Eliptic Curve Implementation

8/8/2019 Eliptic Curve Implementation

1/84

Implementation of Elliptic Curve Cryptography

1. INTRODUCTION

1.1 OVERVIEW OF THESIS

Abstract

Strong public-key cryptography is often considered to be too computationally

expensive for small devices if not accelerated by crypto-graphic hardware. We revisited

this statement and implemented elliptic curve point multiplication for 160-bit, 192-bit,

and 224-bit NIST/SECG curves over GF (p) and RSA-1024 and RSA-2048 on two 8-bit

micro-controllers. To accelerate multiple-precision multiplication, we propose a new

algorithm to reduce the number of memory accesses. Implementation and analysis led

to three observations:

1. Public-key cryptography is viable on small devices without hardware acceleration.

2. The relative performance advantage of ECC point multiplication over RSA modular

exponentiation increases with the decrease in processor word size and the increase in

key size.

3. Elliptic curves over fields using pseudo-Mersenne primes as standardized by NIST

and SECG allow for high performance implementations and show no performance

disadvantage over optimal extension fields or prime fields selected specifically for a

particular processor architecture

Introduction

As the Internet expands, it will encompass not only server and desktop systems,

but also large numbers of small devices ranging from PDAs and cell phones to

appliances and networked sensors. Inexpensive radio transceivers, integrated or attached

to small processors, will provide the basis for small devices that can exchange

information both locally with peers and, through gateway devices, globally with entities

on the Internet.

Page 1 of 84


2/84


Deploying these devices in accessible environments exposes them to potential

attackers that could tamper with them, eavesdrop communications, alter transmitted

data, or attach unauthorized devices to the network. These risks can be mitigated by

employing strong cryptography to ensure authentication, authorization, data

confidentiality, and data integrity.

Symmetric cryptography, which is computationally inexpensive, can be used to

achieve some of these goals. However, it is inflexible with respect to key management

as it requires pre-distribution of keys. On the other hand, public- key cryptography

allows for flexible key management, but requires a significant amount of computation.

However, the compute capabilities of low-cost CPUs are very limited in terms of clock

frequency, memory size, and power constraints.

Compared to RSA, the prevalent public-key scheme of the Internet today,

Elliptic Curve Cryptography (ECC) over smaller key sizes, faster computation, as well

as memory, energy and bandwidth savings and is thus better suited for small devices.

While RSA and ECC can be accelerated with dedicated cryptographic coprocessors such

as those used in smart cards, coprocessors require additional hardware adding to the size

and complexity of the devices.

Therefore, they may not be desirable for low-cost implementations. Only few

publications have considered public-key cryptography on small devices without

coprocessors. Hasegawa et al. implemented ECDSA signature generation and

verification on a 10MHz M16C micro computer. The implementation requires 4KB of

code space and uses a 160-bit field prime p = 65112 * 2144 - 1 chosen to accommodate

the 16-bit processor architecture.

Signatures can be generated in 150ms and verified in 630ms. Based on the ECC

integer library, the authors also estimate 10s for RSA-1024 signature generation and

400ms for verification using e =216 +1.

Page 2 of 84


3/84


Bailey and Paar suggest the use of optimal extension fields (OEFs) that enable

efficient reduction when subfield primes are chosen as pseudo-Mersenne primes close to

the word size of the targeted processor An implementation of this concept for elliptic

curve point multiplication over GF ((28 - 17)17) on n8-bit 8051 processor architecture

is described by Woodbury, Bailey and Paar.

On a 12MHz 8051 with 12 clock cycles per instruction cycle, the authors

measured 8.37s for general point multiplication using the binary method and 1.83s for

point multiplication with a fixed base point.

The code size was 13KB and 183 bytes of internal and 340 bytes of external

RAM were used. Pietil ainen evaluated the relative performance of RSA and ECC on

smart cards.

An elliptic curve E over the complex numbers is the set of points (x, y)

satisfying the equation

E: y2 = x3 + ax + b,

plus a special point O that lies infinitely far up the y -axis .

Page 3 of 84


4/84


1.2 NEED FOR COMPUTERIZATION

Encryption and Digital Signatures

Today global electronic commerce in the Internet is common. To enable

profitable and legal trading, confidentiality, integrity, and non-reputability of the

associated messages is necessary. In order to achieve this, cryptographic systems must

play a major role in electronic commerce and, within the cryptography realm; public key

cryptography has emerged over twenty years as the key element. However, public key

cryptography requires a public key infrastructure to exist for it to become useful and for

the associated algorithms to be proven and accepted, particularly where those algorithms

are used for digital signature purposes.

Authentication: A merchant must know the identity of the customer. For some kinds of

businesses it is not sufficient that the customer authenticates herself by the use of a

password. In these cases an electronic version of today is identity or credit card is

required. The recipient of a message or an order should know the identity of the sender

and should also be sure that the data wasnt altered during its transmission. These

challenges, the authentication of the user and the integrity of the sent messages, are metusing various cryptographic methods.

Non-repudiation: It is often necessary to assert that a particular person sent an order or

message and that no other person could possibly have sent it. In traditional business the

personal hand-written signature is used to assert this, in cases of high importance

combined with a witness of the signing act. In electronic commerce, this challenge is

met using digital signatures based on public key cryptography.

Privacy:. The exchange of data between the merchant and the customer in most cases

should be kept secret. No unauthorized party should be able to read or copy such a

communication. This challenge, confidentiality, is met using encryption.

Page 4 of 84


5/84


1.3 FEATURES OF THE ELLIPTIC CURVE CRYPTO SYSTEM

ECC devices require less storage, less power, less memory and less bandwidth

than other system. This allows you to implement cryptography in platforms that are

constrained, such as wireless devices, handheld computers, smart cards and thin-clients.

It also provides a big win in situations where efficiency is important.

For example, the current key-size recommendation for legacy public schemes is

2048 bits. A vastly smaller 224-bit ECC key offers the same level of security. These

advantage only increases with security level for example, a 3072 bit legacy key and a

256 bit ECC key are equivalent Something that will be important as stronger security

systems become mandated and devices get smaller.

Page 5 of 84


6/84


2. BACKGROUND STUDY

Since the beginning of public key cryptography there are two major

cryptosystems (RSA and El-Gamal ) that seem to defeat all attacks. For this reason,these two cryptosystems are the most respected and wildly used public key

cryptosystems nowadays. One can use both cryptosystems for encryption/decryption and

digital signatures. All important security standards cover those cryptosystems, so it

should be safe to use implementations of them.

First of all, elliptic curve cryptosystems (ECC ) arent that new anymore. They

were invented around 1985 independently by Miller and Koblitz. Since their

introduction a broad discussion on their security and efficiency has been carried on. It is

this very efficiency that makes them so interesting for us today. This is due to the fact

that information technology is developing very fast. For example, most computers today

dont look like the old fashioned personal computers anymore.

We use handhelds and mobile phones and of course we have a need in securing

communications on these devices. But in this case there have to be several constraints

taken into account: there is very limited memory and computing power on these devices,

and it is not possible to spend much bandwidth for communications overhead. What we

need is a cryptosystem with small keys, and a small signature size.

Efficient encryption/decryption is not so important because these operations are

usually done with a private key cryptosystem. ECC has exactly the desired properties.

This comes from the fact, that there are no sub exponential algorithms for the ECDLP

(elliptic curve discrete logarithm problem) known today. This means that we can use

shorter keys (compared to other cryptosystems) for high security levels.

Page 6 of 84


7/84


3. ELLIPTIC CURVE CRYPTOGRAPHY

3.1 AN INTRODUCTION TO ECC

Elliptic curves have been used to factories numbers and in primality proving.

More recently, elliptic curves attracted attention for their part in the solution to Fermats

Last Theorem. However, elliptic curves have also inspired a new type of cryptosystem

providing alternatives for implementation of digital signatures, key exchange and

confidentiality.

It is assumed that the reader is already familiar with existing cryptographic

systems such as RSA and Diffie-Hellman and hence with the notation of integer

arithmetic modulo p.

Background

Elliptic curves have been the subject of intensive study for over a century but

apart from a recent link with the solution of Fermats Last Theorem they remain a

relatively unfamiliar branch of mathematics.

The applicability of elliptic curves to cryptography was realized in 1985 with two

keynote discoveries.

Elliptic curves could be used to factorise numbers (H.W.Lenstra Jr.)

An analogue of the Diffie-Hellman protocol could be defined using elliptic curves

(V.S.Miller).

The factorization technique was interesting but proved fruitless when applied to

problems where the factors were large, e.g., RSA. It is suitable for determining small

prime factors only.

Page 7 of 84


8/84


The second proposal aroused a little more interest. The elliptic curves cryptosystem

appeared to require a much shorter key than that required by RSA. But this was of

academic interest only. RSA was easy to understand, fairly easy to implement and key

size were not an issue -then.

However, in 1966, the release of a paper by Andrew Odlyzko caused a major increase

in the length of RSA keys. Suddenly 64 byte keys were no longer acceptable for secure

applications. Overnight 128 bytes became the new norm; bandwidth and performance

became issues for many systems.

This precipitated the current interest in elliptic curves cryptosystems. Based on

current knowledge, the keysize required for such systems is about 160-180 bits.

Some Basic Arithmetic

Glossary

Term Definition

Exclusive OR.

DH The Diffie-Hellman protocol enables two parties to establish a shared secret in

a secure fashion using a public communication channel.DSA Digital Signature Algorithm.

EC Elliptic Curve.

EC-n An elliptic curve where the underlying field elements are n bits long.

ECC Elliptic Curve Cryptosystems.

ECDPL Elliptic Curves Discrete Log Problem.

ECDSA Elliptic Curve DSA.

RSA Rivest Shamir Adleman.

RSA-n The RSA algorithm implemented with an n bit modulus.

Page 8 of 84


9/84


What is an Elliptic Curve?

Definition

An elliptic curve is a set of points (x,y) satisfying:

y = x + ax + b where 4a + 27 b 0

together with a special point O, this is called the point at infinity (but really behaves

like a 0 under addition).

Of course, the above is not a precise definition without specifying what kind of

numbers x, y, a and b are. These values are all numbers in a field.

The (elliptic curve) field

A field has a precise meaning in mathematics and is best visualized by example.

Examples are

the infinite field of fractions {a/b where a and b are integers} the finite field of integers modulo p, p prime (or GF(p)).

Informally, the specific useful property of a field is the ability to perform division

within it.

For cryptographic applications the elliptic curves defined over finite fields (for

example GF(p) has p elements) are of primary interest and the remaining discussion is

focused on these implementations.

What does an elliptic curve look like?

Page 9 of 84


10/84


If we consider the implementation over GF(p), the elliptic curve looks like a

disconnected series of points in the Cartesian Plane.

Properties of elliptic curves

The collection of points (x,y) which satisfy the elliptic curve equation have the

following useful property. By defining addition of two points in a special way, the

addition of two points on the curve gives another point on the curve. (The mathematical

term for this is closure). However this is not addition as we know it. It is a set of

calculations (actually algebraic equations) involving x and y and calculated in the finite

field.

Now, elliptic curves are not the only mathematical objects with this property.

What makes them special is that the set of calculations reproduced below, involving x

and y are relatively simple.

The computations required are addition, subtraction, multiplication and division

all performed in the finite field.

Addition rule of elliptic curves

If P=(x1, y1) is any point on the elliptic curve then,

P+O = O + P = P

If P=(x1, y1) is any point on the elliptic curve then the negative of P, -P = (x1, y1) is also

a point on the curve. The addition of these two points gives,

P + (-P) = P P = O

If P = (x1, y1) and Q = (x2, y2) are points which satisfy the elliptic curve equation and Q-

P then the sum^4

Page 10 of 84


11/84


P + Q = R = (x3, y3)

is defined by

x3 = - x1 - x2

y3 = (x1 x3) y1

where

= (y2 y1)/(x2 x1) P Q

= (3x1 + a) / 2y1 P=Q

It can then be shown that R(x3, y3) satisfies the EC equation y3 = x3 + ax3 + b.

Another important property of this addition rule is the order of addition does not matter.

P(x1, y1) + Q(x2, y2) = R(x3, y3) = Q(x2, y2) + P(x1, y1)

PerformanceThe computation of requires the computation of 1 field inverse and 2 field

multiplications when P = Q and one less field multiplication when P and Q are distinct.

These are followed by a further two fild multiplications to complete the computation of

(x3, y3 ).

Hence, up to 4 field multiplications and 1 field inverse are required each time P +

Q is performed. Field arithmetic, perticularly division, can be computationally intensive

for long arguments, so it can be seen that ECC are only practical because it appears that

comparitively short key lengths give the required level of security.

This is worst case though. Research is continuing to generate algorithms and

ehnancements which can reduce the computational overhead ewquired for EC arithmetic.

Page 11 of 84


12/84


3.2 APPLICABILITY TO CRYPTOGRAPHY

If a point P(x,y) on an elliptic curve is repeatedly added to itself, say n times, the

argument in the previous section says that he result, Q(x, y) , will also satisfy the elliptic

curve equation. However given knowledge of P(x,y), Q(x,y) or the elliptic curve used, it

is very difficult to determine n.

So, if

P + P + P + +P = nP = Q

n times

Then even if P and Q are known, it is very difficult to calculate n.

This is the discrete log problem over elliptic curves(over the elliptic curve

subgroup to be precise) upon which the security of ECCs is based.

Security of Elliptic Curve Cryptosystems

A MIPS year represent one year of a machine capable of performing one million

instruction per second. 1012

MIPS years represents acceptable security at this time. Sincethis would require most of the computing power on the planet for a considerable length of

time.

It is estimated that an RSA-1024 modules will take 310 11 MIPS years to

factorise.

EC discrete log problem

The selection of an elliptic curve is a slow, complex but necessary processes to

ensure that the curve offers the requires security. Many elliptic curve have been classified

as unsuitable for cryptographic implementations. Although these do not form a

Page 12 of 84


13/84


significant proportion of the total number available they still have to be wedded out in

advance.

As a rule of thumb there are about 2p different elliptic curves over GF(p) and

each of these curves has about p points in it.

The security of an ECC is based upon the EC discrete log problem. This is much

more difficult problem than the integer factorization problem (upon which RSA is based)

or the discrete log problem upon which, say diffie-hellman protocol is based.

Now , the measure of the security of an ECC(based upon the EC discrete log problem) is

given by:

The largest prime divisor, q, of the number of points which satisfy the elliptic

curve equation.

It is NOT the length of the field elements.

For example, a curve in EC-167 might offer the same activity level as a curve in

EC-247.

So how the EC is chosen is very important.

The most efficient techniques currently available to attack the EC discrete log

problem are based upon parallel collision.

Keylength

Whenever the term EC-k is used, the k refers to the length of x and y, or the

elements in the underlying field, e.g.EC-161. However, k is sometimes referred to as the

keylength. This is confusing as the actual measure of security is not based upon k at all.

But if the elliptic curve has been selected well the measure of strength, describe above,

will be k-1 bits at most.

So a security level of k-1 bits implies that a curve in EC-k or grater is required.

Page 13 of 84


14/84


It is also unclear how the length of the key varies between implementations, i.e.,

how does the keylength in a GF(2n) implementation differ from the keylength in a GF(p)

implementation.

This question can be answered in terms of the cost required to build special

purpose architectures to attack each type of implementation. One (GF(2n), assumes a

hardware approach ,the other , GF(p), might be tackled using distributed software.

Using this approach, recent results, based upon comparison with RSA-1024,

suggest that GF(p) implementation, where p is 162 bits, offers similarly security to a

GF(2n) implementation where n ranges from 171 to 180 bits.

Page 14 of 84


15/84


3.3IMPLEMENTATIONS

There are two common ways of implementing elliptic curve cryptosystems over

finite fields.

o Over GF(p) (the integer modulo p),

o Over GF(2n) (n-dimensional binary vectors)

We want to perform addition, subtraction, multiplication and division in the finite

field of implementation.

GF(p)

Algorithm for performing arithmetic modulo p are well known. These are

necessary for existing implementations based on modular arithmetic e.g. RSA, Fiat-

shamir, DSA and Diffie-Hellman.

GF(2n)

Over GF(2n) these operations are completely different. The mathematics is based

around manipulation ofpolynomials with binary coefficients, or objects which look like,

for example.

1+X+X3+X5 = 1+1X+0X2+1X3+0X4+1X5.

This polynomial corresponds to the binary vector (1,1,0,1,0,1). Note that a point

on the EC now exists of a pair of binary vectors.

This binary representation reduces the complexity of the basic arithmetic

operations both in hardware and software. Furthermore, depending upon how the

polynomials are selected, it is possible to map these operations to a logic design in a

trivial way.

Page 15 of 84


16/84


For example, addition is (+) of two vectors, squaring becomes a rotation of a

binary vector and multiplication, a set of connections between two vectors, both rotated.

For custom silicon applications, the implementation of a multiply over GF(2n)

occupies a smaller area than an integer multiply.

Division is still hard through.

Performance between implementations

The GF(p) implementation, where p is 162 bits, offers similar security to e

GF(2n) implementation where n ranges from 171 to 180 bits. It also offers similar

performance, due to shorter keylength.

However the similarity stops there. There is no compatibility between the two

systems and a device dedicated specifically to arithmetic over GF(2n) might be

disadvantaged if alternative cryptosystems, such as RSA, need also to be implemented. If

blazing performance is not an issue , a perfectly adequate ECC performance might be

achieved in software with no hardware support, both for GF(p) and GF(2n). This is of

specific interest for, say, smartcards for which additional mathematical coprocessor is

absolutely mandatory to perform the demanding computations for RSA.

Page 16 of 84


17/84


3.4 SETTING UP AN ECC OVER GF(P)

a. select random a,b from GF(p) and create a curve, y2 = x3 + ax +b

b. compute the number of points, N, which satisfy the curve

c. check the curve offers sufficient security, i.e. N has a large prime factor q.

d. make sure that the discrete log problem is hard for this curve, i.e.

check that q does not divide pk 1 for k=1,.,20.

Check that q does not equal N

e. select a non zero generator, P, for the elliptic curve subgroup. So the subgroup

consists of the q elements,{P,2P, 3P.(q-1)P, qP} where qP - 0 .

Page 17 of 84


18/84


4. EXAMPLE OF AN ECC OVER GF(P)

Set p=11(a prime of manageable size) and consider the elliptic curve equation

given by:

Y2 = x3 + 10x+10MOD11

We want to find pairs(x0,y0) which satisfy this equation. Any old pair wont do.

For example (0,) does not satisfy the equation and hence does not lie on the curve.

One way to do this is to find x0 and y0 for which y02MOD 11 is equal to

x03+10x0+10MOD11.

x x3+10x+10MOD11 y y2MOD11

0 10 0 0

1 10 1 1

2 5 2 4

3 1 3 9

4 4 4 5

5 9 5 3

6 0 6 3

7 5 7 5

8 8 8 9

9 4 9 4

10 10 10 1

Table 1

By referring Table 1 a list of such points(x,y) can be created, for example (5,3)

and (5,8) both result in y02 MOD 11 = x0

3+10x0+10 MOD 11 = 9.

Using this approach the entire set of points which satisfy the equation can be

calculated. There are 13 points for which y02 MOD 11 = x0

3+10x0+10 MOD 11 as

follows:

Page 18 of 84


19/84


y02 MOD 11 = x0

3+10x0+10 MOD 11 (x, y)

0 (6,0)

1 (3,1), (3,10)

4 (4,2),(4,9),(9,2)(9,9)

5 (2,4),(7,4),(2,7),(7,7)

9 (5,3),(5,8)

Table 2

These points (x, y) may now be plotted. These points, together with the point of

infinity 0, make up the elliptic curve group of 14 points. Note that there are two prime

divisors of 14: 7 and 2. The security of this EC depends upon the largest of these

numbers, i.e. 7.

Negatives of Points

Recall that P + (-P) =0. As an example let P = (3,1), then P is obtained by

negating the y coordinate. So P =(3,-1).

Now -1 MOD 11 = -1 + 11 MOD 11 = 10.

So P = (3,10) which is one of the existing points.

Page 19 of 84


20/84


The other points are listed in Table 3.

Table 3

Addition of points

Now if any of these points is selected and added to itself (doubled) the result is

another point on the curve. To see this recall the addition rule for Elliptic curves for two

points P(x1, y1) and Q(x2, y2) on the curve. Then,

P(x1, y1) + Q(x2, y2) = R(x3, y3)

is defined by

x3 = 2 x1 x2

y3 = (x1 x3) - y1

Page 20 of 84

P -P(6, 0) (6, 0)

(3, 1) (3, 10)

(3, 10) (3, 1)

(4, 2) (4, 9)

(4, 9) (4, 2)

(2, 4) (2, 7)

(2, 7) (2, 4)

(7, 4) (7, 7)

(7, 7) (7, 4)

(5, 3) (5, 8)

(5, 8) (5, 3)(9, 2) (9, 9)

(9, 9) (9, 2)


21/84


where

= (y2 y1)/ (x2 x1) P Q

= (3 x12 + a) / 2 y1 P = Q

The effect of addition is to bounce around the elliptic curve.

Addition when P = Q

As an example consider the sum of P = (3, 1) and Q = (3, 1). This is the case P = Q.

Then

x1 = 3 = x2, y1 = 1 =y2

and =(3 x12 + a) / 2 y1 MOD 11

= (3*9+10)/(2*1) = (27 +10)/2 = (37/2) MOD 11

Now division by 2, MOD 11 is the same as multiplication by 6, MOD 11. (Note

that 2*6 = 12 = 1 MOD 11 or 6 = MOD 11).

So

= 37*6 MOD 11 = 222 MOD 11 = 2 MOD 11

x3 = 22 3 - 3 MOD 11 = -2 MOD 11 = 9 MOD 11

y3 = 2(3-9)-1 = -13 MOD 11 = 9 MOD 11

and hence

(3, 1) + (3, 1) = 2 * (3, 1) = (9, 9)

Addition when P Q

We shall now add P to 2P and obtain 3P.

From the previous section P = (3, 1), Q = (9, 9) so x1 = 3, x2 = 9, y1= 1 and y2= 9

and

= (y2 y1)/ (x2 x1)

= (9-1)/(9-3) =8/6=4/3 MOD 11.

Division by 3, MOD 11 is tha same as multiplication by 4, MOD 11. (4*3 = 1

MOD 11)

Page 21 of 84


22/84


= 4*4 MOD 11 = 16 MOD 11 = 5 MOD 11

x3 = 25 3 9 MOD 11 = 13 MOD 11 2 MOD 11

y3 = 5(3 2)-1 = 4 MOD 11

and hence

(3, 1) + 2(3, 1) = 3 * (3, 1) = (2, 4)

Further multiplies of points are displayed in the following table:

P 2P 3P 4P 5P 6P 7P 8P 9P 10P 11P 12P 13P 14P

(6,0) O

(3,1) (9,9) (2,4) (4,2) (5,8) (7,7) (6,0) (7,4) (5,3) (4,9) (2,7) (9,2) (3,10) O

(4,2) (7,4) (9,2) (9,9) (7,7) (4,9) O

(9,2) (4,9) (7,4) (7,7) (4,2) (9,9) O

(5,3) (4,2) (3,10) (7,4) (2,4) (9,2) (6,0) (9,9) (2,7) (7,7) (3,1) (4,9) (5,8) O(2,4) (7,7) (5,3) (9,2) (3,1) (4,2) (6,0) (4,9) (3,10) (9,9) (5,8) (7,4) (2,7) O

(7,4) (9,9) (4,9) (4,2) (9,2) (7,7) O

(2,7) (7,4) (5,8) (9,9) (3,10) (4,9) (6,0) (4,2) (3,1) (9,2) (5,3) (7,7) (2,4) O

(7,7) (9,2) (4,2) (4,9) (9,9) (7,4) O

(5,8) (4,9) (3,1) (7,7) (2,7) (9,9) (6,0) (9,2) (2,4) (7,4) (3,10) (4,2) (5,3) O

(4,9) (7,7) (9,9) (9,2) (7,4) (4,2) O

(9,9) (4,2) (7,7) (7,4) (4,9) (9,2) O

(3,10) (9,2) (2,7) (4,9) (5,3) (7,4) (6,0) (7,7) (5,8) (4,2) (2,4) (9,9) (3,1) O

Page 22 of 84


23/84


5. COMPARISON OF RSA AND ECC

Security

Menezes and Jurisic compared the time required to break the ECC with the timerequired to break RSA for various modulus sizes using the best general algorithm

known. Values were computed in MIPS years, which represents a computing time of one

year on a machine capable of performing one million instructions per second.

The results are listed in Table. As a bench- mark, it is generally accepted that

1012 MIPS years represents reasonable security at this time, since this would require

most of the computing power on the planet to work for a considerable amount of time.

Key size: Equivalent strength comparison

Time to break

(in MIPS years)

RSA key size

(in bits)

ECC key size

size

RSA/ECC key

ratio

104 512 106 5 : 1

108 768 132 6 : 1

1011 1024 160 7 : 1

1020 2048 210 10 : 1

1078 21000 600 35 : 1

Menezes and Jurisic found that to achieve reasonable security, RSA would need

to employ a 1024-bit modulus, whereas a 160-bit modulus should be sufficient for the

ECC. They found that ECC required a smaller modulus than RSA and that the security

gap between the systems grew as the key size increased. For example, 300-bit ECC is

significantly more secure than 2000-bit RSA, because the ECDLP problem is judged to

be the harder problem.

Another way to look at this security issue is to compare the equivalent strength of

RSA keys and ECC keys for smart card applications. The Table 5.4 shows that in smart

card applications requiring higher levels of security, ECC is able to offer security

without a great deal of additional system resources. In September 1999, nearly 200

people using 740 computers managed to crack a message encrypted with 97-bit elliptic

Page 23 of 84


24/84


curve cryptography. The process took 16,000 MIPS-years of computing, about twice as

much as used by the team that recently cracked a 512-bit RSA encryption key.

On April 4, 2000, an international team of researchers led by Robert Harley,

Damien Doligez, Daniel de Rauglaudre, and Xavier Leroy of INRIA (France)

announced the solution of the Certicom ECC2K-108 Challenge. The solution to the

ECC2K-108 challenge is believed to be the largest effort ever expended in a public-key

cryptography challenge. It took four months and involved approximately 9500 machines

and 1300 volunteers from 40 countries.It was expected that the ECC2K-108 challenge

would require about 5 times as much effort as expended in the ECC2-97 challenge

solved in September 1999.

The ECC2K-108 challenge was solved using the parallelized Pollard Rho method

and exploiting orbits of the negation and Frobenius maps. This method was developed in

1998 independently by Certicom researchers Rob Gallant, Rob Lambert, and Scott

Vanstone and by Harley s team. The amount of work required to solve the ECC2K- 108

challenge was about 50 times more than that required to solve the 512-bit RSA

cryptosystem, that is about 50 8000 MIPS-years.

While the solution of the ECC2K-108 challenge is an impressive computational

achievement, it was based on known methods for solving the ECDLP and not on any

fundamental advances. Nonetheless, the effort expended by Harley s group is of vital

importance because it provides practical confirmation of the theoretical estimates of the

difficulty of the ECDLP and the security of ECC.

Page 24 of 84


25/84


Efficiency

In both RSA and ECC, considerable computational savings can be made. In

RSA, a short public exponent can be employed (although this represents a trade-off and

does incur some security risks) to speed up signature verification and encryption. In

ECC, a large proportion of the signature generation and encrypting transformations can

be pre- computed. Also, various special bases for the finite field F2m can be employed

to perform the modular arithmetic involved in ECC operation more quickly.

State-of-the-art implementations of the systems from Certicom show that with all

of these efficiencies in place, ECC is an order of magnitude (roughly 10times) faster

than RSA. The use of a short public exponent in RSA can make RSA encryption and

signature verification timings (but not RSA decryption and signature generation timings)

comparable with timings for these processes using the ECC.

Space Requirements

Elliptic curve cryptosystems have the potential to provide security equivalent to

that of existing public key schemes, but with shorter key lengths. Having short key

lengths is a factor that can be crucial in some applications, for example, the design of

smart card systems. The arithmetic processor on a smart card is restricted in size to an

area of roughly 25 mm2.

An RSA chip designed to do modular multiplication of 512-bit numbers has

about 50,000 transistors, while a chip designed to perform arithmetic in the field F259 3

has about 100,000 transistors. With current technology, these devices are too large to be

placed on a smart card. By comparison, a chip designed to do arithmetic in F2m , where

m is about 200, would have less than 15,000 transistors, and would occupy about 15% of

the 25 mm2 are assigned for the processor. Another advantage to be gained by using

elliptic curves is that each user may select a different curve E, even though all users use

the same underlying field K.

Page 25 of 84


26/84


The following table lists the comparison results of the size of the system

parameters and selected key pairs for the different systems, and presents evidence that

the system parameters and key pairs are shorter for the 160-bit ECC than for 1024-bit

RSA.

Space requirements

System

parameters (bits)

Public key (bits) Private key (bits)

1024-bit RSA n/a 1088 2048

160-bit ECC 481 161 160

Certicom claims that both of the systems have similar bandwidth requirements

when they are used to encrypt or sign long messages, but say this situation changes for

the case where short messages are being transformed. Public key cryptographic systems

are often employed to transmit short messages, for example to transmit session keys for

use in a private key cryptographic system.

For the sake of this comparison, both schemes are being used to sign a 2000-bit

message, or to encrypt a 100-bit message The encryption algorithm used in encrypting

100-bit message is an ElGamal variant with point compression.

Size of the encrypted 100-bit messages

Encrypted message (bits)

1024-bit RSA 1024

160-bit ECC 321

Therefore it would appear from this comparison that ECC offers considerable

bandwidth savings over the RSA when being used to transform short messages.

Page 26 of 84


27/84


Summary

In summary, ECC provides greater efficiency than either integer factorization

systems, in terms of computational overheads, key sizes and bandwidth. In

implementations, these savings mean higher speeds, lower power consumption, and code

size reductions. However, the RSA system is globally accepted in vendor offerings and

may dominate the field until more research information about ECC becomes available.

Times are changing, though, and recently, in 1998, RSA Inc. announced the inclusion of

ECC technology in its basic cryptographic tool kit.

Page 27 of 84


28/84


6. PROBLEM FORMULATION

The elliptic curve cryptography is used as a highly secured cryptographic system for

encryption and decryption. The research work is to identify cryptographic techniquewhich uses minimum space requirements and efficiency of the system is achievable.

6.1 MAIN OBJECTIVE

The fundamental goal of cryptography has historically been to achieve privacy,

i.e. to enable two people, Alice and Bob, to send each other messages over an insecure

channel in such a way that only the intended recipient can read the message. This

objective has traditionally been met by using private key cryptosystems. Although

private key cryptography is adequate for many applications, it has the following

disadvantages which make it unsuitable for use in certain applications:

Key distribution problem: As described above, the two users have to select a key in

secret before they can start communications over an insecure channel. A secure channel

for selecting a key may not be available.

Key management problem: In a network of n users, every pair of users must share a

secret key, for a total of n (n - 1)/2 keys. If n is large, then the number of keys becomes

unmanageable.

No signatures possible: A digital signature is an electronic analogue of a hand-written

signature. This means that a digital signature allows the receiver of a message to

convince any third party that the message in fact originated from the sender. In a privatekey cryptosystem, Alice and Bob have the same capabilities for encryption and

decryption, and thus Bob cannot convince a third party that a message he received from

Alice in fact originated from Alice.

Public Key Cryptosystems

Page 28 of 84


29/84


The basic idea that led to public key algorithms was that keys could come in

pairs of an encryption and decryption key and that it could be impossible to compute one

key given the other. Since then, many public key algorithms have been proposed, most

of them insecure or impractical. All public key algorithms are very slow compared to

secret key algorithms. The RSA algorithm takes about 1000 times longer than the

popular private key encryption algorithm, DES, when implemented in hardware, and

100 times longer in software to encrypt the same amount of data.

However, public key algorithms have a big advantage when used for ensuring

privacy of communication. Public key algorithms use different keys for signing and

decryption, and for encryption and signature verification. The private key may only be

known to its owner and must be kept in secret. It may be used for generation of digital

signatures or for decrypting private information encrypted with the public key. The

public key may be used for verifying digital signatures or for encrypting information. It

needs not to be kept secret, because it is infeasible to compute the private key from a

given public key. Thus, users can post their public key to a directory, where everybody

who wants to send an encrypted message or verify a signature can look it up. Each entity

in the network only needs to store its own private key and a public directory can store

the public keys of all entities, which is practical even in large networks.

Today, public key cryptosystems may be broadly characterized as belonging to

one of three mathematical areas. These are:

Integer factorization, such as the RSA scheme, discrete logarithm schemes, such as the

USA s DSA, or Digital Signature Algorithm, and Elliptic curve cryptosystems, or more

accurately the elliptic curve discrete logarithm scheme.

The last two schemes should be considered to be related since both their security

depends on the difficulty of solving the discrete logarithm problem. At present, the most

commonly used public key cryptosystem is the Rivest-Shamir-Adleman encryption

scheme, RSA (the recommended key size for it is at least 1024bits), which can be used

to create digital signatures and to encrypt messages. The most common private key

cryptosystem is probably Data Encryption Standard, DES, but because private key

Page 29 of 84


30/84


cryptosystems can not be used to create digital signatures this thesis ignores them. It is

believed that ECC will become even more popular than RSA, because the key sizes

needed with ECC are much smaller (about 163 bits) than with RSA. The key size affects

the speed of the cryptographic operations, making them faster than RSA operations.

6.2 SPECIFIC OBJECTIVE

The specific objective of the system is to implement the Elliptic curve

cryptography for encryption and decryption of the information. The Elliptic curve uses

the public key cryptosystem. When two persons A and B wants to communicate with the

Elliptic curve cryptography the sender A will encrypt the data using the public key of B

and B on the receiving end decrypts using his own private key. The key being used might

vary but they share a common base point with which both encryption and decryption is

done.

The specific objective of the system is to generate user friendly system to find a

base in elliptic curve cryptography. Using this base point the public and private keys of

both the sender and the receiver is generated. With the generated keys the encryption and

decryption of the data is done.

Page 30 of 84


31/84


6.3 METHODOLOGY

The methodology to implement Elliptic curve cryptography is that the base point

should be generated and the public and the private keys are generated and finally he data

is encrypted and decrypted using the keys generated.

An elliptic curve E over the complex numbers is the set of points (x, y)

satisfying the equation

y2 = x3 + ax + b

For the given values a and b the equation should satisfy the following criteria:

4a + 27 b O

together with a special point O, this is called the point at infinity (but really behaves

like a 0 under addition).A prime value P is generated with which the curve points are

generated. Using the prime values the pairs of point that satisfies the equation

y2 = x3 + ax + b MOD P is generated.

Using the curve points, the elliptic curve group points that satisfy the equation is

identified. The addition of points is done which satisfies the condition that the resultantadded point should also lie on the curve.

With these base points the public and the private keys are generated for

encryption and decryption.

Page 31 of 84


32/84


6.3.1 MODULES

The System implements the following modules for generating elliptic curve points.

1. Base Point Generation

2. Key Generation

3. Encryption

4. Decryption

Base Point Generation

The base point generation module is used to generate the base point for generating

the key values.

Big Integer Method

The Big integer method is developed to implement the big integers for the number

generation. The Big integer method is implemented in a DLL file and this is capable of

doing all basic arithmetic operations. The input is accepted as the string input and the

validations are done.

The big integer method gets the input which the user typed and invokes the

following methods in it:Big integer add, Big integer Subtract, Big integer compare, Big

integer multiplication, Big integer power, Big integer divider.

All methods has a common function of Check for the numeric input, truncates

unwanted zeros, Checks for the sign of the input.

This module is designed to generate the curve points and identify the base point

with which the keys are generated. The elliptic curve formula y2 = x3 + ax + b is used to

generate the curve points and identify the base point. The a and b values (either signed

or unsigned) are accepted from the user. The a and b values should satisfy the following

Page 32 of 84


33/84


condition: 4a + 27 b O The check option checks for these values to satisfy the above

mentioned condition.

A P value (prime value) is generated. The option is added to generate the prime

either bit wise or lengthwise. The manual entry of prime number also is given and the

manual entry is also validated for prime. The big integer method is called to perform the

operations. The manual entry for prime is validated with the Isprobableprime method of

the Big integer method.

The validated a and b values together with the prime value is used to generate the

curve points. The x and the y pair values are generated in table with x and y as follows:

x3 + ax + b MOD P (1)

y2 MOD P (2)

The points on the curve are identified when the equations (1) and (2) are equal.

The maximum prime number in the points is identified. The security of the Elliptic curve

depends on this largest prime value. The maximum prime and the base point are stored

in a text file.

The modules can be selected and executed with the help of the menu.

Page 33 of 84


34/84


The base point generation module generates the curve points, maximum prime

and the base points and the form appears as follows:

The base points are saved as a separate text file and the form appears as:

Page 34 of 84


35/84


Key Generation

A secret key is used for both encryption and decryption. The Key Pair consisting

of a public key and private key uses the public key for decryption and the private key for

encryption. When the key pair is generated, an association between the public key and

private key is generated, so that only that specific public key will decryption messages

with that specific private key. The public key is distributed to users for decrypting the

messages. The private key is not for distribution but kept by the owner of the key to

encrypt the messages.

The key agreement is how the key is exchanged or distributed to a user so that he

or she may decrypt the message or data. The key used for encryption, in most cases,

should not be distributed unless there are no other choices. Sometimes the keys may also

be used for digital signatures. The secret key produces only one key for the encryption

and decryption; a generic, not a Java code, method will be a pseudocode like the

following:

Cipher text=Encrypt( secretKey, Plaintext);

Plain text=Decrypt (secretKey, Cipher text);

The key generation module is used to generate the keys from the base point

which is obtained from the previous module. The private key which is the prime value is

generated. The option of the manual entry of the prime number is given which is verified

by the isprime function. The base key is opened with which the public key is generated.

The keys generated are stored in a separate text file for public and private key.

The public and the private keys are generated and saved based on the base point

that is generated. The form appears as follows:

Page 35 of 84


36/84


Page 36 of 84


37/84


Encryption

The public key encryption is implemented for encrypting the files. The private

key of the sender and the public key of the receiver is used to encrypt the selected file.

The encrypted file is stored in a separate text file.

The Encryption module encrypts the text file and saves the encrypted text. The private

key of the sender and the public key of the receiver is used to encrypt the text file.

]

Page 37 of 84


38/84


Page 38 of 84


39/84


Decryption

The encrypted file that is being stored is located. The decryption is done with the

receivers private key and the senders public key. The decrypted file is stored as a

separate text file.

Page 39 of 84


40/84


Page 40 of 84


41/84


6.3.2SYSTEM FLOW CHAT FOR KEY GENERATION

Page 41 of 84

Start

Getting a,b

4a3+27b20

Getting p

Generate qP for 1

st

curvepoint

yes

no

no

Generate n Curve PointsBy y2=x3+ax+b

Generate q that is largeprime factor forn

qP0

Store the Base Point

yes

Getting private kev(pkev) and it is prime

Calculate pkeyP for the basePoint and it is the pubic

stop

Generate qP for next curve

point

n=q


42/84


SYSTEM FLOW CHART FOR ENCRYPTION

Page 42 of 84

Getting public key

(Bx,By)

Getting private keyof A

Process A(Bx,By)

Getting input text to

encrypt

Process original text to(x1,y1)

Cipher text (xc,yc)= (x1,y1)+A(Bx,By)

Start

Stop


43/84


SYSTEM FLOW CHART FOR DECRYPTION

Page 43 of 84

Getting

cipher text

(xc,yc)

Start

Getting publickey (Ax,Ay)

Getting private

key of B

Process B (Ax,Ay)

Process cipher text to

(x1,y1)(x1,y1)=(xc,yc)-B(Ax,Ay)

Process B (x1,y1) to

original text

Stop


44/84


6.4 SYSTEM SPECIFICATION

Hardware Specification

Processor : Intel Pentium IV 2.66 GHz

RAM : 256 MB SD RAM

Hard Disk Drives : 40 GB

CD R/W : Samsung CD Writer

Floppy Disk Drives : 1.44 MB

Monitor : 15 Color Monitor

Keyboard : 104 keys Keyboard

Mouse : 2 Button Scroll Mouse

software specification

Operating System : Windows 2000

Sortware : Visual Basic 6.0

Page 44 of 84


45/84


About Visual Basic 6.0

Visual Basic is a GUI (Graphical User Interface).

Visual Basic is a Front-End.

Visual Basic is a Event Driven Programming Langauge.

Visual Basic is a Client / Server Application Tool.

Visual Basic is a RAP Programming Tool.

Visual Basic is a Language

Visual Basic is a Microsoft Product.

Application:

A collection of code and visual elements that work together as a single Program.

Developers can build and run application within the Integrated Development

Environment (IDE). When users usually run application as executable files outside the

development Environment.

Code Window:

The code window is where you write visual basic code for your application. Code

window consists of language stats, constants and declaration. Listing the code window,

you can quickly view and edit any of the code in your application.

The code window includes the following elements:

1. Object box

2. Procedure list box.

MDI form:

A window that makes up the background of a multiple-document interface(MDI)

application. The MDI for is the container for any MDI child forms in the application.

Visual Basic Custom Controls:

Page 45 of 84


46/84


Visual Basic 6.0 provides us a number of custom controls of which ate some ate

databound controls. Active X controls etc. Since a majority of these controls happen to

be active X controls, these custom controls are also called as Active X controls. An

active X control is an object that we place on a form to enable or enhance a users

interaction with an application. Active X controls have events and can be incorporated

into other controls. These controls have an .ocx file name extension.

Features of Visual Basic 6.0

1. Ms-transaction server.

2. Ms-internet information server.

3. Ms-message queue server.4. Custom data bound control.

5. Custom data aware com controls.

6. Dynamic HTML.

7. Mobile computing support (WAP).

8. Hierarchical flex grid control.

9. New Integrated Report writers.

Active-X Controls:

Apart from VB standard controls a number of Active-x controls are available.

These Active-x controls are registered in the windows platform.

In VB, two types of Active-x controls are available

Built in active-x controls (or) Custom control

User defined Active-x controls (or) User Controls

The file extension is .OCX

Modules:

Code that is attached to a form is accessible from anywhere on that form, but a

program may have more than one form. It will sometimes be necessary to have program

code that can be reached from any form and in this case that code would be written on a

Page 46 of 84


47/84


module. Module disappear fr4om view when the programs runs, only forms have an on-

screen existence. There may be several modules in one program, and each is saved as a

separation.

Project:

The project holds together the various forms and modules that makeup a program.

Its purpose is primarily one of convenience. When we want to start work on a program

we only have to open the one project file marked by a MAK extension rather than a

whole set of forms and modules.

Procedure:

All the code in a program is written in procedures or subroutines. Most of these

will be attached to a control or more accurately to an event belonging to a control some

will be free standing. All start with the key word sub and close with end sub.

Page 47 of 84


48/84


7. SYSTEM ANALYSIS AND DESIGN

7.1 TECHNICAL ANALYSIS

Technical analysis begins with an assessment of the technical viability of the

proposed system. The possible information system benefits are contributions from

calculating and printing tasks, record-keeping tasks, record searching tasks, system

restructuring capabilities etc. Few contributions are listed below:

Improved accuracy in calculating Tasks

Ability to quickly change variables and values in calculation programs

Ability to automatically collect and store data from records

Increased capacity for record keeping in terms of space and cost

Improved security in records storage

Improved portability of records

Faster retrieval of records

7.2 FEASIBILITY ANALYSIS

Feasibility study is a test of proposal to its workability, impact, ability to meet the

user needs and effective use of resources. It is both necessary and prudent to evaluate the

feasibility of a project at the earliest possible time. Feasibility and risk analysis are

related in many ways. If project risk is great, then the feasibility of producing quality

software is reduced.

Feasibility study focuses mainly on the following questions.

Is there a better way of performing users work rather than the current

method?

What is the cost involved in going for a new system?

What are the benefits the user could gain over the current system?

What is recommended?

Page 48 of 84


49/84


Feasibility consideration

Feasibility analysis involves three main considerations namely

Technical Feasibility

Behavioral Feasibility

Economic Feasibility

Technical Feasibility

Technical feasibility is a study of function, performance, and constraints that may

affect the ability to achieve an acceptable system. The considerations that are normally

associated with technical feasibility include the following:

Development risk: The necessary functions and performance can be analyzed.

The Distributorship management system is analyzed completely in the system study

phase which reduces the development risk. The major development risk in performance

might be based on the flow of data through the hierarchy of the system. The exact data

based on the login should be provided which enhances the performance and functions.

Resource Availability: The resource availability for this technical process is the

necessary software, hardware and the man power with technical skills. All these

resources are satisfied and prove the system technically feasible.

Behavioral Feasibility

Behavioral Feasibility aims at estimating whether the user is able to cope with the

new system. The project has got sufficient support from the management and from the

users. The system was found to be operationally feasible.

Economic Feasibility

This procedure involves the analysis of cost involved to set up the new system

and the cost involved is compared with the benefits that the new system would render.

Page 49 of 84


50/84


7.3 MENU DESIGN

A menu is a list of options organized in a specified format that simplifies the data and

access. While designing the menu, the following objectives are followed:

Names for each menu are given clearly in an understandable manner.

Shortcut key is given for each menu for easy selection.

Sub-menus are added whenever necessary to avoid a lengthy list.

Menu Design

The menu is designed with the main motive of user friendliness which allows the

user to navigate through the various modules available in the system. The modules are

compiled by the users with a single click in the menu option. This facilitates the user to

execute the system in an efficient manner. The menu is limited with only the module

options such that all the other activities within the module can be executed at their

location without returning to the menu all the time.

Page 50 of 84


51/84


7.4 INPUT DESIGN

The quality of system input determines the quality of the system output. Input

design specifies the manner in which data enters the system for processing. Processing

input and designs are done in such a way that it caters to the requirement of the end-users,

extensive care has to be taken to ensure the validity of the input data. It determines the

acceptance of the project by the user. Hence, input design plays a major role in the

development of the system.

The features of input design are:

Reliability

Operational efficiency

Interaction

The objectives of the input design are

Controlling Amount of Input

Avoiding Delay

Avoiding Errors in Data

Keeping the Process Simple

Controlling Amount of Input

The amount of input the user has to type in, should be less without tiring the user

to access the information. The standard input can be provided in the form of selection for

better access. Here, the major interacting input media is through the controls and

hyperlink. Simple and straightforward hyperlinks are provided for easier

understandability of the system flow.

Avoiding Delay

Since, the information is provided as web pages and the length of the page is

made short, the information can be accessed without delay.

Page 51 of 84


52/84


Avoiding Errors in Data

The major form of input is through well-structured controls and hyperlinks.

Hence, there is no way for crawling erroneous information. All the links are designed in

such a way that it specifies the information in the next page, in short and sweet manner.

Keeping the Process Simple

The Inputs are designed in such a way, that even the novice user can use this

project without others support. Improper designing of the input will lead to the

misunderstanding of information. Hence, this phase has been handled with great care in a

well-detailed manner, so that the users are taken along the right path.

Input Forms

Form 1: Base Point Generation Form

The input form is designed to obtain the curve points and to identify the

base point for the given a and b values. The formula for the elliptic curve is:

y2 = x3 + ax + b,

Page 52 of 84


53/84


plus a special point O that lies infinitely far up the y axis. The given values a and b

should satisfy the equation 4a + 27 b 0. The prime values are generated either

manually or through the system with the given length or given bit value. With the

obtained prime value the curve points are generated and the maximum Prime on the

generated curve points is identified. With this maximum prime value generated the base

point of the elliptic curve is identified. The obtained base point is saved in a separate text

file with the extension _BasePnt.

Page 53 of 84


54/84


Form 2: Key Generation Form

The key generation form id used to generate the public and the private keys. With

the base point obtained in the previous form the keys are generated.

Private Key: The private key is generated by specifying the prime number. The prime

number which acts as the private key is generated either manually by the user or it can be

randomly generated by the system. The private key which is generated is saved in a

separate text file with the extension _pvkey which is used later for the process and

encryption and decryption.

Public Key: The public key generation is generated with the private key and the base

point that has been generated for the elliptic curve. The public key which is generated is

stored in a separate text file with the extension _pbkey which is used during the process

of encryption and decryption.

Page 54 of 84


55/84


Form 3: Encryption Form

The Encryption for is used for the encryption of the text file using the keys that

have been generated. The form is designed to get the input of the text file, the public and

the private keys which is to be used for the process of encryption. The validations are

done to check for the opening of the private and the public keys.

The open file option is used for selecting the text file which is to be encrypted.

The encrypt option encrypts the text file and converts it into the curve points. When the

sender wants to send some text data he encrypts the data with their own private key and

the receivers public key. The encryption is done by the repeated addition of the points to

the number of times in the private key value. The points will be the result of the addition.

The encrypted text file is separately stored in a text file.

Page 55 of 84


56/84


Form 4: Decryption Form

The decryption form is used to decrypt the cipher text using the public and the

private keys. The form has the option to open the cipher text and the keys that are

generated. The receiver decrypts the cipher text with their own private key and the

senders public key value. The decrypted text is separately stored in a text file.

Page 56 of 84


57/84


7.5 OUTPUT DESIGN

Output design is also one of the important phases in system design. Output,

generally refers to the results and information that are generated by the system. For many

users, output is the main reason for developing the system and it is the basis on which

they will evaluate the usefulness of the application.

The main form of interaction between the users is the output. Hence, the output

should be designed with great attention. The output should be presented in an impressive

form, which will satisfy the user requirement in simple and attractive manner. The

information is organized in a formal manner so that a user can easily identify and fulfill

their requirements. Precise information is provided so that the user can make the utmost

use of this application.

Since, the output is designed keeping in mind the users requirements in the organization

it is designed in such a way that a new user can also easily work in the environment, the

system is found to reach the user effectively.

Page 57 of 84


58/84


Form1: The form that shows the curve points and the base point

Form 2: The form that shows the output of the generated keys

Page 58 of 84


59/84


Form 3: The form that shows the encrypted text

Form 4: The form that shows the decrypted Text

Page 59 of 84


60/84


8 SYSTEM TESTING

In any software development, testing is a process to show the correctness of the

program and it meets the design specifications. Testing is needed to prove correctness, to

show completeness, to improve the quality of the software and to provide the

maintenance aid. Some testing standards are therefore necessary to ensure the

completeness of testing, improve the quality of the software, and reduce the testing costs

and to reduce study needs and operation time.

Testing Objectives

Testing is the process of executing a program with the intent of finding an error.

A good testing case is the one that has a high probability of finding an as yet

undiscovered error.

A successful test is one that uncovers an as yet undiscovered error.

Levels of testing

The various levels of testing are as follows

Unit testing: Individual components are tested to ensure that they operate correctly. Eachcomponent is tested independently, without other system components.

1. System Testing: The sub-system is integrated to make up the entire system. The

testing process is concerned with finding errors, which result from un-anticipated

interactions between subsystem components. It is also concerned with validating

the system meets its functional and non-functional requirements.

2. Acceptance Testing: This is the final stage in the testing process before the

system is accepted for operational use. Acceptance testing may reveal error and

omissions in the system requirements definition because real data exercises the

system in different ways from the test data. Acceptance testing may also reveal

requirements problem where the system facilities do not really meet the users

need or the system performance is unacceptable.

Page 60 of 84


61/84


TESTING STRATEGIES:

1. Top-down Testing: Top-down testing tests the higher levels of a system testing

its detailed components. The program is represented as a single abstract

component with sub components represented by stubs. Stubs have the same

interface as the components but with very limited functionality. After the top-

level component has been tested, its sub-components are implemented and tested

in the same way. This process continues recursively until the bottom-level

components are implemented. The whole system may then be completely tested.

2. Bottom-Up Testing: Bottom-up testing is the converse of Top-Down Testing. It

involves testing at lower levels of the hierarchy and then working up the hierarchyof the modules until the final module is tested. The advantage of bottom-up

testing is the disadvantage of the top-down testing and vice-versa. When using

bottom-up testing drivers must be written to exercise the lower-level components.

These test drivers simulate the components environment and are valuable

components; the test drivers and the test data should be distributed with the

component. Potential re-users can then run these to satisfy themselves that the

component behaves as expected in their environment.

3. Black box Testing: Knowing the specified function that a product has been

designed to perform, test can be conducted that demonstrates each function that is

fully operational, at the same time searching for errors in each function. Black

Box testing focuses on functional requirements of the software.

Black Box testing attempts to find out error in the following categories:

Incorrect or missing functions

Interface errors

Error in data structure or external database access

Performance and errors

Initialization and termination errors

Page 61 of 84


62/84


4. White Box Testing: Knowing the internal working of a product, test can be

conducted to ensure that all gears mesh that is internal operation performs

according to specification and all internal components have been adequately

exercised. Using white box testing method, the software engineer can derive test

cases that

Guarantee that all independent paths within a module has been

exercised at least once

Basic path testing.

Exercise all logical decisions on their true and false sides-

condition testing.

Exercise all loops at their boundaries and within their operation

bounds-loop testing.

Exercise internal data structures to assure their validity-data flow

testing.

Page 62 of 84


63/84


Validations

The values of a and b in the Elliptic curve formula should satisfy the equation 4a

+ 27 b 0. The check condition is done and the validated resulting formula is displayed

to the user.

The base point that is generated is stored as a separate text file. The validation is done to

check whether the data is stored in a text file separately.

Page 63 of 84


64/84


The validation is done to check for the prime values that are given manually or when a

random number is given by the user. (Base point generation form)

The validation is done to check for the prime values that are given manually or when a

random number is given by the user. (Key generation form)

Page 64 of 84


65/84


When the user try to generate the key with the wrong value or when the user does not

give the proper base key value, the validation is done and the information is prompted to

the user.

During encryption process when the user tries to open a public key file instead of a

private key file of vice versa the validation is done and the information is intimated to the

user.

Page 65 of 84


66/84


9.IMPLEMENTATION

The implementation plan consists of the methods for changing from the old

system to new one. It includes the activities that take place to convert from the old system

to the new.

Changeover

Changeover is the process where the existing system is converted into the new

system. The changeover from old to new system takes place when:

System is proved to the satisfaction of systems analyst and other implementation

activities are completed.

User managers are satisfied with the results of system tests, staff training and

referenced manuals.

Target date for changeover is due.

The most common methods to achieve changeover are:

Direct changeover

Parallel running

Pilot running

Staged changeover

The type of changeover going to be adopted for the system is parallel running.

Parallel running means processing current data by both old and new systems and

crosscheck the results. The old system kept alive and operational until new system is

proved for at least one system cycle, using full live data in the real operational

environment of place, people, equipment and time.

The advantages are that we can access the performance of both the systems and it

will increase the morale of the staff and the management. Since both the systems have to

be maintained at the same time, there are only fewer chances for mistake.

Before installation of the software the hardware specification are checked. If the

hardware specifications are satisfactory then the software is loaded. When the users and

Page 66 of 84


67/84


management are satisfied with the system, the existing system is stopped and the new

system is implemented. This change from the existing system takes place.

Page 67 of 84


68/84


10. CONCLUSION

RSA offers fast Signature verification and encipherment

ECC offers fast Signature generation and key exchanges

Currently, Elliptic curve cryptosystem offer a much shorter key size, 160 - 180

bits, for equivalent security to RSA 1024. However it is important to look also at

performance in addition to security.

ECC are well suited to Stressed environments, where there is bandwidth or

processing limitations, say due to physical constraints-ECC custom silicon tends to be

compact and the parameters smaller.

At present ECC implementations provide a slower signature verification than

RSA and faster signature generation than RSA. This suggest that the use of ECC may

favor those application which are signature generation intensive are requiring online key

exchange.

This is quite simplistic though. Underlying this are the whole set of knotty issues.

Depending upon how the ECC is implemented. For example will 1 or 2 curves become

standardized or will curves be generated by individuals (For a successful cryptographic

exchange all parties will need to be using the same EC and there are roughly 2p curves

over GF (P)). These are not insurmountable concerns but are nevertheless raised as issues

by those developing such system.

This implies that, at present, an ECC implementation should be carefully thoughtthorough. The compatibility issue may resolve themselves as it becomes clear what the

favored ECC implementation is.

Finally, ECCs have only been intensively studied over the last 10 years or so.

Although their Newness used to be viewed as an obstacle it is much less the case now.

Page 68 of 84


69/84


ECC are being widely accepted and incorporated in the design of new system as an

alternative crypto technology. Moreover, ECCs have been successfully implemented in

mobile radio and franking applications.

Page 69 of 84


70/84


11. SUGGESTIONS FOR FUTURE WORK

The cipher text that contains the curve points is stored as a separate text file. In

future the curve points can be stored in a separate database and the curve can be

generated.

The application can be extended in a network and encrypted data can be

transmitted over the network. In future the research can be extended to encrypt the audio

and video files.

To further speed up the implementation there are many algorithms available to

make the elliptic curve operations faster. For example to speed up the polynomial

multiplication one can use the Fixed Base Windowing algorithm.

Page 70 of 84


71/84


BIBLIOGRAPHY

WEBSITES

www.wikipedia.com

REFERENCE BOOK

Charlie Kaufman, Radia Perlman, Mike Speciner, Network Security PRIVATE

Communication in a PUBLIC world, Second Edition, 2002.

Roger S. Pressman, Software Engineering, Edition IV, 1997.

Ellias Awad, System Analysis And Design, Edition II, Galgotia publications.

Roger S.Pressman, Ph.D, Software Engineering A Practitioners Approach,

Tata McGraw Hill, Fifth Edition, 2002.

Evangelos Petroutsos, Mastering Visual Basic 6.0 Golgotia publications (P)Ltd, 1998.

Michael Halvorson, Learn Microsoft Visual Basic 6 now, Prentice Hall of India,

2001.

Smith A, Valor Whisler, Visual Basic 6 Programming Bible, Computer Science

Press, 1998.

Page 71 of 84
http://www.wikipedia.com/http://www.wikipedia.com/


72/84


APPENDICES

A. SAMPLE SCREENS

Page 72 of 84


73/84


Page 73 of 84


74/84


Page 74 of 84


75/84


Page 75 of 84


76/84


Page 76 of 84


77/84


Page 77 of 84


78/84


Page 78 of 84


79/84


Page 79 of 84


80/84


Page 80 of 84


81/84


B. SAMPLE CODE

Dim bm As New BigIntegerMethods

Dim a As Integer, b As Integer

Dim X As String, Y As String, p As String, mp As String

Dim tot_pnts As String

Dim x3 As String, y3 As String

Dim nx1 As String, ny1 As String

Private Sub base_txt_Change()

SendKeys "^{end}", True

End Sub

Private Sub check_ab_Click()

Dim c As Integer

tp_lbl.Visible = False

tt_lbl.Visible = False

On Error GoTo lab

c = (4 * (Int(txt_a.Text) ^ 3)) + (27 * (Int(txt_b.Text) ^ 2))

If c = 0 Then

ans_lbl.Caption = "Not Satisfying the condition"

'MsgBox "Not Satisfying the condition", vbInformation, "Invalid"

ElseIf c 0 Then

ans_lbl.Caption = "The formula is : y^2 = x^3 +" & txt_a.Text & "x + " & txt_b.Text

'MsgBox "The formula is : y^2 = x^3 +" & txt_a.Text & "x + " & txt_b.Text, vbInformation, "valid"

End If

Exit Sub

lab:

MsgBox "Invalid Input", vbExclamation, "Invalid"

End Sub

Page 81 of 84


82/84


Private Sub chk_prime_Click()

' If bm.biginteger_IsProbablePrime_RM(txt_prime.Text) = True Then

' ans_prime.Caption = "Prime"

' Else

' ans_prime.Caption = "NotPrime"

' End If

BigInteger_Methods1.Visible = True

ans_prime.Caption = ""

If BigInteger_Methods1.BigInteger_IsProbablePrime_RM(txt_prime.Text) = True Then

ans_prime.Caption = "Prime"

Else

ans_prime.Caption = "NotPrime"End If

BigInteger_Methods1.Visible = False

End Sub

Private Sub cmd_clear_Click()

txt_prime.Text = ""

End Sub

Private Sub g_prime_Click()

g_rnd_Click

Dim ob As Object, cn As Integer

'MsgBox Me.Controls.Count

For cn = 0 To Me.Controls.Count - 1

Set ob = Me.Controls(cn)

If TypeOf ob Is CommandButton Then

ob.Enabled = False

End If

Next cn

While ans_prime.Caption "Prime"

txt_prime.Text = bm.BigInteger_Add(Trim(txt_prime.Text), "1")

chk_prime_Click

Page 82 of 84


83/84


Wend

For cn = 0 To Me.Controls.Count - 1

Set ob = Me.Controls(cn)

If TypeOf ob Is CommandButton Then

ob.Enabled = True

End If

Next cn

End Sub

Private Sub g_rnd_Click()

Dim inp As String

If opt_bit.Value = True Then

inp = Trim(InputBox("Enter the No. of Bits: ", "Input"))

If BigInteger_Methods1.chk_valid(Trim(inp)) = True Then

txt_prime.Text = BigInteger_Methods1.BigInteger_Random_ByBit(inp)

'Else

' MsgBox "Invalid Input", vbInformation, "Invalid"

End If

ElseIf opt_len.Value = True Then

inp = Trim(InputBox("Enter the Length: ", "Input"))

If BigInteger_Methods1.chk_valid(Trim(inp)) = True Then

txt_prime.Text = BigInteger_Methods1.BigInteger_Random_ByLength(Int(inp))

'Else

' MsgBox "Invalid Input", vbInformation, "Invalid"

End If

End If

End Sub

Private Sub mnu_point_Click()

Dim fs As New FileSystemObject

Page 83 of 84


84/84


On Error GoTo lab

cmd1.ShowSave

If cmd1.FileName "" Then

fs.CopyFile App.Path + "\base.txt", Left(cmd1.FileName, Len(cmd1.FileName) - 4) & "_BasePnt.txt"

MsgBox "File saved successfully", vbInformation, "Save"

End If

Exit Sub

lab:

MsgBox "File copy error", vbExclamation, "Failed"

Documents

Eliptic Curve Implementation