comparative study of asymmetric key cryptographic...

Comparative Study of Asymmetric Key Cryptographic Algorithms

Prashant Kumar Arya Research Scholar, Department of

Computer Science, Faculty Of Technology, Grukula Kangri

Vishwavidyalaya, Haridwar, India [email protected]

Dr Mahendra Singh Aswal Assistant Professor, Department of

Computer Science,Faculty of Technology, Grukula Kangri

Vishwavidyalaya, Haridwar, India [email protected]

Dr Vinod Kumar Professor, Department of Computer

Science, Faculty of Technology, Grukula Kangri Vishwavidyalaya,

Haridwar, India [email protected]

Abstract

Cryptography is one of the main constituents of computer security. Public cryptography is the art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decrypt the message into plain text. This paper reviews five commonly used asymmetric key cryptography algorithms namely RSA, Diffie–Hellman, ElGamal, DSA and ECC and present their comparative study.

Keywords : Public, assymetric, encryption, security.

1. Introduction

Today security is the challenging aspect in internet and

network application. Cryptography is the study of

mathematical techniques related to various aspects of

information security, such as confidentiality or privacy,

data integrity and entity authentication. It is not the

only means of providing information security, but rather

one set of techniques. Cryptography systems can be

broadly classified into two categories symmetric-key

systems that use a single key used by both sender and

recipient , and public-key systems that use two keys, a

public key known to everyone and a private key that

only the recipient of messages uses. Symmetric /

Private Key algorithms are a class of algorithms for

cryptography that use the same cryptographic keys for

both encryption of plaintext and decryption of cipher

text. The keys may be identical or there may be a

simple transformation to go between the two keys. The

keys, in practice, represent a shared secret between two

or more parties that can be used to maintain a private

information link.

Public-key cryptography, also known as asymmetric

cryptography, refers to a cryptographic algorithm which

requires two separate keys, one of which is secret (or

private) and other one is public. Although different, the

two parts of this key pair are mathematically linked.

The public key is used to encrypt plain text or to verify

a digital signature. whereas the private key is used to

decrypt cipher text or to create a digital signature. The

term "asymmetric" stems from the use of different keys

to perform these opposite functions each being the

inverse of the other – as contrasted with conventional

("symmetric") cryptography which relies on the same

key to perform both. The present paper discusses

various aspects of public-key encryption techniques

with their relative merits and demerits. The description

of various categories of public-key cryptography

techniques is presented in Section 2. Section 3 presents

the comparative study of these algorithms based on

different security aspects. Section 4 concludes the

paper.

2. Public-Key Cryptography

The requirement that both parties have access to the

secret key is one of the main drawbacks of symmetric

key encryption, in comparison to public-key encryption.

There exist many symmetric key encryption algorithms.

Several hundreds of these are proposed over the years

and even though a lot were found not to be secure, there

exist many cryptographically strong ones. The situation

is quite different for asymmetric algorithms. There are

only three major families of public key algorithms

which are of practical relevance. They can be classified

based on their underlying computational problem.

Integer factorization schemes are based on the fact that

it is difficult to factor large integers. The most

prominent representative of this algorithms family is

RSA.

Discrete Logarithm Schemes are based on what is

known as the discrete logarithm problem in finite fields.

The most prominent examples include the Diffie-

Hellman key exchange, Elgamal encryption or the

digital signature algorithm.(DSA).

A generalization of the discrete logarithms algorithms

are elliptic curve (EC) public-key schemes. The most

popular examples include Elliptical Curve Diffie-

Hellman key exchange (ECDH) and Elliptical Curve

Digital Signature Algorithm(ECDSA). There are no

known attacks against any of the schemes if the

parameters, especially the operand and key lengths are

ISSN:2249-5789Prashant Kumar Arya et al , International Journal of Computer Science & Communication Networks,Vol 5(1),17-21

17

chosen carefully. It is important to note that each of the

three families can be used to provide the main public-

key mechanisms of key establishment, nonrepudiation

through digital signatures and encryption data.

2.1 RSA Algorithm

RSA is a cryptosystem, which is known as one of the

first practicable public-key cryptosystems and is widely

used for secure data transmission. In such a

cryptosystem, the encryption key is public and differs

from the decryption key which is kept secret. In RSA,

this asymmetry is based on the practical difficulty of

factoring the product of two large prime numbers, ie on

the factoring problem. RSA stands for Ron Rivest, Adi

Shamir and Leonard Adleman, who first publicly

described the algorithm in 1977[1].

