Comparison of ECC and RSA Algorithm in Resource ... - IEEE Xplore

Comparison of ECC and RSA Algorithm in Resource Constrained Devices Mohsen Bafandehkar, Sharifah Md Yasin, Ramlan Mahmod, Zurina Mohd Hanapi Department of Computer Science Faculty of Computer Science and Information Technology Universiti Putra Malaysia [email protected], [email protected], [email protected], [email protected] Abstract— Nowadays, the usage of resource constrained devices is increasing and these devices are primarily working with sensitive data. Consequently, data security has become crucial for both producers and users. Limitation of resources is deemed as the major issue that makes these devices vulnerable. Attackers might exploit these limitations to get access to the valuable data. Therefore, carefully chosen and practically tested encryption algorithm must be applied to increase the device efficiency and mitigate the risk of sensitive data loss. This study will compare elliptic curve cryptography (ECC) algorithm with Key size of 160-bit and Rivest-Shamir-Adleman (RSA) algorithm with Key size of 1024-bit. As a result of this study utilizing ECC in resource constrained devices has advantages over RSA but ECC needs continues enhancement to satisfy the limitations of newly designed chips. Keywords—RSA; ECC; public key constrained devices; computation cost

I.

cryptography;

Additional computational power are needed for Public-key cryptography (PKC) schemes such as RSA; thus, they have to be applied with much care [3]. This study will compare elliptic curve cryptography (ECC) algorithm with Key size of 160-bit and Rivest-ShamirAdleman (RSA) algorithm with Key size of 1024-bit. This comparison will be based on analysing the data obtained from literature research and extracted from technical reports. The result of this study will be useful for further researches and future works. It will be helpful in finding a solution to effectively manage the resources and overcome the existing limitations. This will lead to performance enhancement with the same level of security in resource constrained devices.

resource

INTRODUCTION

In recent years, small computing devices such as cellular phones, personal digital assistants (PDAs), embedded systems, sensors and smart cards have gained a key role in human life and they have become an inseparable component of modern world. These devices have intensively constrained computational power, memory and battery life resources; therefore, such constrictions could make the devices vulnerable against many security attacks and breaches. Furthermore, trustworthiness of the services and reliability of technologies they provide turn out to be a growing concern when they need to associate with sensitive data. Many researches have been conducted to resolve or overcome these limitations. And many solutions have been proposed. In fact a digital environment would not be effectively secure without implementing a data protection technique such as encryption technique. Encryption is an effective method to secure sensitive data which helps maintain secrecy and confidentiality of those data against unauthorized user. There is an inherent conflict between advantages and resource limitations of constrained device compared to other mobile computing devices. Resource constrained devices have limited computation resources such as CPU, memory and battery. Since chips and microprocessors are becoming increasingly smaller, it is necessary to make cryptographic schemes both secure and uncostly.

II.

LITERATURE REVIEW

RSA and ECC are known as the most efficient PKC among all asymmetric encryption algorithms. They boast a large number of merits in comparison with other cryptosystems [7]. A. RSA RSA has been deemed as a secure and trustworthy algorithm among all asymmetric algorithms which have been proposed up to now. In fact, the RSA algorithm is a compatible asymmetric cipher, since it applies a key with various length. In this algorithm security can be assured at the expense of speed. The typical length of RSA keys are 5122048 bits. Rivest et al invented RSA algorithm in 1978 [8]. Considerable cryptanalysis has approved RSA as a reliable algorithm over the years. It demonstrates that this algorithm has remarkable amount of reliability. Difficulty of factoring large numbers acts as a core component of RSA's security. The efficiency of RSA would be ruined if it was possible to find a simple method for factoring these large numbers. Accordingly, RSA laboratories propounded the term of ‘factorization attack’ as a challenge in 1991. Timing attack and Cycling attacks are among other attacks on RSA which have been discussed in [9, 10]. B. ECC ECC is a public key cryptography which has public and private keys for authentication. The utilization of elliptic curves in cryptography has been proposed for the first time by

978-1-4799-2845-3/13/$31.00 ©2013 IEEE

Koblitz and Victor Miller individually in mid 1980s [12]. ECC is known as a sort of PKC which is built upon algebraic structure of elliptic curve over finite fields [1].

