# Data Security Using Elliptic Curve Cryptosystem For Mobile Devices Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

With the advance of network technology digital communication has become an essential part of infrastructure nowadays. Internet is widely used as a channel for communication and information transfer. The internet hosts increasingly are battery powered wireless handheld devices with limited memory, CPU, latency and bandwidth constraints. As there is an explosive growth in the amount of sensitive data exchanged over the internet, security is very much essential and it is one of the biggest issues on the Internet and an area of enormous ongoing research. Cryptography plays a major role in helping to prevent eavesdropping of personal information. The most commonly used public key algorithms are Rivest Shamir Adelman (RSA) and Elliptic Curve Cryptography (ECC). The elliptic curve discrete logarithm problem (ECDLP) is crucial for the security of elliptic curve cryptographic schemes. The main objective of this proposed system is to provide data security using ECC which is more suitable for mobile devices as it provides equal security for a smaller key size compared to RSA thereby reducing processing overhead.

Keywords: Elliptic Curve Cryptography, Discrete logarithm problem, Data security.

## I INTRODUCTION

The remarkable growth of communication technologies and the extensive use of the internet have contributed to the development of m-commerce and growing demand for mobile devices. In recent years, the Internet is becoming wireless, and there are more and more intelligent devices connecting to Internet through wireless technology. Security is one of the biggest issues on the Internet and an area of enormous ongoing research. When we shop online or log into web banking account, we want to be sure that no one can pick up sensitive information like credit card number and there is a need of security for sensitive information. Other interesting application domains where the primary security services are required include electronic voting, e-commerce, internet banking and payment solutions with handheld devices. This has resulted in an explosive growth of the field of information security, by providing secured communication for exchanging confidential data like credit card numbers, usernames, passwords and tender amount etc. by preventing hackers from hacking the sensitive data. The solution lies in using cryptography for securing data that guarantee the confidentiality, authentication and integrity [1]. Many different cryptography solutions are there to protect the data, but since more mobile devices are internet capable and are being used for day to day computing there is a need for new and more efficient algorithms that operate on considerably smaller hardware can complete cryptographic operations faster, with fewer processor cycles. Faster operations mean less heat and less power consumption, longer battery life and smaller devices. Portable devices, which produce less heat, run longer and still being able to provide equivalent security level cryptosystems like RSA, Digital Signature Algorithm (DSA) etc. Therefore, an efficient public key cryptosystem, elliptic curve cryptography (ECC), an asymmetric cryptography that performs well in resource constrained platforms and maintain the high security level. In 1985, Neal Koblitz [2] and Victor Miller [3] independently proposed discrete logarithmic cryptographic systems using group of points on an elliptic curve defined over a finite field.

Mobile devices have limited resources in terms of CPU computing power and memory as well as battery life. The longer the key the more memory and more CPU power needed, but also more calculations to perform the encryption, which means shorter battery life. Because of these reasons it is desirable to use the most efficient cryptography algorithms to compensate the limited hardware resources. The goal of this work is to show that Elliptic Curve Cryptography algorithms are more efficient than other asymmetric cryptography algorithms and thus it is a more suitable choice for mobile devices. The majority of the products use public key cryptography for encryption and RSA for digital signatures [4]. In recent years the bit length for secure RSA is increased and it has put heavier processing load on applications that use RSA. ECC is a relatively new cryptography scheme, which provides the same level of security with much smaller key size in comparison to RSA scheme [5].

When we look at the future requirement of larger key size, there is a foreseeable challenge to traditional public-key cryptosystems like RSA, Diffie-Hellman and DSA, which are most commonly used today. If the size of RSA key is doubled, it leads to an approximate eightfold increase in computation time as the computational effort grows proportionally to the cube of the key size. So it means that as the key size grows, the computational overhead of the traditional public-key cryptosystems will increase and prohibitive for constrained portable devices that are unlikely to have enough computing resources. Therefore, with the explosive growth in the amount of security-sensitive transactions using mobile wireless devices, there is a clear need for an alternative to the traditional public-key cryptosystems. Elliptic Curve Cryptography (ECC) could fulfill the demand of a new efficient public-key algorithm for mobile wireless environments. The reason is that ECC can offer equivalent security with smaller key sizes that can be computed with less processing power, memory, and lower power consumption.

