Sie sind auf Seite 1von 84

Implementation of Elliptic Curve Cryptography

1. INTRODUCTION
1.1 OVERVIEW OF THESIS
Abstract
Strong public-key cryptography is often considered to be too computationally
expensive for small devices if not accelerated by crypto-graphic hardware. We revisited
this statement and implemented elliptic curve point multiplication for 160-bit, 192-bit,
and 224-bit NIST/SECG curves over GF (p) and RSA-1024 and RSA-2048 on two 8-bit
micro-controllers. To accelerate multiple-precision multiplication, we propose a new
algorithm to reduce the number of memory accesses. Implementation and analysis led
to three observations:

1. Public-key cryptography is viable on small devices without hardware acceleration.

2. The relative performance advantage of ECC point multiplication over RSA modular
exponentiation increases with the decrease in processor word size and the increase in
key size.

3. Elliptic curves over fields using pseudo-Mersenne primes as standardized by NIST


and SECG allow for high performance implementations and show no performance
disadvantage over optimal extension fields or prime fields selected specifically for a
particular processor architecture

Introduction

As the Internet expands, it will encompass not only server and desktop systems,
but also large numbers of small devices ranging from PDAs and cell phones to
appliances and networked sensors. Inexpensive radio transceivers, integrated or attached
to small processors, will provide the basis for small devices that can exchange
information both locally with peers and, through gateway devices, globally with entities
on the Internet.

Page 1 of 84
Implementation of Elliptic Curve Cryptography

Deploying these devices in accessible environments exposes them to potential


attackers that could tamper with them, eavesdrop communications, alter transmitted
data, or attach unauthorized devices to the network. These risks can be mitigated by
employing strong cryptography to ensure authentication, authorization, data
confidentiality, and data integrity.

Symmetric cryptography, which is computationally inexpensive, can be used to


achieve some of these goals. However, it is inflexible with respect to key management
as it requires pre-distribution of keys. On the other hand, public- key cryptography
allows for flexible key management, but requires a significant amount of computation.
However, the compute capabilities of low-cost CPUs are very limited in terms of clock
frequency, memory size, and power constraints.

Compared to RSA, the prevalent public-key scheme of the Internet today,


Elliptic Curve Cryptography (ECC) over smaller key sizes, faster computation, as well
as memory, energy and bandwidth savings and is thus better suited for small devices.
While RSA and ECC can be accelerated with dedicated cryptographic coprocessors such
as those used in smart cards, coprocessors require additional hardware adding to the size
and complexity of the devices.

Therefore, they may not be desirable for low-cost implementations. Only few
publications have considered public-key cryptography on small devices without
coprocessors. Hasegawa et al. implemented ECDSA signature generation and
verification on a 10MHz M16C micro computer. The implementation requires 4KB of
code space and uses a 160-bit field prime p = 65112 * 2144 - 1 chosen to accommodate
the 16-bit processor architecture.

Signatures can be generated in 150ms and verified in 630ms. Based on the ECC
integer library, the authors also estimate 10s for RSA-1024 signature generation and
400ms for verification using e =216 +1.

Page 2 of 84
Implementation of Elliptic Curve Cryptography

Bailey and Paar suggest the use of optimal extension fields (OEFs) that enable
efficient reduction when subfield primes are chosen as pseudo-Mersenne primes close to
the word size of the targeted processor An implementation of this concept for elliptic
curve point multiplication over GF ((28 - 17)17) on n8-bit 8051 processor architecture
is described by Woodbury, Bailey and Paar.

On a 12MHz 8051 with 12 clock cycles per instruction cycle, the authors
measured 8.37s for general point multiplication using the binary method and 1.83s for
point multiplication with a fixed base point.

The code size was 13KB and 183 bytes of internal and 340 bytes of external
RAM were used. Pietil ainen evaluated the relative performance of RSA and ECC on
smart cards.

An elliptic curve E over the complex numbers is the set of points (x, y)
satisfying the equation
E: y2 = x3 + ax + b,

plus a special point O that lies infinitely far up the y -axis .

Page 3 of 84
Implementation of Elliptic Curve Cryptography

1.2 NEED FOR COMPUTERIZATION

Encryption and Digital Signatures

Today global electronic commerce in the Internet is common. To enable


profitable and legal trading, confidentiality, integrity, and non-reputability of the
associated messages is necessary. In order to achieve this, cryptographic systems must
play a major role in electronic commerce and, within the cryptography realm; public key
cryptography has emerged over twenty years as the key element. However, public key
cryptography requires a public key infrastructure to exist for it to become useful and for
the associated algorithms to be proven and accepted, particularly where those algorithms
are used for digital signature purposes.

Authentication: A merchant must know the identity of the customer. For some kinds of
businesses it is not sufficient that the customer authenticates herself by the use of a
password. In these cases an electronic version of today is identity or credit card is
required. The recipient of a message or an order should know the identity of the sender
and should also be sure that the data wasn’t altered during its transmission. These
challenges, the authentication of the user and the integrity of the sent messages, are met
using various cryptographic methods.

Non-repudiation: It is often necessary to assert that a particular person sent an order or


message and that no other person could possibly have sent it. In traditional business the
personal hand-written signature is used to assert this, in cases of high importance
combined with a witness of the signing act. In electronic commerce, this challenge is
met using digital signatures based on public key cryptography.

Privacy:. The exchange of data between the merchant and the customer in most cases
should be kept secret. No unauthorized party should be able to read or copy such a
communication. This challenge, confidentiality, is met using encryption.

Page 4 of 84
Implementation of Elliptic Curve Cryptography

1.3 FEATURES OF THE ELLIPTIC CURVE CRYPTO SYSTEM

ECC devices require less storage, less power, less memory and less bandwidth
than other system. This allows you to implement cryptography in platforms that are
constrained, such as wireless devices, handheld computers, smart cards and thin-clients.
It also provides a big win in situations where efficiency is important.

For example, the current key-size recommendation for legacy public schemes is
2048 bits. A vastly smaller 224-bit ECC key offers the same level of security. These
advantage only increases with security level – for example, a 3072 bit legacy key and a
256 bit ECC key are equivalent – Something that will be important as stronger security
systems become mandated and devices get smaller.

Page 5 of 84
Implementation of Elliptic Curve Cryptography

2. BACKGROUND STUDY

Since the beginning of public key cryptography there are two major
cryptosystems (RSA and El-Gamal ) that seem to defeat all attacks. For this reason,
these two cryptosystems are the most respected and wildly used public key
cryptosystems nowadays. One can use both cryptosystems for encryption/decryption and
digital signatures. All important security standards cover those cryptosystems, so it
should be safe to use implementations of them.

First of all, elliptic curve cryptosystems (ECC ) aren’t that new anymore. They
were invented around 1985 independently by Miller and Koblitz. Since their
introduction a broad discussion on their security and efficiency has been carried on. It is
this very efficiency that makes them so interesting for us today. This is due to the fact
that information technology is developing very fast. For example, most computers today
dont look like the old fashioned personal computers anymore.

We use handhelds and mobile phones and of course we have a need in securing
communications on these devices. But in this case there have to be several constraints
taken into account: there is very limited memory and computing power on these devices,
and it is not possible to spend much bandwidth for communications overhead. What we
need is a cryptosystem with small keys, and a small signature size.

Efficient encryption/decryption is not so important because these operations are


usually done with a private key cryptosystem. ECC has exactly the desired properties.
This comes from the fact, that there are no sub exponential algorithms for the ECDLP
(elliptic curve discrete logarithm problem) known today. This means that we can use
shorter keys (compared to other cryptosystems) for high security levels.

Page 6 of 84
Implementation of Elliptic Curve Cryptography

3. ELLIPTIC CURVE CRYPTOGRAPHY


3.1 AN INTRODUCTION TO ECC

Elliptic curves have been used to factories numbers and in primality proving.
More recently, elliptic curves attracted attention for their part in the solution to Fermat’s
Last Theorem. However, elliptic curves have also inspired a new type of cryptosystem
providing alternatives for implementation of digital signatures, key exchange and
confidentiality.

It is assumed that the reader is already familiar with existing cryptographic


systems such as RSA and Diffie-Hellman and hence with the notation of integer
arithmetic modulo p.

Background

Elliptic curves have been the subject of intensive study for over a century but
apart from a recent link with the solution of Fermat’s Last Theorem they remain a
relatively unfamiliar branch of mathematics.

