192, and discusses related security issues. Categories and Subject Descriptors D.4.6 [Operating Systems]: Security and Protection access controls, authentication cryptographic control; E.3 [Data]: Data Encryption Public key cryptosystem, standards. General Terms Algorithms, Security. Keywords integer factorization, discrete logarithm problem, elliptic curve cryptography, DSA, ECDSA. 1. INTRODUCTION Cryptography is the branch of cryptology dealing with the design of algorithms for encryption and decryption, intended to ensure the secrecy and/or authenticity of message. The DSA was proposed in August 1991 by the U.S. National Institute of Standards and Technology (NIST) and was specified in a U.S. Government Federal Information Processing Standard (FIPS 186) called the Digital Signature Standard (DSS). Its security is based on the computational intractability of the discrete logarithm problem (DLP) in prime-order subgroups of Z p *. Digital signature schemes are designed to provide the digital counterpart to handwritten signatures (and more). Ideally, a digital signature scheme should be existentially non-forgeable under chosenmessage attack. The ECDSA have a smaller key size, which leads to faster computation time and reduction in processing power, storage space and bandwidth. This makes the ECDSA ideal for constrained devices such as pagers, cellular phones and smart cards. The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the DSA. ECDSA was first proposed in 1992 by Scott Vanstone [1] in response to NIST s (National Institute of Standards and Technology) request for public comments on their first proposal for DSS. It was accepted in 1998 as an ISO (International Standards Organization) standard (ISO ), accepted in 1999 as an ANSI (American National Standards Institute) standard (ANSI X9.62), and accepted in 2000 as an IEEE (Institute of Electrical and Electronics Engineers) standard (IEEE ) and a FIPS standard (FIPS 186-2) Digital signature schemes can be used to provide the following basic cryptographic services: data integrity (the assurance that data has not been altered by unauthorized or unknown means) data origin authentication (the assurance that the source of data is as claimed) non-repudiation (the assurance that an entity cannot deny previous actions or commitments) In this paper, first we start with the cryptography schemes based on integer factorization (IF) and discrete logarithm (DL) in section 2. In section 3, we discuss ECC in detail. In section 4, we show the implementation and results. Further in section 5 and 6 we compare and conclude respectively. 2. CRYPTOGRAPHIC SCHEMES 2.1 Integer Factorization In Integer factorization, given an integer n which is the product of two large primes p and q such that: n = p * q (1) It is easy to calculate n for given p and q but it is computationally infeasible to determine p and q given n for large values of n. One of the famous algorithms is RSA. The RSA Algorithm is shown below: 1. Choose two large prime numbers, p and q (1024 bits) 2. Compute n = p * q and z = (p-1) * (q-1). 3. Choose a number, e, less than n, which has no common factors (other than 1) with z. 21

