Proceeding of the 3rd International Conference on Informatics and Technology, 2009

An Overview of Elliptic Curve Cryptography in constrained Applications

<DVVHU6DOHP+HUR0RGDUHV0RKDPDG5H]D+RVVLQ\)DWHPL5RVOL6DOOHK

)DFXOW\RI&RPSXWHU6FLHQFHDQG7HFKQRORJ\8QLYHUVLW\RI0DOD\D.XDOD/XPSXU0DOD\VLD

^KHURPRGDUHV<DVVHUIDWHPL`#SHUGDQDXPHGXP\URVOLBVDOOHK#XPHGXP\

ABSTRACT
It is generally accepted that data encryption is the key role in current and future technologies. Many public key
cryptography schemes were presented and divided into different classes, depending on a specific mathematical
problem. Cryptography plays an important task in accomplishing information security. It is used for encrypting or
signing data at the source before transmission, and then decrypting or validating the signature of
the received message at the destination. Since the introduction of the public-key cryptography by Diffie and
Hellman in 1976, the potential for using the discrete logarithm problem in public-key cryptosystems has been
recognized. There are several public key cryptography, such as RSA and El-Gamal and Elliptic curve cryptography.
Elliptic Curve Cryptography (ECC) is considered as more suitable than other public key cryptography algorithms
because of its small key size. As a result, ECC is an attractive choice for using in cryptosystem especially in power
hungry portable applications such as mobile phones which have a limited battery power. This paper not only addresses
the advantages of elliptic curve cryptography but also reviews its current applications in different area such as RFID,
smart card and biometric.
Keyword: Elliptic curve, RFID,WSN.

1. Introduction

Cryptography is the science of hiding information which can be revealed only by legitimate users. It is used to ensure
the secrecy of the transmitted data over an unsecure channel and prevent eavesdropping and data tampering.
Another field called ‘cryptanalysis’ concerns with attacking and decrypting these ciphers.
Many cryptography schemes were proposed and used for securing data, some use the shared key cryptography, while
some others use the public key cryptography (PKC). The shared key cryptography is a system which uses only one
key by both sender and receiver for the purposes of encrypting and decrypting the message. On the other hand, public
key cryptography uses two keys, namely private-key and public-key. To encrypt a message in the public key scheme,
the public-key is used, while the private-key is used to decrypt it back.
With the popularity of mobile internet devices, the needs for protecting the electronic communication over insecure
channels increased. Interest is increasing in stand-alone asymmetric cipher engines in small and constrained devices.
Some applications such sensor nodes and RFID tags, put new requirements on implementations of Public-Key
protocols with a very low budget for the number of gates, power and bandwidth. Mostly symmetric ciphers serve for
message integrity, encryption, and entity authentication. Asymmetric ciphers over the services that offered by
symmetric ciphers, provide non-repudiation and key-management advantages.
ECC is a powerful cryptosystem, which was suggested independently by Victor Miller [12] and Neal Koblitz [10] in 1985.

©Informatics '09, UM 2009 RDT6 - 158

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

Elliptic curve cryptography (ECC) has an advantage over RSA which is the best known algorithm that solves it runs in
full exponential time. For a long time Public key cryptography has been considered as an expensive encryption
mechanism for limited sources devices such wireless sensors. On the other hand, public key cryptography (PKC) is
very beneficial for issues such as key distribution and authentication.
This paper presents a review of some of the applications that is using ECC as it is cryptographic scheme, it is organized
as follows. Section s presents a mathematical background. Section3 addresses the standardization efforts. An
overview of some constrained sources devices such RFID, wireless sensor network are in section 4.Finally, section 5
conclude this paper.

2. Mathematical Background

ECC is a set of finite points that define the elliptic curve. By using Weierstrass equation, it can be defined over large
prime fields with:
y2 = x3 + ax + b (1)
Where
4a3+27b2 ≠ 0 (mod p) (2)
All x and y values must satisfy the equation (1), and changing a and b values results in different elliptic curve.
The fundamental encryption operation is point scalar multiplication. In order to compute k*P a double and add method
is used with k represented in binary form and scanned right to left from LSB first
Q=k*P=P+P+…+P, k times (3)
Recovering k from a given base point P and end point Q is very difficult and it is called Elliptic Curve Discrete Logarithm
Problem (ECDLP).
The point addition and doubling formulae in affine space are given below.
Let P1=(x1, y1)
and P2=(x2, y2) then P3= (x3, y3) =P1+P2 is given by:

P1≠P2 Point addition

s= (4)
P1=P2 point doubling

x3=s2- x1- x2 (5)

y3=s(x1- x3) - y1 (6)

The most important advantage of ECC over RSA it is that the fastest known algorithm which solves ECC runs in full
exponential time. As a result, some cryptographic operations such as digital signature can be executed much faster
with ECC.
The keys generation in ECC algorithm does not required big memory to do the needed calculations. The current
acceptable key size is 160 bits, and to generate this key we need parameters with size at most 160 bits. While RSA the
current preferred encryption key size is 1024 bits, which demands more resources than that in ECC.

