Enhanced Network Security Using Elliptic Curve Cryptography
Prabhakaran M.C.1, Sakunthala T.2, Ganesh Babu O.M.3
1
Department of computer science, Thiagarajar college of Engineering, Madurai.
2 3
Department of computer science, Thiagarajar college of Engineering, Madurai.
Department of computer science, Thiagarajar college of Engineering, Madurai.
Abstract - The proliferation of technology has created a
mobile society consisting of millions of telecommuters,
field workers, traveling sales personnel and home-office
workers all together connected. The increasing threat to
security in these systems marks the importance of
Network Security and protection from hackers. Lot of
Symmetric and Public Key Cryptography Systems are
available to serve this purpose. Public Key Cryptography
is efficient since it uses pair of keys to provide security.
Among them, RSA was popular and widely used for its
enhanced security features. But in recent days, it is
vulnerable to attacks such as Prime Factorization, Timing
Attacks and so on. Elliptic Curve Cryptography (ECC),
on the other hand provides Stronger Security than RSA
with less key size comparatively. In this paper, we have
discussed the Elliptic Curve Cryptography, its
mathematical background and its advantages. It also
briefs the implementation details of ECC where a
character in the Plain text is considered as a point and
manipulated to obtain cipher text character by character.
It offers Security at each character level and hence more
secure cryptosystem. We have implemented this proposal
in Java and found it to be much efficient.
Keywords:
Elliptic Curve, RSA, Discrete Logarithm, Quadratic
sieves.
1. Introduction
Security is an important issue in this period of
Universal electronic connectivity where there are lot of
viruses and hackers involved in electronic eavesdropping
and electronic fraud. The primary goal of cryptography is
to conceal data to protect it against unauthorized third-
party access by applying encryption. The more theoretical
or mathematical effort is required for an unauthorized
1
third party to recover data, the stronger is the encryption.
Cryptography is used in many applications such as the
security of ATM cards, computer passwords, and
electronic commerce. Before the modern era,
cryptography was concerned solely with message
confidentiality that deals with conversion of messages
from a comprehensible form into an incomprehensible
one, and back again at the other end, rendering it
unreadable by interceptors without secret knowledge. In
recent decades, the field has expanded beyond
confidentiality concerns to include techniques for
authentication of message integrity, digital signatures,
interactive proofs, and secure computation. Modern
Cryptosystems includes the technique of Symmetric Key
Cryptography and Public Key Cryptography. All
Cryptographic Systems prior to Public Key Cryptography
were based on tools of Substitution and Permutation.
Public Key Cryptography provides a change to this type
of Cryptosystem. They are based on Mathematical
functions and are asymmetric involving the use of two
separate keys. This is in contrast to Symmetric Encryption
which uses one key. The use of two keys helps in
confidentiality, key distribution and authentication. Early
public key systems, such as the RSA algorithm, used
products of two large prime numbers as the puzzle. The
difficulty of factoring ensures that no one else can derive
the private key (i.e., the two prime factors) from the
public one. However, due to recent progress in factoring,
RSA public keys must now be thousands of bits long to
provide adequate security. Hence Elliptic Curve
Cryptography comes into picture which is stronger than
RSA with less key size comparatively. This made several
Organizations to turn its attention towards Elliptic Curve
Cryptography.
2. Need for ECC
 The RSA Cryptosystem was invented by Ron
Rivest, Adi Shamir and Len Adleman in August 1977
issue of Scientific American. The important
Computational aspects of RSA are the Key Generation
and Encryption/Decryption. Three possible Approaches
may attack the RSA Algorithm. Brute Force Encompasses
in trying all possible private keys. This attack is
computationally infeasible and not possible since it
requires huge Computation power. The Defense against
Brute Force is same for RSA as for other cryptosystems is
by using large key space. The second possible attack is
Mathematical Attack that focuses primarily on factoring
the product of two primes. The next possible attack is
Timing attacks that depends on the running time of the
decryption algorithm.
2.1. Prime Factoring Problem
Considering the Prime Factoring Problem, it
uses the RSA Public Key <N, e>. Given the Factorization
of N, an attacker can easily construct φ (N), from which
the decryption exponent d = e-1 mod φ (N) can be found.
There is no algorithm that exists to factorize a large
number to the product of two primes of the same size in
polynomial time. But there are algorithms that execute in
the order of o(ab) for any a greater than 1.The general
number Field sieve algorithm is widely known[1], where
for a b-bit number n, the asymptotic running time is
- (1)
The Shor’s Algorithm was first run on 7-qubit quantum
computer in 2001 and it factored the number 15.
Moreover, the decision problem of whether the given
number is composite or prime can be solved in
polynomial time with the AKS primality test. The easiness
of primality testing is a crucial part of the RSA algorithm.