2 4. Find a number, d, such that e * d -1 is exactly divisible (i.e., with no remainder) by z. The public key is the pair of numbers (n, e), private key is the pair of numbers (n, d). The encryption is done as follows: c = m e mod n (2) To decrypt the received cipher text message, c m = c d mod n (3) which requires the use of the private key, (n, d). Its security depends on the difficulty of factoring the large prime numbers. The best known method for solving Integer Factorization problem is Number Field Sieve which is a subexponential algorithm and having a running time of exp[1.923*(log n) 1/3 *(log log n) 2/3 ] [2]. 2.2 Discrete Logarithm Discrete logarithms are ordinary logarithms involving group theory. An ordinary logarithm log a(b) is a solution of the equation a x = b over the real or complex numbers. Similarly, if g and h are elements of a finite cyclic group G then a solution x of the equation g x = h is called a discrete logarithm to the base g of h in the group G, i.e. log g(h). A group with an operation * is defined on pairs of elements of G. The operations satisfy the following properties: 1. Closure: a * b ε G for all a, b ε G. 2. Associativity: a * (b * c) = (a * b) * c for all a, b ε G. 3. Existence of Identity: There exists an element e ε G, called the identity, such that e * a = a * e = a for all a ε G. 4. Existence of inverse: For each a ε G there is an element b ε G such that a * b = b * a = e. The element b is called the inverse of a. Moreover, a group G is said to be abelian if a * b = b * a for all a, b ε G. The order of a group G is the number of elements in G. The discrete logarithm problem is to find an integer x, 0 x n- 1, such that g x h (mod p), for given g ε Z*p of order n and given h ε Z*p. The integer x is called the discrete logarithm of h to the base g. Digital Signature Algorithm (DSA), Diffie Hellman (DH) and El Gamal are based on discrete logarithms. The best known method for solving Discrete Logarithm problem is Number Field Sieve which is a sub-exponential algorithm, having a running time of exp[1.923*(log n) 1/3 *(log log n) 2/3 ] [2] Comparison with Integer Factorization While the problem of computing discrete logarithms and the problem of integer factorization are distinct problems they share some properties: both problems are difficult (no efficient algorithms are known for non-quantum computers), for both problems efficient algorithms on quantum computers are known, algorithms from one problem are often adapted to the other, and difficulty of both problems has been exploited to construct various cryptographic systems Elliptic Curve Discrete Logarithm An elliptic curve E k, [3] defined over a field K of characteristic 2 or 3 is the set of solutions (x, y) ε K' to the equation y 2 = x 3 + ax + b (4) a, b ε K (where the cubic on the right has no multiple roots). Two nonnegative integers, a and b, less than p that satisfy: 4a b 2 (mod p) 0 (5) Then E p (a, b) denotes the elliptic group mod p whose elements (x, y) are pairs of nonnegative integers less than p satisfying: y 2 x 3 + ax + b (mod p) (6) together with the point at infinity O. The elliptic curve discrete logarithm problem can be stated as follows. Fix a prime p and an elliptic curve. Q= xp (7) where xp represents the point P on elliptic curve added to itself x times. Then the elliptic curve discrete logarithm problem is to determine x given P and Q. It is relatively easy to calculate Q given x and P, but it is very hard to determine x given Q and P. ECC is based on ECDLP. ECDH and ECDSA are cryptographic schemes based on ECC. The best known algorithm for solving ECDLP is Pollard-Rho algorithm which is fully exponential having a running time of ( *n /2) [2]. 3. ELLIPTIC CURVE CRYPTOGRAPHY Elliptic curve cryptosystems (ECC) were invented by Neal Koblitz [3] and Victor Miller [4] in They can be viewed as elliptic curve analogues of the older discrete logarithm (DL) cryptosystems in which the subgroup of Z p * is replaced by the group of points on an elliptic curve over a finite field. The mathematical basis for the security of elliptic curve cryptosystems is the computational intractability of the elliptic curve discrete logarithm problem (ECDLP) [5]. ECC is a relative of discrete logarithm cryptography. An elliptic curve E over Z p as in Figure 1 is defined in the Cartesian coordinate system by an equation of the form: y 2 = x 3 + ax + b (8) where a, b ε Z p, and 4a b 2 0 (mod p), together with a special point O, called the point at infinity. The set E(Z p) consists of all points (x, y), x ε Z p, y ε Z p, which satisfy the defining equation, together with O. Each value of a and b gives a different elliptic curve. The public key is a point on the curve and the private key is a random number. The public key is obtained by multiplying the private key with a generator point G in the curve. 22

