Sie sind auf Seite 1von 22

See discussions, stats, and author profiles for this publication at: https://www.researchgate.


Modelling a side channel resistant CHAN-PKC cryptomata for medical data


Article  in  Multimedia Tools and Applications · June 2019

DOI: 10.1007/s11042-019-7730-1


0 160

2 authors:

Chandra Segar Thirumalai Viswanathan Perumal

VIT University VIT University


Some of the authors of this publication are also working on these related projects:

Secure Cache mapping View project

Fuzzy based Decision making system View project

All content following this page was uploaded by Chandra Segar Thirumalai on 25 July 2020.

The user has requested enhancement of the downloaded file.

Multimedia Tools and Applications

Modelling a side channel resistant CHAN-PKC

cryptomata for medical data security

Chandra Segar Thirumalai 1 & P. Viswanathan


Received: 23 July 2018 / Revised: 28 February 2019 / Accepted: 3 May 2019

# Springer Science+Business Media, LLC, part of Springer Nature 2019

Currently, a multimedia revolution of medical data in health information becomes part of our
computing environment. However, the interchange of medical information is typically
outsourced by third parties, which may affect the disclosure of confidentiality. To address this
issue, we address high security and confidentiality through our proposed CHAN-PKC
cryptomata. The proposed scheme uses a Diophantine equation to have the three stage of
decryption for high security, but ESRKGS and RSA has one level of decryption. The results
show that the proposed cryptomata has efficient encryption and decryption time when
compared to the existing systems. At 10 K-bit moduli of key generation, CHAN-PKC
consumes only 0.65 times of RSA, but ESRKGS takes 1.83 times of RSA. The timing
similarity shows that both CHAN-PKC and RSA has a 100% correlation, but ESRKGS has
only 90%. Hence our CHAN scheme is robust against side channel and also has a large key
space than RSA. The security analysis confirms that our CHAN-PKC is very fast, secure
against brute force and side channel attacks; therefore, it is feasible for real-time applications.

Keywords Cryptography . Side channel attacks . Public key encryption

1 Introduction

Patient’s health record system has attained a phenomenal growth in health information exchange. It
is used to keep track of the patient’s health status viewed by the doctor. Digital medical images use a
large number of applications for predicting patient disease. These use public channels to store and
transmit the medical images, which make them unprotected to security threats. In medical applica-
tions, the patient’s privacy and security should be a top priority. Based on the country regions, the

* Chandra Segar Thirumalai

P. Viswanathan

School of Information Technology and Engineering, VIT University, Vellore, India
Multimedia Tools and Applications

standards and guidelines vary on healthcare information exchange. Application security has based
on the IT service layers and application specific; hence, the security services are applied accordingly.
With long-term efforts, several researchers proposed different medical encryption schemes
for secure transfer of medical information. Some of the recent works includes asymmetric
encryption [11, 37, 64], chaotic system [16, 40], orthogonal matrix [3], dual encryption [6],
pixel-based scrambling [24], and other schemes [4, 12, 28, 45, 54]. We propose in this paper
CHAN-PKC cryptomata for medical data security to resist against side channel attack. Our
technique applies Pell’s form of an equation for encryption and decryption process. Model
results are delivered to demonstrate the performance of the proposed scheme while preserving
a high level of security and confidentiality. We further show that the CHAN-PKC scheme is
strong against side channel and key space attacks.
Through wearable devices like a watch, blood pressure (bp) monitor, are becoming more
popular, patients can explore more on their health indication. After a regular interval of time,
patients can upload their records to the cloud [39]. The doctor or the physician or through the
learned threshold functions, the record are analyzed and then convey the appropriate signals
such as low bp, normal, high, very high to the patient accordingly. Based on the health record
status report, the doctor may advise the patient to take medicine. Moreover, a doctor or an
analyst can explore new findings from the patient’s personal health history such as the
medicine played an impact on a patient’s health or change the medicine based on sex or age.
Cloud Computing plays a vital role in distributing information from various locations among
cloud users in the best possible ways. Hybrid Cloud see, e.g. [38, 44, 57, 59, 62, 65], seems to have
efficient management in serving the cloud services, but it is limited in certain ways. For instance, it
affords off-premises cloud computing as just backup data centers for several years. Gartner proposes
[20] an alternative cloud computing model as bi-modal or Hybrid IT. Rivest [48] in the 1970s
developed the phenomenal RSA Public Key Cryptosystem (PKC) has claimed to be one of the well-
suited cryptology and adopted by millions of users across the world. The primary operations and
workflow of RSA are illustrated in section 2.1, to recognize our CHAN-PKC scheme. Several secure
systems have proposed, but the majority of widely used proposals depend on Public Key Infrastruc-
ture (PKI). Some of the challenging issues [19, 31, 48, 52, 53, 61] in a PKI are (1) Before using the
public key of the client or CSP, it is compulsory to check the validity of public key certificates, and
this makes the verifier pay extra overhead in computation. (2) Due to the complex certificate
management and large size of keys, the full protocol becomes inefficient. To address this key
management concern in cloud data, we propose a CHAN-PKC protocol for efficient and real-time
use. Our system has four core entities such as Networking devices, Trusted Authority (TA) with
security services, Cloud computing, and Application Service Provider’s (ASP) has shown in Fig. 1.
The security requirements [37, 42] and threat level issues [62] differs according to the cloud
service. Because of online businesses, cloud-dominant precedes three levels of computing service:
Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). In
IaaS, the network designer is endorsed to develop and deploy both physical and virtual objects such
as bandwidth, communication, environment, processing power, storage, and virtualization. So IaaS
is mainly used to install PaaS or SaaS. Few common threats of IaaS are disfiguring, traffic flow
analysis, session hijacking, and masquerade attack. In PaaS, the application developers are endorsed
to contact operating systems and server hardware to have high scalable applications. Hardly any
PaaS security measures include intrusion detection, access control, and data protection. Some of the
common threats of PaaS include interruption, programming flaws, and software modification.
At last, in SaaS, the end user is authorized to access the software applications. Its security
measures include privacy and protection, data access, authentication, authorization, and
Multimedia Tools and Applications