There are also various Special Purpose and General
Purpose Factoring Algorithms used for Prime
Factorization. A general-purpose factoring algorithm's
running time depends on the size of the integer to be
factored. This is the type of algorithm used to factor RSA
numbers. Some of them are Dixon's algorithm, Continued
fraction factorization, Quadratic sieve, General number
field sieve and Shanks' square forms factorization. The
Challenge proposed by RSA Cryptosystem creators to
cryptanalysis the 129-digit number (RSA-129) with the
reward of $100. It was factored in 1994 using distributed
Computation which performed the multiple polynomial
quadratic sieves. This marked the beginning to explore the
drawbacks of RSA Cryptosystem. The challenge numbers
RSA-130, RSA-140, RSA-150, RSA-155, RSA-160,
RSA-200, and RSA-576 were also subsequently factored
between 1996 and May of 2005. The factorization of
2
RSA-640 was accomplished using a prime factorization
algorithm known as the general number field sieve [2].
Sieving was done on 80 2.2-GHz Opteron CPUs and took
3 months. The matrix step was performed on a cluster of
80 2.2-GHz Opterons connected via a Gigabit network
and took about 1.5 months.
2.2. Timing Attacks
Another Possible Threat to RSA is the timing
attack which is performed by determining the private key
with the track record of how long a computer takes to
decipher messages.
Attacker gains information from the
implementation of the cryptosystem such as the timing,
electro magnetic emanations and power consumption.
Computations performed by the cryptographic algorithm
take different amounts of time depending on the input and
value of the secret parameter. Such Statistical analysis can
be used to recover secret key if the RSA private key
operations can be timed accurately [3]. For Example,
Brumley and Boneh devised a timing attack against
OpenSSL, an open source cryptographic library used in
web servers and other SSL applications [4], and
successfully extracted a factor of the RSA modulus N and
therefore, the private key d [5]. Hence RSA proves to be
vulnerable to security attacks and a better mechanism
should be employed to overcome the threats to RSA and
to provide better Security. Thus the Cryptosystem such as
Elliptic Curve Cryptography gains its importance in the
long run.
3. Elliptic Curve Cryptography and its
Mathematical Background
Elliptic Curve Cryptography is an approach to
public key Cryptography based on the algebraic structure
of Elliptic Curves over Finite Fields. It was proposed in
1985 independently by Neal Koblitz from the University
of Washington, and Victor Miller, who was then at IBM,
Yorktown Heights. Many cryptosystems often require the
use of algebraic groups and Elliptic curves may be used to
form elliptic curve groups. A group is a set of elements
with custom-defined arithmetic operations on those
elements. For elliptic curve groups, these specific
operations are defined geometrically. The major
advantage of choosing prime numbers for computing
Elliptic Curves is that the number of points on the curve
can be computed easily. An elliptic curve is the set of
solutions (x,y) to an equation of the form y^2 = x^3 + Ax
+ B, together with an extra point O which is called the
point at infinity (identity element). The set of points on an
elliptic curve forms a group under a certain addition rule.
Given a point P=(x,y) and a positive integer n, [n]P = P +
P + ... + P (n times). The order of a point P=(x,y) is the
smallest positive integer n such that [n]P = O. < P >
denotes the group generated by P. In other words < P > =
{O, P, P+P, P+P+P,}. P + Q = R is the additive property
defined geometrically. The negative of a point P = (xP
,yP) is its reflection in the x-axis: the point -P is (xP,-yP).
For each point P on an elliptic curve, the point -P is also
on the curve.
To add two distinct points say P and Q which are on the
Elliptic Curve, a line is drawn through the two points.
This line will intersect the elliptic curve, let it be –R. The
point -R is reflected in the x-axis to the point R. The law
for addition in an elliptic curve group is P + Q = R. For
example: [9]
Figure 1: Addition of two points on Elliptic Curve.
Elliptic Curve Cryptography makes use of Elliptic Curves
in which the variables and coefficients are all restricted to
elements of a finite field. Two Families of Elliptic Curves
are used in Cryptographic applications: prime curves
defined over Zp and binary curves constructed over GF(2n)
. Prime Curves are best for Software applications, because
the extended bit-fiddling operations needed by binary
curves are not required and are best for Hardware
Applications. For Elliptic curves over Zp, a cubic equation
is used in which the variables and coefficients take on
values in the set of integers from 0 through p-1, for some
prime number p, and in which calculations are performed
3
modulo p. Hence the Equation would be (y ^ 2 ) mod p=
(x^3 + Ax + B) mod p. Also the set Ep (a, b) consisting of
all pairs of integers (x,y) that satisfy the Equation are
calculated. The negative of the point P = (x P, yP) is the
point -P = (xP, -yP mod p). There are some mathematical
formulae used to calculate the sum of two points on the
curve say P and Q. Let P + Q = R where R has
coordinates (xR,yR). Then
s = (yP - yQ) / (xP - xQ) mod p
If P=Q then s = (3xP2 + a) / (2yP ) mod p
xR = s2 - xP - xQ mod p and yR = -yP + s(xP - xR) mod p
where s is the slope of the line through P and Q. A finite
Abelian Group can be defined based on the set Ep(a,b)
provided that (x^3+ax+b) mod p has no repeated factors.