4 point L, which is the result of addition of points J and K. Thus on an elliptic curve L = J + K. If K = -J the line through this point intersect at a point at infinity O. Hence J + (-J) = O. A negative of a point is the reflection of that point with respect to x-axis [7]. x 3= {(y 2-y 1)/(x 2-x 1)} 2 x 1-x 2 and y 3= {(y 2-y 1)/(x 2-x 1)}(x 1- x 3) y 1 Point doubling Let P=(x 1, y 1) ε E(F p) where P -P. Then 2P=(x 3, y 3) where x 3={(3x 1 2 +a)/2y 1} 2-2x 1 and y 3={(3x 1 2 +a)/2y 1} 2 (x 1-x 3) y 1 Figure 2. Point Addition Point doubling Point doubling is the addition of a point J on the elliptic curve to itself to obtain another point L on the same elliptic curve To double a point J to get L, i.e. to find L = 2J, consider a point J on an elliptic curve as shown in Figure 3. If y coordinate of the point J is not zero then the tangent line at J will intersect the elliptic curve at exactly one more point L. The reflection of the point L with respect to x-axis gives the point L, which is the result of doubling the point J, i.e., L = 2J. If y coordinate of the point J is zero then the tangent at this point intersects at a point at infinity O. Hence 2J = O when y j=0. Figure 3 shows point doubling [7]. Figure 3. Point Doubling Algebraic Formulae Over F p P+O=O+P=P for all P ε E(F p) If P=(x, y) ε E(F p) then (x, y)+(x,-y)=o. (The point (x,-y) is denoted by P, and is called the negative of P, observe that P is indeed a point on the curve. Point addition Let P=(x 1, y 1) ε E(F p) and Q=(x 2, y 2) ε E(F p), where P ± Q. Then P+Q=(x 3, y 3) where Algebraic Formulae Over F 2 m P+O=O+P=P for all P ε E(F 2 m ) If P=(x, y) ε E(F p) then (x, y)+(x, -y)=o. (The point (x, -y) is denoted by P, and is called the negative of P, observe that P is indeed a point on the curve. (Point addition) Let P=(x 1, y 1) ε E(F 2 m ) and Q=(x 2, y 2) ε E(F 2 m ), where P ± Q. Then P+Q=(x 3,y 3) where x 3= {(y 2+y 1)/(x 2+x 1)} 2 + {(y 2+y 1)/(x 2+x 1)}+ x 1 + x 2 +a and y 3= {(y 2+y 1)/(x 2+x 1)}(x 1+x 3) +x 3 + y 1 (Point doubling) Let P=(x 1,y 1) ε E(F 2 m ) where P -P. Then 2P=(x 3,y 3) where x 3=x 1 2 +(b/ x 1 2 ) and y 3=x 1 2 +{x 1+(y 1/x 1)}x 3 + x 3 4. IMPLEMENTAION AND RESULTS Elliptic Curve Digital Signature Algorithm is implemented over elliptic curve P-192 as mandated by ANSI X9.62 in C language. The Project contains necessary modules for domain parameters generation, key generation, signature generation, and signature verification over the elliptic curve. ECDSA has three phases, key generation, signature generation, and signature verification. ECDSA Key Generation: An entity A s key pair is associated with a particular set of EC domain parameters D= (q, FR, a, b, G, n, h). E is an elliptic curve defined over F q, and P is a point of prime order n in E(F q), q is a prime. Each entity A does the following: 1. Select a random integer d in the interval [1, n- 1]. 2. Compute Q = dp. 3. A s public key is Q, A s private key is d. ECDSA Signature Generation:. To sign a message m, an entity A with domain parameters D= (q, FR, a, b, G, n, h) does the following: 1. Select a random or pseudorandom integer k in the interval [1, n-1]. 2. Compute kp =x 1, y 1 and r= x 1 mod n (where x 1 is regarded as an integer between 0 and q-1). If r= 0 then go back to step Compute k -1 mod n. 4. Compute s= k -1 {h (m)+ dr} mod n, where h is the Secure Hash Algorithm (SHA-1). If s = 0, then go back to step The signature for the message m is the pair of integers (r, s). 24

5 ECDSA Signature Verification: To verify A s signature (r, s) on m, B obtains an authenticated copy of A s domain parameters D = (q, FR, a, b, G, n, h) and public key Q and do the following 1. Verify that r and s are integers in the interval [1, n-1]. 2. Compute w = s -1 mod n and h (m) 3. Compute u 1 = h(m)w mod n and u 2 = rw mod n. 4. Compute u 1P + u 2Q =(x 0, y 0) and v= x 0 mod n. 5. Accept the signature if and only if v = r Figure 5. Signature Verification Figure 4. Signature Generation Results The following results are brought to highlight for given set of values. The SHA-1 result are shown along with the private and public set of keys SHA 1 Input: a SHA Output: 86f7e437faa5a7fce15d1ddcb9eaeaea377667b8 Input: ABC SHA Output: 3c01bdbb26f358bab27f267924aa2c9a03fcfdb8 Key Pair Generation: 198 bit random private key and corresponding public key: Private A=

