An Enhanced Elliptic Curve Cryptography for Biometric

Download 97.35 Kb.
Size97.35 Kb.
An Enhanced Elliptic Curve Cryptography for Biometric

Ohood S. Althobaiti1, Prof.Dr. Hatim A. Aboalsamh 2

Computer Science Department, King Saud University
Riyadh, Saudi Arabia


Abstract— Cryptography is one of the important sciences in the current era. The importance of cryptography comes from the intensive digital transactions which we daily perform on the internet and other communication channels. In this paper, we will discuss the relationship between cryptography and mathematics in the context of Elliptic Curve (EC). ECs are mathematical NP-hard problems, which are proofed to be intractable in term of complexity. Cryptography has efficiently utilized the strength EC in developing several cryptosystems such as key agreement protocols, digital signatures and others. Elliptic Curve Cryptography (ECC) usage with smaller key to give high security and high speed in a low bandwidth. ECC is considered as the best method for upcoming applications. This paper presents the idea of biometric signature - a new method to combine biometrics with public key infrastructure (PKI), the security can be increased using the ECC in biometric signature creation, because the private and public keys are produced without saving and sending any secret information anywhere.
Keywords— Elliptic Curve (EC), Elliptic Curve Cryptography (ECC), Security, cryptographic algorithms, Public Key Cryptography, Biometrics.


Cryptography is the fundamental component for any computer security application used to provide cryptographic services for secure communication over public and unsecured channels. Cryptography focuses on issues of securing messages so that only the relevant parties can read the message [1]. The main purpose of cryptography is to encode the data (plaintext) to unreadable form (ciphertext) and vice versa. Transforming a message to an incomprehensive form is accomplished by a process known as encryption. In contrast, transforming an encrypted message to its original form is accomplished by a process known as decryption.

The use of cryptography was important through the centuries, in which cryptographic applications were used for civilian usage (companies, individuals, etc.), or even were used in military operations as in World War I (e.g. cipher wheels or marks on papers) and World War II (e.g. Purple machine and Enigma) [2][3]. Cryptography is generally designed to provide confidentiality, authentication, integrity and accessibility services [2]. Confidentiality service is used to ensure that messages are accessible only to authorized recipients. Authentication is normally used to authenticate the identity of the connected parties. Preventing eavesdroppers from changing the content of the messages sent from source to destination is basically a service provided by the integrity service. Lastly, accessibility is designed to only allow authorized parties to use the available information resources.

In modern times, cryptographic systems (cryptosystems) have been used extensively in our daily communications to provide us with high level of security. In practice, cryptography is applied in numerous applications such as: internet communication, wireless communication (mobile phones) and banking transactions [4]. The development of the cryptographic tools and systems has played an important role in re-shaping the communication style in a significant manner. Fig. 1 sheds light on the main components of a conventional cryptosystem model to understand the environment that cryptographers are dealing with its.

Almost all the products and standards that benefit from public-key cryptography apply the Rivest, Shamir, and Adleman (RSA) public-key encryption algorithm. The length of bit for safe RSA use has grown through latest years, and this has set an extreme processing load on applications that are applying RSA. This load has results, mainly for e-commerce sites that perform great numbers of safe transactions. Lately, a rival system has started to challenge RSA: Elliptic Curve Cryptography (ECC) [5].

In this paper, we are interested to study the usage of Elliptic Curves in cryptography. The study will show why Elliptic Curves are important in the field of Cryptography. In addition, we will explore several cryptographic primitives, which are based on Elliptic Curves. Furthermore, we propose a new method applying biometric signatures, founded on the ECC. The electronic transaction security can be increased using the ECC in biometric signature creation, because the private and public keys are produced without saving and sending any secret information anywhere. The remainder of this paper will be organized as follows. In section II, we first provide a brief overview on the Cryptography and study of the principles of public key cryptography. In section III, we will discuss the mathematics behind NP-hard Problem. In section IV, we will discuss the Elliptic Curve Discrete Logarithm Problem (ECDLP). In section V, we present the advantages of ECC over RSA. The applications of Elliptic Curves in cryptography are described in section VI. The proposed model will be presented in section VII .There will be a review of recent ECC applications on the market in section VIII. The findings and discussions will be presented in section IX. Finally, concluding remarks are given in section X.