The applicability of elliptic curves to cryptography was realized in 1985 with two
keynote discoveries.

• Elliptic curves could be used to factorise numbers (H.W.Lenstra Jr.)


• An analogue of the Diffie-Hellman protocol could be defined using elliptic curves
(V.S.Miller).

The factorization technique was interesting but proved fruitless when applied to
problems where the factors were large, e.g., RSA. It is suitable for determining small
prime factors only.

Page 7 of 84
Implementation of Elliptic Curve Cryptography

The second proposal aroused a little more interest. The elliptic curves cryptosystem
appeared to require a much shorter key than that required by RSA. But this was of
academic interest only. RSA was easy to understand, fairly easy to implement and key
size were not an issue -then.

However, in 1966, the release of a paper by Andrew Odlyzko caused a major increase
in the length of RSA keys. Suddenly 64 byte keys were no longer acceptable for secure
applications. Overnight 128 bytes became the new norm; bandwidth and performance
became issues for many systems.

This precipitated the current interest in elliptic curves cryptosystems. Based on


current knowledge, the keysize required for such systems is about 160-180 bits.

Some Basic Arithmetic


Glossary

Term Definition
Exclusive OR.
DH The Diffie-Hellman protocol enables two parties to establish a shared secret in
a secure fashion using a public communication channel.
DSA Digital Signature Algorithm.
EC Elliptic Curve.
EC-n An elliptic curve where the underlying field elements are n bits long.
ECC Elliptic Curve Cryptosystems.
ECDPL Elliptic Curves Discrete Log Problem.
ECDSA Elliptic Curve DSA.
RSA Rivest Shamir Adleman.
RSA-n The RSA algorithm implemented with an n bit modulus.

Page 8 of 84
Implementation of Elliptic Curve Cryptography

What is an Elliptic Curve?


Definition

An elliptic curve is a set of points (x,y) satisfying:


y² = x³ + ax + b where 4a³ + 27 b²≠ 0

together with a special point O, this is called the ‘point at infinity’ (but really behaves
like a 0 under addition).

Of course, the above is not a precise definition without specifying what kind of
numbers x, y, a and b are. These values are all numbers in a ‘field’.

The (elliptic curve) field

A field has a precise meaning in mathematics and is best visualized by example.


Examples are

• the infinite field of fractions {a/b where a and b are integers}


• the finite field of integers modulo p, p prime (or GF(p)).

Informally, the specific ‘useful’ property of a field is the ability to perform division
within it.

For cryptographic applications the elliptic curves defined over finite fields (for
example GF(p) has p elements) are of primary interest and the remaining discussion is
focused on these implementations.

What does an elliptic curve look like?

Page 9 of 84
Implementation of Elliptic Curve Cryptography

If we consider the implementation over GF(p), the elliptic curve looks like a
disconnected series of points in the Cartesian Plane.

Properties of elliptic curves

The collection of points (x,y) which satisfy the elliptic curve equation have the
following useful property. By defining addition of two points in a special way, the
addition of two points on the curve gives another point on the curve. (The mathematical
term for this is closure). However this is not addition as we know it. It is a set of
calculations (actually algebraic equations) involving x and y and calculated in the finite
field.

Now, elliptic curves are not the only mathematical objects with this property.
What makes them special is that the set of calculations reproduced below, involving x
and y are relatively simple.

The computations required are addition, subtraction, multiplication and division –


all performed in the finite field.

Addition rule of elliptic curves

If P=(x1, y1) is any point on the elliptic curve then,


P+O = O + P = P²

If P=(x1, y1) is any point on the elliptic curve then the negative of P, -P = (x1, y1) is also
a point on the curve. The addition of these two points gives,

P + (-P) = P – P = O³

If P = (x1, y1) and Q = (x2, y2) are points which satisfy the elliptic curve equation and Q≠-
P then the sum^4

Page 10 of 84
Implementation of Elliptic Curve Cryptography

P + Q = R = (x3, y3)

is defined by
x3 =λ² - x1 - x2
y3 = λ (x1 – x3) – y1

where

λ = (y2 – y1)/(x2 – x1) P≠Q


= (3x1² + a) / 2y1 P=Q

It can then be shown that R(x3, y3) satisfies the EC equation y3² = x3² + ax3 + b.

Another important property of this addition rule is the order of addition does not matter.

P(x1, y1) + Q(x2, y2) = R(x3, y3) = Q(x2, y2) + P(x1, y1)

Performance
The computation of λ requires the computation of 1 field inverse and 2 field
multiplications when P = Q and one less field multiplication when P and Q are distinct.
These are followed by a further two fild multiplications to complete the computation of
(x3, y3 ).

Hence, up to 4 field multiplications and 1 field inverse are required each time P +
Q is performed. Field arithmetic, perticularly division, can be computationally intensive
for long arguments, so it can be seen that ECC are only practical because it appears that
comparitively short key lengths give the required level of security.

This is worst case though. Research is continuing to generate algorithms and


ehnancements which can reduce the computational overhead ewquired for EC arithmetic.

Page 11 of 84
Implementation of Elliptic Curve Cryptography

3.2 APPLICABILITY TO CRYPTOGRAPHY

If a point P(x,y) on an elliptic curve is repeatedly added to itself, say n times, the
argument in the previous section says that he result, Q(x, y) , will also satisfy the elliptic
curve equation. However given knowledge of P(x,y), Q(x,y) or the elliptic curve used, it
is very difficult to determine ‘n’.
So, if
P + P + P + …+P = nP = Q
n times

Then even if P and Q are known, it is very difficult to calculate n.

This is the discrete log problem over elliptic curves(over the elliptic curve
subgroup to be precise) upon which the security of ECCs is based.

Security of Elliptic Curve Cryptosystems

A MIPS year represent one year of a machine capable of performing one million
instruction per second. 1012 MIPS years represents acceptable security at this time. Since
this would require most of the computing power on the planet for a considerable length of
time.

11
It is estimated that an RSA-1024 modules will take 3×10 MIPS years to
factorise.

EC discrete log problem

The selection of an elliptic curve is a slow, complex but necessary processes to


ensure that the curve offers the requires security. Many elliptic curve have been classified
as unsuitable for cryptographic implementations. Although these do not form a

Page 12 of 84
Implementation of Elliptic Curve Cryptography

significant proportion of the total number available they still have to be ‘wedded out’ in
advance.

As a rule of thumb there are about 2p different elliptic curves over GF(p) and
each of these curves has about p points in it.

The security of an ECC is based upon the EC discrete log problem. This is much
more difficult problem than the integer factorization problem (upon which RSA is based)
or the discrete log problem upon which, say diffie-hellman protocol is based.
Now , the measure of the security of an ECC(based upon the EC discrete log problem) is
given by:

The largest prime divisor, q, of the number of points which satisfy the elliptic
curve equation.
It is NOT the length of the field elements.
For example, a curve in EC-167 might offer the same activity level as a curve in
EC-247.
So how the EC is chosen is very important.

The most efficient techniques currently available to attack the EC discrete log
problem are based upon ‘parallel collision’.

Keylength

Whenever the term EC-k is used, the k refers to the length of x and y, or the
elements in the underlying field, e.g.EC-161. However, k is sometimes referred to as the
‘keylength’. This is confusing as the actual measure of security is not based upon k at all.
But if the elliptic curve has been selected well the measure of strength, describe above,
will be k-1 bits at most.

So a security level of k-1 bits implies that a curve in EC-k or grater is required.

Page 13 of 84
Implementation of Elliptic Curve Cryptography

It is also unclear how the length of the key varies between implementations, i.e.,
how does the keylength in a GF(2n) implementation differ from the keylength in a GF(p)
implementation.
This question can be answered in terms of the cost required to build special
purpose architectures to attack each type of implementation. One (GF(2n), assumes a
hardware approach ,the other , GF(p), might be tackled using distributed software.
Using this approach, recent results, based upon comparison with RSA-1024,
suggest that GF(p) implementation, where p is 162 bits, offers similarly security to a
GF(2n) implementation where n ranges from 171 to 180 bits.

Page 14 of 84
Implementation of Elliptic Curve Cryptography

3.3 IMPLEMENTATIONS

There are two common ways of implementing elliptic curve cryptosystems over
finite fields.
o Over GF(p) (the integer modulo p),
o Over GF(2n) (n-dimensional binary vectors)
We want to perform addition, subtraction, multiplication and division in the finite
field of implementation.