6 Public x of A= Public y of A= Private A= Public x of A= Public y of A= Further for a given input file containing text had been taken and signature is generated and then verified by the values of r and s. Signature Generation: Input file="abcd" Private:0xd43fb7ff56a d87f785db45b043129f6468ccff4 2d0001 Signature: r=0xb8d06fa44816c92b8b26f797e5f3cc07984d8b7f7e49a339 s=0xd74f17a1e19139d77558c6b2d16dcb1f4bb31da2ded25733 Proof of verification If a signature (r, s) on a message m was indeed generated by A, then s = k -1 (h (m)+dr) mod n. Rearranging gives k s -1 (e+dr) s -1 e + s -1 rd we +wrd u 1+u 2d (mod n). Thus u 1G +u 2Q = (u 1 +u 2d) G = kg and so v=r as required. Figure 6. Difficulty of forward, inverse operation against key length Table 5.1 shows the comparison of ECC with RSA, DSA, and DH in terms of key length and time to break on machine running 1 MIPS [9]. Table 1 Key comparison of Symmetric, RSA/DSA/DH, ECC Symmetric RSA/DSA/DH ECC Time to break in MIPS years COMPARISON WITH RSA and DSA In all cryptography systems discussed so far, there is a comparative difficulty of doing two types of operations-a forward operation which must be tractable [8], and an inverse operation which must be intractable. The degree of difference between the difficulties of these operations depends on the size of the key pairs. The inverse operation increases exponentially whereas the forward operation increases linearly as the key size increases as in Figure 6. Increase in key length give rise to complexity issues in both operations. Thus ECC is preferred as it provides same level security at 160 bit key length as of 1024 bit key length in RSA. 5.1 Comparison of ECC with RSA 1. RSA takes sub-exponential time and ECC takes full exponential time. For example, RSA with key size of 1024 bits takes 3x10 11 MIP years with best known attack where as ECC with 160 bit key size takes 9.6x 10^11 MIP years[10]. 2. ECC offers same level of security with smaller key sizes. 3. DATA size for RSA is smaller than ECC. 4. Encrypted message is a function of key size and data size for both RSA and ECC. ECC key size is relatively smaller than RSA key size, thus encrypted message in ECC is smaller. 5. Computational power is smaller for ECC. 5.2 Comparison of ECDSA with DSA 1. Both algorithms are based on the ElGamal signature scheme and use the same signing equation: s = k -1 {h (m) + dr} mod n. 2. In both algorithms, the values that are relatively difficult to generate are the system parameters(p, q and g for the DSA; E, P and n for the ECDSA). 26

