Standardization of elliptic curves: analysis and implementation in cryptographic protocols
DOI:
https://doi.org/10.32515/2664-262X.2024.9(40).1.14-26Keywords:
cryptography on elliptic curves, asymmetric cryptosystems, digital signature on elliptic curves, ECC (Elliptic Curve Cryptography), ECDH, ECDSA, RFCAbstract
The purpose of the article is to consider the current state of elliptic cryptography, the prerequisites for its use, as well as the requirements of modern standards related to the use of elliptic cryptography
The use of elliptic curves in cryptography is considered one of the most promising areas of development of modern security algorithms. This mathematical approach is based on the complexity of solving the discrete logarithm problem in a group of points of an elliptic curve over a finite field. The use of cryptography on elliptic curves allows you to ensure the security of data exchange using effective encryption algorithms and the creation of digital signatures (DI). This study examines elliptic curves for cryptographic purposes, and provides basic operations on the point group of elliptic curves. Special attention is paid to Elliptic curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA) key exchange algorithms. The standards regulating the use of elliptic curves in cryptographic systems are also analyzed, and the advantages of this cryptographic paradigm compared to the main asymmetric algorithms are considered. Potential threats and vulnerabilities of cryptographic algorithms based on elliptic curves are investigated. Examples of popular standardized curves recommended by relevant organizations, such as NIST, used in real-world cryptographic applications are also provided.
Elliptic curve cryptography (ECC) is currently one of the foundations for the development of modern public-key cryptographic algorithms. ECC has gained recognition in cryptography for providing a high level of security with shorter key lengths (compared to other cryptographic approaches), high speed, resource savings, and versatility, giving it an advantage over other methods such as RSA and others. It provides a secure network connection, generates secret keys for TLS servers and their clients, and is also used to create digital signatures that guarantee the authenticity of transactions in cryptocurrency systems.
References
Список літератури
1. Дичка А. І. Модифікований метод багатократного скалярного множення точок еліптичної кривої у скінченних полях: магістерська дисертація. 2018 URL: https://ela.kpi.ua/bitstream/ 123456789/ 23653/1/Dychka_magistr.pdf
2. Горбенко Ю., Горбенко І. Інфраструктури відкритих ключів. Електронний цифровий підпис. Теорія та практика : монографія. Xарків : Форт, 2010. 608 с.
3. Koblitz N. Elliptic Curve Cryptosystems. Mathematics of Computation. 1987. Vol. 48, № 177. Р. 203-209.
4. Blake I. F., Smart N. P., Seroussi G. Advances in elliptic curve cryptography. Cambridge University. 2009.
5. Diffie W., Hellman M. E., New directions in cryptography. 1976. Vol. 22, No 6. P. 644-654. URL: https://ee.stanford.edu/~hellman/publications/24.pdf
6. Rivest R. L., Shamir A., Adleman L., A method for obtaining digital signatures and public-key cryptosystems, 1985. URL: https:// people.csail.mit.edu/rivest/Rsapaper.pdf
7. ElGamal T. Public key cryptosystem and a signature scheme based on discrete logarithms. 1985. URL: https://caislab.kaist.ac.kr/lecture/2010/ spring/cs548/basic/B02.pdf
8. Arjen K. Lenstra, H. W. Lenstra. The development of the number field sieve. Lecture Notes in Mathematics (LNM). 1993. Vol. 1554.
9. Dan Boneh, and Victor Shoup, A Graduate Course in Applied Cryptography, 2023. URL: http://toc.cryptobook.us/book.pdf
10. Koblitz, N. Elliptic curve cryptosystems. Mathematics of computation, 1987. Vol.48, № 177. Р. 203. URL:https://doi.org/10.1090/s0025-5718-1987-0866109-5.
11. Miller, V.S. Use of elliptic curves in cryptography. Lecture notes in computer science. 2000. Vol. 218Р. 417–426. URL:https://doi.org/10.1007/3-540-39799-x_31.
12. ANSI X9.62. Public key cryptography for the financial services industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). American National Standards Institute, Washington. 1999
13. ANSI X9.63. Public key cryptography for the financial services industry: Key agreement and key transport using elliptic curve cryptography. American National Standards Institute, Washington. 2001.
14. IEEE P1363/D9(Draft Version 9). Standard Specifications for Public Key Cryptography, 1999
15. Digital Signature Standard (DSS). National Institute of Standards and Technology, U.S. Department of Commerce, Washington. URL:https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf.