GF(p)

Algorithm for performing arithmetic modulo p are well known. These are
necessary for existing implementations based on modular arithmetic e.g. RSA, Fiat-
shamir, DSA and Diffie-Hellman.

GF(2n)

Over GF(2n) these operations are completely different. The mathematics is based
around manipulation of polynomials with binary coefficients, or objects which look like,
for example.

1+X+X3+X5 = 1+1X+0X2+1X3+0X4+1X5.

This polynomial corresponds to the binary vector (1,1,0,1,0,1). Note that a point
on the EC now exists of a pair of binary vectors.

This binary representation reduces the complexity of the basic arithmetic


operations both in hardware and software. Furthermore, depending upon how the
polynomials are selected, it is possible to map these operations to a logic design in a
trivial way.

Page 15 of 84
Implementation of Elliptic Curve Cryptography

For example, addition is (+) of two vectors, squaring becomes a rotation of a


binary vector and multiplication, a set of connections between two vectors, both rotated.

For custom silicon applications, the implementation of a multiply over GF(2n)


occupies a smaller area than an integer multiply.
Division is still hard through.

Performance between implementations

The GF(p) implementation, where p is 162 bits, offers similar security to e


GF(2n) implementation where n ranges from 171 to 180 bits. It also offers similar
performance, due to shorter keylength.

However the similarity stops there. There is no compatibility between the two
systems and a device dedicated specifically to arithmetic over GF(2n) might be
disadvantaged if alternative cryptosystems, such as RSA, need also to be implemented. If
blazing performance is not an issue , a perfectly adequate ECC performance might be
achieved in software with no hardware support, both for GF(p) and GF(2n). This is of
specific interest for, say, smartcards for which additional mathematical coprocessor is
absolutely mandatory to perform the demanding computations for RSA.

Page 16 of 84
Implementation of Elliptic Curve Cryptography

3.4 SETTING UP AN ECC OVER GF(P)

a. select random a,b from GF(p) and create a curve, y2 = x3 + ax +b


b. compute the number of points, N, which satisfy the curve
c. check the curve offers sufficient security, i.e. N has a large prime factor q.
d. make sure that the discrete log problem is hard for this curve, i.e.
 check that q does not divide pk – 1 for k=1,….,20.
 Check that q does not equal N
e. select a non zero generator, P, for the elliptic curve subgroup. So the subgroup
consists of the q elements,{P,2P, 3P….(q-1)P, qP} where qP - 0 .

Page 17 of 84
Implementation of Elliptic Curve Cryptography

4. EXAMPLE OF AN ECC OVER GF(P)

Set p=11(a prime of manageable size) and consider the elliptic curve equation
given by:

Y2 = x3 + 10x+10MOD11

We want to find pairs(x0,y0) which satisfy this equation. Any old pair won’t do.
For example (0,) does not satisfy the equation and hence does not lie on the curve.
One way to do this is to find x0 and y0 for which y 02MOD 11 is equal to
x03+10x0+10MOD11.

x x3+10x+10MOD11 y y2MOD11
0 10 0 0
1 10 1 1
2 5 2 4
3 1 3 9
4 4 4 5
5 9 5 3
6 0 6 3
7 5 7 5
8 8 8 9
9 4 9 4
10 10 10 1

Table 1

By referring Table 1 a list of such points(x,y) can be created, for example (5,3)
and (5,8) both result in y02 MOD 11 = x03+10x0+10 MOD 11 = 9.

Using this approach the entire set of points which satisfy the equation can be
calculated. There are 13 points for which y02 MOD 11 = x03+10x0+10 MOD 11 as
follows:

Page 18 of 84
Implementation of Elliptic Curve Cryptography

y02 MOD 11 = x03+10x0+10 MOD 11 (x, y)


0 (6,0)
1 (3,1), (3,10)
4 (4,2),(4,9),(9,2)(9,9)
5 (2,4),(7,4),(2,7),(7,7)
9 (5,3),(5,8)

Table 2

These points (x, y) may now be plotted. These points, together with the point of
infinity 0, make up the elliptic curve group of 14 points. Note that there are two prime
divisors of 14: 7 and 2. The security of this EC depends upon the largest of these
numbers, i.e. 7.

Negatives of Points

Recall that P + (-P) =0. As an example let P = (3,1), then –P is obtained by


negating the y coordinate. So –P =(3,-1).
Now -1 MOD 11 = -1 + 11 MOD 11 = 10.
So –P = (3,10) which is one of the existing points.

Page 19 of 84
Implementation of Elliptic Curve Cryptography

The other points are listed in Table 3.

P -P
(6, 0) (6, 0)
(3, 1) (3, 10)
(3, 10) (3, 1)
(4, 2) (4, 9)
(4, 9) (4, 2)
(2, 4) (2, 7)
(2, 7) (2, 4)
(7, 4) (7, 7)
(7, 7) (7, 4)
(5, 3) (5, 8)
(5, 8) (5, 3)
(9, 2) (9, 9)
(9, 9) (9, 2)

Table 3

Addition of points

Now if any of these points is selected and added to itself (doubled) the result is
another point on the curve. To see this recall the addition rule for Elliptic curves for two
points P(x1, y1) and Q(x2, y2) on the curve. Then,

P(x1, y1) + Q(x2, y2) = R(x3, y3)


is defined by
x3 = λ2 – x1 – x2
y3 = λ(x1 – x3) - y1

Page 20 of 84
Implementation of Elliptic Curve Cryptography

where
λ = (y2 – y1)/ (x2 – x1) P≠Q
= (3 x12 + a) / 2 y1 P=Q
The effect of addition is to ‘bounce’ around the elliptic curve.

Addition when P = Q

As an example consider the sum of P = (3, 1) and Q = (3, 1). This is the case P = Q.
Then
x1 = 3 = x2, y1 = 1 = y2
and λ =(3 x12 + a) / 2 y1 MOD 11
= (3*9+10)/(2*1) = (27 +10)/2 = (37/2) MOD 11

Now division by 2, MOD 11 is the same as multiplication by 6, MOD 11. (Note


that 2*6 = 12 = 1 MOD 11 or 6 = ½ MOD 11).
So
λ = 37*6 MOD 11 = 222 MOD 11 = 2 MOD 11
x3 = 22 – 3 - 3 MOD 11 = -2 MOD 11 = 9 MOD 11
y3 = 2(3-9)-1 = -13 MOD 11 = 9 MOD 11
and hence
(3, 1) + (3, 1) = 2 * (3, 1) = (9, 9)

Addition when P ≠ Q

We shall now add P to 2P and obtain 3P.


From the previous section P = (3, 1), Q = (9, 9) so x 1 = 3, x2 = 9, y1= 1 and y2= 9
and
λ = (y2 – y1)/ (x2 – x1)
= (9-1)/(9-3) =8/6=4/3 MOD 11.
Division by 3, MOD 11 is tha same as multiplication by 4, MOD 11. (4*3 = 1
MOD 11)

Page 21 of 84
Implementation of Elliptic Curve Cryptography

λ = 4*4 MOD 11 = 16 MOD 11 = 5 MOD 11


x3 = 25 – 3 – 9 MOD 11 = 13 MOD 11 – 2 MOD 11
y3 = 5(3 – 2)-1 = 4 MOD 11
and hence
(3, 1) + 2(3, 1) = 3 * (3, 1) = (2, 4)

Further multiplies of points are displayed in the following table:

P 2P 3P 4P 5P 6P 7P 8P 9P 10P 11P 12P 13P 14P


(6,0) O
(3,1) (9,9) (2,4) (4,2) (5,8) (7,7) (6,0) (7,4) (5,3) (4,9) (2,7) (9,2) (3,10) O
(4,2) (7,4) (9,2) (9,9) (7,7) (4,9) O
(9,2) (4,9) (7,4) (7,7) (4,2) (9,9) O
(5,3) (4,2) (3,10) (7,4) (2,4) (9,2) (6,0) (9,9) (2,7) (7,7) (3,1) (4,9) (5,8) O
(2,4) (7,7) (5,3) (9,2) (3,1) (4,2) (6,0) (4,9) (3,10) (9,9) (5,8) (7,4) (2,7) O
(7,4) (9,9) (4,9) (4,2) (9,2) (7,7) O
(2,7) (7,4) (5,8) (9,9) (3,10) (4,9) (6,0) (4,2) (3,1) (9,2) (5,3) (7,7) (2,4) O
(7,7) (9,2) (4,2) (4,9) (9,9) (7,4) O
(5,8) (4,9) (3,1) (7,7) (2,7) (9,9) (6,0) (9,2) (2,4) (7,4) (3,10) (4,2) (5,3) O
(4,9) (7,7) (9,9) (9,2) (7,4) (4,2) O
(9,9) (4,2) (7,7) (7,4) (4,9) (9,2) O
(3,10) (9,2) (2,7) (4,9) (5,3) (7,4) (6,0) (7,7) (5,8) (4,2) (2,4) (9,9) (3,1) O

Page 22 of 84
Implementation of Elliptic Curve Cryptography

5. COMPARISON OF RSA AND ECC


Security

Menezes and Jurisic compared the time required to break the ECC with the time
required to break RSA for various modulus sizes using the best general algorithm
known. Values were computed in MIPS years, which represents a computing time of one
year on a machine capable of performing one million instructions per second.