Secure Channel








Fig. 1 Model of conventional cryptosystem [6].

Cryptography has been in usage for centuries now, and the first ciphers were used substitution, and messages were encoded and decoded by hand. However, these schemes fulfilled just the essential requirement of confidentiality. In more recent times, with the discovery of processing machines, more robust algorithms were needed, as the simple ciphers were easy to decode by these machines. Secure data communication became a necessary in the 20th century and a lot of research was done in this area by government agencies, during and following the world-wars. The most well-known machine of this time, Enigma was an electro-mechanical device which was exploited by the German Army [2].

Symmetric Algorithms

The symmetric algorithms assumed that both communicating parties shared secret information, which was unique to them, similar to the older One Time Pads. Using this secret information, also called a key, the sender encrypted the message, and the recipient was able to decrypt. Imagine Alice needs to transmit a message m to Bob, and suppose that Alice and Bob have previously shared a key k. Alice encrypts m by the secret key k to obtain the cipher text.

C1(k,m) = E2k(m). (1)
Bob decrypts this message using his copy of the secret key k, and obtains the original message m.
D3k (C(k,m)) = Dk(Ek(m)) = m. (2)
Symmetric key encryption algorithm (secret key algorithm) though easy and simple to implement, has observable shortcomings [2], some of which are recorded here:
The communicating parties must agree upon a secret key.

The need for a new key for every correspondence.

Origin or receipt Authenticity cannot be confirmed since the key is shared.

The symmetric keys management becomes difficult.

Public Key cryptography

The Public Key cryptography (PKC) concept was first pioneered by Diffie and Hellman in 1976, in their influential article, New Directions in Cryptography. This article also tackled the key exchange issue, founded on the intractability of the discrete logarithm problem. In a public key cryptography, each party has a pair of keys, one distributed in public, known as the public key, and the other is saved in a secure place, known as a private key (secret key). Public key cryptography depends on the trapdoor function, that makes decryption achievable provided the knowledge of the secret key corresponding to the public key. Bearing in mind a case like the one explained within the symmetric keys case, whereby Alice needs to send a message m to Bob. The following steps will achieve the task:

1)Alice passes Bob’s public key B4 and the message m to a suitable encryption algorithm to form the encoded message.

C(∑B,m) = E∑B (m). (3)

2) The encrypted message was sent by Alice to Bob.

3) Bob decrypts the encoded message received by him, via his private key ΔB 5 and the suitable decryption algorithm.

DΔB (C(∑B ,m) ) = DΔB (E∑B (m)) = m. (4)

Bob ensures that the data he received is not tampered with or leaked, as only his private key can decrypt the data. Likewise, Bob can transmit data to Alice using her public key A. The PKC scheme also fulfills the Non-Repudiation and Authenticity by utilizing inventive approaches such as Digital Signatures [7]. The PKC system is shown in Fig. 2.

Fig. 2 PKC encryption.


NP-hard problems are complex mathematical problems with no algorithm to solve them in polynomial time is exist. NP-hard problems are well known in the field of cryptography since they proved to provide cryptosystems with high security. The use of NP-hard problems was efficient in different symmetric key cryptosystems, key exchange protocols, digital signature algorithms, and many others.

There are two distinguish classes of algorithms. The first class is the polynomial time algorithms class which includes algorithms with time complexity function expressed in terms of a polynomial. The second class includes algorithms with time complexity function not bounded by complexity for some k, and we refer to it by exponential algorithms class [10]. From the other perspective, one can also classify problems based on how difficult they are to be solved. The problems are classified as P, NP, NP-complete and NP-hard problems [10]. In this section we focus on NP-hard problems due to its importance in this paper.

Definition (NP-Hard): For a given problem A, the problem A is NP-hard problem if a polynomial-time algorithm for solving A would imply a polynomial-time algorithm to solve any other NP-problem.

If there is a polynomial time solution to any NP-hard problem, then because of polynomial time translatability for all other NP-problems, there must be a polynomial time solution to all NP-problems. Therefore, no one knows a polynomial time solution to any NP-hard problem; the best known solutions are exponentially explosive. Hence, NP-hard problems are generally referred to as computationally intractable.