2048

224

10:1

3072

256

12:1

7680

384

20:1

Difficulty of elliptic curve discrete logarithm problem (ECDLP) plays a major role in the security of ECC, and this problem can be resolved in exponential time [12]. Meanwhile it has to be added that performance of this algorithm is mainly intertwined with the efficiency of its scalar multiplication algorithm [6]. Hamming weight of the private key is a determinant factor in algorithm efficacy regarding scalar arithmetic level of the computation [11]. Hamming weight is defined as a means to measure the number of none zero digits in a scalar representation. As the extent of Hamming weight lowers, the speed of scalar multiplication performance rises up. Accordingly, scalar recoding method can be used to lessen Hamming weight of scalar representation of private key.

15360

521

30:1

III.

Illustrates the data in TABLE I., to clarify the comparison.

STANDARDIZATION OF ECC

ECC standardization is crucial for achieving practical, efficient implementation, and encourages its adoption by worldwide organizations [2]. National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Commerce Department’s Technology Administration [5]. NIST provides specification for ECC which are considered safe for use in cryptographic applications. NIST recommended secured elliptic curves over binary fields with field 2163, 2233, 2248, 2409, and 2571 [5]. These curves are considered safe for use in cryptographic applications. NIST also provides specification for the following ECC parameters: The extension degree of the binary field F2m. The reduction polynomial of degree . The seed selected to randomly generate the coefficients of the elliptic curve. The coefficients of the elliptic curve The (prime) order of the base point . The cofactor. The and coordinates of . IV.

FIGURE I.

TABLE II.

SECURITY LEVEL(BITS) AND RATIO OF COST FOR RSA/DSA AND ECC WITH EQUIVALENT SECURITY LEVEL [18]

Key size

Security Level (bits)

Ratio of Cost

160

80

3:1

2048

224

112

6:1

3072

256

128

10:1

7680

384

192

32:1

521

256

64:1

RSA/DSA

ECC

1024

15360

FIGURE II. Shows the relationship between key size and ration of cost in a same security level (bits) for RSA/DSA and ECC.

COMPARISON OF ECC AND RSA CRYPTOSYSTEMS

Performance of an ECC depends on efficient computation of scalar multiplication (kP) [3]. Key size of 160-bit ECC has equivalent security level with 1024-bit RSA/ DSA [5, 13]. [13] Observed that RSA security required 1024 bits for corporate use and 2048 bits for extremely valuable keys. Therefore, the advantage of ECC over RSA is obvious since with a shorter length for key it can provide the same level of security. TABLE I. shows the key sizes used in RSA and ECC. The minimum key size required for a secured cryptosystem of ECC is 160 bits or more. TABLE I.

KEY SIZE RATIO FOR RSA/DSA AND ECC WITH EQUIVALENT SECURITY LEVEL [18] Key size

RSA/DSA

ECC

1024

160

Key size ratio 7:1

ECC has an advantage when implemented in the following situation [2]: a) Internet-based application, for example, online banking or e-business where large volume of online transactions or web server request are on demand. b) Constraint devices like mobile devices which have low computational power, and low memory storage. c) Smart cards and cryptographic tokens which are portable, small, and lightweight and they have low processing power, parameter storage and memory.

Security issue for PKC cryptosystem is already discussed in part a), b) and c) in this section. Computation cost and running time of cryptographic operations play a major role in efficacy of cryptosystems. Bit size of the key determines space or memory demands. Smaller key size is more effective since it requires less hardware resources [14], low key transmission time, less memory for storage, low cost of arithmetic computation and low bandwidth [15]. Other related issues on cryptosystems implementation are interoperability, public acceptance, and technical specifications most take into consideration. Certain difficulties are stand for ECC implementation on hardware or software. Higher power consumption is needed for software implementation compare with hardware implementation [4]. In the other hand, hardware implementation recognized as a more secure implementation since an attacker are not able to modify an embedded system. Nonetheless, a larger amount of developing cost is required for hardware implementation for applying a new algorithm. One of the most crucial aspects in cryptographic processes is computational power requirements. Efficient elliptic curve arithmetic algorithms are crucial to make sure that they can run on resource constrained devices like FPGA [5] where FPGA is a reconfigurable and field programmable gate array whose function is not fixed and can be programmed in the system. V.

FUTURE WORK

There is a direct relationship between variable key lengths and level of security in asymmetric encryption algorithms. The bigger the key size, the more secure the algorithm it is. But in the other hand, bigger key size requires more computational power and resources. And rationally these prerequisites will lowers the algorithm's performance. The need to improve the performance ECC can be satisfied by improvement in scalar multiplication algorithm as the fundamental algorithm in ECC. To achieve this we need to design an efficient algorithm that can enhance both scalar arithmetic and point arithmetic. Furthermore some security measurement checking need to be performed to ensure the security of algorithm against side channel attacks. This algorithm hope to be well-balanced in term of its cost and effectiveness and will surpass the other existing algorithm in term of efficiency and effectiveness. VI.

