INTRODUCTION
The rapid growth of information technology that has resulted in significant
advances in cryptography to protect the integrity and confidentiality of data
is astounding. The historical cryptosystem has been a symmetrickey approach,
in which both communicating partners share a common key and a level of trust
is required to ensure that neither party divulges the key^{[1,2]}. Considered
by some to be the only major abstract advance in encryption techniques, Diffie
and Hellman^{[3]} proposed Public Key Encryption in 1976 and has remained
a very popular protocol for strong authentication of entities^{[4]}.
By this mthod each user of the network has a personalized private key and a
public key. The public key is distributed to all members of the network, while
only the user holds the private key. This implies that the user is the only
person able to read any messages encrypted with his public key. It is designed
to be computationally intractable to calculate a privatekey from its associated
publickey. With public key cryptography, more sophisticated cryptographic tools
such as tokens (e.g., smart cards), digital signatures and certificates are
used to provide the full scope of cryptographic security services.
However, it is important to note that traditional cryptographic algorithms like DES^{[1]}, DLP^{[5]}, RSA^{[6]} etc. are not particularly efficient in small form factor, lowpower, resource constrained devices, as they require memory intensive power hungry big integer computation coprocessor to complete the calculations in a timely manner. Adding such a coprocessor significantly raises the cost of manufacture, rendering many devices impractical. The cost of producing a smart card, for example, is increased by as much as 400% when an additional processor is required^{[7]}. For embedded systems or telecommunications applications characterized by extremely high volumes and a wide variety of devices, many of which have limited computing resources and wireless, the trend has been towards alternate cryptographic algorithms.
One technology in particular, known as Elliptic Curve Cryptography (ECC), has become the cryptography of choice for mobile computing and communications devices due to its size and efficiency benefits. Koblitz^{[8]} and Miller^{[9]} independently proposed the Elliptic Curve Cryptosystem (ECC), a method of utilizing a Discrete Logarithm problem over the points on an elliptic curve. By their proposal, ECC could be used to provide both digital signatures and an encryption scheme. Over the past decade, ECC and later ECDLP (Elliptic Curve Discrete Logarithm Problem) received considerable attention from mathematicians around the world^{[10]}, but todate no significant breakthroughs have been made in determining weaknesses in the algorithm and todate has weathered umpteen mathematical attacks^{[11,12]}. Elliptic curve systems have thereby come to be accepted today as the most viable publickey technology for highsecurity applications.
The ECC provides higher strengthperbit than any other current publickey
cryptosystems^{[12]}. If you compare elliptic curves to RSA and DLP
you find many advantages: to obtain the same security e.g., the use of smaller
fields for elliptic curves. Therefore, elliptic curves can be implemented easier
and faster. Moreover, because of its higher strengthperbit, ECCs is being
increasingly used in practical applications (e.g. IC card and mobile devices)
instead of RSA, which is the most used publickey cryptosystems today. They
are also most suitable for constrained environments such as those in which smart
cards and personal wireless devices are typically deployed. Elliptic curve ciphers
are today commonly found in smart cards, personal digital assistants (PDAs),
pagers and mobile phones. The Elliptic Curve Cryptosystems are also used for
implementing protocols such as ECDSA digital signature scheme^{[13,14]},
DiffieHellman key exchange scheme^{[3]}, EC ElGamal Encryption/Decryption
scheme^{[15]} etc. In this study we analyze the elliptic curve operations
and design procedure involving ECDLP, ECDH key exchange agreement and EC encryption
protocols.
ECC ARITHMETIC OVER GALOIS FIELD
The core of the ECC is when it is used with Galois Field it becomes a one way
function i.e., the math’s needed to compute the inverse is not known. Let
an elliptic curve group over the Galois Field E_{p}(a, b) where, p>3
and is prime, be the set of solutions or points P = (x, y) such that (x, y∈
E_{p}(a,b)) that satisfy the equation: y^{2} = x^{3}+ax+b
(mod p) for 0≤x<p together with the extra point O called the point at
infinity. For a given point P = (x_{p}, y_{p}), x_{p}
and y_{p} are called the x and y coordinates of P, respectively. The
number of points on E_{p}(a, b) is denoted by # E(F_{p}). The
constants a and b are non negative integers smaller than the prime number p
and must satisfy the condition: 4a^{3}+27 b^{2} ≠ 0 (mod
p). For each value of x, one needs to determine whether or not it is a quadratic
residue. If it is the case, then there are two values in the elliptic group.