Fig. 1 Cloud-centric secure model of CHAN-PKC

software security. The usual threats of SaaS are a masquerade, session hijacking, traffic flow
analysis, privacy breach, and data interruption. From this level of cloud computing services,
the SaaS model is well suitable to keep the sensitive medical data of a patient on a cloud. Here
the ultimate priority is to preserve the privacy of the user seeing information by deploying well
secure cryptography algorithm. More precisely, the primary security concerns of networking
devices and the shared cloud is data integrity and authentication [5, 15, 27, 29, 36, 43, 47, 51].
Security structures like key generation, encryption, and decryption of CHAN-PKC have
discussed in Section 3, and its proof has sketched in Section 4.
KGS (Key Generation System) is a phase with specific constraints to generate the
keys based on the cryptographic form. Here the generated keys are used to encrypt and
decrypt the medical data. For real-time applications, this KGS module must be extremely
robust and well protected with security applications. In the domain of digital
Multimedia Tools and Applications

communications, the cryptosystem keys have classified as symmetric and asymmetric. In

the symmetric cryptosystem, a similar key called secret key has shared by either cipher
receivers or KGS and then by cipher sender. Whereas in asymmetric, cipher receiver uses
its private key (d, N) to decrypt the ciphertext into medical data. In the other end, the
sender who holds the medical data, applies the public key (e, N), to transform the
medical data into cipher form. Both public and private keys of PKC shares the common
N-bit moduli, and hence one can guess the private key from the N-bit moduli itself using
factorization attack. In 2009, Kleinjung et al. [32] effectively had decrypted at 768 N-bit
RSA modulus by using the Number Field Sieve (NFS) factoring method. For practical
applications, NIST - National Institute of Standards and Technology [7] recommends that
the N-bit RSA modulus lowest size should be 2048 or 2 K bits.
The RSA KGS begins with two random secret primes p and q whose bit length is in
the range of N/2. If the N-bit moduli size is small, then one may guess the primes and
find the private key. After this, RSA KGS uses Euler function ∅(N) processed by (p − 1)
∗ (q − 1). Next, the public key ‘e’ has chosen with the constraint: 1 < e < ∅ (N) and
gcd (e, ∅(N)) = = 1 by utilizing Euclid calculation. It has noticed that the selection of
public key ‘e’ should not be equivalent to any of prime cofactor of N-bit modulus;
otherwise, both public and private key gets similar (i.e., e = d). For instance, if the chosen
primes are p = 5, and q = 7 and the selected e = 5, then the private key becomes d = 5.
Hence the public key should be selected with e ≠ p ≠ q, and at last, the private key ′d′
processed by utilizing the Extended Euclid calculation. For this, ∅(N) and ′e′ are
ðN Þ
sufficient to locate the private key d ¼ 1þk*∅ e where ′k′ is a positive integer. Due to
this, the key parameters p, q, ∅ (N) and d are extremely kept secret by the KGS itself.
There are various breeds of RSA proposed in [8, 13, 14, 25, 58, 60, 64] to strengthen the
cryptosystem by trivially considering the security and key storage constraints [23].
RSA crypto strength has primarily based on the complex nature of the Integer Factorization
Problem (IFP). When the private key size is in a small range, then cryptanalyst can hack the
original message from the transmitted public key and encipher code by applying a suitable
attack. In 1990, Wiener [63] proved that RSA is insecure when d ≤ N0.25 by Continuous
Fraction Method. In 1998, Boneh and Durfee [9] initially extended the Wiener Attack by
using Lattice theory concept which is referred as Coppersmith’s method [17] to find small
solutions of the polynomial equation and proved with acceptable assumptions that the system
becomes insecure when d ≤ N0.292.
Furthermore, they conclude that the Wiener attack becomes inactive when e > N1.5. Also, it
has noticed that both Wiener and Boneh attacks confined in polynomial time. Later in 2006, by
applying lattice theory to Dual RSA, Sun et al. [56] measured that the system is unsafe when
d ≤ N0.333. In 2014, L. Peng et al. [46] extended the attack on Dual RSA with the bound d ≤
N0.368 by applying lattice-based free linearization technique [22].
The rest of the work is structured as follows: First, we present the necessary PKC
operations on Standard. RSA and ESRKGS (Enhanced and Secured RSA Key Genera-
tion Scheme) as discussed in Section 2. Next, the new key generation algorithm called a
CHAN PKC system has described in Section 3. Section 4 presents the mathematical
proof of our new system. In Section 5, the experimental results of Standard. RSA,
ESRKGS, and CHAN-PKC from 1K to 10K moduli bits. In Section 6, we represent
our scheme against timing attack and resistance. Finally, the final remarks and conclu-
sion are presented in Section 7.
Multimedia Tools and Applications

2 Literature works

2.1 Standard RSA

In the standard RSA public key cryptosystem [40] contains three main phases, such as key
generation, encryption, and decryption. 1. In a key generation, asymmetric keys are produced,
such as public keys (e, N) and private key (d, N). Here the message M ϵ N − 1, where N is the
product of two primes p and q. 2. In the encryption phase, the message M is transformed as
ciphertext CT using the form Me mod N → CT. Here the public key e hold the constraints i. e >
1 and ii. (e, ∅(N)) Greatest common divisor should be one. Here ∅(N) is kept secret and the
only (e, N) is shared publicly. Hence the strength of RSA ultimately depends on factoring the
p and q from RSA modulus N. 3. In the decryption phase, the ciphertext CT is retransformed as
decipher text called original message M using the form CTd mod N → DT.


Thangavel [58] developed an Enhanced, and Secured RSA Key Generation Scheme (ESRKGS)
uses four primes to increase the key size exponentially. So, both the encryption and decryption
costs are exponentially higher than standard RSA. In standard RSA, it is expected with a high
probability that the decryption cost is four times higher than the encryption cost. However, by
using Rebalanced RSA proposed by Wiener [63], it is desirable to accomplish the decryption
cost with encryption. The performance comparison of ESRKGS has depicted with KGS,
encryption, and decryption time is shown in Table 4. It has done by varying its input bit with
prime p and its partial public keys e1, e2 as |p| = ∣ e1 ∣ = ∣ e2∣. Erkam et al. [41] commented on
ESRKGS that this scheme is vulnerable to factorization attack. This scheme has initially
based on four primes p, q, r, s to generate large size keys (E, D, N). But their encryption
and decryption keys share the common moduli n which depend on only two primes p, q.
Hence by using any factorization attack on these public key of moduli N, one can reveal
back the private key d. Using these (d, N) as the private key, one can transform back the
message, M, i.e. CTd mod N → M. Due to this, the security level of ESRKGS and standard
RSA lies on the same page of factorization attack. Currently, the factorization attack will
work for only 750 bits, so when the size of |p| + |q| > 750 bit, then CHAN-PKC gets safe.