16. ISO/IEC 15946-4. Information technology. Security techniques. Cryptographic techniques based on elliptic curves. Part 4: Digital signatures giving message recovery, Geneva.
17. ISO/IEC 15946-5. Information technology. Security techniq
18. Saho, N.J.G., Ezin, E.C. Comparative study on the performance of elliptic curve cryptography algorithms with cryptography through RSA algorithm. 2020. CARI. URL:https://hal.science/hal02926106/document?ref=panther-protocol-blog
19. Elliptic Curves for Security RFC 7748. URL: https://datatracker.ietf.org/doc/html/rfc7748 (дата звернення: 15.03.2024)
20. Edwards-Curve Digital Signature Algorithm (EdDSA) RFC 8032. URL: https://datatracker.ietf.org/doc/html/rfc8032 (дата звернення: 15.03.2024)
21. ДСТУ 4145-2002. Інформаційні технології. Криптографічний захист інформації. Цифровий підпис, що ґрунтується на еліптичних кривих. Формування та перевіряння. [Чинний від 1 липня 2003 року]. Київ, Держстандарт України.
22. ДСТУ 9041-2020. Інформаційні технології. Криптографічний захист інформації. Алгоритм шифрування коротких повідомлень, що ґрунтується на скручених еліптичних кривих Едвардса. [Чинний від 01.11.2020 року]. Київ, Держстандарт України.
23. Забенько Ю. І., Ковтанюк Ю. С. Концепція планування життєвого циклу електронних документів. Архіви України. 2013. Вип. 4. С. 5-38.
24. ДСТУ ISO/IEC 15946-5:2023 Інформаційні технології. Криптографічні методи на основі еліптичних кривих. Частина 5. Генерування еліптичних кривих (ISO/IEC 15946-5:2022, IDT). [Чинний від 25 червня 2003 року]. Київ, Держстандарт України.
25. SafeCurves: [choosing safe curves for elliptic-curve cryptography]. URL: https://safecurves.cr.yp.to/
26. Циганкова,О.В. Методи підвищення швидкодії асиметричних криптосистем з використанням еліптичних кривих у формі Едвардса: дис... канд. техн.: 28.04.2021/ Київ, 154 с.
27. Щур, Н., Покотило, О., Байлюк, Є. Криптографія на еліптичних кривих та її практичне застосування. Кібербезпека: освіта, наука, техніка. 2023. Вип. 1(21), C. 48–64. URL:https://doi.org/10.28925/2663-4023.2023.21.4864
References
1. Dychka, A. I. (2018). Modified method of multiple scalar multiplication of elliptic curve points in finite fields: master's thesis [Modyfikovanyj metod bahatokratnoho skaliarnoho mnozhennia tochok eliptychnoi kryvoi u skinchennykh poliakh]. Master's thesis URL: https://ela.kpi.ua/bitstream/123456789/23653/1/Dychka_magistr.pdf [in Ukrainian].
2. Horbenko, Yu. & Horbenko, I. (2010). Infrastruktury vidkrytykh kliuchiv. Elektronnyj tsyfrovyj pidpys. Teoriia ta praktyka : monohrafiia [Public key infrastructures. Electronic digital signature. Theory and practice]. Kharkiv: Fort [in Ukrainian].
3. N.Koblitz. (1987) Elliptic Curve Cryptosystems // Mathematics of Computation. Vol. 48, № 177. Р. 203-209.
4. Blake, I. F., Smart, N. P., Seroussi, G.(2009) Advances in elliptic curve cryptography. Cambridge University.
5. Diffie W., Hellman M. E.. (1976) New directions in cryptography. URL: https://ee.stanford.edu/~hellman/publications/24.pdf
6. Rivest R. L., Shamir A., Adleman L..(1985) A method for obtaining digital signatures and public-key cryptosystems. URL: https:// people.csail.mit.edu/rivest/Rsapaper.pdf
7. ElGamal T.. (1985) Public key cryptosystem and a signature scheme based on discrete logarithms. URL: https://caislab.kaist.ac.kr/lecture/2010/ spring/cs548/basic/B02.pdf
8. Arjen K., Lenstra H.. (1993) The development of the number field sieve. Lecture Notes in Mathematics (LNM), Vol. 1554.
9. Boneh D., Shoup V./ (2023) A Graduate Course in Applied Cryptography. URL: http://toc.cryptobook.us/book.pdf
10. Koblitz, N.. (1987) Elliptic curve cryptosystems. Mathematics of computation, Vol.48, № 177. Р. 203. URL:https://doi.org/10.1090/s0025-5718-1987-0866109-5.