If not, then the point is not in the elliptic group E_{p}(a, b). So
there will be a lot of points modulo p. In fact, the general theory says that
there will be about p points (x, y) with error bounded by O ().
Construction of an elliptic curve over F_{p}: Let the prime
number p =23 and consider an elliptic curve E: y^{2} = x^{3}+x+4
mod 23 defined over F_{23}, with the constants a = 1 and b=4, which
have been checked to satisfy that E is indeed an elliptic curve. We then determine
the quadratic residues Q_{23} from the reduced set of residue Z_{23}
= {1,2,3,.....,21,22}, which is given by Q_{23} = {1, 2, 3, 4, 6, 8,
9, 12, 13, 16, 18}. Which we use to determine the values of E_{23}(1,4),
i.e.,:
Group OrderLet E be the elliptic curve order over a finite field F_{q}.
Hasse’s theorem states that the number of points on an elliptic curve (including
the point at infinity) is # E (F_{q}) = q+1t where t≤2 ,
# E(F_{q}) is called the order of an elliptic curve E and t is called
the trace of E^{[16]}. In other words, the order of an elliptic curve
E(F_{q}) is roughly equal to the size q of the underlying field^{[17]}.
However, since the number of points in our elliptic curve is small, we can use
the naïve approach to determine #E(F_{q}) using scalar multiplication/addition
approach.
In the development and implementation of elliptic curve cryptography we are interested in the method for computing an equation of the form kP where, k is an integer in the range of [1, n1], n is the order of the elliptic curve E and P = (x_{p}, y_{p}) ∈ E (F_{q}) is a non zero point on a given elliptic curve E. Here, P is usually a fixed point that generates a large, prime subgroup of E (F_{q})including the point at O, or P is an arbitrary point in such a subgroup. This system of computation is known as scalar multiplication and is the heart of ECC scheme.
Point addition: Scalar multiplication i.e., the computation of kP, where
k is a random integer and P is an elliptic curve generation point, can be defined
as the combination of additions of two points on an elliptic curve. Scalar multiplication
of elliptic curve points can be computed efficiently using the addition rule
together with the doubleandadd algorithm or one of its variants. Its properties,
computation and uses will be, therefore, the core of ECC implementation. The
addition of two points on an elliptic curve is defined in order that the addition
results will be another point on the curve as presented in Algorithm
1 and Fig. 1.
Algorithm 1: 
Point addition equation 

In either case, when P_{1} = P_{2} (doubling) and P_{1}≠P_{2}
(point addition), major operations are field multiplication and field inversion.
(Squaring and field addition are enough ignorable because of its less computation
time.) From these formulas of Algorithm 1, we can determine
the number of field operations required for each kind of elliptic curve operation.
We see that an addition step usually requires eight additions, two multiplications,
one squaring, three reductions mod f(x) and one inversion. A Doubling step usually
requires four additions, two multiplications, two squaring, four reductions
mod f(x) and one inversion. A Negation step requires one addition. The important
contributors to the run time are the multiplications and inversions^{[17]}.
Just as modular exponentiation determines the efficiency of RSA cryptographic
systems^{[4]}, scalar multiplication dominates the execution time of
ECC systems. In all the protocols that are fundamental implementation of ECC,
say ECDH, ECDSA, ECAES etc., the most time consuming part of the computations
are scalar multiplications. Elliptic curves have some properties that allow
optimization of scalar multiplications.