3 Proposed system


The proposed CHAN-PKC scheme outflow from the traditional method of sharing the keys
and produces the public key as (α, Re , N) is resultant in algorithm 1. This scheme of KGS
takes (R, p, q) plus RSA public key as input and produces valid private key components (e,
2Yl, N) as output, and it reveals the same in Fig. 2. The performance measure of this scheme
assessed in standings of key generation, encryption and decryption by varying its input bits as
shown in Table 3. Here, the bit length of RSA public key e lies in half of its N-bit moduli size.
Our CHAN-PKC scheme works by solving the Pell’s essential form, α + Re2 + 2RYle ≡ 1
mod ∅ (N). The chief merit of our system is that it does not need Extended Euclid’s algorithm
as like RSA-PKC. This merit has shown in the below CHAN-PKC key generation scheme. For
Multimedia Tools and Applications

Fig. 2 Detailed view of proposed CHAN-PKC model

cipher decryption of RSA, they apply a private key ′d′ solving the form d ≡ e−1 mod ∅ (n)
using Extended Euclid algorithm to find the modular multiplicative inverse of e.
The proposed scheme applies two levels of encryption to create the ciphertexts CT1, and
CT2 using the public key (α, Re , N). Using the private key (e, 2Yl, N) three levels of
decryption is applied which produces a high level of security and confidentiality. The existing
cryptographic strength depends on the factorization complexity. The guessed private key ′d′
has made through the factors of common modulus ′N′ and public key ′e′. However, our
proposed scheme strength depends on the complexity of RSA (e, ∅(N)) parameters and Pell’s
coordinates bit length.
Our CHAN-PKC scheme is, at its core, very related to the original system. Since it practices
the similar mechanisms to exchange a public key and the ciphers, it inherits the security
structures from it. The proposed PKC also keeps or recovers on its security and confidentiality.
The primitives used in the proposed key interchange have differed from the original scheme.
This approach also makes the guessing attack much difficult than the existing system.
The quadratic Diophantine equation of the form is given as X2 − RY2 = a where a is an
integer denoted as a Pell-type equation. For cryptography application, this integer a is taken as
one, and its lth coordinate has generated from the radical solution as X l ¼ 0:5 X 0 þ Y 0 R
 pffiffiffil   pffiffiffil   pffiffiffil
þ0:5 X 0 −Y 0 R and Y l ¼ 2p1 ffiffiRffi X 0 þ Y 0 R − 2p1 ffiffiRffi X 0 −Y 0 R . For instance, if the
non-square integer R has taken as 13, then its radical solution of (X0, Y0) as (12, 11) and its
generated solutions are (1717, 264), (58356, 22055), (3854137, 906576), and so on. Without
assumptions, the Pell’s equation best complexity [21] to find its integer solutions (X0, Y0) is
Multimedia Tools and Applications

O(R0.25 polylog R). The polylogarithm function has a power series in ′z ′ , and a Dirichlet series
in s. Here ′zk′ is a complex sequence and ′s′ is complex.
∞ zk z2 z3
Lis ðzÞ ¼ ∑ s ¼ z þ s þ s þ ::::
k¼1 k 2 3
Multimedia Tools and Applications

Consider a User A initially holds the original medical message and wants to share them
securely to User B. For this case User B generates the public key, (α, Re , N) and private key,
(e, 2Yl, N) using the CHAN-PKC key generation phase. Based on the User A message transfer
request, the end User B shares its public key (α, Re , N) with User A. Now at the User, A end
applies the encryption process to cipher the medical message. Moreover, then securely shares
its cipher text CT1, CT2 to User B. This encryption uses the form CT1 = Mα mod N; and CT2 =
MRe mod N. At last, User B applies its private key (e, 2Yl, N) along with the received cipher
texts for decryption to retrieve back the medical message. For this, the User B applies the
decryption form of CT 1 :CT 2 e mod∅ ðN Þ :CT 2 2Y l mod∅ ðN Þ mod N .

3.1.1 Numerical instance of CHAN–PKC

Key Generation:
Input: (R, p, q) : (19, 673, 937)
Output: Public Key, (α, Re , N) : (309048, 275881, 630601) & Private Key: (e, 2Yl, N).
At first, a secret non-square positive integer, R = 19, and randomly selected primes p = 673,
q = 937 have taken as inputs. Hence the base coordinates (X0, Y0) of the Diophantine equation
stands (170, 39). The RSA components have shown below:

a. Euler totient function, ∅(N) = (p − 1). (q − 1) = 672 ∗ 936 = 628992

b. The common modulus, N = p. q = 673 ∗ 937 = 630601
c. Select RSA public key e, satisfying ∅ð2N Þ <e < ∅ (N) and gcd (e, ∅(N)) = = 1

That is 314496 < e < 628992 and gcd (e, ∅(N)) = = 1. Hence, the public key of RSA ′e′ has
chosen as 444883.
For instance, Pell’s co-ordinate Yl has selected as 39. Now the Pell’s public key (α, Re) are
computed as below using the Eq. (3).
α ¼ ðX l þ ∅ðN ÞÞ2 −RðY l þ eÞ2 mod∅ðN Þ

¼ ðX l Þ2 −RðY l þ eÞ2 mod∅ðN Þ

Table 1 CHAN-PKC key generation numerical values

CHAN-PKC Key Generation Private Key:

lth KGS e & 2Yl
Case Pell ’s solution, when R = 19. Public Key : Re % ∅ (N) = 275881 & αl 2Yl % ∅ (N)
when e = 444883 & ∅ (N) = 628992
Xl Yl αl = 1 − Re2 − 2RYle % ∅ (N)

1 170 39 309048 78
2 57799 13260 512862 26520
3 19651490 4508361 124500 210834
4 6681448801 1532829480 594918 580944
5 2271672940850 521157514839 532440 435630
Multimedia Tools and Applications