The results are listed in Table. As a bench- mark, it is generally accepted that
1012 MIPS years represents reasonable security at this time, since this would require
most of the computing power on the planet to work for a considerable amount of time.

Key size: Equivalent strength comparison


Time to break RSA key size ECC key size RSA/ECC key
(in MIPS years) (in bits) size ratio
104 512 106 5:1
108 768 132 6:1
1011 1024 160 7:1
1020 2048 210 10 : 1
1078 21000 600 35 : 1

Menezes and Jurisic found that to achieve reasonable security, RSA would need
to employ a 1024-bit modulus, whereas a 160-bit modulus should be sufficient for the
ECC. They found that ECC required a smaller modulus than RSA and that the security
gap between the systems grew as the key size increased. For example, 300-bit ECC is
significantly more secure than 2000-bit RSA, because the ECDLP problem is judged to
be the harder problem.

Another way to look at this security issue is to compare the equivalent strength of
RSA keys and ECC keys for smart card applications. The Table 5.4 shows that in smart
card applications requiring higher levels of security, ECC is able to offer security
without a great deal of additional system resources. In September 1999, nearly 200
people using 740 computers managed to crack a message encrypted with 97-bit elliptic

Page 23 of 84
Implementation of Elliptic Curve Cryptography

curve cryptography. The process took 16,000 MIPS-years of computing, about twice as
much as used by the team that recently cracked a 512-bit RSA encryption key.

On April 4, 2000, an international team of researchers led by Robert Harley,


Damien Doligez, Daniel de Rauglaudre, and Xavier Leroy of INRIA (France)
announced the solution of the Certicom ECC2K-108 Challenge. The solution to the
ECC2K-108 challenge is believed to be the largest effort ever expended in a public-key
cryptography challenge. It took four months and involved approximately 9500 machines
and 1300 volunteers from 40 countries.It was expected that the ECC2K-108 challenge
would require about 5 times as much effort as expended in the ECC2-97 challenge
solved in September 1999.

The ECC2K-108 challenge was solved using the parallelized Pollard Rho method
and exploiting orbits of the negation and Frobenius maps. This method was developed in
1998 independently by Certicom researchers Rob Gallant, Rob Lambert, and Scott
Vanstone and by Harley s team. The amount of work required to solve the ECC2K- 108
challenge was about 50 times more than that required to solve the 512-bit RSA
cryptosystem, that is about 50 8000 MIPS-years.

While the solution of the ECC2K-108 challenge is an impressive computational


achievement, it was based on known methods for solving the ECDLP and not on any
fundamental advances. Nonetheless, the effort expended by Harley s group is of vital
importance because it provides practical confirmation of the theoretical estimates of the
difficulty of the ECDLP and the security of ECC.

Page 24 of 84
Implementation of Elliptic Curve Cryptography

Efficiency

In both RSA and ECC, considerable computational savings can be made. In


RSA, a short public exponent can be employed (although this represents a trade-off and
does incur some security risks) to speed up signature verification and encryption. In
ECC, a large proportion of the signature generation and encrypting transformations can
be pre- computed. Also, various special bases for the finite field F2m can be employed
to perform the modular arithmetic involved in ECC operation more quickly.

State-of-the-art implementations of the systems from Certicom show that with all
of these efficiencies in place, ECC is an order of magnitude (roughly 10times) faster
than RSA. The use of a short public exponent in RSA can make RSA encryption and
signature verification timings (but not RSA decryption and signature generation timings)
comparable with timings for these processes using the ECC.

Space Requirements

Elliptic curve cryptosystems have the potential to provide security equivalent to


that of existing public key schemes, but with shorter key lengths. Having short key
lengths is a factor that can be crucial in some applications, for example, the design of
smart card systems. The arithmetic processor on a smart card is restricted in size to an
area of roughly 25 mm2.

An RSA chip designed to do modular multiplication of 512-bit numbers has


about 50,000 transistors, while a chip designed to perform arithmetic in the field F259 3
has about 100,000 transistors. With current technology, these devices are too large to be
placed on a smart card. By comparison, a chip designed to do arithmetic in F2m , where
m is about 200, would have less than 15,000 transistors, and would occupy about 15% of
the 25 mm2 are assigned for the processor. Another advantage to be gained by using
elliptic curves is that each user may select a different curve E, even though all users use
the same underlying field K.

Page 25 of 84
Implementation of Elliptic Curve Cryptography

The following table lists the comparison results of the size of the system
parameters and selected key pairs for the different systems, and presents evidence that
the system parameters and key pairs are shorter for the 160-bit ECC than for 1024-bit
RSA.

Space requirements
System Public key (bits) Private key (bits)
parameters (bits)
1024-bit RSA n/a 1088 2048
160-bit ECC 481 161 160

Certicom claims that both of the systems have similar bandwidth requirements
when they are used to encrypt or sign long messages, but say this situation changes for
the case where short messages are being transformed. Public key cryptographic systems
are often employed to transmit short messages, for example to transmit session keys for
use in a private key cryptographic system.

For the sake of this comparison, both schemes are being used to sign a 2000-bit
message, or to encrypt a 100-bit message The encryption algorithm used in encrypting
100-bit message is an ElGamal variant with point compression.

Size of the encrypted 100-bit messages


Encrypted message (bits)
1024-bit RSA 1024
160-bit ECC 321

Therefore it would appear from this comparison that ECC offers considerable
bandwidth savings over the RSA when being used to transform short messages.

Page 26 of 84
Implementation of Elliptic Curve Cryptography

Summary
In summary, ECC provides greater efficiency than either integer factorization
systems, in terms of computational overheads, key sizes and bandwidth. In
implementations, these savings mean higher speeds, lower power consumption, and code
size reductions. However, the RSA system is globally accepted in vendor offerings and
may dominate the field until more research information about ECC becomes available.
Times are changing, though, and recently, in 1998, RSA Inc. announced the inclusion of
ECC technology in its basic cryptographic tool kit.

Page 27 of 84
Implementation of Elliptic Curve Cryptography

6. PROBLEM FORMULATION

The elliptic curve cryptography is used as a highly secured cryptographic system for
encryption and decryption. The research work is to identify cryptographic technique
which uses minimum space requirements and efficiency of the system is achievable.

6.1 MAIN OBJECTIVE

The fundamental goal of cryptography has historically been to achieve privacy,


i.e. to enable two people, Alice and Bob, to send each other messages over an insecure
channel in such a way that only the intended recipient can read the message. This
objective has traditionally been met by using private key cryptosystems. Although
private key cryptography is adequate for many applications, it has the following
disadvantages which make it unsuitable for use in certain applications:

Key distribution problem: As described above, the two users have to select a key in
secret before they can start communications over an insecure channel. A secure channel
for selecting a key may not be available.

Key management problem: In a network of n users, every pair of users must share a
secret key, for a total of n (n - 1)/2 keys. If n is large, then the number of keys becomes
unmanageable.

No signatures possible: A digital signature is an electronic analogue of a hand-written


signature. This means that a digital signature allows the receiver of a message to
convince any third party that the message in fact originated from the sender. In a private
key cryptosystem, Alice and Bob have the same capabilities for encryption and
decryption, and thus Bob cannot convince a third party that a message he received from
Alice in fact originated from Alice.