11. Miller V.S. (2020) Use of elliptic curves in cryptography. Lecture notes in computer science, Р. 417–426. URL:https://doi.org/10.1007/3-540-39799-x_31.
12. ANSI X9.62. Public key cryptography for the financial services industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). American National Standards Institute, Washington. 1999
13. ANSI X9.63. Public key cryptography for the financial services industry: Key agreement and key transport using elliptic curve cryptography. American National Standards Institute, Washington. 2001.
14. IEEE P1363/D9(Draft Version 9). Standard Specifications for Public Key Cryptography, 1999
15. Digital Signature Standard (DSS). National Institute of Standards and Technology, U.S. Department of Commerce, Washington. URL:https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf.
16. ISO/IEC 15946-4. Information technology. Security techniques. Cryptographic techniques based on elliptic curves. Part 4: Digital signatures giving message recovery, Geneva.
17. ISO/IEC 15946-5. Information technology. Security techniq
18. Saho, N.J.G., Ezin, E.C.. (2020) Comparative study on the performance of elliptic curve cryptography algorithms with cryptography through RSA algorithm. CARI. URL:https://hal.science/hal02926106/document?ref=panther-protocol-blog
19. Elliptic Curves for Security RFC 7748. URL: https://datatracker.ietf.org/doc/html/rfc7748
20. Edwards-Curve Digital Signature Algorithm (EdDSA) RFC 8032. URL: https://datatracker.ietf.org/doc/html/rfc8032
21. Informatsijni tekhnolohii. Kryptohrafichnyj zakhyst informatsii. Tsyfrovyj pidpys, scho gruntuiet'sia na eliptychnykh kryvykh. Formuvannia ta pereviriannia [Information Technology. Cryptographic protection of information. Digital signature based on elliptic curves. Formation and verification] (2003). DSTU 4145-2002 from July 1, 2003. Kyiv: State Standard of Ukraine [in Ukrainian].
22. Informatsijni tekhnolohii. Kryptohrafichnyj zakhyst informatsii. Alhorytm shyfruvannia korotkykh povidomlen', scho gruntuiet'sia na skruchenykh eliptychnykh kryvykh Edvardsa [Information Technology. Cryptographic protection of information. Short Message Encryption Algorithm Based on Twisted Edwards Elliptic Curves] (2020). DSTU 9041-2020 from November 1, 2020. Kyiv: Derzhstandart Ukrainy [in Ukrainian].
23. Zaben'ko, Yu. I. & Kovtaniuk, Yu. S. (2013). Kontseptsiia planuvannia zhyttievoho tsyklu elektronnykh dokumentiv [The concept of planning the life cycle of electronic documents]. Arkhivy Ukrainy Archives of Ukraine, 4, 5-38 [in Ukrainian].
24. Informatsijni tekhnolohii. Kryptohrafichni metody na osnovi eliptychnykh kryvykh. Chastyna 5. Heneruvannia eliptychnykh kryvykh [Information technologies. Cryptographic methods based on elliptic curves. Part 5: Generation of elliptic curves] (2023). DSTU ISO/IEC 15946-5:2023 from June 25, 2003. Kyiv: Derzhstandart Ukrainy [in Ukrainian].
25. SafeCurves: [choosing safe curves for elliptic-curve cryptography]. URL: https://safecurves.cr.yp.to/
26. Tsyhankova,O.V. (2021). Metody pidvyschennia shvydkodii asymetrychnykh kryptosystem z vykorystanniam eliptychnykh kryvykh u formi Edvardsa [Methods of increasing the speed of asymmetric cryptosystems using elliptic curves in the form of Edwards]. Candidate’s thesis. Kyiv [in Ukrainian].
27. Schur, N., Pokotylo, O. & Bajliuk, Ye. (2023). Kryptohrafiia na eliptychnykh kryvykh ta ii praktychne zastosuvannia [Elliptic curve cryptography and its practical application.]. Kiberbezpeka: osvita, nauka, tekhnika Cyber security: education, science, technology, 1(21), 48–64. URL:https://doi.org/10.28925/2663-4023.2023.21.4864 [in Ukrainian].
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Oleksandr Ulichev, Kostyantyn Zadorozhny
This work is licensed under a Creative Commons Attribution 4.0 International License.