Over recent years, RSA was the primary cryptosystem for performing asymmetric encryption processes and generating digital signatures. The key length requirement of RSA was one of the obstacles that enabled Elliptic Curve Cryptography (ECC) to break the domination of RSA on asymmetric key cryptosystems. In other words, what makes ECC attractive compared to RSA is that it appears to offer equal security for a smaller key size, thereby minimizing the processing overhead [8][9].

The security of ECC is primarily based on the hardness provided by the Elliptic Curve Discrete Logarithm Problem (ECDLP). The first introduction of ECDLP started in 1985 by Koblitz [15] and Vector Miller [16] independently. The new proposed cryptosystem was known as Elliptic Curve Cryptosystem, whose security depends on ECDLP over the points on Elliptic curves. The ECDLP is defined as follows:

Definition (ECDLP): Given the points P and Q on elliptic curve E defined over a finite field with q (large prime number) elements Fq, find the integer k such that Q = kP.

Multiplying P by an integer k means that we add the point to itself k times. An example of point multiplication is shown in Fig. 3, which describes the multiplication of integer k = 2 by the point P = (2, 2.65) in a process also known as point doubling. The result of doubling the point P is a new point R = 2P on the same curve.

Fig. 3 The geometry of point doubling on Elliptic Curve.
There are several cryptographic applications that have used ECDLP in their implementation. One important example is the announcement by the National Security Agency (NSA) regarding Suite B at the RSA conference in 2005 [11], which exclusively uses ECC for digital signature and key exchange schemes. Other cryptographic schemes relying on ECDLP in their design are: the Elliptic Curve Diffie-Hellman key agreement (ECDH) protocol, the Elliptic Curve Digital Signature Algorithm (ECDSA), and Elliptic Curve Menezes-Qu-Vanstone (ECMQV) authentication protocol for key agreement. Intensive research and applications show that the elliptic curve cryptography has a promising future due to the provided high level of security with smaller key size, resulting in higher performance in some cryptographic primitives.
Advantages over RSA

  1. Security

The major benefit ECC has over RSA is that the essential operation in ECC is point addition that is known to be computationally very costly. This is one of the motives why it is not likely that a sub-exponential attack on ECC will be found out in the near future, although ECC has a few attacks on a few specific curve classes. These curves can be easily evaded. Conversely, RSA already has a known sub-exponential attack that operates generally. Consequently, to maintain the same security degree, considering increasing computing power, the bits number needed in the RSA generated key pair will increase much faster than in the ECC generated key pair [2], as seen in Table 1.

Comparison between strength of RSA and ECC [2].

Time to break

(in MIPS- years)

RSA key – size

(in bits)

ECC key – size

(in bits)
















From Fig. 4, we see that to accomplish acceptable security, RSA should use 1024-bit moduli, while a 160-bit modulus should be enough for ECC. Furthermore, the security gap between the systems enlarges dramatically as the moduli sizes increases. Such as, 300-bit ECC is dramatically more secure than 2048-bit RSA.

Fig. 4 Security Levels Comparison [12].
Most attacks on ECC are founded on attacks on analogous discrete logarithm problems, but these work out to be much slower because of the additional complexity of point addition. Moreover, methods to evade each of the attacks have already been designed [13].

  1. Space Requirements

Because of increasing computation needed for higher bit encryption, more transistors are needed onboard the smart card to achieve the operation. This causes a growth in the area employed for processor. By ECC, the transistors number can be cut back on since the numbers involved are much smaller than an RSA with as similar-level security. Furthermore, the bandwidth requirements for RSA and ECC is the same when the messages to be signed are long, but ECC is faster when the messages are short [2]. This is more pertinent, because PKC is employed to send generally short messages, such as session ids.

  1. Efficiency

Both methods can be made faster – in RSA system, by utilizing smaller public exponent, although this holds a larger security risk and in ECC, some results of the calculation can be stored in advance. Certicom, a Canadian company, has been analyzing and upgrading the ECC system since the early ’80s. Some of their results of fast implementations of ECC compared to RSA system are presented in Table 2 [2].
Table 2

Comparison of RSA and ECC


ECC 163 – bit

(in ms)

RSA 1024 – bit

(in ms)

Key Generation












In this section we will explore some of the well-known algorithms which rely on elliptic curves in their security. The applications are vary from key-exchange, digital signatures and authentication protocols.