This is equivalent to the condition (4a3+27b2) mod p ≠ 0
mod p. For determining the security of various elliptic
curve ciphers, the number of points in a finite abelian
group is to be known. In case of finite group Ep (a, b), the
number of points N is bounded by P+1-2√p ≤ N ≤
p+1+2√p so that for large p, the number of points in E p (a,
b) is approximately equal to the number of elements in Zp.
4. ECC Advantages over RSA
ECC is much more efficient than RSA in several
aspects and in comparatively better security in less key
size. As an example, a popular, recommended RSA key
size for most applications is 2,048 bits. For equivalent
security using ECC, key size of only 224 bits is required.
The difference becomes more and more pronounced as
security levels. A 384 -bit ECC key matches a 7680-bit
RSA key for security. This minimum key size, greater
security feature also helps in the design of smaller
hardware and cryptographic applications can be
performed with fewer processor cycles. Also as discussed
early in this paper there are several attacks possible
towards the RSA Implementation. In 2003, Boneh and
Brumley demonstrated a practical network-based timing
attack on SSL-enabled web servers. The actual network
distance was small in their experiments, but the attack
successfully recovered a server private key in a matter of
hours. Also Considering additional features such as
Computational overhead, Key size, Bandwidth and so on,
ECC proved to be efficient than RSA Cryptosystem.
Computational overhead determines how much computing
resources (in terms of MIPS or million resources per
second) are required to negotiate the public-/private-key
interaction. Unlike RSA, ECC does not have to devote
computing resources to the generation or analysis of
prime numbers. Key generation is easier with ECC since
the keys are smaller than their corresponding RSA keys.
This is because ECC key generation is a relatively simple
operation—it simply generates a random number and
computes the multiple of a point. On the other hand, RSA
requires primality testing (both probabilistic and simple
primality) to determine if a number is indeed prime. Table 3: Integer Factorization using the
Considering Bandwidth, Certicom claims that, when general number field sieve
generating a digital signature, ECC is between 20 and 80
times faster than RSA’s BSAFE crypto engine [9]. Key Size MIPS-Years
For these and other reasons, major North American 512 3*10^4
corporations are now integrating ECC into their products.
768 2*10^8
Also Microsoft has implemented the Suite-B algorithms in
Vista Client and Longhorn Server where the Elliptic 1024 3*10^11
Curve Cryptography is included in Suite-B. IBM has also 1280 1*10^14
turned its attention towards security using ECC [8].
Jyri Virkki performed the comparison of RSA and ECC 1536 3*10^16
using the Sun Java System Web Server 7 and validated 2048 3*10^20
the results. The following table shows the equivalent
strength between RSA and ECC as reported by him [10].

Table 1: Equivalent Strength between RSA

5. Implementation
and ECC
5.1. Conventional approach
RSA ECC
The Implementation of Elliptic Curve
1024 160 Cryptography involves in three phases. They are:
2048 224 1. Key Generation Phase.
2. Encryption Phase.
3072 256 3. Decryption Phase.
7680 384
5.1.1. Key Generation Phase.
15360 521 1. Get the prime number (p) from the user either by
directly getting from him and check it or by
getting the range from him and generate by us.
Computational Effort for Cryptanalysis of ECC 2. Get the value of ‘a’ and ’b’ that are available in
Compared to RSA the cubic equation which satisfies the equation
(4a3+27b2) mod p is not equals to zero.
Table 2: Elliptic Curve Logarithms using 3. Generate the set of points by using the prime (p)
the Pollard rho Method and ‘a’, ‘b’ value which satisfies the cubic
equation and all the points are available on the
Key Size MIPS-Years elliptic curve.
4. Choose the first point from the above generated
150 3.8*10 ^10
set as base point ‘G’.
5. Calculate the ‘n’ value such that n*G=”Point at
infinity”(O).
205 7.1*10^18 6. User ‘A’ selects the private key (nA) such that
nA<n.
234 1.6*10^28 7. Calculate the public key(PA) for user ‘A’ by
PA=nA*G.
8. User ‘B’ selects the private key (nB) such that
nB<n.
9. Calculate the public key(PB) for user ‘B’ by
PB=nB*G.
10. User ‘A’ and User ‘B’ generates the secret key
by using K=nA*PB and K=nB*PA respectively.

