CRYPTOGRAPHY

UNIT 3

PUBLIC KEY CRYPTOGRAPHY: Public Key Cryptography and RSA Principles– RSA Algorithm, Key
Management and other Public Key Cryptosystems Key Management, Diffie–Hellman Key Exchange, Elliptic
Curve Arithmetic – Elliptic Curve Cryptography – Pseudorandom Number Generation.

3.1 Public Key Cryptography

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs
of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated
with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-
key cryptography depends on keeping the private key secret; the public key can be openly distributed without
compromising security.
In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext,
but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message.

3.2 PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEMS

3.2.1 Public-Key Cryptosystems

Asymmetric algorithms rely on one key for encryption and a different but related key for decryption. These
algorithms have the following important characteristic.
■ It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic
algorithm and the encryption key.
In addition, some algorithms, such as RSA, also exhibit the following characteristic.
■ Either of the two related keys can be used for encryption, with the other used for decryption.
A public-key encryption scheme has six ingredients.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 1
■ Plaintext: This is the readable message or data that is fed into the algorithm as input.
■ Encryption algorithm: The encryption algorithm performs various transformations on the plaintext.
Public and private keys: This is a pair of keys that have been selected so that if one is used for encryption, the
other is used for decryption. The exact transformations performed by the algorithm depend on the public or
private key that is provided as input.

Ciphertext: This is the encrypted message produced as output. It depends on the plaintext and the key. For a
given message, two different keys will produce two different ciphertexts.

Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the original
plaintext.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 2
3.2.2 Applications for Public-Key Cryptosystems

Public-key systems are characterized by the use of a cryptographic algorithm with two keys, one held private and
one available publicly. Depending on the application, the sender uses either the sender’s private key or the
receiver’s public key, or both, to perform some type of cryptographic function. In broad terms, we can classify
the use of public-key cryptosystems into three categories

■ Encryption/decryption: The sender encrypts a message with the recipient’s public key, and the recipient
decrypts the message with the recipient’s private key.

■ Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic
algorithm applied to the message or to a small block of data that is a function of the message.

■ Key exchange: Two sides cooperate to exchange a session key, which is a secret key for symmetric encryption
generated for use for a particular transaction (or session) and valid for a short period of time. Several different
approaches are possible, involving the private key(s) of one or both parties.

Well, some algorithms implement all the three application and some implement one or two among these
applications. Below is the image showing you the details of algorithm possessing these applications.

3.2.3 Public-Key Cryptanalysis

 To prevent the brute force attack the key size must be kept large enough so that it would be impractical
for an adversary to calculate the encryption and decryption. But the key size should not be so large such
that it would become impractical to compute practical encryption and decryption.

 Another type of attack in public key cryptography is that the adversary would try to compute private key
knowing the public key.

 One more type of attack is probable message attack. If an adversary knows that the encrypted message
from a particular sender is a 56-bit key. Then he would simply encrypt all possible 56-bit keys using the
sender’s public key as the public key is known to all. And then match all the encrypted messages with the
cipher text. This type of attack can be prevented by appending some random bits to the original message.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 3
3.3 RSA Algorithm

This algorithm was developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at MIT and first
published in 1978.

The RSA scheme is a cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n. A
typical size for n is 1024 bits, or 309 decimal digits. That is, n is less than 21024.

Description of RSA Algorithm:

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 4
 S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -
SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 5
 S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -
SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 6
 S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -
SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 7
The below example shows how we can encrypt plaintext 9 using the RSA public-key encryption algorithm. This
example uses prime numbers 7 and 11 to generate the public and private keys.

Explanation:

Step 1: Select two large prime numbers, p, and q.

p=7

q = 11

Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and decryption.

First, we calculate

n=pxq

n = 7 x 11

n = 77

Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p -
1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime to φ (n), gcd (e, d (n))
=1.

Second, we calculate

φ (n) = (p - 1) x (q-1)

φ (n) = (7 - 1) x (11 - 1)

φ (n) = 6 x 10

φ (n) = 60

Let us now choose relative prime e of 60 as 7.

Thus the public key is <e, n> = (7, 77)

Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the plain text
following formula is used to get ciphertext C.

To find ciphertext from the plain text following formula is used to get ciphertext C.

C = me mod n

C = 97 mod 77

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 8
C = 37

Step 5: The private key is <d, n>. To determine the private key, we use the following formula d such that:

De mod {(p - 1) x (q - 1)} = 1

7d mod 60 = 1, which gives d = 43

The private key is <d, n> = (43, 77)

Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate plain text m from the
ciphertext c following formula is used to get plain text m.

m = cd mod n

m = 3743 mod 77

m=9

In this example, Plain text = 9 and the ciphertext = 37

3.4 KEY MANAGEMENT IN CRYPTOGRAPHY

SYMMETRIC KEY DISTRIBUTION USING
3.4.1 Symmetric Key Distribution Using Symmetric Encryption

For symmetric encryption to work, the two parties to an exchange must share the same key, and that key must
be protected from access by others. Furthermore, frequent key changes are usually desirable to limit the amount
of data compromised if an attacker learns the key. Therefore, the strength of any cryptographic system rests with
the key distribution technique, a term that refers to the means of delivering a key to two parties who wish to
exchange data without allowing others to see the key. For two parties A and B, key distribution can be achieved
in a number of ways, as follows:

1. A can select a key and physically deliver it to B.

2. A third party can select the key and physically deliver it to A and B.

3. If A and B have previously and recently used a key, one party can transmit the new key to the other,
encrypted using the old key.

4. If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links
to A and B.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 9
3.4.1.1 A Key Distribution Scenario

The key distribution concept can be deployed in a number of ways. A typical scenario is illustrated in below
Figure. The scenario assumes that each user shares a unique master key with the key distribution center (KDC).

Let us assume that user A wishes to establish a logical connection with B and requires a one-time session key to
protect the data transmitted over the connection.

A has a master key, Ka, known only to itself and the KDC; similarly, B shares the master key Kb with the KDC. The
following steps occur.

1. A issues a request to the KDC for a session key to protect a logical connection to B. The message includes the
identity of A and B and a unique identifier, N1, for this transaction, which we refer to as a nonce. The nonce may be a
timestamp, a counter, or a random number; the minimum requirement is that it differs with each request. Also, to
prevent masquerade, it should be difficult for an opponent to guess the nonce. Thus, a random number is a good
choice for a nonce.
2. The KDC responds with a message encrypted using Ka. Thus, A is the only one who can successfully read the
message, and A knows that it originated at the KDC.

The message includes two items intended for A:

■ The one-time session key, Ks, to be used for the session
■ The original request message, including the nonce, to enable A to match this response with the appropriate
request. Thus, A can verify that its original request was not altered before reception by the KDC and, because of the
nonce, that this is not a replay of some previous request. In addition, the message includes two items intended for B:

■ The one-time session key, Ks, to be used for the session

■ An identifier of A (e.g., its network address), IDA These last two items are encrypted with Kb (the master key that
the KDC shares with B). They are to be sent to B to establish the connection and prove A’s identity.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 10
3.4.1.2 Hierarchical Key Control

It is not necessary to limit the key distribution function to a single KDC. Indeed, for very large networks, it
may not be practical to do so. As an alternative, a hierarchy of KDCs can be established. For example, there can
be local KDCs, each responsible for a small domain of the overall internetwork, such as a single LAN or a single
building. For communication among entities within the same local domain, the local KDC is responsible for key
distribution. If two entities in different domains desire a shared key, then the corresponding local KDCs can
communicate through a global KDC. In this case, any one of the three KDCs involved can actually select the
key. The hierarchical concept can be extended to three or even more layers, depending on the size of the user
population and the geographic scope of the internetwork. A hierarchical scheme minimizes the effort involved in
master key distribution, because most master keys are those shared by a local KDC with its local entities.
Furthermore, such a scheme limits the damage of a faulty or subverted KDC to its local area only.

3.4.1.3 Session Key Lifetime

The more frequently session keys are exchanged, the more secure they are, because the opponent has less
ciphertext to work with for any given session key. On the other hand, the distribution of session keys delays the
start of any exchange and places a burden on network capacity. A security manager must try to balance these
competing considerations in determining the lifetime of a particular session key. For connection-oriented
protocols, one obvious choice is to use the same session key for the length of time that the connection is open,
using a new session key for each new session. If a logical connection has a very long lifetime, then it would be
prudent to change the session key periodically, perhaps every time the PDU (protocol data unit) sequence
number cycles. For a connectionless protocol, such as a transaction-oriented protocol, there is no explicit
connection initiation or termination. Thus, it is not obvious how often one needs to change the session key. The
most secure approach is to use a new session key for each exchange. However, this negates one of the principal
benefits of connectionless protocols, which is minimum overhead and delay for each transaction. A better
strategy is to use a given session key for a certain fixed period only or for a certain number of transactions.

3.4.1.4 Decentralized Key Control

The use of a key distribution center imposes the requirement that the KDC be trusted and be protected from
subversion. This requirement can be avoided if key distribution is fully decentralized. Although full
decentralization is not practical for larger networks using symmetric encryption only, it may be useful within a
local context.
A decentralized approach requires that each end system be able to communicate in a secure manner with all
potential partner end systems for purposes of session key distribution. Thus, there may need to be as many as
[n(n - 1)]/2 master keys for a configuration with n end systems.

A session key may be established with the following sequence of steps.

1. A issues a request to B for a session key and includes a nonce, N1.
2. B responds with a message that is encrypted using the shared master key. The response includes the session
key selected by B, an identifier of B, the value f(N1), and another nonce, N2.
3. Using the new session key, A returns f(N2) to B.

Thus, although each node must maintain at most (n - 1) master keys, as many session keys as required may be
generated and used. Because the messages transferred using the master key are short, cryptanalysis is difficult.
As before, session keys are used for only a limited time to protect them.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 11
3.4.2 DISTRIBUTION OF PUBLIC KEYS

In cryptography, it is a very tedious task to distribute the public and private keys between sender and
receiver. If the key is known to the third party (forger/eavesdropper) then the whole security mechanism
becomes worthless. So, there comes the need to secure the exchange of keys.

The public key can be distributed in four ways:

1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates.

a. Public Announcement: Here the public key is broadcasted to everyone. The major weakness of this method
is a forgery. Anyone can create a key claiming to be someone else and broadcast it. Until forgery is discovered
can masquerade as claimed user.

b. Publicly Available Directory: In this type, the public key is stored in a public directory. Directories are
trusted here, with properties like Participant Registration, access and allow to modify values at any time,
contains entries like {name, public-key}. Directories can be accessed electronically still vulnerable to forgery
or tampering.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 12
c. Public Key Authority: It is similar to the directory but, improves security by tightening control over the
distribution of keys from the directory. It requires users to know the public key for the directory. Whenever the
keys are needed, real-time access to the directory is made by the user to obtain any desired public key
securely.

d. Public Certification: This time authority provides a certificate (which binds an identity to the public key)
to allow key exchange without real-time access to the public authority each time. The certificate is
accompanied by some other info such as period of validity, rights of use, etc. All of this content is signed by
the private key of the certificate authority and it can be verified by anyone possessing the authority’s public
key.
First sender and receiver both request CA for a certificate which contains a public key and other information
and then they can exchange these certificates and can start communication.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 13
3.5 Other Public Key Cryptosystems
3.5.1 Diffie–Hellman Key Exchange
What is Diffie-Hellman key exchange (exponential key exchange)?
Diffie-Hellman key exchange is a method of digital encryption that securely exchanges
cryptographic keys between two parties over a public channel without their conversation being transmitted
over the internet. The two parties use symmetric cryptography to encrypt and decrypt their messages.
Published in 1976 by Whitfield Diffie and Martin Hellman, it was one of the first practical examples
of public key cryptography.

Diffie-Hellman key exchange raises numbers to a selected power to produce decryption keys. The
components of the keys are never directly transmitted, making the task of a would-be code breaker
mathematically overwhelming. The method doesn't share information during the key exchange. The two
parties have no prior knowledge of each other, but the two parties create a key together.

Where is Diffie-Hellman key exchange used?

Diffie-Hellman key exchange's goal is to securely establish a channel to create and share a key for
symmetric key algorithms. Generally, it's used for encryption, password-authenticated key agreement and
forward security. Password-authenticated key agreements are used to prevent man-in-the-middle (MitM)
attacks. Forward secrecy-based protocols protect against the compromising of keys by generating new key
pairs for each session.

Diffie-Hellman key exchange is commonly found in security protocols, such as Transport Layer Security
(TLS), Secure Shell (SSH) and IP Security (IPsec). For example, in IPsec, the encryption method is used for
key generation and key rotation.

Even though Diffie-Hellman key exchange can be used for establishing both public and private keys, the
Rivest-Shamir-Adleman algorithm, or RSA algorithm, can also be used, since it's able to sign public key
certificates.

How does Diffie-Hellman key exchange work?

To implement Diffie-Hellman, two end users, Alice and Bob, mutually agree on positive whole
numbers p and q, such that p is a prime number and q is a generator of p. The generator q is a number that,
when raised to positive whole-number powers less than p, never produces the same result for any two such
whole numbers. The value of p may be large, but the value of q is usually small.

Once Alice and Bob have agreed on p and q in private, they choose positive whole-number personal
keys a and b. Both are less than the prime number modulus p. Neither user divulges their personal key to
anyone; ideally, they memorize these numbers and don't write them down or store them anywhere. Next,

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 14
Alice and Bob compute public keys a* and b* based on their personal keys according to the following
formulas:

a* = q mod p
a

b* = q mod p
b

The two users can share their public keys a* and b* over a communications medium assumed to be insecure,
such as the internet or a corporate wide area network. From these public keys, a number x can be generated
by either user on the basis of their own personal keys. Alice computes x using the following formula:

x = (b*) mod p

Bob computes x using the following formula:

x = (a*) mod p

The value of x turns out to be the same according to either of the above two formulas. However, the personal
keys a and b, which are critical in the calculation of x, haven't been transmitted over a public medium.
Because it's a large and apparently random number, a potential hacker has almost no chance of correctly
guessing x, even with the help of a powerful computer to conduct millions of trials. The two users can,
therefore, in theory, communicate privately over a public medium with an encryption method of their choice
using the decryption key x.

Vulnerabilities of Diffie-Hellman key exchange

The most serious limitation of Diffie-Hellman in its basic form is the lack of authentication.
Communications using Diffie-Hellman by itself are vulnerable to MitM. Ideally, Diffie-Hellman should be
used in conjunction with a recognized authentication method, such as digital signatures, to verify the
identities of the users over the public communications medium.

Diffie-Hellman key exchange is also vulnerable to logjam attacks, specifically against the TLS protocol.
Logjam attacks downgrade TLS connections to 512-bit cryptography, enabling an attacker to read and
modify data that's passed through the connection. Diffie-Hellman key exchange can still be secure if
implemented correctly. For example, logjam attacks won't work with a 2,048-bit key.

Examples of Diffie-Hellman key exchange

If two people, say Alice and Bob, want to communicate sensitive data over an open public network but want
to avoid hackers or eavesdroppers, they can use Diffie-Hellman key exchange method for encryption. This
open public network could be at a cafe, for example.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 15
Alice and Bob privately choose a secret key, and a function is run on these keys to create a public key. The
results -- and not the function -- are shared. Even if a third party is listening in, that third party won't have all
the involved numbers, making it difficult to derive the function the numbers came from.

From here, Alice and Bob each run a new function using the results they received from the opposite party,
their own secret number and the original prime value. Alice and Bob then arrive at a common shared secret
key that a third party can't deduce. Alice and Bob are now free to communicate without worrying about third
parties.

3.6 ELLIPTIC CURVE ARITHMETIC

Competing system challenges RSA: elliptic curve cryptography (ECC). ECC is showing up in standardization
efforts, including the IEEE P1363 Standard for Public-Key Cryptography. The principal attraction of ECC,
compared to RSA, is that it appears to offer equal security for a far smaller key size, thereby reducing processing
overhead.

An elliptic curve is defined by an equation in two variables with coefficients. For cryptography, the variables
and coefficients are restricted to elements in a finite field, which results in the definition of a finite abelian group.
Elliptic curves in which the variables and coefficients are real numbers. This case is perhaps easier to visualize.

Elliptic Curves over Real Numbers

Elliptic curves are not ellipses. They are so named because they are described by cubic equations, similar to
those used for calculating the circumference of an ellipse. In general, cubic equations for elliptic curves take the
following form, known as a Weierstrass equation:

Such equations are said to be cubic, or of degree 3, because the highest exponent they contain is a 3. Also
included in the definition of an elliptic curve is a single element denoted O and called the point at infinity or the
zero point, which we discuss subsequently. To plot such a curve, we need to compute.

For given values of a and b, the plot consists of positive and negative values of y for each value of x. Thus, each
curve is symmetric about y = 0. The below diagram shows two examples of elliptic curves. As you can see, the
formula sometimes produces weirdlooking curves.

Now, consider the set of points E(a, b) consisting of all of the points (x, y) that satisfy Equation (10.1) together
with the element O. Using a different value of the pair (a, b) results in a different set E(a, b). Using this
terminology, the two curves in the below diagram depict the sets E(-1, 0) and E(1, 1), respectively.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 16
 S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -
SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 17
3.7 Elliptic Curve Cryptography

Elliptic curve cryptography is used to implement public key cryptography. It was discovered by Victor Miller
of IBM and Neil Koblitz of the University of Washington in the year 1985. ECC popularly used an acronym for
Elliptic Curve Cryptography. It is based on the latest mathematics and delivers a relatively more secure
foundation than the first generation public key cryptography systems for example RSA.