  1. EC Diffie-Hellman Key Agreement Protocol

The Diffie-Hellman key agreement protocol is one of the most important protocols in the field of key exchange. Say Alice and Bob want to agree on a secret key over public channel. Both of Alice and Bob will make some computation in a fixed cyclic group G with an agreed generator . These computations are based on ECDLP. The security strengths of Diffie- Hellman lie behind the fact that Diffie-Hellman is based on NP-hard problem which cannot be broken, mathematically. The general form of Diffie-Hellman protocol is described as follows:

  1. Alice chooses random, and sends to Bob.

  2. Bob chooses a random, and sends to Alice.

  3. The agreed key is for both Alice and Bob.

However, it is preferred that the order of G to be prime in order to prevent Pohlig- Hellman attack [14]. In the ECDLP-based Diffie-Hellman, both of a and b are two points, a and b are multiplied, a new point z will be generated on the curve E. Therefore, given z and , it is impossible to find a and b.

  1. EC Menezes-Qu-Vanstone Authentication Protocol

Menezes-Qu-Vanstone (MQV) is an authentication protocol for key exchange based on Diffie-Hellman scheme. MQV is designed to provide protection against active attackers. Since the first release of MQV, the protocol has been modified to work in finite group, where it is particularly known as Elliptic Cave MQV (ECMQV). One important feature in ECMQV is that the key authentication and establishment can be obtained in one calculation. The general form of ECMQV is described in the following series of steps:



  1. Alice posses a key pair (A,a) where A and a are the public key and private key of Alice, respectively.

  2. Generate a session key pair (X, x) such that x is a random integer value and X= x x p is a point in curve E.

  3. Alice sends X to Bob.

  4. Compute SA = (x + x’a) mod n.

  5. Alice has the shared key K.

1-Bob posses a key pair (B, b) where B and b are the public key and private key of Bob, respectively.

2- Generate a session key pair (Y, y) such that y is a random integer value and Y=y x p is a point in curve E.

3-Bob sends Y to Alice.

4-Compute SB=(y+ yb) mod n.

5-Bob has the shared key K.

However, ECMQV is considered secure against cryptanalysis attacks since it is based on NP-hard problem. Therefore, ECMQV protocol is considered secure protocol for key sharing.

The proposed model

Biometrics is one of the widespread exploited approaches for the question of who you are. Biometric based systems are employed in a person identification and authentication by handling her/his biometric data. A biometric identifier is formed via iris scan, fingerprint, vein patterns, hand geometry, voice patterns or DNA. Then a person’s biometric data is saved within a database. In biometric based system, persons should firstly register in the system. A procedure in which an input device gathers their biometric data and a master template is formed from this data and saved. At this point, in every identification case, the biometric data is gathered from the person and then a new template will be formed. After that this template will be compared against the master template and using a matching rate threshold the system makes a decision to allow or refuse the received identity [18].

A biometric signature is created via methods of producing a private key (secret key) from a biometric and utilizing this private key to form a digital signature [18]. Digital Signatures are designed to provide communication with important security features such as authentication and verification. The recipient can utilize the digital signature to verify the sender's identity [17]. Digital signature needs a PKI, in which each entity has a pair of public and private keys. Biometric signatures have the benefits of both biometrics and PKI, in addition to some benefits, for example, there is not a necessity to store the private key or the biometric template. This biometric template should be extremely accurate to generate the same private key always.

These days, the extensively exploited biometric approaches are iris scans and fingerprint. On the other hand, in the last years, the vein recognition development causes it become a promise alternative. As stated by a great amount of test outcomes described in literatures, it surpasses the iris scans and fingerprints in the features of high reliability and security. For instance, fingerprint is an extensively exploited approach, but the need to touch the sensor is considered unhealthy. For another instance, iris recognition is a high accuracy selection, but price of the scanner may possibly be intolerable in a number of situations. Additionally, a number of obstacle substances, for example, hairs and glasses may make the deformations in image acquisition. The vein recognition benefits are as the following.