Public Key Cryptosystems

Page 28 of 84
Implementation of Elliptic Curve Cryptography

The basic idea that led to public key algorithms was that keys could come in
pairs of an encryption and decryption key and that it could be impossible to compute one
key given the other. Since then, many public key algorithms have been proposed, most
of them insecure or impractical. All public key algorithms are very slow compared to
secret key algorithms. The RSA algorithm takes about 1000 times longer than the
popular private key encryption algorithm, DES, when implemented in hardware, and
100 times longer in software to encrypt the same amount of data.
However, public key algorithms have a big advantage when used for ensuring
privacy of communication. Public key algorithms use different keys for signing and
decryption, and for encryption and signature verification. The private key may only be
known to its owner and must be kept in secret. It may be used for generation of digital
signatures or for decrypting private information encrypted with the public key. The
public key may be used for verifying digital signatures or for encrypting information. It
needs not to be kept secret, because it is infeasible to compute the private key from a
given public key. Thus, users can post their public key to a directory, where everybody
who wants to send an encrypted message or verify a signature can look it up. Each entity
in the network only needs to store its own private key and a public directory can store
the public keys of all entities, which is practical even in large networks.
Today, public key cryptosystems may be broadly characterized as belonging to
one of three mathematical areas. These are:
Integer factorization, such as the RSA scheme, discrete logarithm schemes, such as the
USA s DSA, or Digital Signature Algorithm, and Elliptic curve cryptosystems, or more
accurately the elliptic curve discrete logarithm scheme.

The last two schemes should be considered to be related since both their security
depends on the difficulty of solving the discrete logarithm problem. At present, the most
commonly used public key cryptosystem is the Rivest-Shamir-Adleman encryption
scheme, RSA (the recommended key size for it is at least 1024bits), which can be used
to create digital signatures and to encrypt messages. The most common private key
cryptosystem is probably Data Encryption Standard, DES, but because private key

Page 29 of 84
Implementation of Elliptic Curve Cryptography

cryptosystems can not be used to create digital signatures this thesis ignores them. It is
believed that ECC will become even more popular than RSA, because the key sizes
needed with ECC are much smaller (about 163 bits) than with RSA. The key size affects
the speed of the cryptographic operations, making them faster than RSA operations.

6.2 SPECIFIC OBJECTIVE

The specific objective of the system is to implement the Elliptic curve


cryptography for encryption and decryption of the information. The Elliptic curve uses
the public key cryptosystem. When two persons A and B wants to communicate with the
Elliptic curve cryptography the sender A will encrypt the data using the public key of B
and B on the receiving end decrypts using his own private key. The key being used might
vary but they share a common base point with which both encryption and decryption is
done.
The specific objective of the system is to generate user friendly system to find a
base in elliptic curve cryptography. Using this base point the public and private keys of
both the sender and the receiver is generated. With the generated keys the encryption and
decryption of the data is done.

Page 30 of 84
Implementation of Elliptic Curve Cryptography

6.3 METHODOLOGY

The methodology to implement Elliptic curve cryptography is that the base point
should be generated and the public and the private keys are generated and finally he data
is encrypted and decrypted using the keys generated.

An elliptic curve E over the complex numbers is the set of points (x, y)
satisfying the equation
y2 = x3 + ax + b
For the given values a and b the equation should satisfy the following criteria:
4a³ + 27 b²≠ O

together with a special point O, this is called the ‘point at infinity’ (but really behaves
like a 0 under addition).A prime value P is generated with which the curve points are
generated. Using the prime values the pairs of point that satisfies the equation
y2 = x3 + ax + b MOD P is generated.

Using the curve points, the elliptic curve group points that satisfy the equation is
identified. The addition of points is done which satisfies the condition that the resultant
added point should also lie on the curve.

With these base points the public and the private keys are generated for
encryption and decryption.

Page 31 of 84
Implementation of Elliptic Curve Cryptography

6.3.1 MODULES

The System implements the following modules for generating elliptic curve points.

1. Base Point Generation


2. Key Generation
3. Encryption
4. Decryption

Base Point Generation

The base point generation module is used to generate the base point for generating
the key values.

Big Integer Method

The Big integer method is developed to implement the big integers for the number
generation. The Big integer method is implemented in a DLL file and this is capable of
doing all basic arithmetic operations. The input is accepted as the string input and the
validations are done.

The big integer method gets the input which the user typed and invokes the
following methods in it: Big integer add, Big integer Subtract, Big integer compare, Big
integer multiplication, Big integer power, Big integer divider.

All methods has a common function of Check for the numeric input, truncates
unwanted zeros, Checks for the sign of the input.

This module is designed to generate the curve points and identify the base point
with which the keys are generated. The elliptic curve formula y2 = x3 + ax + b is used to
generate the curve points and identify the base point. The a and b values (either signed
or unsigned) are accepted from the user. The a and b values should satisfy the following

Page 32 of 84
Implementation of Elliptic Curve Cryptography

condition: 4a³ + 27 b²≠ O The check option checks for these values to satisfy the above
mentioned condition.

A P value (prime value) is generated. The option is added to generate the prime
either bit wise or lengthwise. The manual entry of prime number also is given and the
manual entry is also validated for prime. The big integer method is called to perform the
operations. The manual entry for prime is validated with the Isprobableprime method of
the Big integer method.

The validated a and b values together with the prime value is used to generate the
curve points. The x and the y pair values are generated in table with x and y as follows:
x3 + ax + b MOD P (1)
y2 MOD P (2)

The points on the curve are identified when the equations (1) and (2) are equal.
The maximum prime number in the points is identified. The security of the Elliptic curve
depends on this largest prime value. The maximum prime and the base point are stored
in a text file.
The modules can be selected and executed with the help of the menu.

Page 33 of 84
Implementation of Elliptic Curve Cryptography

The base point generation module generates the curve points, maximum prime
and the base points and the form appears as follows:

The base points are saved as a separate text file and the form appears as:

Page 34 of 84
Implementation of Elliptic Curve Cryptography

Key Generation

A secret key is used for both encryption and decryption. The Key Pair consisting
of a public key and private key uses the public key for decryption and the private key for
encryption. When the key pair is generated, an association between the public key and
private key is generated, so that only that specific public key will decryption messages
with that specific private key. The public key is distributed to users for decrypting the
messages. The private key is not for distribution but kept by the owner of the key to
encrypt the messages.

The key agreement is how the key is exchanged or distributed to a user so that he
or she may decrypt the message or data. The key used for encryption, in most cases,
should not be distributed unless there are no other choices. Sometimes the keys may also
be used for digital signatures. The secret key produces only one key for the encryption
and decryption; a generic, not a Java code, method will be a pseudocode like the
following:
Cipher text=Encrypt( secretKey, Plaintext);
Plain text=Decrypt (secretKey, Cipher text);

The key generation module is used to generate the keys from the base point
which is obtained from the previous module. The private key which is the prime value is
generated. The option of the manual entry of the prime number is given which is verified
by the isprime function. The base key is opened with which the public key is generated.
The keys generated are stored in a separate text file for public and private key.
The public and the private keys are generated and saved based on the base point
that is generated. The form appears as follows:

Page 35 of 84
Implementation of Elliptic Curve Cryptography

Page 36 of 84
Implementation of Elliptic Curve Cryptography

Encryption

The public key encryption is implemented for encrypting the files. The private
key of the sender and the public key of the receiver is used to encrypt the selected file.
The encrypted file is stored in a separate text file.
The Encryption module encrypts the text file and saves the encrypted text. The private
key of the sender and the public key of the receiver is used to encrypt the text file.
]

Page 37 of 84
Implementation of Elliptic Curve Cryptography

Page 38 of 84
Implementation of Elliptic Curve Cryptography

Decryption

The encrypted file that is being stored is located. The decryption is done with the
receiver’s private key and the sender’s public key. The decrypted file is stored as a
separate text file.