Implementation of multiplication/addition over an elliptic curve group modulo p: Let us consider an equation of the form Q = kP. For a positive integer k we let [k] denote the multiplicationbyk map from the curve to itself. This map takes a point P to P+P+.....+P (k summands). The notation [k] is extended to k≤0 by defining [0]P = O and [k]P = ([k]P). So for instance, [2]P = P+P, [3]P = P+P+P and [3]P = (P+P+P). Furthermore, for a given point P on an elliptic curve E, there is a minimum positive integer n such that nP = O, the identity point or point at infinity. Integer n is called the order of the point P. It is known that n is a divisor of the order of the curve E. These scalar multiples form a subgroup of points<P>. Here,<P> is the finite cyclic group<P> = {P, 2P, 3P,.....,nP}, with order n.
To test the algorithm, let P = (7,3)∈ E_{23} (1,4). Then 2P = (x_{3}, y_{3}) is equal to: 2P = P + P = (x_{1}, y_{1})+( x_{1}, y_{1}) = (22, 18). Next, test addition of two different points on the curve, i.e., Q = (4,16) ∈ E_{23}(1, 4) and R = (14,18) ∈ E_{23}(1, 4). Then Q+R = (x_{3}, y_{3}) = (17,9), which we can observe also to be on the curve. However, for real implementation of ECC, we need to know the order of the elliptic curve group.
Let us now implement the scalar multiplication to form a subgroup of points<P>, where,<P> is the finite cyclic group<P> = {P, 2P, 3P,.......nP}, with order n, by following the same additive rules and a generator point P. For example, let P = (7,3) ∈ E_{23}(1,4) be a generator point which we use through repeated addition of point to generate all the point on the curve (Table 1).
Cyclic elliptic curveSince # E(F_{23}) = 29, which is prime and which is found by counting all the points, also known as naïve method. E(F_{23}) is cyclic and any point other than O is a generator of E(F_{23}). The order n of a point P≠O on an elliptic curve is a positive integer such that nP = Q and mP≠O for any integer m such that 1≤m<n. The order n of a point must divide the order N of the elliptic curve. In fact, it is true for any group. If the elliptic curve order N = #E(F_{q}) is a prime number, then the group is cyclic and obviously all points except the point at infinity O are of order N and which is the case looking from Table 1.
ECC PROTOCOLS
Key establishment schemes: Key establishment is the process by which
two (or more) entities establish a shared cryptographic secret key and are essential
for distribution of keys in today’s communication systems for use with
symmetric and asymmetric cryptography. Essentially, two methods are used to
establish cryptographic keying material between parties: key agreement and key
transport. With a key agreement scheme, all parties contribute to the derived
keying material with information that allows each party to derive the shared
keying material. With key transport schemes, the sender determines the key to
be transported, wraps (i.e., encrypts) the key and sends the wrapped key to
the receiver, who then unwraps (i.e., decrypts) the key.
For the scheme which involves symmetrickey only system, the communicating
partners have to manually establish a shared symmetrickey to be used as the
keywrapping key between the two parties. The keying material is wrapped using
a NISTapproved keywrapping algorithm (such as the AES key wrap algorithm).
The publickey based key agreement schemes can be transformed into a key transport
scheme using an approved keywrapping scheme, as recommended in NIST SP 80056.
Table 1: 
Point addition/scalar point multiplicative values of P 

kP ≡ P_{k}, is that 29P ≡ P_{0}
≡ [O]etc 
An example is S/MIME, where key agreement is combined with key wrapping to
achieve the effect of key transport. This is useful because it allows the efficient
encryption of large emails to multiple recipients. The efficiency is that the
email content is encrypted just once, with the content encryption key encrypted
(wrapped) multiple times, once for each recipient.
Elliptic Curve Discrete Logarithm Problem (ECDLP): Recall that the core of elliptic curve arithmetic is an operation called scalar point multiplication, which computes Q = kP. (For example, 11P can be expressed as 11P = (2*((2*(2*P))+P))+P). The problem of calculating k from a given points P and Q is called the discrete logarithm problem over the elliptic curve (ECDLP). Note that we can easily calculate Q = kP from given k and P, but it is computationally difficult to calculate the scalar k from points Q and P.
