International Journal of Modern Science and Technology Vol. 1, No. 8, November 2016. Page 269-275. http://www.ijmst.co/ ISSN: 2456-0235.

Review Article

Elliptic Curve and Associate Cryptosystem S. Revathi, A. R. Rishivarman Department of Mathematics, Theivanai Ammal College for Women (Autonomous) Villupuram - 605 401. Tamilnadu, India. *Corresponding author’s e-mail: [email protected] Abstract Elliptic curve is a study of points on two-variable polynomials of degree three. With curve defined over a finite field, this set of points are acted by an addition operation forms a finite group structure. Encryption and decryption transform a point into another point in the same set. Besides providing conceptual understanding, discussions are targeting the issues of security and efficiency of elliptic curve cryptosystem. Cryptography is an evolving field that research into discreet mathematical equation that is representable by computer algorithm for providing message confidentiality. The scheme has been widely used by nation-states, corporate and individual who seek privacy for data in storage and during transmission. This paper provides a ground up survey on elliptic curve cryptography. The present paper serves as a basis to understand the fundamental concept behind this cryptosystem. Moreover, we also highlight subareas of research within the scope of elliptic curve cryptosystem. Keywords: Elliptic Curve Cryptography; Finite field; Addition; Multiplication. Introduction such as ad-hoc wireless networks and mobile Public key cryptosystems are constructed by networks.There is a trend that conventional relying on the hardness of mathematical public key cryptographic systems are gradually problem. RSA based on Integer Factorization replaced with ECC systems. Problem and DH based on the Discrete In Sep’2000 Bailey and Christof Paar [14] Logarithm Problem [1]. The main problem of showed efficient arithmetic in finite field conventional Public key Cryptosystems is that extensions with application in elliptic curve the Key size has to be sufficiently large in order cryptography. An elliptic curve coprocessor to meet the high level security requirement, based on the Montgomery algorithm for curve resulting in lower speed and consumption of multiplication can be implemented using more bandwidth [2]. generic coprocessor architecture [15]. In Elliptic curves have a rich and beautiful February, 2005, the NSA announced that it had history, having been studied by mathematicians decided on a strategy of adopting elliptic curve for over a hundred years. They have been cryptography as part of a US government standard in securing sensitive-but-unclassified deployed in diverse areas like: Number theory (proving Fermat`s Last Theorem) in 1995 [3], information. The NSA recommended group of modern physics: String theory (The notion of a algorithms called Suite B, including Elliptic- point-like particle is replaced by a curve-like Curve Menezes-Qu-Vanstone and Elliptic- string.), Elliptic Curve Cryptography (An Curve Diffie-Hellman for key agreement, and efficient public key cryptographic system) [4]. the Elliptic Curve Digital Signature Algorithm In 1985, Neal Koblitz [5] and Victor Miller [6] for digital signatures. The suite also included independently proposed using elliptic curves to AES. design public key cryptographic systems. In the In 2010 [16] Brian King provided a deterministic method that guarantees,the map of late 1990`s, ECC was standardized by a number of organizations such as ANSI [7-9], ISO a message to an elliptic curve point can be made [10,11], NIST [12,13] and it started receiving without any modification. In 1988 Koblitz commercial acceptance. Nowadays, it is mainly suggested for the first time the generalization of used in the resource constrained environments, EC to curves of higher genus namely hyper elliptic curves (HEC) [17]. Since then HEC has

Received: 02.11.2016; Received after Revision: 06.11.2016; Accepted: 08.11.2016; Published: 23.11.2016 ©International Journal of Modern Science and Technology. All rights reserved. 269 Revathi and Rishivarman, 2016. Elliptic Curve and Associate Cryptosystem been analyzed and implemented in software plane models of elliptic curve, a generalisation [18,19] and hardware [20,21] both. of Edward curves introduced by Bernstein (2007). Representations of Elliptic curve Jacobian curve Various forms of elliptic curve has been It [28] is used in cryptography instead of the explored as, Weierstrass form because it can provide a Weierstrass curve defense against simple and differential power An elliptic curve over a field is defined analysis style (SPA) attacks and also faster by an equation (Weierstrass equation) arithmetic compared to the Weierstrass curve. : = Montgomery curve (1) This curve was introduced by Peter L where and Montomery [29], and it has been used since where is the discriminant of and is defined 1987 for certain computations, and in particular as follows: in different cryptography applications. (2) Mathematical Background