2.1.1. RSA Key generation encryption and

Decryption

RSA involves a public key and a private key. The public

key can be known by everyone and is used for

encrypting messages. Messages encrypted with the

public key can only be decrypted in a reasonable

amount of time using the private key. The keys for the

RSA algorithm are generated in the following way

1. Choose two distinct prime numbers p and q.

2. Compute n = p*q.

3. Select the public key ( i.e. the encryption key)

e such that it is not factor of (p-1) and (q-1)

4. Select the public key ( i.e. the decryption key)

d such that the following equation is true.

(d*e) mod (p-1)*(q-1)=1.

5. For encryption calculate the cipher text CT

from the plane text PT as follows

CT=PT e mod n

6. Send CT as the cipher text to the receiver.

7. For decryption, calculate the plane text PT

from the cipher text CT as follows.

CT d mod n

2.2 Diffie–Hellman Algorithm

The Diffie–Hellman key exchange scheme was first

published by Whitfield Diffie and Martin Hellman in

[1976]. Diffie–Hellman key exchange is a specific

method of exchanging cryptographic keys. This method

allows two parties that have no prior knowledge of each

other to jointly establish a shared secret key over an

insecure communications channel. This key can then be

used to encrypt subsequent communications using a

symmetric key cipher. The algorithm is itself limited to

the exchange of keys. The Diffie–Hellman key

exchange algorithm depends for its effectiveness on the

difficulty of computing discrete logarithms [3].

2.2.1 Key exchange Algorithm

Let us assume the A and B want to agree upon a key to

be used for encryption / decrypting messages that would

be exchanged between them . The Diffie-Hellman key

exchange algorithm works as follows [2].

1. Firstly, A and B agree on two large prime

numbers n and g. These two integers need not

be kept secret. A and B can use an insecure

channel to agree on them .

2. A chooses another large random number x and

calculates c such that

c=g x mod n

3. A sends the number c to B

4. B independently chooses another large random

integer y and calculate d such that

d=g y mod n

5. B sends number d to A

6. A now compute the secreate key K1 as follows

K1= d x mod n

7. B now computes the secret key K2 as follows.

K2=c y

mod n

2.3 Digital Signature Algorithm

The Digital Signature Algorithm (DSA) is a Federal

Information Processing Standard for digital signatures.

It was proposed by the National Institute of Standards

and Technology (NIST) in August 1991 for use in their

Digital Signature Standard (DSS) and adopted as FIPS

186 in 1993.

A digital signature algorithm (DSA) typically consists

of three algorithms: A key generation algorithm that

selects a private key uniformly at random from a set of

possible private keys. The algorithm outputs the private

key and a corresponding public key a signing algorithm

that, given a massage and a private key, produces a

signature. A signature verifying algorithm that, gives a

massage, public key and a signature, either accept or

reject the massages clame to authenticity [7].


18

2.3.1 Key generation

1. Select a prime q of 160 bits

2. Choose 0≤t≤8, select 2511+64t

<p<2512+64t

with

q/p-1

3. Select g in Zp and a=g(p-1)/q

mod p.α≠ 1

4. Select 1≤ a ≤ q-1, compute y= α b mod p.

5. Public key (p,q, α ,y) private key a

2.3.2 Signing

Select a random integer k, 0<k< q.

Compute r= (α k mod p) mod q.

Compute k-1

mod q.

compute s=k-1

*(h(m)+ar) mod q.

Signature=(r,s).

2.3.3. Verification :

1. Verify 0<r<q and 0<s<q, if not, invalid.

2. Compute w=s-1

mod q and h(m).

3. Compute u1=w*h(m) mod q. u2=r*w mod q.

4. Compute v=(α u1

yu2

mod p)mod q.

5. Valid if v=r.

2.4 ElGamal Algorithm

In cryptography, the ElGamal encryption system is an

asymmetric key encryption algorithm for public-key

cryptography which is based on the Diffie–Hellman key

exchange. It was described by Taher Elgamal in 1984.

ElGamal encryption is used in the free GNU Privacy

Guard software, recent versions of PGP, and other

cryptosystems. The Digital Signature Algorithm is a

variant of the ElGamal signature scheme, which should

not be confused with ElGamal encryption. ElGamal

encryption can be defined over any cyclic group G Its

security depends upon the difficulty of a certain

problem in G related to computing discrete logarithms

The ElGamal is a public key algorithm, which can be

used for both digital signature as well as encryption. Its

security is based on the difficulty of computing discrete

logarithms in a finite field.

ElGamal encryption consists of three components: the

key generator, the encryption algorithm, and the

decryption algorithm [2].

