Acquiring Digital Signatures from Elliptic Curve

Cryptography
A PROJECT REPORT
for
Network And Information Security (ITE4001)
in
B.Tech (Information Technology)
by
Pranav Khatri (17BIT0075)
Vishal Thakur (17BIT0076)
Anshul Ranjan (17BIT0179)

Winter Sem,2019-20

Under the Guidance of

Prof. SHANTHARAJAH SP

School of Information Technology and Engineering

June, 2020
Index

S.NO. Title Page No.

1 Abstract 1
2 Introduction 1
3 Elliptic Cryptography Curve 2
4 Elliptic Curve Digital Signature Algorithm 6
5 Implementation 9
6 Output 13
7 Advantages Of ECDSA 14
8 Conclusion 15
Abstract
The elliptic curve cryptosystems are paid more and more attention because its key string is shorter
and its security is better than other public cryptosystems. The digital signature system based on
elliptic curve (ECDSA) is one of the main stream digital signature systems.Elliptic Curve Digital
signature represents one of the most widely used security technologies for ensuring un-forge-ability
and non-repudiation of digital data. Its performance heavily depends on an operation called point
multiplication. Furthermore, root cause of security breakdown of ECDSA is that it shares three
points of the elliptic curve public ally which makes it feasible for an adversary to gauge the private
key of the signer.

Introduction
The idea of information security leads to the evolution of Cryptography. Cryptography is the
science of keeping information safe. In the mid-1980s, Miller and Koblitz introduced elliptic curves
into cryptography, and Lenstra demonstrated how to employ elliptic curves to factor integers.

Elliptic curve can be applied to cryptography as it is secure to the best of current knowledge. Elliptic
curve cryptography (ECC) is an approach to public-key cryptography, based on the algebraic
structure of elliptic curves over finite fields. An elliptic curve cryptographic scheme assists in
obtaining the desired security level with noticeably smaller keys than that of the corresponding
RSA schemes. Speed and efficient use of power, bandwidth, and storage are some of the significant
merits of utilizing smaller keys.

A digital signature or digital 1signature scheme is a mathematical scheme for demonstrating the
authenticity of a digital message or document. A valid digital signature gives a recipient reason to
believe that the message was created by a known sender, and that it was not altered in transit . A
digital signature is a number dependent on some secret known only to the signer (the signer's private
key), and, additionally, on the contents of the message being signed. Signatures must be verifiable:
If a dispute arises as to whether an entity signed a document, an unbiased third party should be able
to resolve the matter equitably, without requiring access to the signer's private key. Disp1utes may
arise when a signer tries to repudiate a signature it did create, or when a forger makes a fraudulent
claim.

Digital signature schemes can be used to provide the following basic cryptographic services: data
integrity (the assurance that data has not been altered by unauthorized or unknown means), data
origin authentication (the assurance that the source of data is as claimed), and non-repudiation (the
assurance that an entity cannot deny previous actions or commitments).

The Elliptic Curve Digital Signature Algorithm is the Elliptic Curve analogue to the more widely
used Digital Signature Algorithm (DSA). It is the application of ECC to digital signature generation
and verification. Its security is based on the elliptic curve discrete logarithm problem.

1
Elliptic Curve Cryptography

Elliptic curves are Cubic curves. Elliptic curves are called elliptic because of their rapport with elliptic
integrals in mathematics which can be used to determine the length of arc of an ellipse. These may be
defined as a set of discrete points on the co-ordinate plane, satisfying the equation of the form,
y2[+xy]=x3+ax2A+b (mod p).

The square bracket means that the term is optional. x and y are variables, a and b are constants. Each
value of ‘a’ and ‘b’ gives a different elliptic curve. An elliptic curve in its “standard form” is illustrated
by y2=x3+a×x+b for some fixed values of parameters ‘a’ and ‘b’. This equation is also referred as
Weierstrass equation of characteristic 0. The values that the objects x, y, ‘a’ and ‘b’ can acquire are
meant to be drawn from a set that must be, at least a ring with a multiplicative identity element. The
characteristic of such a ring is the number of times identity element multiplicative must be added in
order to get the additive identity element.

Eqn: y^{2}=x^{3}+ax+b

2
If the multiplicative identity element is added to itself, no matter how many times, and it never gives
the additive identity element, then the characteristic is 0. The set of all real numbers is of
characteristic 0 because no matter how many times 1 is added to it, it never results to 0.

When a set is not of characteristic 0 then there exists an integer p such that p×n=0 for all n. In this
case the value of p is the characteristic of the integral domain.

The Elliptic curve cryptography is based on the discrete logarithm problem applied to elliptic curves
over a finite field. In particular, for an elliptic curve E(Fq), it relies on the fact that it is easy to
compute Q=k×P, for a scalar k whose value lie between 0 and n-1. Here n is the order of finite field
Fqq is characteristic of finite field whose value is greater than 3. P and Q are points on elliptic curve
E(Fq). Given P and Q it is computationally infeasible to obtain k if k is sufficiently large. The scalar k
in this case is the discrete logarithm of point Q to the base P.

A. Fundamentals of Elliptic Curve

1) Prime Field
The equation of the elliptic curve on a prime field Fq is V2(modq)=x3+a×x+b where 4a3+27b2(mod
q)≠0. Here the elements of finite field are integer between 0 and q−1. All operations such as point-
addition, point-subtraction, point-division and point-multiplication involves integer between 0 and q−1.
The prime q is chosen such that there is finitely large number of points on the elliptic curve to make the
cryptosystem secure.

2) Binary Field
The equation of the elliptic curve on a binary field Fm2 is y2+x×y=x3+ax2+b, where b≠0. Here
elements of a finite field are integers. These elements are chosen such that length of each should be at
most m bits. These numbers can be regarded as a binary polynomial having degree m-1. In binary
polynomial the coefficients can only be o or 1. All operations involves polynomial of degree m-1 or
lesser. The m is chosen such that there is finitely large number of points on the elliptic curve to make
the cryptosystem more secure.

3) Elliptic Curve Group

When the point addition operation is considered as a group operation, an additive group that consists of
the set of solutions of the elliptic curve equation and a special point O called point-at-infinity is formed.
It is well known that E/Fq with a binary operation, called addition of points and denoted by +, is an
Abelian group with 0∞ as the identity element. The group is denoted by E(Fq).

4) Generating Point
The base points or generating points are used in elliptic curve cryptography for public key generation
and private key generation. Base points are the points which can generate all the coordinates of an
elliptic curve. The order of all base points must be equal to n where n is the total number of points for
a particular elliptic curve.

3
Suppose the point P is in E(Fq) and suppose P has a prime order n then, the cyclic additive subgroup of
E(Fq) generated by P is P P={O,P,2P,3P…(n−1)P}.

B. Elliptic Curve Operations

1) Point Addition
It is possible to obtain a third point R on the curve given two points P and Q with the aid of a set of
rules. Such a possibility is termed as elliptic curve point addition. The symbol represents the elliptic
curve addition P3=P1+P2. Point addition should not to be confused with scalar addition.

2) Point Multiplication
e×P denotes the multiplication of an elliptic curve point P by an integer e. This is analogous to the
addition of P to itself ‘e’ times and this results in another point on the curve.

In Elliptic curves addition of points on a curve in the following manner: In order to find the sum of two
points P and Q on elliptic curve E, draw a line connecting P and Q. This line will intersect E at exactly
one other point, which will denote P×Q. P+Q will be defined as the reflection of P×Q across the x-axis.

There are certain cases for which this definition will not suffice. One such case is where P and Q are
the same point. In this case, draw the tangent line to E at P and find the second point where this line
intersects E. Call this point P×P. Again, reflection of this point over the x-axis is P+P. Another case is
where the line connecting P and Q is vertical.

In this case, P+Q is defined to be O, the point at infinity since the line connecting any point and O will
be a vertical line, and reflection of 0 about the x-axis results in O.

4
Consider a point P(xp,yp) on elliptic curve E. To determine 2P, P is doubled. This should be an affine
point on EC. Equation of the tangent at point P is: S=[(3x2p+a)/2yp](mod p). Then 2P has affine
coordinates (xr,yr) given by: xr=(S2−2xp) mod p yr=[S(xp−xr)−yp](mod p)

Now 3Pcan be determined by point addition of points P and 2P, treating 2P=Q. P has coordinates (xp,yp)
and Q=2P has coordinates (xq,yq). Now the slope is: S=[(yq−yp)/(xq−xp)] mod p P+Q=−R
xr=(S2−xp−xq) mod p yr=(S(xp−xr)−yp) mod p. Thus k×p can be calculated by a series of point-
doubling and point-addition operation.