5.1.2. Encryption Phase.

4
 1. To perform the encryption User ‘A’ should know
the User ‘B’s Public key PB.
2. User ‘A’ can encrypt the given points by using
Cm = {KG, Pm+KPB} and store it in a particular
file .So that the single point can be encrypted as a
pair of points.
5.1.3. Decryption Phase.
1. Decrypt the pair of points by using Pm+KPB-nB
(KG).So that we get a single point Pm and write it
into another file.
2. So that the user B will get the original text from
the particular file.
5.2 .Our Proposal
Based on the conventional approach, we will
implement some additional features. Key generation phase
is similar to the conventional approach. The difference is
at encryption and decryption phase.
Our Implementation of Elliptic Curve
Cryptography also involves in three phases. They are:
1. Key Generation Phase.
2. Encryption Phase.
3. Decryption Phase.
5.2.1. Key Generation Phase.
1. Get the prime number (p) from the user either by
directly getting from him and check it or by
getting the range from him and generate by us.
2. Get the value of ‘a’ and ’b’ that are available in
the cubic equation which satisfies the equation
(4a3+27b2) mod p is not equals to zero.
3. Generate the set of points by using the prime (p)
and ‘a’, ‘b’ value which satisfies the cubic
equation and all the points are available on the
elliptic curve.
4. Choose the first point from the above generated
set as base point ‘G’.
5. Calculate the ‘n’ value such that n*G=”Point at
infinity” (O).
6. User ‘A’ selects the private key (nA) such that
nA<n.
7. Calculate the public key (PA) for user ‘A’ by
PA=nA*G.
8. User ‘B’ selects the private key (nB) such that
nB<n.
9. Calculate the public key (PB) for user ‘B’ by
PB=nB*G.
10. User ‘A’ and User ‘B’ generates the secret key
by using K=nA*PB and K=nB*PA respectively.
5.2.2. Encryption Phase.
5
1. To perform the encryption User ‘A’ should know
the User ‘B’s Public key PB.
2. Get the File name from the user that wants to
encrypt and read character by character from the
file.
3. Get the ASCII value (V) for each and every
character which is available in the file want to
encrypt.
4. Perform the computation V*K to get Pm. So that
the given text can be converted into points
character by character. The point obtained by
V*K is also available in the elliptic curve
5. User ‘A’ can encrypt the given points by using
Cm = {KG,Pm+KPB} and store it in a particular
file .So that the single point can be encrypted as a
pair of points.
5.2.3. Decryption Phase.
1. Decrypt the pair of points by using Pm+KPB-nB
(KG).So that we get a single point Pm.
2. Compute the ASCII value (V) by using Pm=V*K
as said in step12 in reverse manner.
3. ASCII value will be changed to character and
write it into another file.
4. So that the user B will get the original text.
The implementation was done using JAVA language .
6. Conclusion
Hence Elliptic Curve Cryptography provides
much Security than other algorithms such as RSA. It is
said to be ideal for resource constrained systems because
it provides more security per bit than other types of
asymmetric Cryptography. It offers greater security for a
given key size. This makes possible compact
implementations with faster cryptographic operations. Our
Proposal considers every text in given text file, represents
them as a point and encodes it using the Private Key to
obtain another point which is also on the curve.
To enhance this methodology, a table can be maintained
such that each point generated gets maps to a alphabet or
special characters. This table can be made public so as to
facilitate decryption. The Hacking of such system is
difficult since the reverse operation is the discrete
logarithm problem that is hard to solve. Hence this results
in implementation of the Cryptographic System with
greater Security compared to other mechanisms.
7. Acknowledgement
We sincerely thank our beloved Head of the
Department, Dr.R.Rajaram for his enthusiastic guidance.
8. References

[1]. Brent, R.P., Murphy. B on “Quadratic Polynomials for the

number field sieve”, Australian CS Commn 20, (1998), pp.199-
213.
[2]. Franke, J.Email sent 4 Nov 2005, “http://www.crypto-
world.com/announcements/rsa640.txt”.
[3]. Wing H.Wong, “Timing Attacks on RSA: Revealing your
secrets through the fourth Dimensionuadratic Polynomials
for the number field sieve”,
http://www.cs.sjsu.edu/faculty/stamp/students/article.html.
[4]. http://www.openssl.org.
[5] D.Boneh, D.Brumley, “Remote Timing Attacks are
Practical”, http://www.crypto.stanford.edu/~dabo/papers/ssl-
timing.pdf.
[6]. N.Koblitz, “Elliptic Curve Cryptosystems”, Mathematics
of Computation 48, 1987, pp.203-209.
[7]. T.Aihara, H.Ishikawa, A.Satoh, S.Shimizu, “On-demand
Design Service Innovations”, Vol.48, September 2004, IBM
Research in Asia.