Page 39 of 84
Implementation of Elliptic Curve Cryptography

Page 40 of 84
Implementation of Elliptic Curve Cryptography

6.3.2SYSTEM FLOW CHAT FOR KEY GENERATION

Start

Getting a,b

4a3+27b2<>0

no

Getting p

Generate n Curve Points


By y2=x3+ax+b

Generate q that is large n=q


prime factor for n
yes

Generate qP for 1st curve


point no

Generate qP for next curve


qP<>0 point
yes

Store the Base Point

Getting private kev


(pkev) and it is prime

Calculate pkeyP for the base


Point and it is the pubic

stop

Page 41 of 84
Implementation of Elliptic Curve Cryptography

SYSTEM FLOW CHART FOR ENCRYPTION

Start

Getting public key


(Bx,By)

Getting private key


of A

Process A(Bx,By)

Getting input text to


encrypt

Process original text to


(x1,y1)

Cipher text (xc,yc)= (x1,y1)+A(Bx,By)

Stop

Page 42 of 84
Implementation of Elliptic Curve Cryptography

SYSTEM FLOW CHART FOR DECRYPTION

Start

Getting
cipher text
(xc,yc)

Getting public
key (Ax,Ay)

Getting private
key of B

Process B (Ax,Ay)

Process cipher text to


(x1,y1)
(x1,y1)=(xc,yc)-B(Ax,Ay)

Process B (x1,y1) to
original text

Stop

Page 43 of 84
Implementation of Elliptic Curve Cryptography

6.4 SYSTEM SPECIFICATION

Hardware Specification

Processor : Intel Pentium IV 2.66 GHz

RAM : 256 MB SD RAM

Hard Disk Drives : 40 GB

CD R/W : Samsung CD Writer

Floppy Disk Drives : 1.44 MB

Monitor : 15” Color Monitor

Keyboard : 104 keys Keyboard

Mouse : 2 Button Scroll Mouse

software specification

Operating System : Windows 2000

Sortware : Visual Basic 6.0

Page 44 of 84
Implementation of Elliptic Curve Cryptography

About Visual Basic 6.0

Visual Basic – is a GUI (Graphical User Interface).


Visual Basic – is a Front-End.
Visual Basic – is a Event Driven Programming Langauge.
Visual Basic – is a Client / Server Application Tool.
Visual Basic – is a RAP Programming Tool.
Visual Basic – is a Language
Visual Basic – is a Microsoft Product.

Application:
A collection of code and visual elements that work together as a single Program.
Developers can build and run application within the Integrated Development
Environment (IDE). When users usually run application as executable files outside the
development Environment.

Code Window:
The code window is where you write visual basic code for your application. Code
window consists of language stats, constants and declaration. Listing the code window,
you can quickly view and edit any of the code in your application.

The code window includes the following elements:


1. Object box
2. Procedure list box.

MDI form:
A window that makes up the background of a multiple-document interface(MDI)
application. The MDI for is the container for any MDI child forms in the application.

Visual Basic Custom Controls:

Page 45 of 84
Implementation of Elliptic Curve Cryptography

Visual Basic 6.0 provides us a number of custom controls of which ate some ate
databound controls. Active X controls etc. Since a majority of these controls happen to
be active X controls, these custom controls are also called as Active X controls. An
active X control is an object that we place on a form to enable or enhance a users
interaction with an application. Active X controls have events and can be incorporated
into other controls. These controls have an .ocx file name extension.

Features of Visual Basic 6.0


1. Ms-transaction server.
2. Ms-internet information server.
3. Ms-message queue server.
4. Custom data bound control.
5. Custom data aware com controls.
6. Dynamic HTML.
7. Mobile computing support (WAP).
8. Hierarchical flex grid control.
9. New Integrated Report writers.

Active-X Controls:
Apart from VB standard controls a number of Active-x controls are available.
These Active-x controls are registered in the windows platform.

In VB, two types of Active-x controls are available


• Built in active-x controls (or) Custom control
• User defined Active-x controls (or) User Controls
The file extension is .OCX

Modules:
Code that is attached to a form is accessible from anywhere on that form, but a
program may have more than one form. It will sometimes be necessary to have program
code that can be reached from any form and in this case that code would be written on a

Page 46 of 84
Implementation of Elliptic Curve Cryptography

module. Module disappear fr4om view when the programs runs, only forms have an on-
screen existence. There may be several modules in one program, and each is saved as a
separation.

Project:
The project holds together the various forms and modules that makeup a program.
Its purpose is primarily one of convenience. When we want to start work on a program
we only have to open the one project file marked by a MAK extension rather than a
whole set of forms and modules.

Procedure:
All the code in a program is written in procedures or subroutines. Most of these
will be attached to a control or more accurately to an event belonging to a control some
will be free standing. All start with the key word sub and close with end sub.

Page 47 of 84
Implementation of Elliptic Curve Cryptography

7. SYSTEM ANALYSIS AND DESIGN


7.1 TECHNICAL ANALYSIS

Technical analysis begins with an assessment of the technical viability of the


proposed system. The possible information system benefits are contributions from
calculating and printing tasks, record-keeping tasks, record searching tasks, system
restructuring capabilities etc. Few contributions are listed below:

 Improved accuracy in calculating Tasks


 Ability to quickly change variables and values in calculation programs
 Ability to automatically collect and store data from records
 Increased capacity for record keeping in terms of space and cost
 Improved security in records storage
 Improved portability of records
 Faster retrieval of records

7.2 FEASIBILITY ANALYSIS

Feasibility study is a test of proposal to its workability, impact, ability to meet the
user needs and effective use of resources. It is both necessary and prudent to evaluate the
feasibility of a project at the earliest possible time. Feasibility and risk analysis are
related in many ways. If project risk is great, then the feasibility of producing quality
software is reduced.

Feasibility study focuses mainly on the following questions.

 Is there a better way of performing users work rather than the current
method?
 What is the cost involved in going for a new system?
 What are the benefits the user could gain over the current system?
 What is recommended?

Page 48 of 84
Implementation of Elliptic Curve Cryptography

Feasibility consideration
Feasibility analysis involves three main considerations namely

 Technical Feasibility
 Behavioral Feasibility
 Economic Feasibility

Technical Feasibility

Technical feasibility is a study of function, performance, and constraints that may


affect the ability to achieve an acceptable system. The considerations that are normally
associated with technical feasibility include the following:

Development risk: The necessary functions and performance can be analyzed.


The Distributorship management system is analyzed completely in the system study
phase which reduces the development risk. The major development risk in performance
might be based on the flow of data through the hierarchy of the system. The exact data
based on the login should be provided which enhances the performance and functions.

Resource Availability: The resource availability for this technical process is the
necessary software, hardware and the man power with technical skills. All these
resources are satisfied and prove the system technically feasible.

Behavioral Feasibility

Behavioral Feasibility aims at estimating whether the user is able to cope with the
new system. The project has got sufficient support from the management and from the
users. The system was found to be operationally feasible.

Economic Feasibility

This procedure involves the analysis of cost involved to set up the new system
and the cost involved is compared with the benefits that the new system would render.

Page 49 of 84
Implementation of Elliptic Curve Cryptography

7.3 MENU DESIGN

A menu is a list of options organized in a specified format that simplifies the data and
access. While designing the menu, the following objectives are followed:
 Names for each menu are given clearly in an understandable manner.
 Shortcut key is given for each menu for easy selection.
 Sub-menus are added whenever necessary to avoid a lengthy list.
Menu Design

The menu is designed with the main motive of user friendliness which allows the
user to navigate through the various modules available in the system. The modules are
compiled by the users with a single click in the menu option. This facilitates the user to
execute the system in an efficient manner. The menu is limited with only the module
options such that all the other activities within the module can be executed at their
location without returning to the menu all the time.

Page 50 of 84
Implementation of Elliptic Curve Cryptography

7.4 INPUT DESIGN

The quality of system input determines the quality of the system output. Input
design specifies the manner in which data enters the system for processing. Processing
input and designs are done in such a way that it caters to the requirement of the end-users,
extensive care has to be taken to ensure the validity of the input data. It determines the
acceptance of the project by the user. Hence, input design plays a major role in the
development of the system.

The features of input design are:

 Reliability
 Operational efficiency
 Interaction

The objectives of the input design are

 Controlling Amount of Input


 Avoiding Delay
 Avoiding Errors in Data
 Keeping the Process Simple

Controlling Amount of Input

The amount of input the user has to type in, should be less without tiring the user
to access the information. The standard input can be provided in the form of selection for
better access. Here, the major interacting input media is through the controls and
hyperlink. Simple and straightforward hyperlinks are provided for easier
understandability of the system flow.

Avoiding Delay

Since, the information is provided as web pages and the length of the page is
made short, the information can be accessed without delay.

Page 51 of 84
Implementation of Elliptic Curve Cryptography

Avoiding Errors in Data


The major form of input is through well-structured controls and hyperlinks.
Hence, there is no way for crawling erroneous information. All the links are designed in
such a way that it specifies the information in the next page, in short and sweet manner.

Keeping the Process Simple

The Inputs are designed in such a way, that even the novice user can use this
project without others support. Improper designing of the input will lead to the
misunderstanding of information. Hence, this phase has been handled with great care in a
well-detailed manner, so that the users are taken along the right path.