[2]The vein image acquisition is touch-less (there is no need to contact the sensor) and the public health problem is reduced.

[3]No obstacles are included and therefore the vein recognition quality is acceptable

[4]Vein recognition is the live body identification, as hand shape and fingerprint recognition may possibly be not.

[5]Vein is hard to forge and is an internal attribute. As a result of this and the live body identification, high security of vein recognition is conserved [19].

In addition, it is confirmed that the vein recognition can be used in several applications, for example, bank ATM (Automatic Teller Machine) systems, identification of driver, surveillance, etc. Hence, the vein recognition seems to be a good choice for the Biometric signatures.

In this section, the elliptic curve digital signature algorithm (ECDSA) using biometric private keys is explained. The elliptic curve digital signature algorithm is divided into three main stages as follows:

Stage 1: Key Generation

Stage 2: Generation of Signature

Stage 3: Verification

In stage 1, we select a large prime number P and elliptic curve Ep. After that, select a base point G on Ep. Finally, Generation of secret key d as a follow: α = vein template, d= Hash (α), then d becomes a number less than n (where n is the curve order and Hash () is a cryptographic hash function) then calculate PA= d x G (where PA is a public key). The parameters EP, G and n are publicized. On the other hand, in stage 2, we choose an integer k[1, n-1], then calculate R= (XR, YR) = k x G. Finally, the signature on a given message M is stored in (r, s), where r = XR mod n and s = k -1 {h(m) + d.r} mod n.

In the final stage (stage 3), we check if r and s belongs to [1, n-1] and then calculate w=s-1mod n and h(m). After that, we calculate u1 = h(m).w mod n and u2 = r.w mod n. Next, we calculate R’= (X’R, Y’R)= u1 x G+ u2 x PA. Finally, we check if r = X’R mod n, then the signature is valid.

The main benefit of combination of ECC and biometric is that no need to save biometric templates or private keys anywhere that can solve PKI’s key management problem. The other benefit is that the ECDSA keys are smaller than RSA keys and with equal security that can enhance communication performance.

Fig. 5 The combination of biometrics and PKI.

Applications of elliptic curve Cryptography

While the ECC was presented by Koblitz and Vector Miller in 1985, there were lots of doubts about its security. After approximately a decade of deep search and analysis, ECC has produced greatly secure and efficient. Currently, a lot of manufactured goods traders have incorporated ECC in their produces. Doubt yet remains among a number of supporters of conventional cryptographic schemes, However, they are beginning to turn out to be more adopting of this modern way (ECC). RSA Inc., for instance, has expressed interest about the ECC security since its presentation. Lately, RSA has studied on effective ECC, and it has included ECC into a number of its produces. A significant thing for this promising tendency is the ECDSA incorporation in a number of governments and main research institution security standards, involving ANSI X9.63, IEEE P1363 and ISO 11770-3. An additional issue is the ECC usage by a Canadian-based Certicom Corporation. Certicom is a corporation which concentrates on security of information in all wireless networks and mobile devices. Over time, Certicom has issued many articles in ECC encouragement and additionally has implemented ECC in all its manufactured goods. Its achievement triggered a lot of corporations to gaze at the ECC advantages. At the present, ECC is turning out to be the main cryptographic system in all wireless networks and mobile devices [4].

Below is a review of recent ECC applications in the market these days.

  1. Web Security

The Secure Socket Layer (SSL) and the Transport Layer Security (TLS) which is much connected to SSL are considered the protocols, which are dominating the provision of security in the internet [20]. Nevertheless, the usage of these protocols creates a considerable performance burden on the web servers. In the website of Sun Microsystems [21], it has been shown that the usage of ECC-224 over RSA-2048, highly improved the server performance. The Sun Microsystems is famous of being one of the great promoters of ECC and active in issues like standardizing the ECC in Internet security protocols.

The experiment conducted by Vipul Gupta and et al. [22] shows that the substitution of RSA with ECC decreases the server's processing time for new SSL connections across the entire range of page size for seven times less.