7 3. In their current version, both DSA and ECDSA use the SHA-1 as the sole cryptographic hash function. 4. The private key d and the per-signature value k in ECDSA are defined to be statistically unique and unpredictable rather than merely random as in DSA [11]. 5.3 Advantages of ECC Thus, the ECC offered remarkable advantages over other cryptographic system. 1. It provides greater security for a given key size. 2. It provides effective and compact implementations for cryptographic operations requiring smaller chips. 3. Due to smaller chips less heat generation and less power consumption. 4. It is mostly suitable for machines having low bandwidth, low computing power, less memory. 5. It has easier hardware implementations. So far no drawback of ECC had been reported. 6. CONCLUSION Elliptic Curve Digital Signature Algorithm (ECDSA) which is one of the variants of Elliptic Curve Cryptography (ECC) proposed as an alternative to established public key systems such as Digital Signature Algorithm (DSA) and Rivest Shamir Adleman (RSA), have recently gained a lot of attention in industry and academia. The main reason for the attractiveness of ECDSA is the fact that there is no sub exponential algorithm known to solve the elliptic curve discrete logarithm problem on a properly chosen elliptic curve. Hence, it takes full exponential time to solve while the best algorithm known for solving the underlying integer factorization for RSA and discrete logarithm problem in DSA both take sub exponential time. The key generated by the implementation is highly secured and it consumes lesser bandwidth because of small key size used by the elliptic curves. Significantly smaller parameters can be used in ECDSA than in other competitive systems such as RSA and DSA but with equivalent levels of security. Some benefits of having smaller key size include faster computation time and reduction in processing power, storage space and bandwidth. This makes ECDSA ideal for constrained environments such as pagers, PDAs, cellular phones and smart cards. These advantages are especially important in other environments where processing power, storage space, bandwidth, or power consumption are lacking. 7. REFERENCES [1] Vanstone, S. A., Responses to NIST s Proposal Communications of the ACM, 35, [2] Vanstone, S. A., Next generation security for wireless: elliptic curve cryptography. Computers and Security, vol. 22, No. 5. [3] Koblitz, N., Elliptic curve cryptosystems. Mathematics of Computation 48, [4] Miller, V., Use of elliptic curves in cryptography. CRYPTO 85. [5] Certicom ECC Challenge Certicom Research [6] Hankerson, D., Menezes, A., Vanstone, S., Guide to Elliptic Curve Cryptography. Springer. [7] Botes, J.J., Penzhorn, W.T., An implementation of an elliptic curve cryptosystem. Communications and Signal Processing. COMSIG-94. In Proceedings of the 1994 IEEE South African Symposium, [8] An intro to Elliptical Curve Cryptography[On-Line]. Available: 68.html [2010]. [9] Gupta, V., Stebila, D., Fung, S., Shantz, S.C., Gura, N., Eberle, H., Speeding up Secure Web Transactions Using Elliptic Curve Cryptography. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS 2004). The Internet Society, [10] Raju, G.V.S., Akbani, R., Elliptic Curve Cryptosystem And Its Application. In Proceedings of the 2003 IEEE International Conference on Systems Man and Cybernetics (IEEE-SMC), [11] Johnson, D.B., Menezes, A.J., Elliptic Curve DSA (ECDSA): An Enhanced DSA. Scientific Commons. 27

### Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

### IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE

IMPLEMENTATION OF ELLIPTIC CURVE CRYPTOGRAPHY ON TEXT AND IMAGE Mrs. Megha Kolhekar Assistant Professor, Department of Electronics and Telecommunication Engineering Fr. C. Rodrigues Institute of Technology,

### ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS

ENCRYPTION OF DATA USING ELLIPTIC CURVE OVER FINITE FIELDS D. Sravana Kumar 1 CH. Suneetha 2 A. ChandrasekhAR 3 1 Reader in Physics, SVLNS Government College, Bheemunipatnam, Visakhapatnam Dt., India skdharanikota@gmail.com

### 1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?

### A New Efficient Digital Signature Scheme Algorithm based on Block cipher

IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 2278-0661, ISBN: 2278-8727Volume 7, Issue 1 (Nov. - Dec. 2012), PP 47-52 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1

### NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,

### Cryptography and Network Security

Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared

### Cryptography and Network Security Chapter 10

Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central

### Elliptic Curve Cryptography

Elliptic Curve Cryptography Elaine Brow, December 2010 Math 189A: Algebraic Geometry 1. Introduction to Public Key Cryptography To understand the motivation for elliptic curve cryptography, we must first

### Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master

### SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

### Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves

Blinding Self-Certified Key Issuing Protocols Using Elliptic Curves Billy Bob Brumley Helsinki University of Technology Laboratory for Theoretical Computer Science billy.brumley@hut.fi Abstract Self-Certified

### Digital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015

Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital

### A Survey of the Elliptic Curve Integrated Encryption Scheme

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME, ISSUE, AUGUST 010 A Survey of the Elliptic Curve Integrated Encryption Scheme 7 V. Gayoso Martínez, L. Hernández Encinas, and C. Sánchez Ávila Abstract

### IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM

NABI ET AL: IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM 28 IMPLEMENTATION AND PERFORMANCE ANALYSIS OF ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM Mohammad Noor

### Study of algorithms for factoring integers and computing discrete logarithms

Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department

### Elements of Applied Cryptography Public key encryption

Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let

### A New Generic Digital Signature Algorithm

Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study

### The Mathematics of the RSA Public-Key Cryptosystem

The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through

### Review of methods for secret sharing in cloud computing

Review of methods for secret sharing in cloud computing Dnyaneshwar Supe Amit Srivastav Dr. Rajesh S. Prasad Abstract:- Cloud computing provides various IT services. Many companies especially those who

### MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

MATH 168: FINAL PROJECT Troels Eriksen 1 Introduction In the later years cryptosystems using elliptic curves have shown up and are claimed to be just as secure as a system like RSA with much smaller key

### A Factoring and Discrete Logarithm based Cryptosystem

Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

### A New secure email scheme Using Digital Signature with S/MIME

International Journal of Computer Networks and Communications Security VOL. 4, NO. 3, MARCH 2016, 56 62 Available online at: www.ijcncs.org E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print) A New secure

### Notes on Network Security Prof. Hemant K. Soni

Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications

### A SURVEY ON ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM AND ITS VARIANTS

A SURVEY ON ELLIPTIC CURVE DIGITAL SIGNATURE ALGORITHM AND ITS VARIANTS ABSTRACT Greeshma Sarath 1, Devesh C Jinwala 2 and Sankita Patel 3 1,2,3 Department of Computer Engineering, SVNIT, Surat greeshmasarath88@gmail.com,

### A SOFTWARE COMPARISON OF RSA AND ECC

International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138

### Elliptic Curves and Elliptic Curve Cryptography

Undergraduate Colloquium Series Elliptic Curves and Elliptic Curve Cryptography Amiee O Maley Amiee O Maley graduated Summa Cum Laude from Ball State in May 00 with a major in Mathematics. She is currently

### Digital Signature Standard (DSS)

FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Digital Signature Standard (DSS) CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY Information Technology Laboratory National Institute

### Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie

### COMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORK

COMPARISON AND EVALUATION OF DIGITAL SIGNATURE SCHEMES EMPLOYED IN NDN NETWORK Al Imem Ali 1 1 PRINCE ISITC, H. Sousse University of Sousse, 4011 Hammam Sousse, Tunisia ABSTRACT It is well known that Named

### An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and

### Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography

Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt

### Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Encryption/Decryption using Public Key Cryptography Network Security Chapter 2 Basics 2.2 Public Key Cryptography

### Public Key (asymmetric) Cryptography

Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

### Cryptography: RSA and the discrete logarithm problem

Cryptography: and the discrete logarithm problem R. Hayden Advanced Maths Lectures Department of Computing Imperial College London February 2010 Public key cryptography Assymmetric cryptography two keys:

### Digital Signature. Raj Jain. Washington University in St. Louis

Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

### CERTIFICATE AUTHORITY SCHEMES USING ELLIPTIC CURVE CRYPTOGRAPHY, RSA AND THEIR VARIANTS- SIMULATION USING NS2

American Journal of Applied Sciences 11 (2): 171-179, 2014 ISSN: 1546-9239 2014 Science Publication doi:10.3844/ajassp.2014.171.179 Published Online 11 (2) 2014 (http://www.thescipub.com/ajas.toc) CERTIFICATE

### International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

### ARCHIVED PUBLICATION

ARCHIVED PUBLICATION The attached publication, FIPS Publication 186-3 (dated June 2009), was superseded on July 19, 2013 and is provided here only for historical purposes. For the most current revision

### Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport

1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...

