Eliptic Curve Cryptography (ECC) and Curve25519

It is always important to start from the basics and in this case, the best place to start from the definitions around the domain. From the previous encryption article, you recall asymmetric encryption algorithm RSA, or Rivest-Shamir-Adleman, is an algorithm that was first developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman, it was adopted in 1978. Ever since its adoption, it has grown to be the most popular cryptosystem. The algorithm was designed to work based on a public and private key in the encryption and decryption of information that is sent over the internet. The information is encrypted using a public key while at the receiver end; a private key is needed to decrypt the information.

The algorithm, on the other hand, uses a reverse process for user authentication-a private key is used to encrypt digital signatures, then the receiver can use a public key to decrypt the digital signatures.

What is ECC

ECC (Elliptic Curve Cryptography) on the other hand is a public key cryptographic system, that adopts the elliptic curve theory in algebra in a bid to provide efficient security in the realm of digital signatures, Pseudo random generators, encryption among others. The algorithm was designed back in 1985 but its adoption has only escalated at the turn of the century. ECC has been seen as the algorithm to take the mantle from RSA – in the world of encryption and rightly so.

Public-key cryptography is based on the intractability of certain mathematical problems. Early public-key systems based their security on the assumption that it is difficult to factor a large integer composed of two or more large prime factors. For later elliptic-curve-based protocols, the base assumption is that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible: this is the "elliptic curve discrete logarithm problem" (ECDLP). The security of elliptic curve cryptography depends on the ability to compute a point multiplication, as the operation of successively adding a point along an elliptic curve to itself repeatedly, and the inability to compute the multiplicand given the original and product points (as this is one-way function). The size of the elliptic curve, measured by the total number of discrete integer pairs satisfying the curve equation, determines the difficulty of the problem.

Specifically, by^2 = x^3 + ax^2 + x, where a(b^2 - 4) not equal to 0 (and which is need to avoid singular points). The most popular curve is Secp256k1 (or Curve 25510), where b=1 and a=486662. The points on the elliptic curve along with point at infinity O form a commutative group with point addition as its operation, that is a group in which the result of applying the group operation to two group elements does not depend on the order in which they are written.

This curve, so called because all arithmetic is carried out modulo the prime p=2^255 – 19, being a Montgomery curve, over the prime field defined by the prime number p, and has become widely adopted because it allows very fast implementations of typical cryptographic functions that are also secure against some kinds of side-channel attacks.

Curve25519 is a very widely deployed elliptic curve: it is used for Diffie-Hellman key agreement in the X25519 standard, which is a mandatory algorithm in TLS 1.3, securing a huge number of HTTPS connections in web browsers worldwide. It is also used for encryption in WhatsApp, Signal, and various other systems and protocols. However, the standard textbooks on elliptic curve cryptography predate Curve25519, and there are not many good resources that explain how practical implementations of this algorithm actually work. Glancing at an implementation of X25519 (see, for example, Listing 4 on page 26, or Section 5 of the X25519 standard document) reveals mysterious sequences of arithmetic operations with few comments, explanation, or justification.

The advantage of using this curve is that for some point operations, we can use only the x-coordinate, which simplifies the computations and also saves storage.

What ECC has to offer?

To make a clear comparison of these two algorithms we will take a step wise approach while basing our arguments on key parameters.

Security

The essence of encryption is to provide better and efficient security in communication networks. Cryptographic experts usually recommend that communication systems have to offer a minimum of 128 security bits. To offer this kind of security, RSA uses 3072-bit keys, whereas ECC uses 256-bit keys. At the moment, RSA implementations offer 1024 or 2048-bit keys, which is generally offered security levels than what, has been recommended.

To get a clear picture of the difference between these two algorithms, think of the dynamic nature of attacks. In simple terms, key lengths will usually need to increase in a bid to curb the attacks. It has been even suggested that 256 security bits to be used rather than the current 128 bits. To achieve this, one would need 512 ECC bit keys and 15,360 bit keys in the case of RSA.

Performance

In terms of performance, ECC has been found to exhibit a better operation in the 128-bit security levels. Aspects like key generation and managements are up to 10 times faster in the case of ECC than in RSA. This is particularly colossal in the systems whereby key generation is frequent, but irrelevant if a system is generating the keys on very rare occasions.