The Secure Electronic Transaction (SET) is developed by Visa and MasterCard as a result of high demand of security of transactions on the internet [4]. The specification of SET allows shopping in the Internet using credit cards with high security. The Advanced Secure Electronic Payment (ASEP) protocol was developed by Byung Kwan Lee [4], which uses ECC for online transactions security. Strangio and Me [23] proposed the EC-PAY e-Cheque Payment Scheme, which utilizes the ECC primitives for the transactions of local payment that are distributed in a PKI infrastructure in a wireless environment or a mobile devices.

  1. Personal Computers

The ECC is considered as relevant for equipments with fewer resources. Nevertheless, ECC based software which is providing security on personal computers is built by some companies, aimed to mainly protect data and encrypt mails. For example, the Data Protection Platform of GuardianEdge Technologies Company supports ECC. The Encryption Software Inc. developed the Top Secret Messenger software. The messages of most famous instant messengers, such as MSN and ICQ are encrypted by this software. It is also possible to be used with email clients like Microsoft Outlook and Outlook Express for email messages encryption. This software applies private key as well as public key cryptosystems, containing a 307-bit key to implement the ECC.

  1. Hand-held and other small devices

Ubiquitous computing is often wireless, mobile and networked which engages many computational devices and systems concurrently, such as cell phones, home appliances, PDAs, and scientific and medical instruments. Such kind of devices have very restricted computational resources, therefore are ideal selections for the ECC use. M-commerce employing PDAs or mobile phones, needs very high level of security. The security of m-commerce relies on the underlying PKC functions to provide integrity, authentication, encryption and non-repudiation. PDAs are considered computationally more powerful than other mobile devices (for example pagers and cell phone). Therefore, they are considered more common alternative for implementing public key cryptosystems. In [24], various ways of ECC and PDAs implementations have been studies. The steady increase of security requirements forced to an increased key size which represents a big problem for small devices. In such circumstances, ECC for sure would be the best choice.

  1. Identification devices for example RFIDs and smart cards

RFID (Radio Frequency Identification) tags are tiny devices used for identification and tracking in many applications, e.g. tracking patients in hospitals, tracking cattles, and e-tolling in motorways. RFID has gained popularity as an emerging technology to prevent counterfeiting problems. An ECC based RFIED Authentication Protocol for secure, mutual offline authentication has been proposed by Ahmed et al. [4].

ECC is suitable for smart cards, because they have exceptionally severe constrains on processing power, parameter storage and code space. Basically, smart cards are used for signing and decryption operation wherever ECC is highly satisfactory, because it fast and needs small amount of computing power. Smart cards that utilize ECDSA have been produced by many manufacturing companies. The flexibility of smart cards let them be usable in many situations like credit and debits cards in banks, e-tickets and personal identification or registration card. Woodbury et al. [26] show the usage of ECC on smart cards without coprocessors. In their work, it has been shown that scalar multiplication on a fixed point of an EC can be done in less than two seconds on 8051 microcontroller. An authentication protocol based on ECDSA for smarts card is proposed by Chatterji and Gupta [25].

  1. Wireless networks

The secure path find in the decentralized Mobile Ad-hoc Networks must:

  • satisfy the needs of preclude of DoS attacks on data traffic.

  • be adaptive and tolerant.

  • have high speed and low power overhead.

As a general perception, the complexity and slowness of PKC let it to be considered as not suitable for ad-hoc networks. In contrast to this common opinion, ECC is implemented for a resource constrained systems such as MANETs. In [27], implementing the Antnet routing protocol, the mutual authentication between sender and receiver is performed by master key exchange via ECC. ECC based Threshold Cryptography (ECC-TC) is implemented by Ertaul et al. [4]. they proposed three efficient ECC encryption algorithms, make an advancement in the capability of utilizing these algorithms in different scenarios in a MANET. They have also proposed a new secret sharing alternative that make limitation in communication overheads for transmitting multiple secrets simultaneously.

ECC is minimizing the power consumption and cryptographically is considered very strong. Therefore, it is a low-cost PKC resolution intended for security services, like authentication and key-distribution needed for Wireless Sensor Network. In [28][29], many optimized arithmetic algorithms and hardware applications, which highly increasing the speed of ECC schemes have been presented. Also the reduction in time of processing produces a great lower power consumption of ECC schemes [4]. This makes the asymmetric cryptography idea in the field of Ubiquitous Sensor Networks (USANs), with all its usage for authentication and key-distribution, a stage nearer to reality. An algorithm based on 1's complement subtraction to present scalar multiplication is proposed by Huang et al [4]. This algorithm offers less Hamming weight and improves to high extend the computational efficiency of scalar multiplication.