Input Forms
Form 1: Base Point Generation Form

The input form is designed to obtain the curve points and to identify the
base point for the given a and b values. The formula for the elliptic curve is:
y2 = x3 + ax + b,

Page 52 of 84
Implementation of Elliptic Curve Cryptography

plus a special point O that lies infinitely far up the y –axis. The given values a and b
should satisfy the equation 4a³ + 27 b²≠ 0. The prime values are generated either
manually or through the system with the given length or given bit value. With the
obtained prime value the curve points are generated and the maximum Prime on the
generated curve points is identified. With this maximum prime value generated the base
point of the elliptic curve is identified. The obtained base point is saved in a separate text
file with the extension _BasePnt.

Page 53 of 84
Implementation of Elliptic Curve Cryptography

Form 2: Key Generation Form

The key generation form id used to generate the public and the private keys. With
the base point obtained in the previous form the keys are generated.

Private Key: The private key is generated by specifying the prime number. The prime
number which acts as the private key is generated either manually by the user or it can be
randomly generated by the system. The private key which is generated is saved in a
separate text file with the extension _pvkey which is used later for the process and
encryption and decryption.

Public Key: The public key generation is generated with the private key and the base
point that has been generated for the elliptic curve. The public key which is generated is
stored in a separate text file with the extension _pbkey which is used during the process
of encryption and decryption.

Page 54 of 84
Implementation of Elliptic Curve Cryptography

Form 3: Encryption Form

The Encryption for is used for the encryption of the text file using the keys that
have been generated. The form is designed to get the input of the text file, the public and
the private keys which is to be used for the process of encryption. The validations are
done to check for the opening of the private and the public keys.

The open file option is used for selecting the text file which is to be encrypted.
The encrypt option encrypts the text file and converts it into the curve points. When the
sender wants to send some text data he encrypts the data with their own private key and
the receivers public key. The encryption is done by the repeated addition of the points to
the number of times in the private key value. The points will be the result of the addition.
The encrypted text file is separately stored in a text file.

Page 55 of 84
Implementation of Elliptic Curve Cryptography

Form 4: Decryption Form

The decryption form is used to decrypt the cipher text using the public and the
private keys. The form has the option to open the cipher text and the keys that are
generated. The receiver decrypts the cipher text with their own private key and the
sender’s public key value. The decrypted text is separately stored in a text file.

Page 56 of 84
Implementation of Elliptic Curve Cryptography

7.5 OUTPUT DESIGN

Output design is also one of the important phases in system design. Output,
generally refers to the results and information that are generated by the system. For many
users, output is the main reason for developing the system and it is the basis on which
they will evaluate the usefulness of the application.

The main form of interaction between the users is the output. Hence, the output
should be designed with great attention. The output should be presented in an impressive
form, which will satisfy the user requirement in simple and attractive manner. The
information is organized in a formal manner so that a user can easily identify and fulfill
their requirements. Precise information is provided so that the user can make the utmost
use of this application.

Since, the output is designed keeping in mind the users requirements in the organization
it is designed in such a way that a new user can also easily work in the environment, the
system is found to reach the user effectively.

Page 57 of 84
Implementation of Elliptic Curve Cryptography

Form1: The form that shows the curve points and the base point

Form 2: The form that shows the output of the generated keys

Page 58 of 84
Implementation of Elliptic Curve Cryptography

Form 3: The form that shows the encrypted text

Form 4: The form that shows the decrypted Text

Page 59 of 84
Implementation of Elliptic Curve Cryptography

8 SYSTEM TESTING

In any software development, testing is a process to show the correctness of the


program and it meets the design specifications. Testing is needed to prove correctness, to
show completeness, to improve the quality of the software and to provide the
maintenance aid. Some testing standards are therefore necessary to ensure the
completeness of testing, improve the quality of the software, and reduce the testing costs
and to reduce study needs and operation time.

Testing Objectives

 Testing is the process of executing a program with the intent of finding an error.
 A good testing case is the one that has a high probability of finding an as yet
undiscovered error.
 A successful test is one that uncovers an as yet undiscovered error.

Levels of testing

The various levels of testing are as follows

Unit testing: Individual components are tested to ensure that they operate correctly. Each
component is tested independently, without other system components.
1. System Testing: The sub-system is integrated to make up the entire system. The
testing process is concerned with finding errors, which result from un-anticipated
interactions between subsystem components. It is also concerned with validating
the system meets its functional and non-functional requirements.
2. Acceptance Testing: This is the final stage in the testing process before the
system is accepted for operational use. Acceptance testing may reveal error and
omissions in the system requirements definition because real data exercises the
system in different ways from the test data. Acceptance testing may also reveal
requirements problem where the system facilities do not really meet the user’s
need or the system performance is unacceptable.

Page 60 of 84
Implementation of Elliptic Curve Cryptography

TESTING STRATEGIES:

1. Top-down Testing: Top-down testing tests the higher levels of a system testing
its detailed components. The program is represented as a single abstract
component with sub components represented by stubs. Stubs have the same
interface as the components but with very limited functionality. After the top-
level component has been tested, its sub-components are implemented and tested
in the same way. This process continues recursively until the bottom-level
components are implemented. The whole system may then be completely tested.

2. Bottom-Up Testing: Bottom-up testing is the converse of Top-Down Testing. It


involves testing at lower levels of the hierarchy and then working up the hierarchy
of the modules until the final module is tested. The advantage of bottom-up
testing is the disadvantage of the top-down testing and vice-versa. When using
bottom-up testing drivers must be written to exercise the lower-level components.
These test drivers simulate the components environment and are valuable
components; the test drivers and the test data should be distributed with the
component. Potential re-users can then run these to satisfy themselves that the
component behaves as expected in their environment.

3. Black box Testing: Knowing the specified function that a product has been
designed to perform, test can be conducted that demonstrates each function that is
fully operational, at the same time searching for errors in each function. Black
Box testing focuses on functional requirements of the software.

Black Box testing attempts to find out error in the following categories:

 Incorrect or missing functions


 Interface errors
 Error in data structure or external database access
 Performance and errors
 Initialization and termination errors

Page 61 of 84
Implementation of Elliptic Curve Cryptography

4. White Box Testing: Knowing the internal working of a product, test can be
conducted to ensure that all gears mesh that is internal operation performs
according to specification and all internal components have been adequately
exercised. Using white box testing method, the software engineer can derive test
cases that

 Guarantee that all independent paths within a module has been


exercised at least once
 Basic path testing.
 Exercise all logical decisions on their true and false sides-
condition testing.
 Exercise all loops at their boundaries and within their operation
bounds-loop testing.
 Exercise internal data structures to assure their validity-data flow
testing.

Page 62 of 84
Implementation of Elliptic Curve Cryptography

Validations

The values of a and b in the Elliptic curve formula should satisfy the equation 4a³
+ 27 b²≠ 0. The check condition is done and the validated resulting formula is displayed
to the user.

The base point that is generated is stored as a separate text file. The validation is done to
check whether the data is stored in a text file separately.

Page 63 of 84
Implementation of Elliptic Curve Cryptography

The validation is done to check for the prime values that are given manually or when a
random number is given by the user. (Base point generation form)

The validation is done to check for the prime values that are given manually or when a
random number is given by the user. (Key generation form)

Page 64 of 84
Implementation of Elliptic Curve Cryptography

When the user try to generate the key with the wrong value or when the user does not
give the proper base key value, the validation is done and the information is prompted to
the user.

During encryption process when the user tries to open a public key file instead of a
private key file of vice versa the validation is done and the information is intimated to the
user.

Page 65 of 84
Implementation of Elliptic Curve Cryptography

9. IMPLEMENTATION
The implementation plan consists of the methods for changing from the old
system to new one. It includes the activities that take place to convert from the old system
to the new.
Changeover
Changeover is the process where the existing system is converted into the new
system. The changeover from old to new system takes place when:

 System is proved to the satisfaction of systems analyst and other implementation


activities are completed.
 User managers are satisfied with the results of system tests, staff training and
referenced manuals.
 Target date for changeover is due.

The most common methods to achieve changeover are:

 Direct changeover
 Parallel running
 Pilot running
 Staged changeover

The type of changeover going to be adopted for the system is parallel running.
Parallel running means processing current data by both old and new systems and
crosscheck the results. The old system kept alive and operational until new system is
proved for at least one system cycle, using full live data in the real operational
environment of place, people, equipment and time.