Table 2 CHAN-PKC encryption and decryption numerical values

CHAN-PKC Encryption E (M) = 8. Intermediate Deciphers, IDT1 = CT1, Final Decipher

lth case Cipher CT2 = MRe mod N = 331108 IDT2 = CT2e % N = 566827
Cipher CT1 = Mαi % N 8
IDT 3 ¼ CT 3 2Y l mod N

1 571376 256739 8
2 536707 291408 8
3 487983 594996 8
4 314638 1 8
5 571376 256739 8

¼ ð170Þ2 mod 628992− 19*ð39 þ 444883Þ2 mod 628992

¼ 28900 þ ð−348844 mod 628992Þ

¼ ð28900 þ 280148Þ mod 628992 ¼ 309048

Re ¼ Re mod∅ðN Þ ¼ 19*444883 mod 628992

¼ 8452777 mod 628992 ¼ 275881

The numerical instance of our proposed scheme is presented concerning to key generation, as
shown in Table 1, and its encryption and decryption, as shown in Table 2.
Input: Public Key, (α, Re , N) : (309048, 275881, 630601) & a message M = 8.
Output: Ciphertexts, (CT1, CT2) : (571376, 331108)
Now, the unique message M has ciphered into two altered forms such as {CT1, CT2}

CT 1 ¼ M α mod N ¼ 8309048 mod 630601 ¼ 571376

CT 2 ¼ M Re mod N ¼ 8275881 mod 630601 ¼ 331108

Input: Private Key, (e, 2Yl, N) : (444883, 78, 630601) & the cipher texts (CT1, CT2) :
(571376, 331108).
Output: Decipher text, (DT) : 8
Now, the ciphertexts are transformed back into the message using the Eq. (9).
mod∅ðN Þ
Decipher Text ¼ IDT 1 IDT 2 IDT 3 ¼ CT 1 :CT 2 e :CT 2 2 Y l mod N

¼ 571376*331108444883 *3311082*39 mod 628992 mod 630601

¼ 571376*566827*256739 mod 630601

¼ 8 ðOriginal messageÞ
Multimedia Tools and Applications

4 Mathematical proof

The proposed CHAN-PKC algorithm is proved mathematically in the following way: At first
for public key generation a secret non-square positive integer, R is selected to obtain the (Xl, Yl)
co-ordinate of Diophantine form X2 − RY2 = 1 where l, R ∈ Z+. Now by taking the input R, the
secret lth co-ordinate of Diophantine and the standard RSA variables (∅(N), e), the CHAN’s
public key component ′α′ is generated as shown in Eq. (4). Here ′e′ RSA public key be an odd
integer that is relatively prime to Euler totient ∅(N) = (p − 1)(q − 1), and the common modulus
′N′ is the product of two big primes p, q. Through the CHAN’s public key (α, Re , N), the
message M is encrypted into three cipher forms such as CT1, CT2, using the modular
exponentiation function as shown in Eq. (7), Eq. (8). At last, for decryption, the private key
variables (e, 2Yl, N) are used based on the Eq. (4). Therefore CHAN-PKC scheme does not
require Extended Euclid’s algorithm for modular inverse operation, but standard RSA or
ESRKS applies modular inverse for its private key generation. Now the message M is
recovered from CT1,and CT2 by a modular root extraction with CHAN private keys as
M αþRe þ2RY l e mod N ¼ M 1 mod∅ðN Þ mod N :

Append ∅(N) and e in Eq. (1) we get,

α ¼ ðX l þ ∅ðN ÞÞ2 −RðY l þ eÞ2 ð3Þ

¼ X l 2 þ ∅ðN Þ2 þ 2X l ∅ðN Þ −R Y l 2 þ e2 þ 2Y l e

¼ X l 2 −RY l 2 þ ∅ðN Þ2 þ 2X l ∅ðN Þ−Re2 −2RY q e

α≡ X l 2 −RY l 2 þ ∅ðN Þ2 þ 2X l ∅ðN Þ−Re2 −2RY l e mod∅ðN Þ

α≡ 1−Re2 −2RY l e mod∅ðN Þ

α þ Re2 þ 2RY l e≡1 mod∅ðN Þ ð4Þ

Optionally to increase the security, compute the transformed public key of α as D, by

multiplying d2 on both sides of Eq. (4) we get Eq. (5),

D ¼ αd 2 þ Re2 d 2 þ 2RY l ed 2 ≡d 2 mod∅ðN Þ

D ¼ αd 2 þ R þ 2RY l d≡d 2 mod∅ðN Þ ð5Þ

Since, (ed)2 = 1 mod ∅ (N)

From Eq. (5) the following way computes pattern, the transformed private key of ′e′ as E is
computed by the following way,
Multimedia Tools and Applications

E≡e2 mod∅ðN Þ ð6Þ

The cipher codes of individual message M has given in three different procedures are as
CT 1 ¼ M α mod N ð7Þ

CT 2 ¼ M Re mod N ð8Þ

The original message M can be retrieved back from the ciphertext CT by using the following

M ¼ CT 1 :CT 2 e :CT 2 2 Y l mod N ð9Þ

The transformed keys are

E ≡ e2 mod ∅ (N) and D ≡ d2 mod ∅ (N)

ED≡e2 d 2 ≡1mod∅ðN Þ

Now substituting the cipher codes of Eq. (7), Eq. (8), into Eq. (9) we get the message M back,

CT 1 :CT 2 e :CT 2 Y l e mod N ¼ M α :M Re :M 2RY l e mod N


¼ M αþRe þ2RY l e
mod N

=M1 mod ∅ (N) mod N (Using Eq. (4))

¼ M mod N ¼ M

Hence our logic is formalized with key generation, encryption, and decryption phase for the
practice of CHAN-PKC scheme.