An authentication technique that uses ECC along with the Time of arrival (TOA) positioning scheme is suggested by V. Vijayalakshmi et al. [30]. The technique was performed to solve the problem of insecurity in sensor networks. This performance of this technique is compared with RSA and Mean Power with Rivest-Shamir-Adelman (MPRSA). The results have shown that ECC is suitable for secure localization in sensor networks.

Mobile networks are distributed in an untrustworthy environment with open mobility, this let them to be insecure. For this reason, they are open targets to attacks. An efficient protocol using ECC is proposed by Rajeswari et al. [4], this protocol is developed to establish a secure communication between the base station and mobile nodes.

Findings and discussions

In the sections above, we have seen that ECC is faster, and uses less memory space than a rival RSA. This denotes that it is appropriate for constrained environments, particularly in smart cards, where fast operations are required. Though the industry has been extremely slow in accepting the new technique, RSA Security in a paper on their website has implicitly agreed that ECC is the way to the future. The difference in the key-sizes between RSA and ECC will grow exponentially to maintain the same relative strength as compared to the average computing power obtainable. The one thing working against ECC is that although elliptic curves have been a well-researched area, albeit an esoteric and extremely vast one 6, its cryptographic applications have been perceived only lately. This is the only advantage that RSA has over ECC. RSA has been well-researched and has been the topic of several determining theses. Actually, the cryptographic usage for elliptic curves was only found out in the process of discovering new attacks on the RSA system.


In this paper we have conducted a study on EC-based primitives in the field of cryptography. We have seen that several important cryptographic primitives have been designed based on elliptic curve discrete logarithm problem (ECDLP). ECDLP was, mathematically, proofed to be “intractable” since no algorithm can solve it in a polynomial time. From the performance perspective, EC is found efficient since it can provide higher level of security with smaller key size compared to other cryptosystems. Furthermore, we propose a new approach using biometric signatures, based on the ECC. The electronic transaction security can be increased using the ECC in biometric signature creation, because the public and private keys are produced without saving and sending any secret information anywhere. ECC is the most appropriate PKC scheme for usage in a constrained environment. Its efficiency and security make it a desirable substitute to traditional cryptosystems, such as RSA, not only in constrained environments, but as well on powerful devices.


The authors gratefully thank King Saud University for supporting this study.

  1. R. Ali, "Elliptic Curve Cryptography a new way for encryption". In Inter-national Sysmpoium on Biometrics and Security Technologies, ISBAST 2008 , pp. 1-5, 23-24 April 2008.

  2. V. Kapoor, V. Abraham and R. Singh “Elliptic Curve Cryptography”, ACM Ubiquity, Vol. 9, No. 20 , pp. 1-3 , May 20–26, 2008.

  3. J. Hoffstein, J. Pipher, and J. H. Silverman, An Introduction to Mathematical Cryptography. Springer Verlag, 2008.

  4. V. Katiyar, K. Dutta, S. Gupta," A Survey on Elliptic Curve Cryptography for Pervasive Computing Environment", International Journal of Computer Applications, INDIA,pp.41–46, 2010.

  5. M. A. Aydin and G. Z. Aydin ," A Survey Of Elliptic Curve Cryptography " , vol.6, No.2, pp.211-121. 2006.

  6. W. Stalling, Cryptography and network security: principles and practice, 3rd ed., New Jersey: Prentice Hall, 2003.

  7. Z. Peng and  J. Fang ," Comparing and Implementation of Public Key Cryptography Algorithms on Smart Card " , Computer Application and System Modeling (ICCASM) , Taiyuan , pp. 508 -510. 22-24 Oct. 2010 .

  8. M. Prabu, R. Shanmugalakshmi," A Study of Elliptic Curve Cryptography and Its Application" , ACM New York, India, pp.425-427, 2010.

  9. M. Prabu, R. Shanmugalakshmi, "A Comparative and Overview Analysis of Elliptic Curve Cryptography over Finite Fields" , IEEE , India,pp.495-499, 2009.