The advantages are that we can access the performance of both the systems and it
will increase the morale of the staff and the management. Since both the systems have to
be maintained at the same time, there are only fewer chances for mistake.

Before installation of the software the hardware specification are checked. If the
hardware specifications are satisfactory then the software is loaded. When the users and

Page 66 of 84
Implementation of Elliptic Curve Cryptography

management are satisfied with the system, the existing system is stopped and the new
system is implemented. This change from the existing system takes place.

Page 67 of 84
Implementation of Elliptic Curve Cryptography

10. CONCLUSION

• RSA offers fast Signature verification and encipherment


• ECC offers fast Signature generation and key exchanges

Currently, Elliptic curve cryptosystem offer a much shorter key size, 160 - 180
bits, for equivalent security to RSA – 1024. However it is important to look also at
performance in addition to security.

ECC are well suited to ‘Stressed’ environments, where there is bandwidth or


processing limitations, say due to physical constraints-ECC custom silicon tends to be
compact and the parameters smaller.

At present ECC implementations provide a slower signature verification than


RSA and faster signature generation than RSA. This suggest that the use of ECC may
favor those application which are signature generation intensive are requiring online key
exchange.

This is quite simplistic though. Underlying this are the whole set of knotty issues.
Depending upon how the ECC is implemented. For example will 1 or 2 curves become
standardized or will curves be generated by individuals (For a successful cryptographic
exchange all parties will need to be using the same EC and there are roughly 2p curves
over GF (P)). These are not insurmountable concerns but are nevertheless raised as issues
by those developing such system.

This implies that, at present, an ECC implementation should be carefully thought


thorough. The compatibility issue may resolve themselves as it becomes clear what the
favored ECC implementation is.

Finally, ECC’s have only been intensively studied over the last 10 years or so.
Although their ‘Newness’ used to be viewed as an obstacle it is much less the case now.

Page 68 of 84
Implementation of Elliptic Curve Cryptography

ECC are being widely accepted and incorporated in the design of new system as an
alternative crypto technology. Moreover, ECC’s have been successfully implemented in
mobile radio and franking applications.

Page 69 of 84
Implementation of Elliptic Curve Cryptography

11. SUGGESTIONS FOR FUTURE WORK


The cipher text that contains the curve points is stored as a separate text file. In
future the curve points can be stored in a separate database and the curve can be
generated.
The application can be extended in a network and encrypted data can be
transmitted over the network. In future the research can be extended to encrypt the audio
and video files.
To further speed up the implementation there are many algorithms available to
make the elliptic curve operations faster. For example to speed up the polynomial
multiplication one can use the Fixed Base Windowing algorithm.

Page 70 of 84
Implementation of Elliptic Curve Cryptography

BIBLIOGRAPHY

WEBSITES

 www.wikipedia.com

REFERENCE BOOK

 Charlie Kaufman, Radia Perlman, Mike Speciner, “Network Security – PRIVATE

Communication in a PUBLIC world”, Second Edition, 2002.

 Roger S. Pressman, “Software Engineering”, Edition IV, 1997.

 Ellias Awad, “System Analysis And Design”, Edition II, Galgotia publications.

 Roger S.Pressman, Ph.D, “Software Engineering A Practitioner’s Approach”,


Tata McGraw Hill, Fifth Edition, 2002.
 Evangelos Petroutsos, “Mastering Visual Basic 6.0” Golgotia publications (P)
Ltd, 1998.
 Michael Halvorson, “Learn Microsoft Visual Basic 6 now”, Prentice Hall of India,
2001.
 Smith A, Valor Whisler, “Visual Basic 6 Programming Bible”, Computer Science
Press, 1998.

Page 71 of 84
Implementation of Elliptic Curve Cryptography

APPENDICES
A. SAMPLE SCREENS

Page 72 of 84
Implementation of Elliptic Curve Cryptography

Page 73 of 84
Implementation of Elliptic Curve Cryptography

Page 74 of 84
Implementation of Elliptic Curve Cryptography

Page 75 of 84
Implementation of Elliptic Curve Cryptography

Page 76 of 84
Implementation of Elliptic Curve Cryptography

Page 77 of 84
Implementation of Elliptic Curve Cryptography

Page 78 of 84
Implementation of Elliptic Curve Cryptography

Page 79 of 84
Implementation of Elliptic Curve Cryptography

Page 80 of 84
Implementation of Elliptic Curve Cryptography

B. SAMPLE CODE
Dim bm As New BigIntegerMethods
Dim a As Integer, b As Integer
Dim X As String, Y As String, p As String, mp As String
Dim tot_pnts As String
Dim x3 As String, y3 As String
Dim nx1 As String, ny1 As String

Private Sub base_txt_Change()


SendKeys "^{end}", True
End Sub

Private Sub check_ab_Click()

Dim c As Integer

tp_lbl.Visible = False
tt_lbl.Visible = False

On Error GoTo lab

c = (4 * (Int(txt_a.Text) ^ 3)) + (27 * (Int(txt_b.Text) ^ 2))

If c = 0 Then
ans_lbl.Caption = "Not Satisfying the condition"
'MsgBox "Not Satisfying the condition", vbInformation, "Invalid"
ElseIf c <> 0 Then
ans_lbl.Caption = "The formula is : y^2 = x^3 +" & txt_a.Text & "x + " & txt_b.Text
'MsgBox "The formula is : y^2 = x^3 +" & txt_a.Text & "x + " & txt_b.Text, vbInformation, "valid"
End If

Exit Sub
lab:
MsgBox "Invalid Input", vbExclamation, "Invalid"

End Sub

Page 81 of 84
Implementation of Elliptic Curve Cryptography

Private Sub chk_prime_Click()

' If bm.biginteger_IsProbablePrime_RM(txt_prime.Text) = True Then


' ans_prime.Caption = "Prime"
' Else
' ans_prime.Caption = "NotPrime"
' End If

BigInteger_Methods1.Visible = True
ans_prime.Caption = ""
If BigInteger_Methods1.BigInteger_IsProbablePrime_RM(txt_prime.Text) = True Then
ans_prime.Caption = "Prime"
Else
ans_prime.Caption = "NotPrime"
End If
BigInteger_Methods1.Visible = False
End Sub

Private Sub cmd_clear_Click()


txt_prime.Text = ""
End Sub
Private Sub g_prime_Click()

g_rnd_Click

Dim ob As Object, cn As Integer


'MsgBox Me.Controls.Count
For cn = 0 To Me.Controls.Count - 1
Set ob = Me.Controls(cn)
If TypeOf ob Is CommandButton Then
ob.Enabled = False
End If
Next cn

While ans_prime.Caption <> "Prime"


txt_prime.Text = bm.BigInteger_Add(Trim(txt_prime.Text), "1")
chk_prime_Click

Page 82 of 84
Implementation of Elliptic Curve Cryptography

Wend

For cn = 0 To Me.Controls.Count - 1
Set ob = Me.Controls(cn)
If TypeOf ob Is CommandButton Then
ob.Enabled = True
End If
Next cn

End Sub

Private Sub g_rnd_Click()

Dim inp As String

If opt_bit.Value = True Then


inp = Trim(InputBox("Enter the No. of Bits: ", "Input"))
If BigInteger_Methods1.chk_valid(Trim(inp)) = True Then
txt_prime.Text = BigInteger_Methods1.BigInteger_Random_ByBit(inp)
'Else
' MsgBox "Invalid Input", vbInformation, "Invalid"
End If
ElseIf opt_len.Value = True Then
inp = Trim(InputBox("Enter the Length: ", "Input"))
If BigInteger_Methods1.chk_valid(Trim(inp)) = True Then
txt_prime.Text = BigInteger_Methods1.BigInteger_Random_ByLength(Int(inp))
'Else
' MsgBox "Invalid Input", vbInformation, "Invalid"
End If
End If

End Sub

Private Sub mnu_point_Click()

Dim fs As New FileSystemObject

Page 83 of 84
Implementation of Elliptic Curve Cryptography

On Error GoTo lab


cmd1.ShowSave
If cmd1.FileName <> "" Then
fs.CopyFile App.Path + "\base.txt", Left(cmd1.FileName, Len(cmd1.FileName) - 4) & "_BasePnt.txt"
MsgBox "File saved successfully", vbInformation, "Save"
End If

Exit Sub
lab:
MsgBox "File copy error", vbExclamation, "Failed"

Page 84 of 84