Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Research On The Security of Elliptic Curve Cryptography: Jiaxu Bao

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

Advances in Economics, Business and Management Research, volume 215

Proceedings of the 2022 7th International Conference on Social Sciences and


Economic Development (ICSSED 2022)

Research on the Security of Elliptic Curve


Cryptography
Jiaxu Bao
Queen Mary University of London, London, UK, E1 4NS
jiaxubao@gmail.com

ABSTRACT
Elliptic curve cryptography has the characteristics of high-security strength and low computational complexity. Elliptic
curve cryptography relies on point multiplication, which is the most time-consuming part of the encryption and
decryption process. The Elliptic Curve Cryptosystem is currently the most famous and potential public key
cryptosystem. It is proposed based on the computational difficulty of discrete logarithms on the elliptic curve, and its
security research is an important research area in academia. This paper analyzes the security of elliptic cryptographic
curves from the performance comparison of ECC and RSA. Moreover, this paper implements RSA and ECC using
random private keys, and the sample data input is 64-bit, 8-bit, and 256-bit. Experiments are done on MATLAB R2008a
on an Intel Pentium dual-core processor. The findings reveal that RSA is efficient at encryption, but sluggish at
decryption, whereas ECC is slow at encryption but efficient at decryption. Overall, ECC outperforms RSA in terms of
efficiency and security. ECC surpasses RSA in terms of operational security and efficiency, according to this research.

Keywords: Elliptic Curve Cryptography, Security of Elliptic Curve Cryptography, RSA, ECC

1. INTRODUCTION out. RSA is considered to be the first generation of public


key cryptography and has been very popular since its
According to Afreen and Mehrotra [1], the changing inception, while ECC has also grown in popularity
global landscape shows an elegant fusion of recently. The integer factorization problem (IFP) is used
communications and computing, where computers using to secure the RSA cryptosystem, whereas the elliptic
wired communications are rapidly being replaced by curve discrete logarithm problem (ECDLP) is used to
small handheld embedded computers using wireless secure the ECC cryptosystem [3]. The major advantage
communications in almost all fields; this increases data of ECC over RSA is because solving ECDLP with the
security and privacy requirements. Elliptic curve best-known technique takes completely exponential time,
cryptography is one of the most promising public key whereas solving IFP with RSA takes sub-exponential
cryptosystems. Due to the advantages of elliptic curve time. This implies that ECC may employ many fewer
cryptography over other public key cryptosystems in parameters than RSA while maintaining the same level of
terms of security, implementation efficiency and security. This paper analyzes the security of elliptic
implementation cost, it has been widely used and has cryptographic curves from the performance comparison
been adopted as the standard of public key cryptography of ECC (Elliptic Curve Cryptography) and RSA (Rivest
algorithm by many countries and international standard Shamir Adleman).
organizations [2]; thus, its security problem has naturally
attracted extensive attention from scholars. Although 2. LITERATURE REVIEW
discussion on the security of public key cryptography
mechanisms is very lively, there are limited research Several authors have performed RSA and ECC’s
achievements in terms of the security of ECC security analyses using different measurement
mechanisms. Because of the particularity and application parameters. Gula et al. (2004) compares elliptic curve
of cryptography, it is necessary to discuss the security of point multiplication on RSA and ECC based on two 8-bit
cryptography. processor computer systems, and it discovered that ECC-
160-point multiplication was more efficient than RSA-
In academics, security analysis of two practical and 1024 private key operation on both systems [2]. In the
popular asymmetric algorithms RSA and ECC is carried

Copyright © 2022 The Authors. Published by Atlantis Press International B.V.