  10. H. Eiselt and C. Sandblom, Linear Programming and its Applications. Berlin: Springer.2007.

  11. (2008) National Security Agency. NSA Suite B Cryptography. [Online] Available :

  12. D. Jena, S.  Panigrahy, S. Jena, " A novel and efficient cryptosystem for long message encryption," Industrial and Information Systems (ICIIS) , pp. 7–9, 2009.

  13. H. Pietiläinen, “Elliptic Curve Cryptography on Smart Cards,” M.Sc., Helsinki Univ. of Technology, 2000.

  14. B. Tsaban. "Fast Generators for the Diffie-Hellman Key Agreement Protocol and Malicious Standards". Information Processing Letters , pp. 145-148,2006.

  15. N. Koblitz,. "Elliptic Curve Cryptosystems. Mathematics of Computation" , pp. 203-209. 1987.

  16. V. Miller, "Use of Elliptic Curves in Cryptography". In Proc. Advances in Cryptology - CRYPTO '85. Springer.1985.

  17. T. Chen, "A Threshold Signature Scheme Based on the Elliptic Curve Cryptosystem". Applied Mathematics and Computation , pp.1119-1134.2005.

  18. S. Mohammadi and S. Abedi, “ECC-Based Biometric Signature: A New Approach in Electronic Banking Security” International Symposium on Electronic Commerce and Security, IEEE, 2008.

  19. H. Luo, F. Yu, J. Pan, S. Chu and P. Tsai ," A Survey of Vein Recognition Techniques ", Information Technology Journal ,vol.9 , pp.1142-1149, 2010.

  20. V. Gupta, S. Gupta, S. Chang and D. Stebila, “Performance Analysis of Elliptic Curve Cryptography for SSL”, WiSe‟02, September 28, 2009.

  21. (2011) Sun Microsystems Inc., “Speeding up Secure Web Transactions Using Elliptic Curve Cryptography”, [Online] .available:

  22. V. Gupta, D. Stebila, and S.C. Shantz, “Integrating Elliptic Curve Cryptography into the Web‟s Security Infrastructure” WWW2004, May 17–22, 2004 .

  23. G. Me and M. A. Strangio, in Proc. International Conference on Information Technology and Applications (ICITA‟05), IEEE, 2005.

  24. A. Dabholkar and K. yow “Efficient Implementation of Elliptic Curve Cryptography (ECC) for Personal Digital Assistants (PDAs)” Wireless Personal Communications 29, pp. 233–246.2004.

  25. K. Chatterjee and D. Gupta, “Secure access of smart cards using Elliptic Curve Cryptosystems”, IEEE, 2009.

  26. A. Woodbury, D. Bailey and C. Paar, “Elliptic Curve Cryptography on smart cards without coprocessors”, in proc. The Fourth Smart Card Research and Advanced Applications (CARDIS 2000), September 2000.

  27. V. Vijayalakshmi and T.G. Palanivelu, “Secure Antnet Routing Algorithm for Scalable Adhoc Networks Using Elliptic Curve Cryptography” Journal of Computer Science, Vol. 3, No. 12, pp. 939-943. 2007.

  28. L. Uhsadel, A. Poschmann, and C. Paar "An Efficient General Purpose Elliptic Curve Cryptography Module for Ubiquitous Sensor Networks" 2006.

  29. L. Batina, N. Mentens, K. Sakiyama, B. Preneel, and I. Verbauwhede “Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks” L. Buttyan, V. Gligor, and D. Westhoff (Eds.): ESAS 2006, LNCS 4357, pp. 6–17, 2006.

  30. V. Vijayalakshmi, and T.G. Palanivelu, "Secure Localization Using Elliptic Curve Cryptography in Wireless Sensor Networks", IJCSNS International Journal of Computer Science and Network Security, Vol.8 No.6, pp.1-7, June 2008.

1denotes the cipher text relating to message m and key k

2 denotes the Encryption function

3 denotes the Decryption function

4x denotes the public key of party x

5T denotes the private key of party T

6”It is possible to write endlessly on elliptic curves. (This is not a threat.)”– Serge Lang.

Download 97.35 Kb.

Share with your friends:

The database is protected by copyright © 2022
send message

    Main page