5 Experimental results

The CHAN-PKC method is implemented using NetBeans IDE 8.1, JDK 1.8 using
BigInteger Java and its library functions such as math and random for generating

Table 3 Practical results of RSA, ESRKGS, and CHAN-PKC (ms)

N-bit moduli KGS Time (ms) Encryption Time (ms) Decryption Time (ms)


1024 200 404 159 30 42 28 8 6 16

2048 693 2744 643 43 33 60 27 16 103
3072 2215 9172 2189 63 98 108 80 120 316
4096 8194 35,987 6065 114 64 214 184 98 720
5120 14,948 74,753 14,018 188 118 368 353 202 1385
6144 44,204 194,842 33,181 387 174 601 763 315 2324
7168 73,783 222,204 46,880 485 266 962 938 500 3747
8192 105,532 337,757 79,887 749 385 1401 1470 713 5511
9216 129,518 515,191 125,973 1055 45,792 2026 2094 739 7990
10,240 338,383 619,289 222,465 1489 86,767 2691 2897 2719 10,767
Multimedia Tools and Applications

Table 4. Comparative analysis of RSA, ESRKGS, and CHAN-PKC IN RATIO SCALE (ms)



Key Generation 0.31 1.25 3.59 4.40 0.82 0.24

Encryption 1.21 0.62 10.80 5.93 1.70 2.08
Decryption 1.74 0.29 0.67 0.20 3.59 6.30

probable prime which supports the operations like modInverse, mod and so on. The
performance comparisons have made with Standard. RSA and ESRKGS simulated on
64-bit Intel ® Core™ i5-4200U @ 2.30GHz processor with 8GB RAM and 64-bit OS.
The initialized key parameters of the security systems are i. For standard RSA scheme,
the length of a prime number is equal to its public key size that is |p| = ∣e∣, ii. For
ESRKGS scheme the length of a prime number is equal to its partial public key
parameters that are |p| = ∣ e1 ∣ = ∣ e2∣, and iii. For CHAN-PKC scheme the length of
a prime number is equal to RSA public key size that is |p| = |e|. CHAN PKC generates the
private keys based on the Diophantine equation which avoids the extended Euclid’s
algorithm. It drastically reduces the time for generating the private keys compared to the
RSA and ESRKGS as illustrated in Tables 3 and 4. It shows that CHAN-PKC scheme
consumes less time computation compared to ESRKGS and RSA.
The RSA and ESRKGS apply one level of encryption and decryption, whereas proposed
CHAN-PKC scheme generates three levels of encryption and decryption. The decryption
scheme uses both Diophantine and RSA parameters (e, 2Yl, N) at the server end. This scheme
improves the security level by avoiding the probability of timing attack illustrated in Table 5,
and the time computation comparative analysis elevated is illustrated in Table 4. Hence the
proposed scheme entirely strengthens the security level and gets rid of surviving
The time computation of the proposed scheme compared to ESRKGS and Standard. RSA
has evaluated by varying the N-bit moduli from 1K to 10K bits size. For each K of N-bit
moduli around 1000 random samples are generated, and its average has taken on each phase
for performance measurement.
Standard. RSA, ESRKGS, and CHAN-PKC key generation performance have
assessed and represented in Fig. 3. Also, the encryption and decryption performance
of the three schemes are shown in Figs. 4 and 5 respectively. Finally, the overall
response time has assessed and presented in Fig. 6. This valuation of performance is
critical since by knowing its response of a detailed process in a general purpose system

Table 5 Pearson’s performance similarities of CHAN-PKC, RSA, and ESRKGS

Pearson Correlation ‘r’ CHAN vs ESRKGS vs


Key Generation 0.99 0.97 0.92

Encryption 1.00 0.88 0.89
Decryption 1.00 0.90 0.9
Overall ‘r’ 1.00 0.92 0.90
Multimedia Tools and Applications

Fig. 3 Key Generation Time

the designer is sufficient to recognize the cost of executing security. In this work, we
have evaluated the run-time performance of our proposed scheme with Standard. RSA
and ESRKGS. In regard to the routine analysis itself, CHAN-PKC scheme provided the
best performance while ESRKGS was the slowest. However, as mentioned before,
ESRKGS key generation at 10 K moduli acquired 1.83 times of Standard. RSA whereas
CHAN-PKC acquired only 0.65 times of Standard. RSA has shown in Table 3, and the
same has plotted in Fig. 3.
Likewise, for ESRKGS encryption at 10 K moduli impact the enormous response, that is
around 58.27 times of Standard. RSA whereas our scheme attained only 1.80 times of
Standard. RSA which has revealed in Table 3 and the same has plotted in Fig. 4. However,
our scheme produces two different ciphertexts CT1, CT2 using the public key (α, Re , N). From
the observation, it has noticed that beyond 8 K moduli, ESRKGS encryption attained the
significant impact due to its large size of public key size E.
Finally, for decryption analysis of 10 K moduli, ESRKGS picked up around 0.93 times
only, since the ESRKGS and Standard. RSA private key size has unchanged. Hence the
security strength of ESRKGS and Standard. RSA drives on the same track. Whereas, our
scheme acquired 3.71 times of Standard. RSA decryption time, since we apply three levels of
decryption using the private key (e, 2Yl, N) and the same is shown in Table 3 and plotted in Fig.
5. Hence our CHAN-PKC scheme achieves the high level of security and confidentiality for
sensitive information.
Multimedia Tools and Applications

Fig. 4 Encryption Time

6 Security analysis

Due to the unusual practice of sharing confidential medical data on interactive media, there is
the necessity of deploying efficient and trustable cryptography. On the other side, several
attacks such as low private key exponent attack, low public key exponent attack, lattice attack,
factorization attack, and timing attack are some possible attacks might play on these PKC
based cryptographies. These attacks primarily aim to break the code to extract or guess the
private key from the shared public keys. To address this need, CHAN-PKC is mainly designed
to deliver a significant level of security and trust-ability that address both the communicating
device and enterprise security infrastructure. Moreover, our model is a thorough suite of
industry-recognized NIST standard agreeable [7] cryptographic toolkit for the progress of
high-assurance data protection.