+ 4 , Definition 1 = + 4 A general equation of degree three - polynomial with two variables can be defined as If both the coordinate of the point or = (the point at infinity, infinity, or zero element. The set of points on is: (4) where the coefficient belong to any field K. Definition 2 (3) A point P in is non-singular if and Hessian curve only if the partial derivatives of f with This curve [22] was suggested for application respect to x and with respect to y are not in elliptic curve cryptography because both zero at the point P. arithmetic in this curve representation is faster Definition 3 and needs less memory than arithmetic in Let two non-singular cubic curves standard Weierstrass form. and defined over K be given by Edwards curve Weierstrass equations This curve was introduced in 2007 by Edward [23] and in Bernstein and Lange [24] pointed out several advantages of the Edwards (5) and are said to be isomorphic over if form in comparison to the more well known weierstrass form. there exist with invertible, such Twists of curve that the function is defined by the change of In mathematics an elliptic curve E over a variables field K has its quadratic twist, that is another elliptic curve which is isomorphic to E over an which transforms equation into . algebric of K. In particular, an isomorphism Definition 4 between elliptic curves is an isogeny of degree An elliptic curve is a non-singular 1,that is an invertible isogeny. Some curves cubic curve, a rational solution to = have higher order twists such as cubic and over . The set of points is given quartic twists. The curve and its twists have the by same j-invariant and is shown in [25]. Twisted Hessian curve [26] represents a generalization of Hessian curve. It was introduced in elliptic (6) curve cryptography to speed up the addition and where is the rational point at infinity. doubling formulas and to have strongly unified arithmetic. Twisted Edward curves [27] are

©International Journal of Modern Science and Technology. All rights reserved. 270 Revathi and Rishivarman, 2016. Elliptic Curve and Associate Cryptosystem Definition 5 Hence Let be an elliptic curve with integer coefficients. Under a reduction modulo , if is a non-singular curve, Associativity then is said to have a good reduction at . The proof for this property is lengthy. Only Otherwise, has bad reduction at . the simplified version will be laid here. Definition 6 Consider three points and . Let be a Given a point and an integer line through and to produce , so ∈ , a scalar multiplication on ECC is defined will be on . Let be a line as adding point o itself times such that through and to produce , so (7) will be on . Now, let be and . the line through and . Hence Definition 7 is with line . Also, An endomorphism of given by a let be the line through and . Hence rational function, is defined by is with a line . Geometrically, the two lines and are the same, which conclude the proof. Where and are rational function on and Now, let us consider an algebraic (8) formulation of the well-defined point for all arithmetic. For simplicity, consider Group Structure (9) Over where char Closure Let A line through Aline through any two non-singular points (probably the same) on a non-singular curve parallels to y-axis meets a line at infinity at will always intersect the curve at a third point. and meets at another point . Following the Commutativity composition law for inversion, this point is Let be a line through and and extend actually with its -coordinate a reflection of to a third intersection to produce . Extending at -axis. Therefore, from to would produce the same line and Let the same point of intersection. To get a point + , extend a second line from and or , to produce a third intersection or for which . Allow and for either case. Hence consider the following cases separately. If then Identity (10) Consider two points and . Extending where the slope, through and produces . Extending If but then through and results in and the If and then third intersection would be . Hence , (11) . Inverse where the slope . Consider two points and .Extend If and then through a tangent point at to produce Moreover, and such that . Let be a line The first two cases deal with adding two through and with the third different points on the curve and this operation intersection and call it . On , is known as point addition. Meanwhile, the last consider to produce on which two cases involves doubling a point and this again yield the third point at the tangent. operation is known as point doubling. Hasse's Remember tangent is considered as having two theorem on elliptic curves [30] bounds the points. number of points on an elliptic curve over a finite field above and below. If # is the