5
Elliptic Curve Digital Signature Algorithm

The steps involved in ECDSA are formation of key-pair, signature-generation and signature-
verification. The digital signature is typically created using the hash function. The transmitter sends
the encrypted data along with signature to the receiver. The receiver in possession of sender's public
key and domain parameters can authenticate the signature.

The prime q of the finite field Fq, the equation of the elliptic curve E, the point P on the curve and its
order n, are the public domain parameters. Furthermore, a randomly selected integer d from the
interval [1, n-1] forms a private key. Multiplying P by the private key d, which is called scalar
multiplication, will generate the corresponding public key Q.

The pair (Q, d) forms the ECC public-private key pair with Q is the public key and d is the private
key. The generating point G, the curve parameter ‘a’ and ‘b’, together with few more constants
constitute the domain parameters of ECC.

The public key is a point on the curve and the private key is a random number selected by signer. The
public key is obtained by multiplying the private key with the generating point on the curve.

6
A. Key-Pair Generation
1. Given generating point G, private key d, public key can be generated through following
steps:

2. Select a random integer d in the interval [0, n-1].

3. Compute Q=d×G, obtained by point Multiplication. Q, G are points on the elliptic curve.

4. Now key-pair is (d, Q) where d is the Private Key and Q is the Public key.

B. Signature Generation
1. Utilizing domain parameters and private key, signer generate signature for a message M by
following steps:

2. Chooses a random integer k with 1≤k≤n−1.

3. Compute k×G=(x1,y1) and r=x1 mod n. If r=0 then return to step 1.

4. Compute k−1 mod n.

5. Compute z=h−1(M)2.

6. Calculate s=k−1(z+d×r) mod n. If s=0 then returns to step 1.

7. Signature for the message hash z is (r, s).

C. Signature Verification
1. Authenticity of the received message can be verified by receiver exploiting following steps:

2. Verify that r, s are integers in the interval [1,n−1].

7
3. Compute z=h−1(M).

4. Compute w=s−l mod n.

5. Compute u1=z×w(mod n) and u2=r×w(mod n).

6. Compute X=u1*G+u2*Q. If X=O∞ then he will reject the signature.

7. Otherwise compute v=x1 mod n where X=(x1,y1).

8. Accepts the signature if and only if v=r.

8
Implementation

Initialising the variables and Field

Addition Of two Points

9
Addition Using Brute Force

ECC used for Key Exchange

10
Key Exchange secured with Time Stamp

Applying ECDSA and Message: “Covid 19”

11
Providing the pairs (r,s) for signature and time stamping

Verification Of ECDSA

12
Output

Acquiring the Points on Elliptic Curve

Key Exchange using ECC and Shared Keys

13
ECDSA Algorithm and Verification

Advantages of ECDSA
1. Less complex algorithm: Unlike existing ECDSA, the signature generation using proposed
ECDSA consists of computing the value of parameter‘s’ only. Integer ‘r’ is not calculated in
this algorithm. Also signature verification consists of one point multiplication operation
whereas existing algorithm have two point multiplication and one point addition operation.
2. Provide more security: As only two points are shared publically and generating point is private,
this algorithm is more secure against intruders.
3. Less number of curve points provided publically.
4. Reduces number of point multiplication in signature verification.
5. Reduced point addition operation in signature verification method.
6. Reduces number of parameters made public. No need to share curve parameters ‘a’, ‘b’, ‘q’ and
‘n’ with everyone.
7. Remove the overhead to calculating ‘r’.
8. When utilized in Key Exchange algorithm to authenticate the message sent by both parties,
remove the Man-in-the-Middle attack.

14
Conclusion
Elliptic Curve Digital Signature Algorithm (ECDSA) which is one of the variants of Elliptic Curve
Cryptography (ECC) proposed as an alternative to established public key systems such as Digital
Signature Algorithm (DSA) and Rivest Shamir Adleman (RSA), have recently gained a lot of
attention in industry and academia.

Some benefits of having smaller key size include faster computation time and reduction in
processing power and storage space. This makes ECDSA ideal for constrained environments such
as pagers, PDAs, cellular phones and smart cards.

15