The corresponding problem in additive (i.e., abelian) groups is: given P and kP (P added to itself k times), find the integer k. This is much more difficult. There is no onestep operation like taking logarithms that we can use to get the solution. So we may know P and kP and yet not be able to find k in a reasonable amount of time. This is called the Discrete Log Problem for abelian groups. We could always repeatedly subtract P from kP till we got O. But if k is large, this will take us a very long time. Several important cryptosystems are based on the difficulty of solving the DLP over finite abelian groups. The solution is even tougher if the underlying group arises from an elliptic curve over a prime finite field F_{q}.
Implementation of ECDLP algorithm: As a simple example, let’s use an overly small value of k and our earlier elliptic curve i.e., E_{p}(a, b) = E_{23}(1, 4) (Table 1). Let’s choose a point (1, 12) ∈ E_{23}(1, 4) and try to determine k such that kP = Q. For example, if Q= (1, 12) and P=(7, 3), then 5P = Q so k = 5 is the solution to the discrete logarithm problem. One can also compute Q = kP = 1P+1P+1P+1P+1P = (1, 12) = 5P. Here k=5. Alternatively, given Q = kP = (1, 12), we can continuously subtract P from kP until we get O. But if the curve is of a large prime order then it is impossible to use this naïve approach for our computation. Take, for example, an elliptic curve E_{p}(a, b) of a large prime number with:
p 
= 
6,277,101,735,386,680,763,835,789,423,207,666,416, 083,908,700,390,324,961,279 
containing a large group of points exactly N points:
N 
= 
6,277,101,735,386,680,763,835,789,423,337,720,473,986 773,608,255,189,015,329 
with
k 
= 
6,708,050,311,399,110,513,517,527,207,693,060,456,300 217,054,473 
The security of ECC relies on the hardness of solving the Elliptic Curve Discrete Logarithm Problem (ECDLP), which states that given P and Q = kP, it is hard to find k^{[11]}. Because PohligHellman algorithm reduces the computation of k to the problem of computing k modulo each prime factor of n. So if n is a large prime, the ECDLP becomes harder. In practice, one must select an elliptic curve that has some points (base point G) which has large prime order n and #E(F_{q}) = n.h, where, h is a small integer. While a bruteforce approach is to compute all multiples of P until Q is found, k would be so large in a real cryptographic application (as indicated above) that it would be infeasible to determine k in this way. If a prime p as large as 160bits long is selected, we cannot find k within a reasonable time, even if we use the most efficient algorithms known so far with the world’s most powerful computers.
KEY AGREEMENT PROTOCOL
EC DiffieHellman key agreement protocol: The DiffieHellman key agreement
protocol is the basic publickey cryptosystem proposed for computing key sharing
agreement for both private and public key protocols. ECDH is the elliptic curve
analog of the traditional DiffieHellman key agreement algorithm^{[1,3,4]}.
The DiffieHellman method requires no prior contact between the two parties.
Each party generates a dynamic, or ephemeral, public key and private key. They
exchange their public keys. Each party then combines its private key with the
other party’s public key to compute the shared secret^{[18]}.
As an example of ECDH key agreement scheme let us consider a homebanking subscriber,
entity A (Alice), setting up a secure communication channel with her Bank entity
(B). Alice and the Bank first agree to use a specific curve, field size and
type of mathematics. Alice generates a public key and a private key; she sends
the public key to her bank. Independently, her bank generates a public key and
a private key; the bank’s public key is sent to Alice. Alice combines her
private key and the bank’s public key to form a shared secret. Her bank
combines its private key and Alice’s public key to arrive at the same shared
secret key. The shared secret may now be used to generate a shared key for encrypting
and decrypting the communication sessions, as shown in Algorithm
2. We can see that we just need scalar multiplication in order to implement
the ECDH protocol.