©Informatics '09, UM 2009 RDT6 - 159

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

When it comes to choosing which public key cryptosystem to utilize in a mobile environment, one has to be aware of
limitations on bandwidth, battery life and memory. Small key sizes translate into savings in bandwidth, memory and
processing power. This makes ECC the obvious public key choice in this constrained environment.
RSA [15] rely on IFP (Integer Factorization Problem) which is difficult to resolve, and to achieve a sufficient level of
security, the keys size must be increased to keep up with the frequent developments in the IFP.

3. Standardization efforts

Elliptic Curve Cryptography can be found in a large range of standards, including ANSI, IEEE, ISO, SECG, FIPS,
DTCP, AACS, ICAO, ATN, IETF, TLS and IPSec. On top of that, ECC is recommended in NIST SP800-56 and NIST
SP800-78. OpenSSL and Solaris include ECC and Microsoft and Red Hat have supported ECC since 2006.
The following ECC standards have been initiated:

3.1 IEEE 1363-2000:

Institute of Electrical and Electronics Engineers standardization project for public key cryptography specifies a
traditional public key cryptography IEEE 1363-2000 [7,8]. The key size is not specified in this standard. Because, key
sizes chosen according to security requirements.
EC-DH1, EC-DH2 and EC-MQV are three key agreement schemes, each of which has it is tradeoffs in efficiency,
depending on how the security attributes are achieved with each of the schemes.P1363 included the three schemes
and that when choosing a scheme, one needs to consider the desired security attributes, communication, time and
memory complexity, and relevant patents.

3.2 ANSI X9F:

ANSI X9committee developed information security standards for the financial services industry. This project began in
1995 and was approved as an official ANSI standard in January1999. It has drafted into two work items:
ANSI X9.62 [1] was confirmed in 1999, and it is the first standard that specifies an elliptic curve cryptographic protocol.
ANSI X9.62 uses the hash function SHA-1 with elliptic curve digital signature algorithm (ECDSA) [9], and it puts
restrictions on the sizes of Elliptic Curve parameters. ANSI X9.62 permits two kinds of bases: polynomial bases and
normal bases. It specifies a method for converting field elements to integers (bit string to integer).

3.3 FIPS 186-2:

National Institute of Standards and Technology (NIST) specified RSA, DSA and it specified ECDSA by reference to
ANSI X9.62. In May 1997, NIST [13] declared plans to revise FIPS 186 by including RSA and elliptic curve signature
algorithms. The revised standard was called FIPS 186-1which was about RSA and DSA. In Feb 2000, FIPS 186-1 was
revised to include ECDSA as specified in ANSI X9.62 with the recommended 15 elliptic curves; the revised standard is
called FIPS186-2.

3.5 SECG:

SECG is a consortium of companies formed to address potential interoperability problems with the cryptographic
standards. It is also intended to profile other standards (ANSI, IEEE and NIST). SECG, in their standards SEC1 and
SEC 2 [3,4] they give specifications of the object identifiers used when identifying the elliptic curve domain parameters
for the elliptic curve public keys. The group specified some of the signature schemes such ECDSA and ECDH, and

©Informatics '09, UM 2009 RDT6 - 160

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

the key establishment scheme such ECMQV. SEC2 provides some specific Elliptic curves including the fifteen NIST
Elliptic curves.

4. ECC on Constrained Applications

Many other standards considered ECC as a proposed enhancement to their standard some of these are OAKLEY Key
Determination Protocol of IETF, Open Trading Protocol (OTP), wireless application protocol WAP.

H. Pietiläinen [14] illustrated that most of the standards are written in an algorithm independent so any identified public
key algorithm can be implemented. This allows implementing ECC in environments that other PKC are impractical.

4.1. Radio Frequency Identification (RFID-Tags)

Tags are now becoming important applications, they are used to identify goods or to grant an access for a person or to
identify books in libraries, and in many other areas. An RFID system essentially consists of a reader device which
communicates with a passive RFID tag over the air. The significance of these tags is to help identifying fake products
out of the original, and the issue here is the possibility of cloning these tags. By eavesdropping on the channel between
the reader and the chip, it is possible to create another chip with the same data that has been recorded. The last
scenario shows that there is no protection on data privacy, and hence that the location privacy is not protected too.
Protection of data privacy means that the transmitted data by RFID cannot be understood by any unauthorized reader.
Protection of location privacy means that the data that are transmitted by tags cannot be used to track the tag. Tags are
constrained resources (memory, area, power), and the challenge is to make these communication between the chip
and the reader secure.

In systems that use symmetric protocol authentication it is required securing the secret key which is stored in the
reader. The connections to the database need to be secured too, to prevent compromising the system. Providing this
protection is quite expensive. However RFID tags do not contain any general-purpose microprocessor, an additional
GF(p) hardware is necessary to process GF(p) operations. L. Batina et all [2] proposed a protocol implements ECC
over binary fields. This protocol is secure against passive attacks, but it is vulnerable against active attacks.
Certicom Collaborated with Texas Instruments for RFID Authentication and Encryption. Elliptic Curve Pintsov-Vanstone
Signature (ECPVS) is used, which hide the product class Id form the unauthorized readers. An advantage of ECPVS
that it has as half the size of Elliptic curves Digital Signature Algorithm (ECDSA).