6.1 Timing attack and resistance analysis

A new division of cryptography emphasis on the real-life cryptographic device and its scheme
attempts to abuse physical leakages such as electromagnetic emissions, power consumption,
and processing time to predict the private key disclosure. With this secret key, the attacker
might have a lead to take confidentiality loss, unauthenticated access or privacy issues. This
timing attack beside cryptographic algorithms was first witnessed by Kocher and his studies
the cryptographic device response time [33] and power consumption [34,26] to decide the
secret key. As the modern PKC based cryptography uses 2048 bit and above, it is very tough to
Multimedia Tools and Applications

Fig. 5 Decryption Time

break down the system. However, some researchers have cracked the 4096 bits PKC using this
side channel attack. During the usual transmission, if a crypto device discharges its internal
state through Radio Frequency (RF) emissions, then side channel might be escalated with a
high probability of existence [35]. Through the practice of keystroke timing, the confidential
data like passwords perceived over Secure Shell (SSH) network protocol [55]. Side channel
may practice physical cache miss enactment [30] to realize the secret key. Schindler [49] offers
an attack model against RSA with Chinese Remainder Theorem (CRT) applied to advance the
decryption speed, and then he also improved [50] the attack against RSA consuming the
statistical decision model. Crosby and Wallach [18] commend the Denial of service through
algorithmic complexity attacks. The Brumley and Boneh timing attack on RSA-CRT [10] were
enhanced by Aciicmez et al. [1] to have more precision on the projected secret difference, and
he examined the Micro-Architectural attack [2] thoughtful instructional cache analysis.
Several PKC based algorithms can take a flexible amount of completion time reliant on the
type of medical data being treated such as public or private key exponent size, message, cipher
size, key generation, encryption or decryption time. As of the attacker’s point of view, the
propagation and jitter delays are restrained based on the type of network castoff. Due to these
individual timing differences, an attacker can sometimes disclose private information through
the public network. We model the Round Trip Time (RTT) between a client node and server as,
responseTime = a · CPUTime + b + jitter
CPUTime ¼ ðresponseTime−b−jitterÞ=a
Multimedia Tools and Applications

Fig. 6 Overall Time

With the following conventions: responseTime is the measured RTT on the network, and ′a′ is
the constant clock skew which is independent of each host. CPUTime is the constant time of a
remote server for all requests for the similar task, and ′b′ is the constant propagation delay of
either client node to server or server to remote hosts overall requests, for all tasks. It is
measured independently to each host. Jitter is the noise introduced in the network for all
requests and tasks. To avoid this scenario, our proposed CHAN-PKC revolutionize the
traditional RSA public exponent which makes the attacker tough to reconstruct a private key
by probing the SSL web server and timing the result. As of the performance results shown in
the below Fig. 3-6 it is evident that both CHAN-PKC and standard RSA gets close association
at key generation, encryption and decryption phases of the cryptosystem. Based on the Pearson
correlation method, the performance similarities among the various phases of cryptographic
algorithms specified in Table 5 below.
From this, the strength of relationship at CPU processing time among Standard. RSA and
CHAN-PKC are nearly parallel. Also, it has perceived that from the public key and cipher texts
of CHAN-PKC scheme, it is very tough for the attacker to guess the private key when the
strength of the association coordinated to Standard. RSA and ESRKGS.

6.2 Keyspace analysis

From Eq. (4), the Pell’s Key form is represented as, α + Re2 + 2RYle ≡ 1 mod ∅ (N). This form
can be rewritten as, α + Re2 + 2RYle = 1 + k ∅ (N). Based on this, our proposed scheme
chooses the public key as (α, Re , N) and private key as (e, 2Yl, N). Consider the event where
Multimedia Tools and Applications

the hacker has provided with the public key (α, Re , N), ciphertexts CT1, CT2 and tries to guess
for the original message M. Since the decryption process is of the usage,
DT ¼ CT 1 :CT 2 e mod∅ðN Þ :CT 2 2Y l mod∅ðN Þ mod N , the attacker has to guess for the private
key (e, 2Yl, N). For this, the attacker has to guess for the Euler totient ∅(N), secret key e,
and 2RYl components.
First, the attacker initiates to solve for the CHAN–PKC private key ′e', with the key space
of 2k∅ðN Þ *22RY l . Whereas, in the case of RSA – PKC the private key ′d′ lies in the complexity
ðN Þ
of solving d ¼ 1þk∅e , and it lies in the key space of 2k ∅ (N). From Eq. (4), the Pell’s form is
given as, α + e(Re + 2RYl) = 1 + k ∅ (N). The alternate form is, e(Re + 2RYl) = 1 + k ∅ (N) − α
ðN Þ−α
and its respective solution is shown below, e ¼ 1þk∅ Reþ2RY l
Thus, the private key of CHAN-PKC ′e′ security strength depends upon by the guessing
factor of Euler totient ∅(N) and 2RYl.
Next to solve for the next private key ′2Yl', using the Eq. (4) we use the solution as,
Þ−Re e0 −α
2Y l ¼ 1þk∅ðNRe . Here the attacker has to guess for the key space of 2k∅ðN Þ *2e :
Therefore, the security complexity of CHAN-PKC depends on the key space of
j2k∅ðN Þ *22RY l j þ j2k∅ðN Þ *2e j. These are large enough to render key search attacks impractical.
Hence our proposed scheme is more secure than the standard RSA when considering the key

7 Conclusion

In this paper, we propose a CHAN-PKC scheme based on improved RSA public key
cryptography with Diophantine equation to have the three stage of decryption for high
security. The proposed scheme aims to resolve the problem of guessing the private key
(e, 2Yl, N) from the public key (α, Re, N). The robustness of the CHAN-PKC depends on
key generation parameters bit-length. Moreover, key space analysis demonstrates the
huge key space to defeat brute force attack. The experimental results demonstrate that the
proposed KGS scheme provides proper time computation by utilizing around 0.24 times
of ESRKGS and 0.82 times of Standard. RSA only. For instance, at 10 K-bit moduli of key
generation, CHAN-PKC consumes only 0.65 times of RSA, but ESRKGS takes 1.83 times of
RSA. Whereas, the overall encryption and decryption time of CHAN-PKC has higher than
RSA and ESRKGS due to three stage decryption. The timing similarity shows that both CHAN-
PKC and RSA has the 100% correlation, but ESRKGS has only 90%. Thus, our scheme holds
good imperceptibility against side-channel timing attack. Therefore, the proposed scheme
renders a suitable solution for medical image transmission over public networks.

Acknowledgements The authors would like to thank the anonymous reviewers for their helpful comments and

Compliance with ethical standards

This article does not contain any studies with human participants performed by any of the authors.