In case of web communications, it has also been established that processing of ECC SSL certificates is much faster certificates. This means that ECC requires less server processing cycles, which in turn lead to quick web page loading.

Bandwidth requirements

The size of security usually does not affect the performance of a given algorithm, but it comes in handy when one puts memory requirements into consideration. These security keys need storage facilities, thus keeping in mind the size of the keys is quite important.

In ECC algorithm at 128-bit security level, the size of the keys used are 256 as compared to 3072-bit keys used in RSA. Mathematically ECC keys are 12 times smaller than RSA keys – a feat that makes a huge difference in memory requirements.

Power Consumption

CPU consumption is another important factor that needs to be kept in mind when going for a security algorithm. Certain cryptographic techniques are known to consume more space than others do and this is the case with RSA and ECC algorithms.

In the client – server model, for example, public key computations and transmission of handshake messages usually consume space from the server and the client. However, it has been found that space requirements are much lower in the case of the ECC algorithm.

This is usually beneficial for small devices that have limited CPU consumption capabilities an example being in the case of mobile phone devices.

Conclusion

From the analysis, it can be established that ECC is the algorithm to go for owing to its robust properties. The algorithm tends to deliver similar levels of security albeit with speed and efficiency in mind. Its popularity is growing with time and it is predicted that it will grow in the coming years and has already started to show in the blockchain space, specifically Solana network.

In fact, the future looks to be shaping up in favor of ECC as companies such as Digicert have moved to adopt the algorithm.

Many other new standards have also advocated the use of ECC. Some good examples are Zigbee Networking Standards, Security Module PP standards, Suite B Cryptography standards, ITS Standards, etc. All these are just a clear indication that ECC has a bright future in cryptographic technology.

Comments

Post a Comment

Popular posts from this blog

Rust Static Analysis and Blockchain Licensing

Image
What is static analysis? Static analysis is an analysis of software artifacts. For example requirements or code, carried out without execution of these software development artifacts. Static analysis is usually carried out using supporting tools. In other words, we can say that static analysis is an examination of requirements, design, and code that differ from more traditional dynamic testing in several important ways. The main goal behind this analysis is to find the bugs, whether or not they may cause failures. As with reviews, static analysis finds bugs rather than failures. The general name for static analysis is linting. lint, or a linter, is a tool that analyzes source code to flag programming errors, bugs, stylistic errors, and suspicious constructs. Simply put, a linter is a tool that programmatically scans your code with the goal of finding issues that can lead to bugs or inconsistencies with code health and style. Some can even help fix them for you! How to analyse
Read more

Length extension attack

Image
What is length extension? When a Merkle–Damgård based hash is misused as a message authentication code with construction H(secret ‖ message), and message and the length of secret is known, a length extension attack allows anyone to include extra information at the end of the message and produce a valid hash without knowing the secret. Quick sidebar, before you freak out: Since HMAC does not use this construction, HMAC hashes are not prone to length extension attacks. So, a length extension attack is a type of attack where an attacker can use Hash(message1) and the length of message1 to calculate Hash(message1 ‖ message2) for an attacker-controlled message2, without needing to know the content of message1. Algorithms like MD5, SHA-1 and most of SHA-2 that are based on the Merkle–Damgård construction are susceptible to this kind of attack. Truncated versions of SHA-2, including SHA-384 and SHA-512/256 are not susceptible, nor is the SHA-3 algorithm. A bit more details
Read more

CAP Theorem and blockchain

Image
In theoretical computer science, the CAP theorem states that it is impossible for a distributed data store (such as a blockchain network) to simultaneously provide more than two out of the three guarantees: Consistency, Availability & Partition tolerance. CAP Theorem – the parts C: Consistency – At any given time, all nodes in the network have exactly the same (most recent) value. A: Availability – Every request to the network receives a response, though without any guarantee that returned data is the most recent. P: Partition tolerance – The network continues to operate, even if an arbitrary number of nodes are failing. Due to the nature of distributed data stores (such as blockchain), Partition tolerance is a given fact; there will always be failing/unreachable nodes in the network (not least because of the unstable nature of the internet). CAP Theorem states that one has to choose between C (Consistency) or A (Availability) when in the presence of P (Partition): Av
Read more