Algorithm 2: 
DiffieHellman protocol 

Implementation of ECDH key agreement protocol: As a simple example, let’s use our earlier elliptic curve i.e., is E_{p}(a, b) = E_{23}(1, 4). Alice (A) chooses the secretkey k_{A} = 12 and computes her publickey (Table 1): Q_{A} = k_{A}P = 12P = (13, 11). Similarly, Bank (B) chooses the secretkey k_{B } = 23 and computes its publickey: Q_{B} = k_{B}P = 23P = (0, 2).
Thus, their common secretkey S_{AB} = k_{A}k_{B}. Alice computes: k_{A}Q_{B} = 12(23P) = 15P = (17, 9) and the Bank computes: k_{B}Q_{A} = 23(12P) = 15P = (17, 9). Such that: S_{AB}= k_{A}Q_{B} = k_{B}Q_{A} = 15P = (17, 9).
An alternative form of ECDH is the Elliptic curve decision DiffieHellman problem (ECDDHP) Boneh^{[19]}. The ECDDHP is stated as follows: Given a point P of order n in an elliptic curve E over a finite field F_{q} and three points (kP), (sP) and (mP), the ECDDHP is to decide whether m = kl (modulo the order of point P). The ECDDHP is not harder than the ECDHP. Boneh, Venkatesan^{[20]}, Boneh and Shparlinski^{[21]} discussed many issues on security of the ECDHP and related schemes.
Key agreement and setup scheme: The ECDH Key Agreement Scheme as specified in ANSI X9.63 and IEEE P1363 In ECKASDH1 (the Elliptic Curve Key Agreement Scheme, DiffieHellman 1), each party combines its own private key with the other party’s public key to calculate a shared secret key which can then be used as the key for a symmetric encryption algorithm such as AES. Other (public or private) information known to both parties may be used as key derivation parameters to ensure that a different secret key is generated in every session. This key agreement scheme is described in more detail in section 9.2 of the IEEEP1363 standard.
Pure DH or ECDH applications are, however, susceptible to impersonation or “man in the middle” attack, whereby an adversary establishes digital facades between two parties in order to obtain private information. For example, Alice may be setting up a secure session with someone impersonating her bank. Because the private and public keys are generated on the fly, there is no way to prove you have a secure session with the intended party unless you add a method for user authentication. Advanced key exchange protocols such as the MenezesQuVanstone (MQV) introduce mutual strong authentication which allows both parties to confidently identify each other before exchanging sensitive information. MQV is currently deployed through ECC systems^{[4,19]}.
THE MECHANICS OF ELLIPTIC CURVE ENCRYPTION ALGORITHM
Elliptic curve cryptography can be used to encrypt plaintext message, M, into ciphertexts. The plaintext message M is encoded into a message point P_{M} from the finite set of points in the elliptic group, E_{p}(a, b). The first step consists in choosing a generator point, G ∈ E_{p}(a, b), such that the smallest value of n for which nG = O is a very large prime number. The elliptic group E_{p}(a, b) and the generator G are made public.
Assume that the Bank and Alice intends to communicate. Each user select a private
key and use it to compute their publickey. For example, Alice (A) selects a
random integer k_{A}<n as her privatekey and computes her publickey
P_{A} as: P_{A} = k_{A}G. To encrypt the message P_{M}
to the Bank (B); Alice uses her privatekey and the Bank’s publickey P_{B}
to compute the ciphertext pair of points P_{C}:
P_{C} = [(k_{A}G), (P_{M}+k_{A}P_{B})] 
After receiving the ciphertext pair of points, P_{C}, the Bank multiplies
the first point, (k_{A}G) with its privatekey, k_{B} and then
adds the result to the second point in the ciphertext pair of points, (P_{M}+k_{A}P_{B}):
(P_{M}+k_{A}P_{B})[k_{B}(kG)]
= (P_{M}+k_{A}k_{B}G)[k_{B}(k_{A}G)]
= P_{M} 
which is the plaintext point, corresponding to the plaintext message M. Only
the Bank, knowing the privatekey k_{B}, can remove k_{B}(k_{A}G)
from the second point of the ciphertext pair of point, i.e., (P_{M}+k_{A}P_{B})
and hence retrieve the plaintext information P_{M}.
Implementation of Elliptic Curve Encryption Scheme (ECES): Since #E(F_{23}) = 29, which is prime. E(F_{23}) is cyclic and any point other than O is a generator of E(F_{23}). For example, G ≡ P = (7,3) is a generator point such that the multiples kG of the generator point G (for 1≤k≤29), are as shown in Table 1.
If Alice wants to send to Bank the message M which is encoded as the plaintext
point P_{M} = (10, 18) ∈ E_{23}(1, 4). She must use the
Bank’s publickey to encrypt it. Suppose that the Bank’s secretkey
is k_{B} = 17, then its publickey will be: P_{B} = k_{B}G
= 17(7, 3) = 17G = (13, 12).
Alice uses her secretkey k_{A} = 25 and Bank’s publickey P_{B}
= (13, 12) to encrypt the message point into the ciphertext pair of points:
P_{C} = [(k_{A}G), (P_{M}+k_{A}P_{B})]
= [(4, 16), (22, 5)].
Upon receiving the ciphertext pair of points, P_{C} = [(4, 16), (22, 5)], the Bank uses its privatekey, k_{B}, to compute the plaintext point, P_{M}, as follows:
(P_{M}+k_{A}P_{B})[k_{B}(k_{A}G)]
= 27G19G = 8G (10, 18) 
and which maps the plaintext point P_{M} = (10, 18) back into the original
plaintext message M.
Practical Application of ECES: For this part let’s get real and
simulate real application. Let an elliptic curve group over the Galois Field
E_{p}(a, b) where, p>3 and is prime, be the set of solutions or points
P = (x, y) such that (x, y∈ E_{p}(a, b)) that satisfy the equation:
y^{2} = x^{3}+ax+b(mod p) for 0≤x<p together with the
extra point O called the point at infinity. The parameters of the elliptic curve
are as follows:
a 
= 
317689081251325503476317476413827693272746955927 
b 
= 
79052896607878758718120572025718535432100651934 
p 
= 
85963102379428822376694789446897396207498568951 
n 
= 
785963102379428822376693024881714957612686157429 \\number of points #E 
G 
= 
(x, y) \\ generator point 
Where:
x 
= 
771507216262649826170648268565579889907769254176 
y 
= 
9015 751024655662852527945926651499556253319 6655 
k_{A} 
= 
670805031139911051351752720769306045630021705 4473 \\Alice’s priv.
key 
k_{B} 
= 
7860050311399110513517527207693060456300217054 473 \\Bank’s priv.
key 
k_{M} 
= 
235505031139911051351752720769306045630021705 4473 \\Message enc. key 
This is playing Big Boys game so we need a number cruncher software to do similar computation done above. Here we will content ourselves with PARI a Free, open source, number cruncher^{[22]}.
Here the curve E(F_{P}) is cyclic and any point other than O is a generator of all points on curve. For example, G = (x, y) is a generator point such that the multiples kG of the generator point G (for 1≤k≤n), which is too huge to show here.
If the Bank wants to send to Alice the message M (Append. A), which is encoded as the plaintext point
P_{M} 
= 
(x_{M}, y_{M}) =(285128110405972368863732180717016601141242058721,
948739026223210722329407 7342398725955 8219668492) 
The Bank must use Alice’s publickey to encrypt it. Suppose that Alice’s
secretkey is k_{A}, then her publickey will be:
P_{A} 
= 
k_{A}G = (90517135491294082980111512034183665522 537517216,
3004291515310424027770375706419 81602845 272146478) 
The Bank selects a random number k_{B} and Alice’s publickey
P_{A} to encrypt the message point into the ciphertext pair of points:
P_{C} 
= 
[(k_{B}G), (P_{M}+k_{B}P_{A})] 

= 
[(550605361672557316113111615482588146434984456674, 598206702584597415537642011495635814925894203618),
(172390835777057262225071793643950755716065775457, 742617052078859878050112020239322107499028298971)] 
Upon receiving the ciphertext pair of points, P_{C}, Alice uses her
privatekey, k_{A}, to compute the plaintext message point, P_{M},
as follows:
(P_{M}+k_{A}P_{B})[k_{B}(k_{A}G)] 
= 
P_{M} 

= 
(285128110405972368863732180717016601141242058721, 94873902622321072232940773423987259558219668492) 
Table 2: 
NIST guidelines for publickey sizes with equivalent security
levels 

and which maps the plaintext point P_{M} = (x_{M}, y_{M})
back into the original plaintext message M.