Section II briefs about classification of cryptography based on the keys used. In section III, mathematical foundation of Elliptic Curve Cryptography is explained. Section IV will outline the proposed solution for data security using elliptic curve cryptography which provides confidentiality and data integrity. Section V gives the details of algorithm for proposed solution.

## II CLASSIFICATION OF CRYPTOGRAPHY

Cryptography is the science of ensuring that messages are secure from possible eavesdropping, impersonation or data corruption. Cryptography provides security through a sequence of mathematical transformations that can be shown to be mathematically secure provided some optimum conditions [6]. The different schemes for cryptography are symmetric cryptography, asymmetric cryptography and hybrid cryptosystems.

## Symmetric Cryptography

Symmetric cryptography, also known as secret key cryptography, has been in use since ancient times and has a wide variety of different implementations. These range from simple substitution ciphers such as Caesars Cipher to complex and supposedly mathematically unbreakable algorithms such as (Data Encryption Standard (DES) and Advanced Encryption Standard (AES). It uses a single key that must be kept secret. This single key is used for both the encryption and decryption of messages to be sent or stored. Symmetric encryption transforms a plaintext to a cipher text using secret key and encryption algorithm and symmetric decryption transform the cipher text back to plaintext using the same secret key and decryption algorithm that is a reverse of encryption. The major advantage of symmetric cryptography is high efficiency but it has significant drawbacks namely key distribution, key management and provision of non-repudiation.

## Public key cryptography

One of the difficulties involved in symmetric key encryption is key distribution. The reason for this is that for each pair of parties who wish to communicate a new key is required to encrypt and decrypt their communication. This creates a logistical nightmare when trying to manage all the keys that a party may need in order to communicate with other parties. Public key encryption was designed to solve this problem by having a key-pair for each party. A public key that is given out to those who wish to send messages to the party and a private key used by the party to decrypt the messages that are encrypted with its public key.

Given the public key it should not be computationally feasible to compute the private key. Thus the private key and public key should be related in such a way that it should not be easy to derive the private key from the public key. This usually entails some sort of unsolved mathematical problem such as the factorization of large numbers or the discrete logarithm problem. The most commonly used asymmetric algorithms are Diffie-Hellman (DH) scheme, Rivest-Shamir-Adleman (RSA) scheme and recently Elliptic Curve Cryptography (ECC).

Hybrid cryptosystems are the combination of both symmetric and asymmetric key cryptography.

## III MATHEMATICAL FOUNDATIONS OF ELLIPTIC CURVE

Elliptic curve is represented by cubic equation in two variables with coefficients. An elliptic curve E over real numbers is defined by an equation of the form

y2 + axy + by = x3 + cx2 + dx + e (1)

where a, b, c, d and e are real numbers, but it is sufficient to limit above equation to

y2 = x3 + ax + b (2)

as per the Weierstrass equation. Let E(a, b) be elliptic curve consisting of the points (x, y) that satisfy "(2)" together with an element O. A group can be defined based on the set E(a, b) for different values of a and b. Let P, Q and R be the points on E(a, b) the relations of commutative, associative, identity and inverse operations hold good. The Elliptic Curve Discrete Logarithm Problem (ECPLD) is heart of ECC and which can be represented as "Q=kP" where P and Q are the points on the elliptic curve [7-11].

Elliptic curve cryptography uses curves whose variables & coefficients are finite. Two families of elliptic curves are used in cryptographic applications are commonly used [12]. One is prime curves defined over Zp which uses integers modulo prime and best in software, the other is binary curves defined over GF(2n) which uses polynomials with binary coefficients best in hardware.

For elliptic curves over Zp, we use a cubic equation in which variables and coefficients all take values in the set of integers from 0 to p-1, for some prime number p and the calculations are performed as modulo p.

y2mod p = (x3 + ax + b) mod p (3)

Figure 1. Example of elliptic curve

Fig. 1 shows the example of elliptic curve for "y2 mod 23 = (x3 + x + 1) mod 23" for a=1, b=1, x=9, y=7 and p=23.

72 mod 23 = (93 + 9+1) mod 23

49 mod 23 = 739 mod 23

3 = 3

Points P and Q gives another point as (P+Q) which also lies on the same line, which connects P and Q and it is also on the given curve.