This is an open access article distributed under the CC BY-NC 4.0 license -http://creativecommons.org/licenses/by-nc/4.0/ 984
Advances in Economics, Business and Management Research, volume 215

work of Bosch et al. [3], the scholars evaluate the risk of P  kPb  nb(kG)  P
key usage in terms of key length for RSA and ECC, they
(2) calculates m  (C  y) / x , and obtains the
report that until 2014, using 1024-bit RSA provided some
small risk, while using 160-bit ECC on prime fields was plaintext m .
probably safe longer usage time. Moreover, some
scholars also concluded that RSA is faster, but ECC is 3.2. ECC and RSA Performance Comparation
better than RSA in terms of security [4]. Jansma et al. [5]
compared the usage of digital signatures in RSA and Most products that use public key cryptography for
ECC, and suggested that RSA might be a good choice for encryption and digital signatures are based on the RSA
applications that need to verify messages rather than algorithm, but with the progress and perfection of the
generate signatures. Another researcher suggests that method of factoring large integers, the number of digits
RSA is currently stronger than ECC, although they also in the password has been increasing to ensure its security.
suggest that ECC will outperform RSA in the future [6]. It is generally believed that passwords with a word length
Mahto et al. [7] proposed the use of ECC over insecure of more than 1024 bits are safe. This is a heavy burden
channels to enhance the security of 64-bit one-time for applications using RSA.Compared with
password (OTP) data communications. cryptographic systems such as RSA, ECC has the
characteristics of high speed, small space occupation, less
Moreover, [10] compared elliptic curve dot computation, and increased security.
multiplication operations on ECC and RSA on two 8-bit
processor computer systems, and they found that ECC- 3.2.1. Better security and small amount of
160 dot multiplication was more efficient than RSA- calculation
1024 private key operations on both systems. [11]
proposed key length-based risk assessment for RSA and The security of ECC is influenced by the difficulty of
ECC keys, and they agree that until 2014, using 1024-bit determining k from kP and P , which involves the
RSA provided some small risk, while 160-bit ECC on logarithm issue of elliptic curves. Currently, Pollard's rho
prime fields Can be used safely for longer periods of method is one of the fastest ways to solve the logarithm
time. [12] concluded that RSA is faster, but ECC is better of an elliptic curve. The table below compares this
than RSA in terms of security. [13] compared the usage method with the general number field sieve method for
of digital signatures in RSA and ECC and suggested that factoring large integers. As can be seen from the below
RSA might be an application where it is necessary to table, the keys used by ECC are much shorter than those
verify messages rather than generate signatures. [14] used in RSA. When the keys are the same, ECC and RSA
shows that currently, RSA is more powerful than ECC, require similar computations. Therefore, compared with
however, in the near future, ECC may outperform RSA. the same security RSA, ECC needs less computation than
[15] demonstrate that ECC is superior to RSA in terms of RSA because the key used by ECC is shorter. If it uses
operational efficiency and security. Pollard's rho method to find the logarithm of an elliptic
curve, the table 1 can be achieved.
3. PERFORMANCE COMPARATION OF Table 1. using Pollard's rho method to find the
ECC WITH RSA logarithm of an elliptic curve

3.1. Steps of Elliptic Curve Algorithm Key Size MIPS year


150 3.8 × 1010
3.1.1. Encryption Algorithm
205 7.1 ×1018
(1) encodes the message to generate a number m , and
234 1.6 ×1028
selects a point P( x, y) on the ellipse domain;

(2) selects a random number k , and calculates the Table 2. Integer factorization using general number
point P1 (x1, y1) kG; field sieves

(3) calculates P2  ( x2 , y2 )  kPb according to 𝐵′𝑠 Key Size MIPS year


public key Pb ; 512 3 ×104
(4) calculates the ciphertext C  mx  y ; 768 2 ×108

(5) sends C '  {kG, P  kPb, C} to B . 1024 3 ×1011


1280 1 ×1014
3.1.2. Decryption algorithm 1536 3 ×1016
2048 3 ×1020
(1) uses his own private key nb to calculate:

985
Advances in Economics, Business and Management Research, volume 215

performance requirements or embedded real-time


applications.
In addition, the exponential integration method can be
used to attack the discrete logarithm problem on finite 4.1. The SECURITY ANALYSIS of ECC and
field, and its computational complexity is: RSA
3 2 ], where 𝑝 is the modulus (prime).
𝑂[𝑒𝑥𝑝√(𝑙𝑜𝑔𝑝)(𝑙𝑜𝑔𝑙𝑜𝑔𝑝)
But this approach doesn’t work well for discrete This paper implements RSA and ECC using random
logarithm problems on elliptic curves. The current private keys according to the recommendations of [8] [9],
method for attacking discrete logarithm issues on elliptic and the sample data input is 64-bit, 8-bit, and 256-bit.
curves is a suitable method for attacking discrete Experiments are done on MATLAB R2008a on an Intel
logarithm problems on cyclic group, and its Pentium dual-core processor (533 MHz, 1.60 GHz, 1 MB
computational complexity is: 𝑂[𝑒𝑥𝑝⁡(𝑙𝑜𝑔√𝑝𝑚𝑎𝑥 )] . In L2 cache) and 2GB DDR2 RAM under the Ms-Windows
which, 𝑝𝑚𝑎𝑥 is the largest prime factor of the order of platform. The efficiency of ECC over RSA is shown in
Abel group formed by the elliptic curve. Therefore, the table below. The findings reveal that RSA is fast at
elliptic curve cryptosystems are more secure than public encryption but sluggish at decryption, whereas ECC is
key systems over finite fields. slow at encryption but fast at decryption. Overall, ECC
outperforms RSA in terms of performance and security.
3.2.2. Fast processing speed and take up little In terms of operational security and efficiency, this
space research shows that ECC surpasses RSA.
Table 3. 8 BITS DECRYPTION, ENCRYPTION, AND
Although in RSA, its processing speed of public key TOTAL TIME
can be improved by selecting a smaller public key, and
speed of encryption and signature verification can be
improved, making it comparable to ECC in terms of
speed for signature verification. But in the processing
speed of private keys, such as signature and decryption,
ECC is much faster than RSA. Therefore, in the same
situation, ECC has better encryption performance
compared with RSA.
Moreover, compared with RSA, ECC has a smaller
password length and system parameters, but its security
strength is satisfactory. That is, it occupies much less 16
storage space than RSA, which is very important for the 14
application of encryption algorithms in IC card. In 12
summary, the elliptic curve encryption system has 10
obvious advantages compared with the RSA encryption 8

algorithm. 6
4
2
4. ANALYSIS/DISCUSSION 0
ECC RSA ECC RSA ECC RSA
The point multiplication operation of ECC Encryption Decryption Total
cryptosystem is the most time-consuming part of entire
encryption and decryption process, which needs to Figure 1. 8 BITS DECRYPTION, ENCRYPTION,
further optimization during operation. Moreover, a AND TOTAL TIME
general-purpose processor can only process 64-bit data at
Table 4. 64 BITS DECRYPTION, ENCRYPTION,
most with a conventional instruction, which is inefficient
AND TOTAL TIME
for ECC calculation. In FPGA/ASIC, theoretically, each
clock cycle can process data of any word length, which is
relatively low compared to general-purpose processors.
The processor has higher computing efficiency and
speed. In addition, FPGA/ASIC can be customized and
optimized according to the needs of application, and
parallelization technology, such as pipeline and ping-
pong operation, can be used to further accelerate the
calculation process and obtain higher performance.
Therefore, FPGA/ASIC is a better choice to realize ECC
computing in occasions with high computing

