A Simple Implementation of RSA and ECC Cryptosystem
advertisement
FIT5034: RSA and ECC design and implementation A Simple Implementation of RSA and ECC Cryptosystem Xiaoyu Qin (21637881) xyqin1@student.monash.edu 1. Introduction RSA is a widely used encryption method and also a powerful digital signature algorithm and however, ECC can more or less replace it in some places. Especially, shorter key size is used in ECC comparing to RSA with a same level of security. To learn the algorithm of RSA and ECC and also to compare them, they are implemented in a simple way and the implementation is discussed in this report. 2. Thinking of cryptosystems Both RSA and ECC are asymmetric cryptosystems, which support encryption, decryption, digital signature and also Diffie-Hellman key exchange [1,2]. They support Diffie-Hellman key exchange in a similar way, but do other tasks differently [1,2]. In ECC, the public key or the public key with the pre-shared information is much more complex than the private key [1,2] and the signature and verification algorithms are also totally different [1,3], while RSA always does the two tasks in the same couple with a same algorithm and just opponent parameters. Plus, to do the encryption, RSA just need the public key but ECC need the message receiver’s public key and also a private key form the message sender [1,2]. Actually, what is done with ECC is actually to add the symmetric session key in ECC Diffie-Hellman key exchange on the message [2], which can actually also be done with RSA. However, the way to do encryption and decryption in RSA is easier than those in ECC, which just need the public key or the private key of the message receiver [1,2]. In one sentence, RSA and ECC do the other tasks rather than the Diffie-Hellman key exchange in really different way. 3. Software design and engineering Java is the programming language chosen to implement RSA and ECC. As the reason discussed before, it is hard to really implement a unified interface of the two methods. However, there are some algorithms and basic terms which can be reused. There are the UML class diagrams which describe the design of the implementation appended on this report. Because some details are not quite important, there might be some parts not shown in the diagrams. In ECC, the algorithm can be described in some objects and thus they should be repackaged into messages which can be used to describe the messages and to be stored or transferred. In RSA, there are just numbers, so the design is much simpler than ECC. There are some algorithms are implemented into math functions, such as prime number generation and prime number generation, which are put into a stand along package. Similarly, some basic functions are also put there because they are not just related to the cryptosystems though they are not reused in this program, such as a message loader and the UI class. Briefly, the programming process is from both the bottom and the top to the middle. Firstly, the empty class and interfaces as a model is designed and also the math functions are realized. Then, 1 FIT5034: RSA and ECC design and implementation ECC and RSA are really implemented one by one and there were test after each of them are finished. Especially, when implementing ECC, modelling the algorithm is done before filling the algorithm into the empty classes. 4. Algorithms Here are the algorithms used in the program. Most of them have actually more than one choice. Function Random Number Generation Prime Number Test Greatest Common Divisor(GCD) Position Algorithm Reference my.math.MTBigRandom Mersenne Twister Wikipedia[4] my.math.PrimeEngine Miller Rabin Lecture Note[1] my.math.BigIntegerHelper Euclid Lecture Algorithm Note[1] Extend Mod Inverse my.math.BigIntegerHelper Euclid Wikipedia[5] Algorithm ECC The one Imbedding my.cryptosystem.asymmetric.ecc.ECCPlainText need q mod Lecture Note message 4==3 Note: Mersenne Twister is widespread used to support security applications and also easy to be implemented [4]. To generate e and d in RSA, Euclid Algorithm and Extend Euclid Algorithm can be also replaced by Chinese Remainder Theorem, which is used in PGP. In this program, Extend Euclid Algorithm is not used in ECC and the original modInverse method of BigInteger class is used. There are also many ways to imbed messages into ECC points. Because the one suggested by Dr. Phu Le is easy, it is used. And therefore, the q is generated to satisfy “q mod 4=3” [2]. According to some pagers about ECC, there are also some other types of equation for the curve and the one chosen for this program, “y2=x3+ax+b” is a most simple one [6,7]. 5. Test and result analysis We tested the time length (in milliseconds) of different common tasks to compare the different algorithms and the different key size. Task RSA Keygen RSA Keygen ECC Keygen ECC Keygen RSA Encryption RSA Encryption RSA Decryption Parameters keysize=1024 keysize=512 Curve=P-521 Curve=P-192 time 1 time 2 time 3 time 4 7642 3861 12113 13708 34187 16533 4503 4122 316 267 275 272 47 45 50 51 keysize=1024,blocksize=64 224 210 223 219 keysize=512,blocksize=64 202 217 219 238 keysize=1024,blocksize=64 220 219 218 212 2 FIT5034: RSA and ECC design and implementation RSA keysize=512,blocksize=64 197 197 198 214 Decryption ECC Curve=P-521,blocksize=22 3720 3715 3655 3645 Encryption ECC Curve=P-192,blocksize=22 329 359 360 358 Encryption ECC Curve=P-521,blocksize=22 3461 3488 3492 3520 Decryption ECC Curve=P-192,blocksize=22 310 313 344 343 Decryption RSA keysize=1024,Hash=SHA1 75 54 57 50 Signature RSA keysize=512,Hash=SHA1 244 67 71 71 Signature RSA keysize=1024,Hash=SHA1 61 53 58 57 Verification RSA keysize=512,Hash=SHA1 56 48 51 53 Verification ECC Curve=P-521,Hash=SHA1 269 228 219 223 Signature ECC Curve=P-192,Hash=SHA1 152 85 80 89 Signature ECC Curve=P-521,Hash=SHA1 409 404 414 412 Verification ECC Curve=P-192,Hash=SHA1 109 58 64 61 Verification Obviously, in this program, RSA is mostly faster than ECC. But, generating RSA key is nightmare. Also, we know that RSA uses longer key size than ECC with a same level of security, which means that cost more on storage and transference. Thus, it is hard to say which is better than the other one. Actually, we also tested generating the curves in ECC. It takes too long to count the order. That is why mostly the two pre-stored curve suggested by NIST is used in our program and using a recommended curve is really necessary [7]. 6. Conclusion As a conclusion of this report, it is obvious that ECC is not bad but really a little bit more complex than RSA and RSA can be still used because ECC is not always better than it. However, our work is far from perfect. Some algorithms and also the software design are able to be optimized and also more testing data can be collected, which should be the future work because of the limitation of time. 7. References [1] Design and Implementation of RSA, Dr. Phu Le, . 3 FIT5034: RSA and ECC design and implementation [2] Introduction to ECC and Implementation Consideration, Dr. Phu Le, . [3] ECC Digital Signature Algorithm and example, Dr. Phu Le, . [4] "Mersenne twister," WikiPedia. [5] "Extended Euclidean algorithm," WikiPedia. [6] N. Koblitz, "A course in number theory and cryptography," Discrete Applied Mathematics, vol. 26, 1990. [7] NIST, "Recommended Elliptic Curves For Federal Government Use," 1999. 8. Appendix 4 FIT5034: RSA and ECC design and implementation 5 FIT5034: RSA and ECC design and implementation 6
