Research On The Security of Elliptic Curve Cryptography: Jiaxu Bao
Research On The Security of Elliptic Curve Cryptography: Jiaxu Bao
Research On The Security of Elliptic Curve Cryptography: Jiaxu Bao
ABSTRACT
Elliptic curve cryptography has the characteristics of high-security strength and low computational complexity. Elliptic
curve cryptography relies on point multiplication, which is the most time-consuming part of the encryption and
decryption process. The Elliptic Curve Cryptosystem is currently the most famous and potential public key
cryptosystem. It is proposed based on the computational difficulty of discrete logarithms on the elliptic curve, and its
security research is an important research area in academia. This paper analyzes the security of elliptic cryptographic
curves from the performance comparison of ECC and RSA. Moreover, this paper implements RSA and ECC using
random private keys, and the sample data input is 64-bit, 8-bit, and 256-bit. Experiments are done on MATLAB R2008a
on an Intel Pentium dual-core processor. The findings reveal that RSA is efficient at encryption, but sluggish at
decryption, whereas ECC is slow at encryption but efficient at decryption. Overall, ECC outperforms RSA in terms of
efficiency and security. ECC surpasses RSA in terms of operational security and efficiency, according to this research.
Keywords: Elliptic Curve Cryptography, Security of Elliptic Curve Cryptography, RSA, ECC
work of Bosch et al. [3], the scholars evaluate the risk of P kPb nb(kG) P
key usage in terms of key length for RSA and ECC, they
(2) calculates m (C y) / x , and obtains the
report that until 2014, using 1024-bit RSA provided some
small risk, while using 160-bit ECC on prime fields was plaintext m .
probably safe longer usage time. Moreover, some
scholars also concluded that RSA is faster, but ECC is 3.2. ECC and RSA Performance Comparation
better than RSA in terms of security [4]. Jansma et al. [5]
compared the usage of digital signatures in RSA and Most products that use public key cryptography for
ECC, and suggested that RSA might be a good choice for encryption and digital signatures are based on the RSA
applications that need to verify messages rather than algorithm, but with the progress and perfection of the
generate signatures. Another researcher suggests that method of factoring large integers, the number of digits
RSA is currently stronger than ECC, although they also in the password has been increasing to ensure its security.
suggest that ECC will outperform RSA in the future [6]. It is generally believed that passwords with a word length
Mahto et al. [7] proposed the use of ECC over insecure of more than 1024 bits are safe. This is a heavy burden
channels to enhance the security of 64-bit one-time for applications using RSA.Compared with
password (OTP) data communications. cryptographic systems such as RSA, ECC has the
characteristics of high speed, small space occupation, less
Moreover, [10] compared elliptic curve dot computation, and increased security.
multiplication operations on ECC and RSA on two 8-bit
processor computer systems, and they found that ECC- 3.2.1. Better security and small amount of
160 dot multiplication was more efficient than RSA- calculation
1024 private key operations on both systems. [11]
proposed key length-based risk assessment for RSA and The security of ECC is influenced by the difficulty of
ECC keys, and they agree that until 2014, using 1024-bit determining k from kP and P , which involves the
RSA provided some small risk, while 160-bit ECC on logarithm issue of elliptic curves. Currently, Pollard's rho
prime fields Can be used safely for longer periods of method is one of the fastest ways to solve the logarithm
time. [12] concluded that RSA is faster, but ECC is better of an elliptic curve. The table below compares this
than RSA in terms of security. [13] compared the usage method with the general number field sieve method for
of digital signatures in RSA and ECC and suggested that factoring large integers. As can be seen from the below
RSA might be an application where it is necessary to table, the keys used by ECC are much shorter than those
verify messages rather than generate signatures. [14] used in RSA. When the keys are the same, ECC and RSA
shows that currently, RSA is more powerful than ECC, require similar computations. Therefore, compared with
however, in the near future, ECC may outperform RSA. the same security RSA, ECC needs less computation than
[15] demonstrate that ECC is superior to RSA in terms of RSA because the key used by ECC is shorter. If it uses
operational efficiency and security. Pollard's rho method to find the logarithm of an elliptic
curve, the table 1 can be achieved.