©International Journal of Modern Science and Technology. All rights reserved. 271 Revathi and Rishivarman, 2016. Elliptic Curve and Associate Cryptosystem number of points on the elliptic curve E over a finite field with q elements, then Helmut (14) Hasse’s result states that with addition and multiplication defined in terms of an irreducible binary polynomial (12) of degree , known as the reduction Field theory polynomial, as follows: If The mathematical concepts necessary to understand and implement the arithmetic operations on an elliptic curve over a finite (15) field(Galois field) [31]. Abstractly a finite field Addition: then in , consists of a finite set of objects called field where ……+ elements together with the description of two with 15(a) operations - addition and multiplication - that Multiplication: then in can be performed on pairs of field elements. where ………. These operations must possess certain + 15(b) properties. The finite field containing q is the remainder when the polynomial is elements is denoted by . Generally two types divided by with all coefficient arithmetic of finite fields are used-finite fields with performed modulo 2. an odd prime which are called prime In this representation of , the additive finite fields, and finite fields with identity or zero element is the polynomial , and for some which are called the multiplicative identity is the polynomial 1. characteristic two finite fields. Additive inverses and multiplicative inverses in Finite field Fp can be calculated efficiently using the The elements of should be represented by the extended Euclidean algorithm. Division and set of integers: with subtraction are defined in terms of additive and operations as follows: If multiplicative inverses. Here the characteristic two finite fields used should have: Addition: then in , where r is the remainder. Multiplication: then in F where Elliptic curve domain parameters is the remainder Two types of elliptic curve domain Additive inverse parameters may be used: elliptic curve domain Then the additive inverse of a in is the parameters over and elliptic curve domain unique solution to the equation (mod parameters over . Domain parameters for ). (13) Elliptic curve are specified in [32]. ECC uses Multiplicative inverse modular arithmetic or polynomial arithmetic for , then the multiplicative inverse of its operations depending on the field chosen. in is the unique solution to the equation Parameters over (mod ). The domain parameters [33] for Elliptic The prime finite fields used should have: curve over are and , where is the prime number defined for finite field , and are the parameters defining the curve This restriction is designed to facilitate mod mod , G is the generator interoperability in terms of computation and point , is the order of the elliptic communication since is aligned with word curve. The scalar for point multiplication is size. chosen as a number between and , is The Finite Field The finite field is the characteristic 2 the cofactor where is the finite field containing elements. Here the number of points on an elliptic curve. elements of should be represented by the Parameters over set of binary polynomials of degree or The domain parameters for elliptic curve less: over are , and ,where m