## IV PROPOSED SOLUTION FOR DATA SECURITY USING ELLIPTIC CURVE CRYTOGRAPHY

Elliptic Curve Cryptography, asymmetric cryptography scheme is an efficient public key cryptography. Due to the shorter key length, storage space required is less and faster arithmetic operations. These advantages of ECC are important when used in constrained devices like mobile devices [13]. ECC provides the same level of security with much smaller key size in comparison to RSA scheme. According to Certicom, company which founded the Standards for Efficient Cryptography Group (SECG) consortium [14], published the standards proposals for ECC and holds 16 patents regarding ECC (SECG 2005), 160 bits ECC key provides the same level of security as 1024 bits RSA key. Table 1 shows the comparison of key sizes for ECC, RSA and symmetric ciphers with regards to security level.

Table 1: Comparison of Key Sizes Providing Similar Security

## Symmetric cipherkey size

## ECC key size

## RSA key size

56

112

512

80

160

1024

112

224

2048

128

256

3072

192

384

7680

256

512

15360

Several approaches to encryption and decryption using elliptic curves have been analyzed. This paper describes one of them. In this system plain text message to be sent is encoded as x-y point pm and it is the point pm that will be encrypted as a cipher text and subsequently decrypted. ECC encryption and decryption methods can encrypt and decrypt a point on the curve and not the messages. Encoding and decoding methods are used to relate the points on the elliptic curve to find the plaintext message. For this Koblitz's encoding and decoding method is used.

## V ALGORITHM FOR PROPOSED SOLUTION

Let the source entity 'S' wants to send secured message 'Pm' to destination entity 'D' and the curve contains n points such that " nP=P+P+Pâ€¦n times".

Step1. Define the domain parameters of ECC, which are agreed by both entities

S and D of the cryptosystem as a, b, p, G, n.

Where a and b are the values of E(a,b),

G is generator point,

p is prime number,

n is order of G.

Step2. Selection of public and private keys by both entities 'S' and 'D'

Let ns be the random number generated by entity 'S' as its private key such that ns < n and Ps be public key "Ps=G+G+G+â€¦ +ns times".

Let nd be the random number generated by entity 'D' as its private key such that nd < n and Pd be public key "Pd=G+G+G+â€¦ +nd times".

Step3. Source 'S' encrypts the message 'Pm' as a ciphertext 'Cm' and sends to the destination 'D' Where

"Cm = { kG, Pm+kPd }"

Step4. Destination 'D' decrypts the ciphertext message 'Cm' as a plaintext 'Pm

"Pm+ kPd - nd(kG) = Pm+k(nd)G - nd(kG)=Pm"

Step5.Let the characters present in the text message consists of digits i.e. 0,1,2â€¦9 and alphabets A,B,C,â€¦Z represented as values say 10,11,12â€¦35 so that the text message consists of series of numbers between 0 and 35.

Step6. Choose a base parameter 'r' which is agreed by both the parties after knowing the elliptic curve E(a,b) and the n points present on the curve.

Step7. Let "x = tr+1" where t is the encoded value of the character and solve the equation

"y2 =(x3 + ax + b) mod p" for y with "x = tr+1". If not solved,

then set "x=tr+2" and solve equation for y. If such y does not exist then

increment x by "x=tr+1" for each time till such y exists. Now encrypted point is (x,y).

Step8. To decode it compute "(x-1)/r" which returns the plaintext value lying in the range 0 to 35. The corresponding value indicates the character of the original text character sent.

## VI CONCLUSION

With the striking development of wireless technology, however, an increasing number of smaller portable devices are connecting to the Internet network, and the amount of exchanging sensitive data are also remarkably growing. With these trends, the expensive computational costs of traditional public-key cryptosystems are unlikely affordable by the constrained portables, especially when the key length is required to double in every few years in order to offer equivalent security. Opportunely, elliptic curve cryptography has adopted as an attractive alternative for the next-generation public-key cryptography. The reason is that ECC benefits from its low computational complexity as well as trustworthy strength of security. Still, many parties are actively working on accelerating techniques for ECC, recommendatory sets of the curves as well as support for generic curves, and implementing elliptic curve variants of existing public-key cryptography. ECC has thus come to be accepted as the most excellent choice for public key cryptography in portable, necessarily constrained devices right now e.g. smart cards. So we believe that ECC is the future of public key cryptography.