Conflict of interests Chandrasegar Thirumalai declares that he has no conflict of interest. Viswanathan P
declares that he has no conflict of interest.
Multimedia Tools and Applications


1. Aciicmez O, Schindler W, Cetin K Koc (2005) , BImproving brumley and boneh timing attack on
unprotected SSL implementations,^ in Proceedings of the 12th ACM Conference on Computer and
Communications Security (CCS’05). Alexandria, VA, pp. 139–146.
2. Aciicmez O, Seifert JP, Koc CK (2007) Micro-architectural cryptanalysis. IEEE Secur Priv 5(4):62–64
3. Ahmad J, Khan MA, Ahmed F, Khan JS (2017) A novel image encryption scheme based on orthogonal
matrix, skew tent map, and XOR operation. Neural Comput & Applic:1–11.
4. An X. Xhafa F, Cai W, Ma J, Wei F (2016) BEfficient privacy preserving predicate encryption with fine-
grained searchable capability for Cloud storage^ in Elsevier Ltd, 1–13.
5. Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805
6. Avudaiappan T, Balasubramanian R, Pandiyan SS, et al (2018) Medical Image Security Using Dual
Encryption with Oppositional Based Optimization Algorithm
7. E. Barker and Q. Dang (2015) BRecommendation for Key Management Part 3: Application-Specific Key
Management Guidance,^ National Institute of Standards and Technology, NIST Special Publication 800–57
Part 3 Revision 1, 102 pp.
8. Bellini E, Murru N (2016) An efficient and secure RSA–like cryptosystem exploiting R’edei rational
functions over conics. Finite Fields Appl 39:179–194
9. Boneh D, Durfee G (1999) BCryptanalysis of RSA with private key d less than N0.292,^ Advances in
Cryptology-EUROCRYPT’99 LNCS, Vol. 1592 of pp. 1–11, Springer, Berlin, Germany
10. Brumley D, Boneh D (2004) BRemote timing attacks are practical,^ in Proceedings of the 12th USENIX
Security Symposium (SECURITY’04), Washington, DC
11. Cai J, Shen X, Lei M (2017) Optical asymmetric cryptography based on amplitude reconstruction of
elliptically polarized light. Opt Commun 403:211–216.
12. Cao W, Zhou Y, Chen CLP, Xia L (2017) Medical image encryption using edge maps. Signal Process 132:
13. Chandra Segar T, Vijayaragavan R (2013) BPell’s RSA key generation and its security analysis,^
Computing, Communications and Networking Technologies (ICCCNT), Fourth International Conf. on,
IEEE, pp. 1–5
14. Chandramowliswaran N, Srinivasan S, Muralikrishna P (2015) Authenticated key distribution using given
set of primes for secret sharing. Sys Sci Control Eng 3(1):106–112
15. Chaum D (1982) BBlind signatures for untraceable payments,^ in CRYPTO, pp. 199–203
16. Chen J, Zhang Y, Qi L et al (2018) Exploiting chaos-based compressed sensing and cryptographic algorithm
for image encryption and compression. Opt Laser Technol 99:238–248.
17. Coppersmith D (1997) Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J
Cryptol 10(4):233–260
18. Crosby S, Wallach DS (2003) BDenial of service via algorithmic complexity attacks,^ in Proceedings of the
12th USENIX Security Symposium (SECURITY’03)
19. Dehkordi MH, Mashhadi S (2008) New efficient and practical verifiable multi-secret sharing schemes. Vol.
20. BGartner Says Hybrid IT is Transforming the Role of IT;^ Gartner; 3/5/2012; http://www.gartner.
21. Hallgren S, Way I (2006) Polynomial-time quantum algorithms for Pell’s equation and the principal ideal
problem, vol 0049092, pp 1–21
22. Herrmann M, May A (2010) BMaximizing small root bounds by linearization and applications to small
secret exponent RSA,^ PKC LNCS Vol. 6056, pp. 53–69. Springer, Heidelberg
23. Hsu C, Zeng B, Zhang M (2014) A novel group key transfer for big data security. Appl Math Comput:436–
24. Hu J, Han F (2009) A pixel-based scrambling scheme for digital medical images protection. J Netw Comput
Appl 32:788–794.
25. Iovane G (2008) BThe distribution of prime numbers - The solution comes from dynamical processes and
genetic algorithms^, 37. 23–42
26. Joye M, Paillier P, Schoenmakers B (2005) On second-order differential power analysis. In: International
workshop on cryptographic hardware and embedded systems. Springer, Berlin Heidelberg
27. Ari Juels, Michael Luby, and Rafail Ostrovsky 1997 "Security of blind digital signatures," in Burton S. Jr.
Kaliski, editor, CRYPTO, volume 1294 of Lecture Notes in Computer Science, pages 150–164. Springer
Multimedia Tools and Applications