©International Journal of Modern Science and Technology. All rights reserved. 272 Revathi and Rishivarman, 2016. Elliptic Curve and Associate Cryptosystem is an integer defined for finite field . The 3. Bob selects a random number such that elements of the finite field are integers of 1 He encrypts the message length at most m bits, f(x) is the irreducible using to obtain and polynomial of degree m used for elliptic curve Bob sends and back to operations ,a and b are the parameters defining Alice. the curve (16) 4. Alice decrypts the message using her such is the generator point , a point on the that elliptic curve chosen for cryptographic The original message is acquired through operations , is the order of the elliptic curve [34]. The scalar for point multiplication is Conclusion chosen as a number between 0 and is The ECC has been shown to have many the cofactor, , is the advantages due to its ability to provide the same number of points on an elliptic curve [35]. level of security as RSA yet using shorter keys. Implementation Implementing ECC with the combination of software and hardware is advantages as it ECC can be implemented in software and provides flexibility and good performance. hardware [36]. Software ECC implementation Mathematicians believe that not enough provide moderate speed, higher power research has been done in ECDLP. Although consumption and also have very limited ECC is a promising candidate for public key physical security w.r.t key storage, whereas cryptosystem, its security has not been hardware implementation improves completely evaluated. This is now a deep and performance in terms of flexibility. Also popular area of research. Also it has been found hardware implementation provides greater that hyperelliptic curves of higher genus are security since they cannot be easily modified or potentially insecure from a cryptographic point read by an outside attacker. An approach to of view yet the researchers are trying to prove it combine the advantages of software and better than ECC. hardware in new paradigm of computation referred as reconfigurable computing [37]. Acknowledgements Implementation issues in ECC The authors gratefully acknowledge the The most time consuming operation in ECC anonymous reviewers for their valuable cryptographic schemes is the scalar comments. multiplication (kP). Efficient hardware and software implementation of scalar Conflict of interest multiplication have been the main research topic Authors declare there are no conflicts of on ECC in recent years. [37] Shows elliptic interest. curve scalar multiplication according to three layers. Upper layer shows different algorithm to References perform the multiplication. In middle layer there [1] Mohamed MA. A Survey on Elliptic are several combinations for finite field Curves Cryptography. Applied representation and coordinate system. The lower Mathematical Science. 2014;8(154):7665- level is about finite field operation and 7691. arithmetic. An efficient implementation of ECC [2] Kumar A, Lala K, Kumar A. VHDL over binary Galois field in normal and Implementation using Elliptic Curve Point polynomial bases has been proposed by Ester Multiplication. International Journal of and Henies [38]. Advanced Research in Computer and Elliptic curve cryptography communication Communication Engineering. 1. Alice negotiates with Bob on the choice of 2012;1(6)392-398. elliptic curve over the finite field and its [3] Faltings G, Taylor R, Wiles A. The Proof order . of Fermat’s Last Theorem. Notices of the 2. Alice selects a private key such that American Mathematical Society. She calculate the 1995;42(7):743-746. corresponding public key [4] Lavanya M, Natarajan V. Improved Elliptic Alice sends to Bob. Curve Arithmetic Over GF(P) Using