Elliptic Curve Integrated Encryption Scheme (ECIES): ECIES combines
elliptic curve asymmetric encryption and the AES symmetric encryption algorithm
with the SHA1 hash algorithm to provide an easy to use encryption scheme with
message authentication support. An ECIES ciphertext object (Q, C, T) consisting
of EC public key Q, encrypted message C and authentication tag T is generated
from a message M and the recipient’s EC public key W. The recipient decrypts
this ciphertext with their EC private key and an exception is thrown if the
authentication tag is invalid. This encryption scheme is described in more detail
in section 11.3 of the IEEE P1363a draft standard^{[23]}.
Following in the footsteps of DES^{[1]}; ECC in conjunction with advance symmetric algorithm, AES^{[24]}, has already been incorporated into a number of key international standards, including ANSI X9.63, IEEE Std 13632000, IETF RFC 3278, ISO 159463 and NIST SP 80056^{[2]}. Adoption into global standards will assist in pushing ECC into wider commercial usage. Table 2 compares the equivalent security level for some commonly considered cryptographic key sizes^{[19]}.
Relative publickey sizes: So what does this mean in practice? NIST
has recommended that 128bit protection is necessary to achieve relatively lasting
security (to the year 2036 and beyond). This means moving from 3DES to AES.
To avoid compromising the security of the system, NIST's FIPS 1402 standard
indicates that keys for symmetric ciphers such as AES must be matched in strength
by publickey algorithms such as RSA and ECC. For example, a 128bit AES key
demands an RSA key size of 3,072bits for equivalent security, however, for
the same strength the ECC key size is only 256bits. As you can observe from
Table 2, while ECC key sizes scale linearly, RSA does not.
The result is that the gap between systems grows as the key sizes increase.
This is especially relevant to implementations of AES where at 256bit security
you need an RSA key size of 15,360bits compared to 512bits for ECC. This will
have a significant impact on a communication system as the relative computational
performance advantage of ECC versus RSA is not indicated by the key sizes but
by the cube of the key sizes. The difference becomes even more dramatic as the
greater increase in RSA key sizes leads to an even greater increase in computational
cost. So going from 1024bit RSA key to 3072bit RSA key requires about 27 times
(3^{3}) as much computation while ECC would only increase the computational
cost by just over 4 times (1.6^{3}).
CONCLUSION
We have shown that elliptic curve ciphers require less computational power, memory and communication bandwidth giving it a clear edge over the traditional cryptoalgorithms. To date elliptic curve cryptography is gaining wide acceptance, especially in wireless and handheld devices, when compared to the conventional cryptosystems (DES, RSA, AES, etc.) which tend to be power hungry. However, while the performance advantages are impressive with ECC, the data security industry need to ensure that the security system, using elliptic curve algorithm has been studied extensively in the public forum and also specified by major standards worldwide. But we think that elliptic curve cryptography is here today and is without question the next generation of publickey cryptography of choice.
Appendix A: Sample text message from the bank to alice
Miss Alice Johnson
Nairobi, Kenya
Dear Miss Johnson,
This letter is to inform you that we have received US$ 2.0 million as your first installment due for your mortgage down payment and opened mortgage servicing account No. 6688668024 on your behalf and deposited therein said amount. To service your account you will need to use your new password GKGQU78BR53.
Yours very truly,
James M Kavungu
Vice President, Finance
First Finance Bank of Nairobi