2.4.1 ElGamal Key generation

The key generator works as follows:

1. A generates an efficient description of a

multiplicative cyclic group G of q order with

generator g. A a discussion on the required

properties of this group is given below.

2. A chooses a random x from {1............(q-1)}

3. A computes h=gx

4. A publishes h along with the description of

G,q,g as her public key. Alice retains x as her

private key which must be kept secret.

2.4.2 ElGamal Key Encryption

The encryption algorithm works as follows: to encrypt a

message m to A under her public key ,(G,q,g.h).

1. B chooses a random y from {1.........,(q-1)}

then calculates c1 =gy

2. B calculates the shared secret s=hy

3. B converts his secret message m into m' an

element of G

4. B calculates . c2=m'.s

5. B sends the ciphertext (c1, c2 )= (gy ,m'.h

y) =(

gy ,m'.(g

x )

y)

to A.

Note that one can easily find hy if one knows m'.

Therefore, a new y is generated for every message to

improve security. For this reason, y is also called an

ephemeral key.

2.4.3 ElGamal Decryption

The decryption algorithm works as follows: to decrypt a

ciphertext (c1,c2 ) with her private key x,

1. A calculates the shared secret s=c1x

2. A then computes m'=c2.s-1

is converted back

into the plaintext message m , where s-1

is

inverse of s in the group . (E.g. modular

multiplicative inverse if G is a subgroups of a

multiplicative group of integers modulo n).

The decryption algorithm produces the intended

message, since

c2.s-1

=m'.hy.(g

xy)

-1=m'.g

xy .g-

xy =m'

2.5 Elliptic Curve Cryptography Algorithm

Elliptic curve cryptography (ECC) is an approach to

public-key cryptography based on the algebraic

structure of elliptic curves over finite fields. The use of

elliptic curves in cryptography was suggested

independently by Neal Koblitz and Victor S. Miller in

1985. Elliptic curve cryptography algorithms entered

wide use in 2004 to 2005. The algorithm was approved

by NIST in 2006. Let E be an elliptic curve over finite

field Fp . Let p be a point on E(Fp ) and suppose that P


19

has prime order n. then the cyclic subgroup E(Fp )

generated P is <P>={ ∞,P, 2P, 3P, 4P...........(n-1)P}.The

prime P , the equation of the Elliptic curve E, and the

point P and its order n are the public domain parameter.

A private key is an integer d that is selected uniformly

at random from the range [1,(n-1)] and the

corresponding public key is Q=d*P [4], [5].

2.5.1 Key pair generation

Input Elliptic curve domain parameter (p,E,P,n)

Output Public key Q and private key d.

1. Select d =R[1,(n-1)]

2. Compute Q=d*P.

3.Return (Q,d)

The first task is to encode the plane text message m to

be sent as an x-y point Pm. It is the point Pm that will be

encrypted as cipher text and subsequently decrypted. To

encrypt and send a message Pm to B, A Chosses a

random positive intger k and produces the the cipher

text Cm ={K*P, Pm + k*Q}, where Q is B's public key.

The sender transmits the point C1=k*P and

C2=Pm+K*q to the recipent. To decrypt the cipher text,

B multiplies by the first point in the pair by B's secret

key and subtract the result from the second point as

Pm+k*q-d(k*P)=Pm+k(d*P)-d(kP)=Pm..

2.5.2 Elliptic Curve Encryption

Input : Elliptic curve domain parameter (p,E,P,n),

public key Q, plane text m

Output : Cipher text Cm

1. Represent the plane text m as a point

Pm in E (Fp).

2. Select k [1,(n-1)].

3. Compute C1=k*p

4. Compute C2=Pm+K*q.

5. Return (C1,C2).

2.5.3 Elliptical Curve Decryption

Input : Elliptic curve domain parameter (p,E,P,n),

private key d, Cipher text Cp.

Output : Plane Text m.

1. Compute Pm =C2-d*C1

2. Compute ( Pm ).

3. Comparative Study

All three of the established public-key algorithms

families are based on number theoretic functions. One

of their distinguishing feature is that they require

arithmetic with very long operands and keys. Not

surprisingly, the longer the operand and keys, the more

secure the algorithm become. In order to compare

different algorithms, one often considers the security

level. An algorithms is said to have a “secure level of n

bit ” if the best known attack requires 2n

steps. This is a

quite natural definition because symmetric algorithms

with a security level of n have a key of length of n bit.