### Overview of Public-Key Cryptography

CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

### ECE 842 Report Implementation of Elliptic Curve Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic

### Computer Security: Principles and Practice

Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography

### A blind digital signature scheme using elliptic curve digital signature algorithm

A blind digital signature scheme using elliptic curve digital signature algorithm İsmail BÜTÜN * and Mehmet DEMİRER *Department of Electrical Engineering, University of South Florida, Tampa, FL, USA Department

### Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

### SEC 2: Recommended Elliptic Curve Domain Parameters

STANDARDS FOR EFFICIENT CRYPTOGRAPHY SEC 2: Recommended Elliptic Curve Domain Parameters Certicom Research Contact: secg-talk@lists.certicom.com September 20, 2000 Version 1.0 c 2000 Certicom Corp. License

### DATA SECURITY ANALYSIS AND SECURITY EXTENSION FOR SMART CARDS USING JAVA CARD

DATA SECURITY ANALYSIS AND SECURITY EXTENSION FOR SMART CARDS USING JAVA CARD Ms. A A Deshmukh 1, Ms. Manali Dubal 2, Dr. Mahesh TR 3, Mr. C R Chauhan 1 Professor, Department of Computer Engineering, Sinhgad

### A Java implementation of the Elliptic Curve Integrated Encryption Scheme

A Java implementation of the Elliptic Curve Integrated Encryption Scheme V. Gayoso Martínez 1, L. Hernández Encinas 1, and C. Sánchez Ávila 2 1 Department of Information Processing and Coding Institute

### Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

### Introduction to Cryptography CS 355

Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru

### Authentication requirement Authentication function MAC Hash function Security of

UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

### Crittografia e sicurezza delle reti. Digital signatures- DSA

Crittografia e sicurezza delle reti Digital signatures- DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case

### Implementing Network Security Protocols

Implementing Network Security Protocols based on Elliptic Curve Cryptography M. Aydos, E. Savaş, and Ç. K. Koç Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331, USA {aydos,savas,koc}@ece.orst.edu

### Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)

NIST Special Publication 800-56A Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) Elaine Barker, Don Johnson, and Miles Smid C O M P U T E R S E C

### Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies

### Public Key Cryptography. Performance Comparison and Benchmarking

Public Key Cryptography Performance Comparison and Benchmarking Tanja Lange Department of Mathematics Technical University of Denmark tanja@hyperelliptic.org 28.08.2006 Tanja Lange Benchmarking p. 1 What

### Cryptographic Algorithms and Key Size Issues. Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.

Cryptographic Algorithms and Key Size Issues Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc koc@ece.orst.edu Overview Cryptanalysis Challenge Encryption: DES AES Message

### THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION

T OPICS IN WIRELESS SECURITY THE ADVANTAGES OF ELLIPTIC CURVE CRYPTOGRAPHY FOR WIRELESS SECURITY KRISTIN LAUTER, MICROSOFT CORPORATION Q 2 = R 1 Q 2 R 1 R 1 As the wireless industry explodes, it faces

### Constructing Pairing-Friendly Elliptic Curves with Embedding Degree 10

with Embedding Degree 10 University of California, Berkeley, USA ANTS-VII, 2006 Outline 1 Introduction 2 The CM Method: The Basic Construction The CM Method: Generating Families of Curves 3 Outline 1 Introduction

### Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

### An Approach to Shorten Digital Signature Length

Computer Science Journal of Moldova, vol.14, no.342, 2006 An Approach to Shorten Digital Signature Length Nikolay A. Moldovyan Abstract A new method is proposed to design short signature schemes based

### A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION

A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION Prof. Dr. Alaa Hussain Al- Hamami, Amman Arab University for Graduate Studies Alaa_hamami@yahoo.com Dr. Mohammad Alaa Al-

### Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Breaking The Code Ryan Lowe Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and a minor in Applied Physics. As a sophomore, he took an independent study

### Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

### LUC: A New Public Key System

LUC: A New Public Key System Peter J. Smith a and Michael J. J. Lennon b a LUC Partners, Auckland UniServices Ltd, The University of Auckland, Private Bag 92019, Auckland, New Zealand. b Department of

### 2. Cryptography 2.4 Digital Signatures

DI-FCT-UNL Computer and Network Systems Security Segurança de Sistemas e Redes de Computadores 2010-2011 2. Cryptography 2.4 Digital Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures

### ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES. Daniela Bojan and Sidonia Vultur

ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES Daniela Bojan and Sidonia Vultur Abstract.The new services available on the Internet have born the necessity of a permanent

### Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

### Communications security

University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET - University of Roma La Sapienza E-mail: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm

### CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

### Session Initiation Protocol Attacks and Challenges

2012 IACSIT Hong Kong Conferences IPCSIT vol. 29 (2012) (2012) IACSIT Press, Singapore Session Initiation Protocol Attacks and Challenges Hassan Keshavarz +, Mohammad Reza Jabbarpour Sattari and Rafidah

### SECURITY IN NETWORKS

SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

### CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

### Implementation and Comparison of Various Digital Signature Algorithms. -Nazia Sarang Boise State University

Implementation and Comparison of Various Digital Signature Algorithms -Nazia Sarang Boise State University What is a Digital Signature? A digital signature is used as a tool to authenticate the information

### CS549: Cryptography and Network Security

CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared

### Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

NIST Special Publication 800-131A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths Elaine Barker and Allen Roginsky Computer Security Division Information

### Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28

Arithmetic algorithms for cryptology 5 October 2015, Paris Sieves Razvan Barbulescu CNRS and IMJ-PRG R. Barbulescu Sieves 0 / 28 Starting point Notations q prime g a generator of (F q ) X a (secret) integer

### Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

### CMSS An Improved Merkle Signature Scheme

CMSS An Improved Merkle Signature Scheme Johannes Buchmann 1, Luis Carlos Coronado García 2, Erik Dahmen 1, Martin Döring 1, and Elena Klintsevich 1 1 Technische Universität Darmstadt Department of Computer

### Authentication, digital signatures, PRNG

Multimedia Security Authentication, digital signatures, PRNG Mauro Barni University of Siena Beyond confidentiality Up to now, we have been concerned with protecting message content (i.e. confidentiality)

### Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

### ECC over RSA for Asymmetric Encryption: A Review

www.ijcsi.org 370 ECC over RSA for Asymmetric Encryption: A Review Kamlesh Gupta 1, Sanjay Silakari 2 1 JUET, Guna, Gwalior, MP, India 2 UIT, RGPV, Bhopal, MP, India ABSTRACT Cryptography is used to transmit

### In this paper a new signature scheme and a public key cryptotsystem are proposed. They can be seen as a compromise between the RSA and ElGamal-type sc

Digital Signature and Public Key Cryptosystem in a Prime Order Subgroup of Z n Colin Boyd Information Security Research Centre, School of Data Communications Queensland University of Technology, Brisbane

### Performance Comparison of Elliptic Curve and RSA Digital Signatures

Performance Comparison of Elliptic Curve and RSA Digital Signatures Nicholas Jansma [njansma@engin.umich.edu] Brandon Arrendondo [barrendo@engin.umich.edu] April 28, 2004 Abstract. This paper compares

### Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

### Analyzing the Point Multiplication Operation of Elliptic Curve Cryptosystem over Prime Field for Parallel Processing

322 The International Arab Journal of Information Technology, Vol. 11, No. 4, July 2014 Analyzing the Point Multiplication Operation of Elliptic Curve Cryptosystem over Prime Field for Parallel Processing

### Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem

### Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,

### CRYPTOGRAPHY IN NETWORK SECURITY

ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

### Lecture 9: Application of Cryptography

Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

### Randomized Hashing for Digital Signatures

NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department

### Embedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme

International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Issue-3 E-ISSN: 2347-2693 Embedding more security in digital signature system by using combination of public

### Evaluation of Digital Signature Process

Evaluation of Digital Signature Process Emil SIMION, Ph. D. email: esimion@fmi.unibuc.ro Agenda Evaluation of digital signatures schemes: evaluation criteria; security evaluation; security of hash functions;

### Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

### Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative

### CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

### Lecture 2: Complexity Theory Review and Interactive Proofs

600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography