research on fast implementation of elliptic curve cryptosystem by luckboy

VIEWS: 41 PAGES: 6

More Info
									Aug. 2007, Volume 4, No.8 (Serial No.33)

Journal of Communication and Computer, ISSN1548-7709, USA

Research on fast implementation of Elliptic Curve Cryptosystem based on object-oriented method∗
SHEN Gui-cheng, ZHENG Xue-feng
(School of Information Engineering, University of Science and Technology, Beijing 100083, China) Abstract: With the fast development of cryptography research and computer technology, the cryptosystems of RSA and Diffe-Hellman are getting more and more unsafe, and Elliptic Curve Cryptosystem is becoming the trend of public cryptography in the future. Object-oriented technology is mainly used as tools, and Elliptic Curve Cryptosystem is divided into several layers, every of which corresponds a class. The properties and methods of these classes are discussed, and some methods are implemented. In the end, the advantages are analyzed, and the cryptosystem implemented with advanced programming language is easy to transplant. Key words: Elliptic Curve Cryptosystem; information security; object-oriented; finite element field

1. Introduction
Elliptic Curve is always regarded as a joint point of algebra geometry, number theory and a purified discipline. In 1985, V. Miller and N. Kobiltz proposed that it could be used in public cryptography [1,2] independently. Nowadays, Elliptic Curve Cryptosystem (ECC) has made great progress not only in theory but also in practice. The key length of classical cryptosystem, such as RSA and Diffe-Hellman, is 516 bits, but with the rapid development of cryptography theory and computer technology, this key length is getting more and more unsafe. To reach the safe level of symmetric cryptosystems with key length of 128 bits, NIST
∗

Acknowledgements: This paper is supported by Ren Cai Qiang Jiao Xue Shu Chuang Xin Tuan Dui, Wu Liu Xin Xi Zong He Zhi Neng Hua Chu Li Ji Shu Chuang Xin Ping Tai, Beijing Wuzi Xueyuan Qingnian Keti. SHEN Gui-cheng (1966- ), male, Ph.D., associate professor; research fields: information security, management information system.

recommends that the key length must be 3072 bits. It is obvious that such increasing of key length is a heavy burden for RSA because the speed of RSA has been very slow, and this phenomenon will be kept for a long time. Compared with classical public cryptographies, ECC has made great progress in algorithm efficiency. The crisis of RSA results from its existence of sub-exponential-time attack, for ECC, it generally has no such attacks, therefore its key length can be cut greatly. The safe level of ECC with the key length of 256 bits is similar with the safe level of symmetrical cryptosystems with the key length of 128 bits, and this safe level leaves ECC a great room for use[3]. Although both RSA and ECC are the cryptosystems based on finite element fields, their mechanic system is different greatly. For RSA, the only way of improving safe level is to increase the key length, that is to say, the bit number of finite element field must be expanded, but ECC has more choices than RSA. ECC can choose adequate finite element field F(pn), where p is a prime, and even the finite element field is determined, we can choose the coefficients of Weistrass equation. What is more, when the coefficients are decided, we can still have other choices, such as, base point, private key and public key. The implementation of ECC depends on its finite element field, that is to say, different field has different implementation method. For example, if the field is F(2n), ECC is easy to be implemented by hardware because the operations are only bit shift and exclusive or, therefore its implementation is very simple, but the disadvantage is that its extensity is not very good; of course, it also can be
35

Research on fast implementation of elliptic curve cryptosystem based on object-oriented method

implemented by software, and its advantage is that its extensity is very good but its speed is slower than by hardware; if the field is F(P) , where P is a big prime, ECC is suit to be implemented by software not hardware; if the field is F(pm), where p is a prime and its length is narrowly equal to the length of CPU WORD, such a field is called OEF(Optimal Extended Field), and it is suit to be implemented by software. According to the reference[4], the first finite element field on which ECC is based will not be recommend as a standard because of its safe reason, and details can be seen in this reference. As for the third field, there are many limits, and its extensity is not very good because different CPU has different length of CPU WORD, therefore ECC suitable to run on a platform with CPU A is not suitable for CPU B. Thus, the second field will be the trend of ECC in the future. This paper focuses on the second field, and through the use of Object-Oriented method, the classes are analyzed in ECC, and moreover the properties and methods of these classes are discussed, and some of these methods are implemented.

compute the intersection point T of the line and the curve, after this, draw a line passing point T, which is paralleling Y coordinate, finally compute the intersection point R of the line and the curve, and point R is the very result we want, that is to say, R = P+Q; if P is equal to Q, first of all, we draw a tangent line of the curve at point P, then compute the intersection point T of the line and the curve, after this, draw a line passing point T, which is paralleling Y coordinate, finally, compute the intersection point R of this line and the curve, and point R is the very result we want to compute, and that is to say, R = 2P. The computing procedure is demonstrated as follows.

Fig. 1

Point plus on an elliptic curve

2. Elliptic Curve Cryptosystem
Elliptic Curve [5] is a plane curve defined by Weierstrass equation:

y 2 + axy + by = x 3 + cx 2 + dx + e

(1)

If F is a field and a, b, c, d and e belong to F, number pair, (x, y), which is satisfied with the equation (1), is called a point on the curve. When the characteristic of equation (1) does not equal to 2 and 3, the equation can be simplified as follows:

Fig. 2

Point double on an elliptic curve

y 2 = x 3 + ax + b,a,b ∈ F

(2)

The points on the elliptic curve form an addition group, an Abel group. The addition rule of two points is explained in the following way. Suppose two points P and Q are on the elliptic curve and P is not equal to Q, first we draw a line passes these two points, then

According to Elliptic Curve Crypto-system, its implementation can be divided into five layers. The first layer is about word operation, and word length is not the length of CPU WORD, the word operation includes plus, minus, product and division; carry bit and borrow bit must be taken into consideration when two words add and minus, the result that two words product consist of a high word and a low word. The second layer is long integer operation, where the length of a long integer can

36

Research on fast implementation of elliptic curve cryptosystem based on object-oriented method

be at least 160 bits or 20 bytes, and a long integer can be represented by many words; the operations on the long integer set include plus, minus, product, division, and bit shift. The third layer is finite element field, where the finite field is generated by a big prime, and the operations on the finite element field include plus, minus, product, and inverse. The fourth layer is elliptic curve, where the elliptic curve is based on the finite element field generated by a big prime, and the operation on the elliptic curve includes point plus and point double; to speed up the operations on the field and cut the times of computing the inverse of an element in the field, a mixed coordinate is used to implement these two operations. The fifth layer is protocol layer, and this layer is to implement the encryption, decryption, signature, and signature verification.

3. Class design
According to the above analysis, we may design five classes, including WordOperator, LongInteger, FiniteElementField, EllipticCurve and ECCcryptosystem. WordOperator class is about WORD operations, and it is core of Elliptic Curve Cryptosystem, its efficiency determines the efficiency of the whole cryptosystem. The function of this class is to compute the operation of two WORDs, including plus, minus, product and division, the word can be designed as unsigned long integer. When two WORDs add, the carry bit must be taken into consideration while the borrow bit must be taken into consideration when two WORDs minus. when we compute these operations, one WORD can be divided in two WORDs, here the first WORD store the high half of the word, and the second word can store the low half of the word, therefore we can compute the carry bit and borrow bit. What is more, in the same way, we can compute the operation of two word product, therefore the result of two WORD product consist of two WORDs, and one word is the high word while the other one is the low

word. Besides this method, Assemble Language can be used to implement the functions of the class, WordOperator. LongInteger class simulates a long integer, and it has two properties, one is the number of words while the other property is a WORD pointer, which is used to store data. The main functions of this class are to compute plus, minus, product, division of two long integers, and shift and bit number of a long integer. As for computing plus and minus of two long integers, we can compute the operation of two corresponding words form the lowest word to the highest word by the use of class WordOperator. When we compute two long integer the product of a and b, we store the result into another long integer whose length is the sum of a’s length and b’s length, and the result can be computed by the use of WordOperator class. As for two long integer division a/b, first left shift operation has performed on b so that the highest bit of a has the same position as the highest bit of b, then a minus b if a is greater or equal to b, and right shift is performed on b after this, such operation is performed until b is less than the original value. The main functions of FiniteElementField class are to realize operations on the finite element field, including plus, minus, product of two elements and the inverse of one element. This class has one property that is a big prime PRIME, where an object of LongInteger represents a big prime. When the result that two elements add is greater or equal to PRIME, the correct result is a+b-PRIME; when a < b, the correct result that a minus b is that a+(PRIME-b); when we compute a*b, first of all, we compute a*b as two long integer product, then the result is divided by PRIME, finally, the remainder is the correct result; when we compute the inverse of one element a, we may use the extended Euclid algorithm; however, we can use minus operation to acquire the result, but this method will use a lot of shift operations. EllipticCurve class has two properties and two methods. Two properties are a, b where a and b are the coefficients of the elliptic curve. Two methods are the
37

Research on fast implementation of elliptic curve cryptosystem based on object-oriented method

addition of two points and point doubling. To speed up, we may have other properties to store the temporary results, so that there is no need to create and delete objects frequently. Besides this method, we may use the mixed coordinate to decrease the times of computing the inverse of one element on the finite element field, and that means we may use Affined coordinate and Jacoby coordinate at the same time. The main functions of ECCryptoystem class include encryption, decryption, signature, and signature verification. The properties of which are an object of elliptic curve, base point P, public key Q, private key d, the order of the base point and so on. When one message M is encrypted through public key Q, first of all, one random integer k is generated, then kP and kQ are computed, after this, the result of the operation exclusive OR performed on the x part of kQ and the message M is m’, consequently we have the encrypted message (m’, kP). When the encrypted message is decrypted through private key d, first of all, d*kP is computed and the result is P’, then the result of the operation exclusive or performed on the x part of P’ and m’ is what we want. ECDSA algorithm may be used in digital signature and signature verification.

typedef unsigned long WORD; For WORD operation is the lowest operation, its efficiency decides the efficiency of Elliptic curve Cryptosystem. It is not suitable that objects are created and deleted frequently, therefore, class WordOperator has several some static properties and static methods. When we compute the result of the product of two long integers, we must use a special method for the bit length of the result is surely greater than the bit length of a word. Therefore, we divided a word into two parts, and one part is the high half while the other one is the low half. Suppose the length of a word is L, one word can be represented as follows: (3) Here ah is the high half of a and al is the low half of b. Thus, the result of two long integer product is computed as follows: a* b = ah* bh* 2 L / 2 + ( ah* bl + bh* al )* 2 L / 2 (4) + al* bl For the bit length of ah, al, bh, bl is only the half of L, the length of the result of any two of them product is not greater than L. Let r1 = ah*bh, r2 = ah*bl, r3 = bh*al, r4 = al*bl, thus we use these temporary result to compute the high half Rh and the low half Rl of a*b. 4.2 Implementation of LongInteger class For the long integers used in encryption, decryption, signature and signature verification are very long; these long integers must be combined by many words. LongInteger class has two properties and many methods: Class LongInteger has two properties, which are the number of WORDs, and one array to store the data. And it has nine methods, which are add, minus, times, dividedBy, leftShift, rightShift, greatThan, equals, and getBitLength. The methods of this class, such as add, minus, and times are easy to be implemented by the use of WordOperator class. But the operation division must be designed, and it can be implemented by the use of minus operation of WordOperator. The algorithm is designed as follows:

a = ah* 2 L / 2 + al

4. Partial implementation
For different hardware has different length of CPU WORD, different operating system has different execute code. To make the portability easy, C, C++, and Java may be used in developing this system. For the system has great computation of long integers, C, C++ are the first choice. To ensure the system is robust, we may use C++ to implement this system, therefore, when one layer is changed, this layer does not affect other layers. 4.1 Implementation of WordOperator For different CPU has different length of CPU WORD, even with the same advanced language, the same data type has different length on different platform. Therefore, we may use unsigned long integer as our WORD, and our WORD is defined as follows:

38

Research on fast implementation of elliptic curve cryptosystem based on object-oriented method

The first step is to get the bit length of these two long integers A and B. The second step is to shit B toward left so that A and B have the same bit length. The third step is to compare A with B, and if A is greater than B, we get one bit 1 and let A-B, otherwise we get one bit zero. The fourth step is to shift B toward right one bit, then the third is redone until A is less than B. This algorithm is very simple and efficient. 4.3 Implementation of FiniteElement- Field class FiniteElementField class is easy to be implemented, and it has only one property P, which is a big prime, and four methods, including addition, minus, product and inverse. Class FiniteElementField has one property, a Prime, and four methods, which are add, minus, times, inverse. The fore three methods are easy to be implemented, for example, to compute the product of two element a and b, we first compute a*b as two long integer product, then the result is divided by the big prime P, finally, the remainder is the result we want. The inverse is difficult to be implemented, and it costs a lot of time; the most efficient algorithm is extended Euclid algorithm, and it needs ln(n) times of product and division, where n is the number we want to compute its inverse. But we can use another algorithm, and this algorithm uses a lot of bit shift and minus, and it is implemented as follows: We compute the inverse of a longInteger A by using the prime P. The fist step is to let x1 = 1, u1 = a, x2 = 0,u2 = P. The second step is to check whether u1 is even, if u1 is even, shift u1 and x1 right. The third step is to check whether u2 is even, the same thing is done as the second step. The fourth step is that if u1 and u2 are odd and u1 is greater than u2, then x1=x1-x2, u1=u1-u2, otherwise x2=x2-x1, u2=u2-u1. Then the second step is repeated until u1 =1 or u2=1. This algorithm needs only shift and minus, therefore it is very simple and efficient. The number of

times of bit shift and minus is at most equal to the bit length of the big prime P. 4.4 Implementation of elliptic curve According to the previous discussion, the elliptic curve equation may be simplified when the characteristics of the finite element field is not equal to 2 and 3. This paper mainly discusses the elliptic curve on F(P), and therefore, the elliptic curve has two coefficients a and b, here a and b belong to the field. According to the algorithm of Elliptic Curve Cryptosystem, the product of a long integer k and a point P on the elliptic curve is required, where P is a point(x, y), here x, y belong to the finite element field. To speed up, the product can be divided into point addition and point doubling, and as computing the inverse of an element in the field is time-consuming, the projector coordinate is used. In the reference[6], the coordinate system, which is used to compute the point addition, is different from the coordinate used in computing point doubling. By the way, to decrease the time of creating and deleting objects, the additional properties of elliptic curve class are needed to store the temporary result. The elliptic curve can be defined as follows: Class EllipticCurve has two properties a and b, two methods addPoint and doublePoint. Here, a, and b are the coefficients of the elliptic curve, and Point3D is a data type two dimension point, and Point2D is similar. The detailed implementation of these two methods is written in the reference[6]. 4.5 Implementation of ECCryptosystem class According to the definition of Elliptic Curve Cryptosystem, ECCryptosystem must have the following functions, including encryption, decryption, digital signature and signature verification. As the user of this class is different, its content is slightly different, but its properties and methods are similar. The class can be defined as follows: Class ECCryptosystem has five properties, which are base point, public key, private key, elliptic curve, the order of the base point, and five methods, which are

39

Research on fast implementation of elliptic curve cryptosystem based on object-oriented method

kP, encryption, decryption, signature, and verySignature. In algorithm Encryption, the plain text is not embedded into a point on the elliptic curve, and the reason is that the message embedding is time-consuming and the information density is very low because it needs two points to represent an encrypted message. The algorithm in this paper is very fast and the information density is very high.

with C++ language, it will provide a sound for the transplantation from one platform to another platform and there is no need to modify the program.
References: [1] Miller V. Users of elliptic curves in cryptography. Advances in Cryptography−Crypto’85. Berling: Springer-Verlag, 1986: 417-426. [2] Koblitz N. Elliptic Curve Cryptosystems. Mathematics of Computation, 1987, 148: 203-209. [3] WANG Yan-bo. View of the cryptography on Elliptic Curves. Journal of PLA University of Science and Technology, 2002(6): 18-25. [4] Robinson J A, LIANG V M, Chambers J A M, et al. Computer user verification using login string keystroke dynamics. IEEE Trans on Systems, Man, and Cybernetics, Part A: Systems and Humans, 1998, 28(2): 236-241. [5] William J Caelli, Edward P Dawson, Scott A Rea. PKI Elliptic Curve Cryptography and digital signatures. Computer & Security, 1998, 18(1): 47-66. [6] Darrel Hankerson, Alfred Menezes, Scott Vanstone. Guide to Elliptic Curve Cryptography. Springer-Verlag New York. Inc., 2004.

5. Conclusions
Object-oriented technology has three characteristics: inheritance, polymorphism and abstract, these characteristics enable us to design several classes, which collaborate with each other. Even if one class has changed its implementation, this does not affect other classes, therefore the flexibility and stability of the system are improved and system maintenance is very convenient. As the system is designed, developed

(Edited by Rachel, Yunflyer)

40


								
To top