Elliptic Curve Cryptography (ECC) is a key-based technique for encrypting data. ECC focuses on pairs of public
and private keys for decryption and encryption of web traffic.

ECC, an alternative technique to RSA, is a powerful cryptography approach. It generates security between key
pairs for public key encryption by using the mathematics of elliptic curves.

RSA does something similar with prime numbers instead of elliptic curves, but ECC has gradually been
growing in popularity recently due to its smaller key size and ability to maintain security. This trend will
probably continue as the demand on devices to remain secure increases due to the size of keys growing, drawing
on scarce mobile resources. This is why it is so important to understand elliptic curve cryptography in context.

In contrast to RSA, ECC bases its approach to public key cryptographic systems on how elliptic curves are
structured algebraically over finite fields. Therefore, ECC creates keys that are more difficult, mathematically, to
crack. For this reason, ECC is considered to be the next generation implementation of public key cryptography
and more secure than RSA.

It also makes sense to adopt ECC to maintain high levels of both performance and security. That’s because
ECC is increasingly in wider use as websites strive for greater online security in customer data and greater

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 18
mobile optimization, simultaneously. More sites using ECC to secure data means a greater need for this kind of
quick guide to elliptic curve cryptography.

An elliptic curve for current ECC purposes is a plane curve over a finite field which is made up of the points
satisfying the equation: y²=x³ + ax + b.

In this elliptic curve cryptography example, any point on the curve can be mirrored over the x-axis and the curve
will stay the same. Any non-vertical line will intersect the curve in three places or fewer.

Advantages of Elliptic Curve Cryptography

Public-key cryptography works using algorithms that are easy to process in one direction and difficult to process
in the reverse direction. For example, RSA relies on the fact that multiplying prime numbers to get a larger
number is easy, while factoring huge numbers back to the original primes is much more difficult.

However, to remain secure, RSA needs keys that are 2048 bits or longer. This makes the process slow, and it also
means that key size is important.

Size is a serious advantage of elliptic curve cryptography, because it translates into more power for smaller,
mobile devices. It’s far simpler and requires less energy to factor than it is to solve for an elliptic curve discrete
logarithm, so for two keys of the same size, RSA’s factoring encryption is more vulnerable.

Using ECC, you can achieve the same security level using smaller keys. In a world where mobile devices must
do more and more cryptography with less computational power, ECC offers high security with faster, shorter
keys compared to RSA.

How Secure is Elliptic Curve Cryptography?

There are several potential vulnerabilities to elliptic curve cryptography, including side-channel attacks and
twist-security attacks. Both types aim to invalidate the ECC’s security for private keys.

Side-channel attacks including differential power attacks, fault analysis, simple power attacks, and simple timing
attacks, typically result in information leaks. Simple countermeasures exist for all types of side-channel attacks.

An additional type of elliptic curve attack is the twist-security attack or fault attack. Such attacks may include
invalid-curve attacks and small-subgroup attacks, and they may result in the private key of the victim leaking out.
Twist-security attacks are typically simply mitigated with careful parameter validation and curve choices.

Although there are certain ways to attack ECC, the advantages of elliptic curve cryptography for wireless
security mean it remains a more secure option.

What Is an Elliptic Curve Digital Signature?

An Elliptic Curve Digital Signature Algorithm (ECDSA) uses ECC keys to ensure each user is unique and every
transaction is secure. Although this kind of digital signing algorithm (DSA) offers a functionally
indistinguishable outcome as other DSAs, it uses the smaller keys you’d expect from ECC and therefore is more
efficient.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 19
What is Elliptic Curve Cryptography Used For?

ECC is among the most commonly used implementation techniques for digital signatures in cryptocurrencies.
Both Bitcoin and Ethereum apply the Elliptic Curve Digital Signature Algorithm (ECDSA) specifically in
signing transactions. However, ECC is not used only in cryptocurrencies. It is a standard for encryption that will
be used by most web applications going forward due to its shorter key length and efficiency.

What is Elliptic Curve Cryptography Used For?

Avi’s software load balancer offers an elegant ECC solution. Avi fully supports termination of SSL– and
TLS-encrypted HTTPS traffic. Avi’s support for SSL/TLS has included support for both RSA and ECC keys
without the need for any proprietary hardware. See documentation for Elliptic Curve versus RSA Certificate
Priority within Avi.

S.JAYAKRISHNAN, M.C.A.,B.Ed.,M.Phil.,N.E.T., - B.C.A DEPARTMENT -

SHANMUGA INDUSTRIES ARTS AND SCIENCE COLLEGE, TIRUVANNAMALAI. Page 20