28. Kanso A, Ghebleh M (2015) An efficient and robust image encryption scheme for medical applications.
Commun Nonlinear Sci Numer Simul 24:98–116.
29. Karygiannis T, Eydt B, Barber G, Bunn L, Phillips T (2007) Guidelines for securing radio frequency
identification (RFID) systems. NIST Spec Publ:800–898
30. Kelsey J, Schneier B, Wagner D, Hall C (2000) Side channel cryptanalysis of product ciphers. J Comput Sec
31. Khan MA (2016) Journal of network and computer applications a survey of security issues for cloud
computing. J Netw Comput Appl 71:11–29
32. Kleinjung T, Aoki K, Franke J, Lenstra A.K, Thomé E, Bos J.W, Gaudry P, Kruppa A, Montgomery P.L.,
Osvik D.A, Riele H.J.J, Timofeev A, Zimmermann P (2010) , BFactorization of a 768-bit RSA modulus,^
In: Rabin T. CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg
33. Kocher P (1996) BTiming attacks on implementations of Diffie-Hellman,RSA, DSS, and other systems,^
Advances in Cryptology –CRYPTO’96, Santa Barbara, California (N. Koblitz, ed.), LNCS, vol. 1109,
Springer, pp. 104–113
34. Kocher P, Jaffe J, Jun B 1999 BDifferential power analysis,^ in Proceedings of the Annual International
Cryptology Conference (CRYPTO’99). M. Wiener, Ed. LNCS, vol. 1666. Springer-Verlag, Santa Barbara,
35. Kuhn, MG, Anderson RJ, BSoft Tempest: Hidden data transmission using electromagnetic emanations,^ in
Proceedings of the 2nd Workshop on Information Hiding (IH’98), Portland, OR
36. Kumar R, Kohler E, Srivastava M (2007) "Harbor: software-based memory protection for sensor nodes," in
Proceedings of IPSN, Cambridge, MA, USA
37. Laiphrakpam DS, Khumanthem MS (2017) Medical image encryption based on improved ElGamal
encryption technique. Optik (Stuttg) 147:88–102.
38. Li Y, Gai K, Qiu L, Qiu M, Zhao H Intelligent cryptography approach for secure distributed big data storage
in cloud computing. Inf Sci 2016:1–13
39. Liu J, Huang X, Liu JK (2014) Secure sharing of personal health records in cloud computing: Ciphertext-
policy attribute-based Signcryption. Futur Gener Comput Syst
40. Liu J, Ma Y, Li S et al (2018) A new simple chaotic system and its application in medical image encryption.
Multimed Tools Appl 77:22787–22808.
41. Luy E, Karatas ZY, Ergin H (2016) Comment on BAn enhanced and secured RSA key generation scheme
(ESRKGS)^. J Inform Sec Appl.
42. Martini B (2016) Cloud manufacturing: security , privacy , and forensic concerns. IEEE Cloud Comput:16–
43. Merkle RC, Helman ME (1984) Hiding information and signatures in trapdoor knapsack. IEEE Trans on Inf
Theory 24:525–530
44. Modic J, Trapero R, Taha A, Luna J (2016) Novel efficient techniques for real-time cloud. Comput Sec 62:
45. Sahadeo Padhye (2006) BA Public Key Cryptosystem Based on Pell Equation,^ IACR Cryptology. 191
46. Peng L, Hu L, Lu Y, Xu J, Huang Z (2016) Cryptanalysis of dual RSA. Design Codes Cryptography:1–21
47. Pointcheval D, Stern J (1997) , "New blind signatures equivalent to factorization," Proceedings of the 4th
ACM conference on Computer and communications security, ACM
48. Rivest RL, Shamir A, Adleman LA (1978) A method for obtaining digital signatures and public-key
cryptosystems. Commun ACM 21(2):120–126
49. Schindler W (2000) BA timing attack against RSA with the Chinese remainder theorem,^ in Proceedings of
Cryptographic Hardware and Embedded Systems Worcester. 109–124.
50. Schindler W (2002) Optimized timing attacks against public key cryptosystems. Stat Decisions 20:191–210
51. Schnorr C. P. Efficient Identification and Signatures for Smart Cards. in Crypto '89 (1990), LNCS 435,
Springer-Verlag, pp. 235–251.
52. Schoenmakers LAM (1995) BAn Efficient Electronic Payment System Withstanding Parallel Attacks,^
Tech. rep., CWI. CS-R9522.
53. Singh S, Jeong Y-s, Hyuk J (2016) A survey on cloud computing security : issues , threats , and solutions. J
Netw Comput Appl 75:200–222
54. Sinha A (2016) Nonlinear optical cryptosystem resistant to standard and hybrid attacks. Opt Lasers Eng 81:
55. Song DX, Wagner D, Tian X (2001) Timing analysis of keystrokes and timing attacks on SSH. In:
Proceedings of the 10th USENIX SECURITY symposium (SECURITY’01), Washington DC
56. Sun H, Wu M, Ting W, Hinek MJ (2007) Dual RSA and its security analysis. IEEE Trans Inf Theory 53(8):
57. Sun L, Dong H, Khadeer F, Khadeer O, Chang E (2014) Cloud service selection: state-of-the-art and future
research directions. J Netw Comput Appl 45:134–150
Multimedia Tools and Applications

58. Thangavel M, Varalakshmi P, Murrali M, Nithya K (2015) An enhanced and secured RSA key generation
scheme (ESRKGS). J Inform Sec Appl 20:3–10.
59. Thirumalai C, Viswanathan P (2018) Hybrid IT architecture by gene-based cryptomata (HITAGC) for
lightweight security services. Serv Oriented Comput Appl.
60. Viswanathan P (2016) Randomized cryptographic spatial fusion Steganographic system. J ICT Res Appl
ITB 10(1):15–28
61. Wan W, Yang W, Chen J (2015) An optimized cross correlation power attack of message blinding
exponentiation algorithms. Chin Commun 12(6):22–32
62. Wan J, Tang S, Yan H (2016) Cloud robotics : current status and open issues. IEEE Access 4:2797–2807
63. Wiener MJ (1990) Cryptanalysis of short RSA secret exponents. IEEE Trans Inf Theory 36(3):553–558
64. Zhao T, Ran Q, Yuan L et al (2015) Key distribution and changing key cryptosystem based on phase
retrieval algorithm and RSA public-key algorithm. Math Probl Eng 2015.
65. Zhu, Robert W and Yang, Guomin and Wong, Duncan S (2007) BAn efficient identity-based key exchange
protocol with KGS forward secrecy for low-power devices^, 3828, pp. 500–509.

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and
institutional affiliations.

Chandra Segar Thirumalai is working as an Assistant Professor Senior in School of Information Technology
and Engineering at VIT University, India. He is doing his Ph.D. in School of Information Technology and
Engineering at VIT University, India. He did his Master of Technology in Computer Science and Engineering at
Pondicherry Central University, India, in 2009. He received the Bachelor of Engineering in Computer Science
and Engineering from Dr. Paul’s Engineering College, Anna University affiliations, India, in 2005. His area of
specialization includes Public Key Cryptography, Security, and Networking. He received the GATE score
conducted by MHRD, India in 2009 and qualified in SET conducted by Tamil Nadu, India in 2016. He received
VIT Most Active Researcher Award from the year 2011 to 2016. He has published more than 55 papers taking
into account journals and conferences.
Multimedia Tools and Applications

Dr. P. Viswanathan is an Associate Professor in School of Information Technology and Engineering, VIT
University, India. He is a professional member of IEEE and published various journals and conferences. He
received Bachelor of Engineering in Computer Science Engineering from Madurai Kamaraj University, Madurai,
India, on 2002, then Master of Engineering in Computer Science Engineering from Annamalai University,
Chidambaram, India, on 2006 and, received Doctorate from Vellore Institute of Technology University, India, on
2014. His current research interests include digital image processing, network security, and cloud computing. He
received best poster award from Indian science congress in the year 2007 and received VIT Most Active
Researcher Award from the year 2010 to 2016.

View publication stats