Table 1 show recommended bit length for public key

algorithms for the four security levels 80, 128, 192, and

256 bit. We see from the table the RSA-like schemes

and discrete logarithms schemes require very long

operands and keys. The key length of elliptical key

schemes is significantly smaller, and hence require less

computing power. The advantages and disadvantages

of each algorithm are also pointed out in the table

1.[6], [7], [8]

4. Conclusion

The paper reviews asymmetric key algorithms RSA ,

DSA, ECC, Diffie-Hellman and ElGamal. RSA is the

most widely used public key technology today but the

use of more simpler connected devices and demand for

higher level of security will make continued reliance

on RSA more challenging over time. These trends

highlight a clear need for an efficient public key

cryptosystem that can lower the capacity threshold for

small devices to perform strong cryptography and

increase a server's capacity to handle the secure

communication. The RSA keys will need to grow to

2048 bits. ECC is an efficient alternative of RSA as a

mean of improving SSL performance without restoring

to expensive special purpose hardware. Compared to its

traditional counterparts, ECC offers the same level of

security using much smaller keys .This results in faster

computations and saving in memory power and band

width that are especially important in constrained

environment, e.g. mobile phones, PDA's and smart

cards. ECC offers equal security for a far smaller key

size, thereby reducing processing overhead[8].

It looks though public-key schemes can provide all

functions required by modern security protocols., but


20

the major drawback in practice is that encryption of

data is extremely slow- with public key algorithms.

Many block and stream ciphers can encrypt about one

hundred to one thousand times faster than public key

algorithms. Thus somewhat ironically, public key

cryptography is rarely used for actual encryption of

data. On the other hand, symmetric algorithms are poor

at providing non-repudiation and key establishment

functionality. In order to use the best of both worlds,

most practical protocols are hybrid protocols which

incorporate both symmetric and public key algorithms.

example include the SSL/TLS protocols that is

commonly used for secure web connection, or IPsec,

the security part of the Internet communication

protocol.

5. References

[1] William Stalling, “Cryptography and Network Security

Principal and Practice”, Third Edition, Pearson 2006.

[2] Atul Kahate, “Cryptography and Network Security”, Tata

McGraw Hill Education Private Limited, Seventh Edition

2009.

[3] Himanshu Gupta, Dr Vinod Kumar Sharma, “ Multiphase

Encryption: A New Concept in Modern Cryptography”,

International Conference on Intelligent Network and

Computing(ICINC 2010), pp V2-475-V2-478.

[4] Vivak Kapoor, Vivak Sonny Abraham, Ramesh Singh,

“Elliptic Curve Cryptography”, ACM Ubiquity Volume 9,

Issuse 20, May 2008 .

[5] P. K. Shau, Dr. R. K. Chhotray, Dr. Gunamani Jena, Dr. S

Pattnaik, “An Implementation of Elliptic Curve

Cryptography”, International Journal of Engineering Research

and Technology(IJERT) ISNN: 2278-0181, Vol 2 Issue 1,

January 2013.

[6] Swadeep Singh, Anupriya Garg, Anshul Sachdeva,

“Comparision of Cryptograpic Algorithms ECC and RSA”,

International Journal of Computer Science and

Communication Engineering (IJCSC), Special issue on

“Recent Advances in Engineering & Technology” NCRAET-

2013, ISSN 2319-7080.

[7] S Nithya, Dr E. George, Pankaj Raj, “Survey on

Asymmetric key Cryptography Algorithms”, Journal of

Advanced Computing Technologies (ISSN: 2347-2804)

Volume NO. 2 Issue No. 1, Febuary 2014.

[8] Christof Paar, Jan Pelzl, Understanding Cryptography,

Sprigner, ISBN 978-3-642-04100-6, 2010, page no. 170-172.

Algorithm

Family

Crypto

system

Security Level( in bit) Advantage Disadvantage

80 128 192 256

Integer

factorization

RSA 1024 307

2

7680 15360 Only intended user can read

the message using their private

key.

Many secret key encryption

methods that is significantly

faster than any current

available public-key

encryption.

Discrete logarithm DH 1024 307

2

7680 15360 The shared key (i.e the secret)

is never itself transmitted over

the channel.

Lack of authentication.

Discrete logarithm DSA 1024 307

2

7680 15360 It is used for authentication and

integrity.

The security of private key

depends entirely on the security

of the computer.

Discrete logarithm ElGamal 1024 307

2

7680 15360 The same planetext gives a

different ciphertext(with near

certainly ) each time it is

encrypted.

The need for randomness and

slower speed and has long

ciphertext.

Elliptic Curves ECC 160 256 384 512 Short key is faster and requires

less computing power.

It is more expensive and it

shortens the life time of

batteries.

Table 1


21

comparative study of asymmetric key cryptographic...

Documents