Their collaboration is to prevent the counterfeiting of the medical supply which is an important case where the fake
product in this case might put the person life in danger.

©Informatics '09, UM 2009 RDT6 - 161

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

4.2. WIRELESS SENSOR NETWORK (WSN)

Wireless sensor networks applications include wildlife, earthquake monitoring, and numerous of military applications. A
major benefit of these applications is that they execute in network processing and that to decrease large streams of raw
data into useful aggregated information.

Sensor networks are presently supplied exclusively through symmetric key cryptography. Using symmetric
cryptography puts the entire network under risk if just one of its nodes has got compromised. Which means the shared
secret among those nodes is exposed. Another approach is to use a shared key between two nodes in the whole
network then erase the network wide key. This approach does not allow adding additional nodes to it after the
deployment process. Yet another approach is to pre-configure the network with a shared unique symmetric key
between each pair of nodes. In a sensor network with n nodes, each node needs to store n - 1 keys, and n* (n -1)/2 keys
need to be established in the network.

The current sensor devices have limited computational power, making the implementation of public-key cryptographic
primitives too expensive in terms of system overhead. In order to achieve 80 bit of security, in RSA we have to use 1024
bit parameters which is so expensive choice to be implemented on devices with a limited sources. Whereas, ECC for 80
bit of security it needs 160 bit parameters size, and it gives the same security level that is offered by 1024 bit RSA.

David Malan, Matt Welsh, and Michael D. Smith [11] they used elliptic curve cryptography to exchange TinySec keys for
the Mica2 sensor nodes. This implementation uses less memory to do the mathematical operation, obviously because
the used parameters are smaller than that in RSA.

5. Conclusion

Elliptic curve cryptosystem offers the highest strength-per-bit compared with any other known public-key system. With a
160-bit key size, an elliptic curve system gives the same cryptographic level as RSA or DSA with 1024-bit. The smaller
system parameters result in smaller key size, smaller certificates, faster implementations, lower power requirements,
bandwidth savings, and smaller hardware processors. Numerous standards bodies have adopted ECC in their drafts
and that because of ECC advantage over RSA. Constrained devices such RFID and WSN were believed that it is not
possible implementing PKC scheme on them. ECC changed this believe to make RFID work using PKC.

6. REFERENCES

[1] ANSI X9.62 (1999) Public key cryptography for the financial services industry: the elliptic curve digital signature
algorithm (ECDSA)
[2] Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., and Verbauwhede, I. 2006. An elliptic curve processor
suitable for RFID-tags. Cryptology ePrint Archive, Report 2006/227.
[3] Certicom Corp. SEC 1: Elliptic curve cryptography. Technical report, Standards for E_cient Cryptography Group,
2000. Available at http://www.secg.org/collateral/sec1_final.pdf.
[4] Certicom Corp. SEC 2: Recommended elliptic curve domain parameters. Technical report, Standards for E_cient

©Informatics '09, UM 2009 RDT6 - 162

 Proceeding of the 3rd International Conference on Informatics and Technology, 2009

Cryptography Group, 2000. Available at www.secg.org/collateral/sec2_final.pdf.

[5] Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, ,
644- 654.
[6] El-gamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE
Transactions on Information Theory , 31 (4), 469- 472.
[7] IEEE Std 1363-2000, IEEE Standard Specifications for Public Key Cryptography, IEEE Comp. Soc., Aug. 29,
2000.
[8] IEEE P1363a: Standard Specifications for Public-Key Cryptography: Additional Techniques
[9] Johnson, D., and Menezes, A., The Elliptic Curve Digital Signature Algorithm (ECDSA),1999. Corr 99-34,
Department of C&O, University of Waterloo, August 1999.
[10] Koblitz, N. 1987. Elliptic curve cryptosystems, Math. Comp. 48 , 203–209.
[11] Malan, D., Welsh, M., and Smith, M. D. 2004, A public-key infrastructure for key distribution in TinyOS based on
elliptic curve cryptography, In First IEEE International Conference on Sensor and Ad Hoc Communications
and Networks, October 2004.
[12] Miller, V.S. 1985. Use of elliptic curves in cryptography, Adv. Cryptogr. Crypto’85 218, 417–426.
[13] National Institute of Standards and Technology (2000) Digital signature standard. FIPS Publication 186-2,
available from http://csrc.nist.gov/encryption/
[14] Pietiläinen, H. 2000.Elliptic Curve Cryptography on Smart Cards, M.Sc., Helsinki Univ. of Technology.
[15] Rivest, R. L., Shamir, A., & Adleman, L. (1978). A Method for Obtaining Digital Signatures and Public-Key
Cryptosystems. Communications of the ACM , 120-126.

©Informatics '09, UM 2009 RDT6 - 163