CONCLUSION

Sudden growth of knowledge driven to sophisticated technology, stimulate the cryptographic techniques to be enhanced as well. According to TABLE I. in comparison with more conventional cryptosystems like RSA, a simillar level of security for smaller key sizes can be assured by ECC. Thus, application of ECC is highly recommended to create more security and higher speed while computational load is not increased [16]. In the other hand chips are being designed with smaller size and extra limitations (i.e. computation power, memory and battery life). And cryptographic scheme

especially in resource constrained devices, need to be not only secure but also practical and uncostly. Based on TABLE II. ECC has smaller cost ration. Furthermore, to maximize the performance of the newly designed chips, ECC itself needs consistent enhancement [17]. REFERENCES [1]

[2]

[3] [4]

[5]

[6]

[7] [8]

[9]

[10]

[11]

[12] [13] [14]

[15] [16]

[17]

[18]

Sonali U. Nimbhorkar, and Dr. L. G. Malik. “A Survey On Elliptic Curve Cryptography (ECC)” International Journal of Advanced Studies in Computers, Science and Engineering vol.1, 2012, issue 1 pp. 1-5. Certicom research,. “The elliptic curve cryptosystem”. Retrived from htttp://www.certicom.com. [online] Sep 19, 2011, (Accessed: 25 Jun 2013). Yong Wang; Streff, K.; Raman, S., "Smartphone Security Challenges," Computer , vol.45, no.12, pp.52,58, Dec. 2012. Paryasto, M., Kuspriyanto, Sutikno, S. and Sasongko, A., Issues in elliptic curve cryptography implementation. Internetworking Indonesia Journal. 1(1):29-33, 2009. Hankerson, D., L`opez Hernandez, J. and Menezes, A., Software implementation of elliptic curve cryptography over binary fields. Cryptographic Hardware and Embedded Systems, CHES’00. LNCS, 1965:1–24, 2000. Ansari, B.; Hasan, M.A. "High-Performance Architecture of Elliptic Curve Scalar Multiplication," Computers, IEEE Transactions, vol.57, no.11, pp.1443, 1453, 2008. Kumar, S. Elliptic Curve Cryptography For Constrained Devices. Dissertation, Rurh-University Bochum, 2006. R. L. Rivest, A. Shamir and L. Adleman. “A method for obtaining digital signatures and public-key cryptosystems,” Comm. ACM, 21, pp. 120-126, 1978. P. Kocher. “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” Advances in Cryptology: Proceeding of CRYPTO ’96, Springer- Verlag, pp.104- 113., 1996. Majid Bakhtiari, Mohd Aizaini Maarof. “Serious Security Weakness in RSA Cryptosystem” IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 1, No 3, 2012. Wang, B., Zhang, H., Wang, Z., & Wang, Y. “Speeding up scalar multiplication using a new signed binary representation for integers”. LNCS. 4577, 277- 285, 2007. Koblitz, N. Elliptic curve cryptosystems. Mathematics of computation. No. 48, pp. 203-209,1987. Torri, N. and Yokoyama, K. Elliptic Curve Cryptosystem. FUJITSU Sci. Tech. J., 36(2):140-146, 2000. Hitchcock, Y., Dawson, E., Clark, A. and Montague, P. Implementing an efficient elliptic curve cryptosystem over GF(p) on a smart card. ANZIAM J. 44(E):C354-C377, 2003. Lauter, K. The advantages of elliptic curve cryptography for wireless security. IEEE Wireless Communications. pp. 62-67, 2004. Dabholkar, A. Yow, K.C. “Efficient Implementation of Elliptic Curve Cryptography (ECC) for Personal Digital Assistants (PDAs), Wireless Personal Communications - WIREL PERS COMMUN”, vol. 29, pp. 233-246, 2004. Roshan Duraisamy; Salcic, Z.; Morales-Sandoval, M.; Feregrino-Uribe, C. "A Fast Elliptic Curve Based Key Agreement Protocol-on-Chip (PoC) for Securing Networked Embedded Systems," Embedded and Real-Time Computing Systems and Applications. Proceedings. 12th IEEE International Conference, pp.154, 2006. National Security Agency., “The Case for Elliptic Curve Cryptography”, (nsa.gov), [online] Jan 15, 2009, http://www.nsa.gov/business/programs/elliptic_curve.shtml, (Accessed: 20 July 2013)