©International Journal of Modern Science and Technology. All rights reserved. 273 Revathi and Rishivarman, 2016. Elliptic Curve and Associate Cryptosystem Different Projective Coordinate System. [18] Uwe Krieger Signature, Diplomaebeit C. Applied Mathematics Science. University Essen Faahbereich. 2015;9(45):2235-2243. Mathematics and Informatics. 1997. [5] Koblitz. Elliptic Curve Cryptosystems. [19] Sakai Y, Sakurai K. On The Practical Mathematics of Computation. 1987;48: Performance of Hyperelliptic Curve 2003-2009. Cryptosystem in Software Implementation. [6] Miller V. Use of Elliptic Curves in IEICE Transaction on Fundamental of Cryptography. Advances in Cryptology. Electronics, Communication and Computer 1986;218(483):417-426. Sciences. 2000;E83-A(4):692-703. [7] ANSI X9.62. Public Key Cryptography for [20] Wollinger T. Computer Architecture for Financial Services Industry: The Curve Cryptosystems Based on Hyperelliptic Digital Signature Algorithm, 1999. Curves. Thesis: Worcester Polytechnique [8] ANSI X9.62, Public Key Cryptography for Institute, 2001. The Financial Services Industry: The [21] Boston N, Clancy T, Liow Y, Webster J. Elliptic curve key Agreement and Key Genus Two Hyperelliptic Curve Transport Protocols. 2000. Coprocessor. Workshop on Cryptographic [9] Hemnath Ravindra, Jalaja S. ASIC Hardware and Embeded System, 2002. Architectures for Implementing ECC [22] Smart NP. The Hessian form of An Arithmetic over Finite Fields. International Elliptic Curve. Berlin Heidelberg: Journals of Science and Research. Springer-Verlag; 2001. 2015;4(6):2319-7064. [23] Edwards HM. A Normal form for [10] ISO IEC 14888, Information Elliptic Curves. Bulletin of the American Technology Security Techniques-Digital Mathematical Society, 2007;44(3):393-422. Signatures. Appendix part 3. Certificate [24] Bernstein D, Lange T. Faster Addition based Mechanism. 1998. and Doubling on Elliptic Curves, 2007. [11] ISO IEC15946, Information Security [25] Gouvea F, Mazur B. The Square Free Technology-Cryptography Techniques Sieve and The Rank of Elliptic Curve. based on Elliptic Curve. 1999. Journal of American Mathematical Society. [12] Digital Signature standard. FIPS 1991;4(1):1-23. Publication. 2000:186-192. [26] Twisted Hessian Curves Retrieved. [13] Mishal N, Singh RK. A Study on Finite Auto-Twisted Hessian.html, 2010. Field Multiplication Over GF(2m) and its [27] Daniel J. Bernstein, Marc Joye, Tania Application on Elliptic Curve Lange et al. Twisted Edward curves, 2008. Cryptography. International Journal of [28] Olivier Billet, Marc Joye. The Jacobi Science and Engineering Research. Model of An Elliptic Curve and The Side- 2014;5(5):1672-1684. channel Analysis. Berlin Heidelberg: [14] Bailey D, Christof Paar C. Arithmetic Springer-Verlag; 2003. in Finite Field Extensions with Application [29] Montgomery PL. Speeding the Pollard in Elliptic Curve Cryptography. Journal of and Elliptic Curve Methods of Cryptology. 2001;14(3):153-176. Factorization. American Mathematical [15] Bednara M, Daldrup J, Shokrollahi.et al Society. 1987;48:243-264. Tradeoff analysis of pga Based Elliptic [30] Silverman, Joseph H. The Arithmetic of Curve Cryptography. Proc. Of the IEEE Elliptic Curves. Gradute Texts in International Symposium on Circuits and Mathematics. New York. Springer Verlag: Systems, Scottsdale, Arizona, USA, 2002. 1994. [16] King B. Mapping an Arbitary Message [31] Standards for Efficient Cryptography, to an Elliptic Curve When Defined over GF Sec 2. Elliptic Curve Cryptography. (2n). International Journal of Network Certicom Research. 2000. Security. 2009;8(2):169-17. [32] Standards for Efficient Cryptography, [17] Koblitz N. A family of Jacobian Sec 2. Recommended Elliptic Curve Suitable for Discrete Log Cryptosystem. Domain parameters, Certicom Research. Advances in Cryptology. 1988;88:94-99. 2010.

©International Journal of Modern Science and Technology. All rights reserved. 274 Revathi and Rishivarman, 2016. Elliptic Curve and Associate Cryptosystem [33] Sravana Kumar D, Suneetha CH, [36] Marisa W, Paryasto, Kuspriyante, Chandrasekhar A. Encryption of Data Sarwan et al. Issues in Elliptic Curve Using Elliptic Curve Over Finite Fields. Crypyography Implementation. International Journals and Parallel International Indonesia Journal, System. 2012;3(1):301-308. 2009;1(1):29-33. [34] Gajbhiye S, Sharma M, Dashputre S. A [37] Morales-Sandoval M, An Interoperable Survey Report on Elliptic Curve and Reconfigurable Hardware Architecture Cryptography. International Journal of for Elliptic Curve Cryptography Thesis: Electrical and Computer Engineering, Mexico. National Institute for 2011;1(2):195-201. Astrophysics. Optics and Electronics. 2006. [35] Gayoso Martinez V, Hernandez Encinas [38] Mathew Estes, Phillip Hines, Efficient L, Avila S. A Survey of the Elliptic Curve Implementation of an Elliptic Curve Integrated Encryption Scheme. Journal of Cryptosystems Over Binary Galios Field in Computer Science and Engineering. Normal and Polynomial Bases. George 2010;2(2):7-13. Massion University. 2006.

*******

©International Journal of Modern Science and Technology. All rights reserved. 275