3. PERFORMANCE COMPARATION OF Table 1. using Pollard's rho method to find the
ECC WITH RSA logarithm of an elliptic curve
(2) selects a random number k , and calculates the Table 2. Integer factorization using general number
point P1 (x1, y1) kG; field sieves
985
Advances in Economics, Business and Management Research, volume 215
algorithm. 6
4
2
4. ANALYSIS/DISCUSSION 0
ECC RSA ECC RSA ECC RSA
The point multiplication operation of ECC Encryption Decryption Total
cryptosystem is the most time-consuming part of entire
encryption and decryption process, which needs to Figure 1. 8 BITS DECRYPTION, ENCRYPTION,
further optimization during operation. Moreover, a AND TOTAL TIME
general-purpose processor can only process 64-bit data at
Table 4. 64 BITS DECRYPTION, ENCRYPTION,
most with a conventional instruction, which is inefficient
AND TOTAL TIME
for ECC calculation. In FPGA/ASIC, theoretically, each
clock cycle can process data of any word length, which is
relatively low compared to general-purpose processors.
The processor has higher computing efficiency and
speed. In addition, FPGA/ASIC can be customized and
optimized according to the needs of application, and
parallelization technology, such as pipeline and ping-
pong operation, can be used to further accelerate the
calculation process and obtain higher performance.
Therefore, FPGA/ASIC is a better choice to realize ECC
computing in occasions with high computing
986
Advances in Economics, Business and Management Research, volume 215
and the sample data input is 64-bit, 8-bit, and 256- bit.
77.7613 77.9052 Experiments are done on MATLAB R2008a on an Intel
Pentium dual-core processor. The results show that RSA
is efficient at encryption but slow at decryption, and ECC
is slow at encryption but efficient at decryption. Overall
ECC is more efficient and secure than RSA. This work
46.479 28.708 46.6441 indicates that ECC outperforms RSA in terms of
operational security and efficiency. The result of the
20.3409 22.4439
0.1498 paper is also limited by the random keys and the
15.0168 0.1765 8.469 20.4178 20.5739
7.3097
16.9105 processor, and it is not accurate enough. Future work can
9.9123 0.1546 6.9456
2.1672 5.9127 5.5421 8.0776 5.6727 focus on overcoming the limitations of existing
0.1309
algorithms.
ECC RSA ECC RSA ECC RSA
Encryption Decryption Total ACKNOWLEDGMENT
Figure 2. 64 BITS DECRYPTION, ENCRYPTION, I want to thank my parents for supporting indirectly
AND TOTAL TIME or directly in this research paper.
Table 5. 256 BITS DECRYPTION, ENCRYPTION,
REFERENCES
AND TOTAL TIME
[1] Afreen, R., & Mehrotra, S. C. (2011). A review on
elliptic curve cryptography for embedded systems.
arXiv preprint arXiv:1107.3631.
[2] Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz,
S. C. (2004, August). Comparing elliptic curve
cryptography and RSA on 8-bit CPUs. In
International workshop on cryptographic hardware
and embedded systems (pp. 119- 132). Springer,
Berlin, Heidelberg.
[3] Bos, J., Kaihara, M., Kleinjung, T., Lenstra, A. K., &
Montgomery, P. L. (2009). On the Security of 1024-
bit RSA and 160-bit Elliptic Curve Cryptography
350 (No. REP_WORK).
300 [4] Kute, V. B., Paradhi, P. R., & Bamnote, G. R. (2009).
250 A software comparison of rsa and ecc. Int. J.
Comput. Sci. Appl, 2(1), 43-59.
200
[5] Jansma, N., & Arrendondo, B. (2004). Performance
150 comparison of elliptic curve and rsa digital
signatures. nicj. net/files.
100
[6] Alese, B. K., Philemon, E. D., & Falaki, S. O. (2012).
50 Comparative analysis of public-key encryption
0 schemes. International Journal of Engineering and
ECC RSA ECC RSA ECC RSA Technology, 2(9), 1552- 1568.
Encryption Decryption Total [7] Mahto, D., & Yadav, D. K. (2015, February).
Enhancing security of one-time password using
Figure 3. 256 BITS DECRYPTION, ENCRYPTION, elliptic curve cryptography with biometrics for
AND TOTAL TIME e-commerce applications. In Proceedings of the
2015 Third International Conference on Computer,
5. CONCLUSION Communication, Control and Information
Technology (C3IT) (pp. 1-6). IEEE.
This paper analyzes RSA and ECC’s security strength
[8] Mahto, D., & Yadav, D. K. (2015, February).
for 3 samples of input data based on NIST-recommended
Enhancing security of one-time password using
64-bit, 8-bit, 256-bit random keys. This paper
implements RSA and ECC using random private keys, elliptic curve cryptography with biometrics for
e-commerce applications. In Proceedings of the
987
Advances in Economics, Business and Management Research, volume 215
988