986
Advances in Economics, Business and Management Research, volume 215

and the sample data input is 64-bit, 8-bit, and 256- bit.
77.7613 77.9052 Experiments are done on MATLAB R2008a on an Intel
Pentium dual-core processor. The results show that RSA
is efficient at encryption but slow at decryption, and ECC
is slow at encryption but efficient at decryption. Overall
ECC is more efficient and secure than RSA. This work
46.479 28.708 46.6441 indicates that ECC outperforms RSA in terms of
operational security and efficiency. The result of the
20.3409 22.4439
0.1498 paper is also limited by the random keys and the
15.0168 0.1765 8.469 20.4178 20.5739
7.3097
16.9105 processor, and it is not accurate enough. Future work can
9.9123 0.1546 6.9456
2.1672 5.9127 5.5421 8.0776 5.6727 focus on overcoming the limitations of existing
0.1309
algorithms.
ECC RSA ECC RSA ECC RSA
Encryption Decryption Total ACKNOWLEDGMENT
Figure 2. 64 BITS DECRYPTION, ENCRYPTION, I want to thank my parents for supporting indirectly
AND TOTAL TIME or directly in this research paper.
Table 5. 256 BITS DECRYPTION, ENCRYPTION,
REFERENCES
AND TOTAL TIME
[1] Afreen, R., & Mehrotra, S. C. (2011). A review on
elliptic curve cryptography for embedded systems.
arXiv preprint arXiv:1107.3631.
[2] Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz,
S. C. (2004, August). Comparing elliptic curve
cryptography and RSA on 8-bit CPUs. In
International workshop on cryptographic hardware
and embedded systems (pp. 119- 132). Springer,
Berlin, Heidelberg.
[3] Bos, J., Kaihara, M., Kleinjung, T., Lenstra, A. K., &
Montgomery, P. L. (2009). On the Security of 1024-
bit RSA and 160-bit Elliptic Curve Cryptography
350 (No. REP_WORK).
300 [4] Kute, V. B., Paradhi, P. R., & Bamnote, G. R. (2009).
250 A software comparison of rsa and ecc. Int. J.
Comput. Sci. Appl, 2(1), 43-59.
200
[5] Jansma, N., & Arrendondo, B. (2004). Performance
150 comparison of elliptic curve and rsa digital
signatures. nicj. net/files.
100
[6] Alese, B. K., Philemon, E. D., & Falaki, S. O. (2012).
50 Comparative analysis of public-key encryption
0 schemes. International Journal of Engineering and
ECC RSA ECC RSA ECC RSA Technology, 2(9), 1552- 1568.

Encryption Decryption Total [7] Mahto, D., & Yadav, D. K. (2015, February).
Enhancing security of one-time password using
Figure 3. 256 BITS DECRYPTION, ENCRYPTION, elliptic curve cryptography with biometrics for
AND TOTAL TIME e-commerce applications. In Proceedings of the
2015 Third International Conference on Computer,
5. CONCLUSION Communication, Control and Information
Technology (C3IT) (pp. 1-6). IEEE.
This paper analyzes RSA and ECC’s security strength
[8] Mahto, D., & Yadav, D. K. (2015, February).
for 3 samples of input data based on NIST-recommended
Enhancing security of one-time password using
64-bit, 8-bit, 256-bit random keys. This paper
implements RSA and ECC using random private keys, elliptic curve cryptography with biometrics for
e-commerce applications. In Proceedings of the

987
Advances in Economics, Business and Management Research, volume 215

2015 Third International Conference on Computer,


Communication, Control and Information
Technology (C3IT) (pp. 1-6). IEEE.
[9] Nagar, A., Mohapatra, D. P., & Chaki, N. (Eds.).
(2015). Proceedings of 3rd International Conference
on Advanced Computing, Networking and
Informatics: ICACNI 2015, Volume 1 (Vol. 43).
Springer.
[10] Shim, K. A. (2015). A survey of public-key
cryptographic primitives in wireless sensor
networks. IEEE Communications Surveys &
Tutorials, 18(1), 577-601.
[11] Deng, L., Huang, H., & Qu, Y. (2017). Identity
Based Proxy Signature from RSA without Pairings.
Int. J. Netw. Secur., 19(2), 229-235.
[12] Diffie, W., & Hellman, M. E. (1976). " New
Directions in Cryptography" IEEE Transactions on
Information Theory, v. IT-22, n. 6.
[13] Dong, X. (2015). A multi-secret sharing scheme
based on the CRT and RSA. International Journal of
Electronics and Information Engineering, 2(1), 47-
51.
[14] Gura, N., Patel, A., Wander, A., Eberle, H., &
Shantz, S. C. (2004, August). Comparing elliptic
curve cryptography and RSA on 8-bit CPUs. In
International workshop on cryptographic hardware
and embedded systems (pp. 119- 132). Springer
Berlin, Heidelberg.
[15] Han, L., Xie, Q., & Liu, W. (2017). An Improved
Biometric Based Authentication Scheme with User
Anonymity Using Elliptic Curve Cryptosystem. Int.
J. Netw. Secur., 19(3), 469-478.

988

You might also like