Security Improvement in Elliptic Curve Cryptography

This paper proposed different approaches to enhance the performance of the Elliptic Curve Cryptography (ECC) algorithm. ECC is vulnerable to attacks by exploiting the public parameters of ECC to solve Discrete Logarithm Problem (DLP). Therefore, these public parameters should be selected safely to obviate all recognized attacks. This paper presents a new generator function to produce the domain parameters for creating the elliptic curve; a secure mechanism is used in the proposed function to avoid all possible known attacks that attempts to solve the Elliptic Curve Discrete Logarithm Problem (ECDLP). Moreover, an efficient algorithm has been proposed for choosing two base points from the curve in order to generate two subgroups in a secure manner. The purpose of the aforementioned algorithm is to offer more confidence for the user since it is not built upon a hidden impairment that it could be subsequently utilized to retrieve user’s private key. The Elliptic Curve Diffie Hellman (ECDH) algorithm is implemented to exchange a session key between the communicating parties in a secure manner. Beside, a preprocessing operation is performed on the message to enhance the diffusion property and consequently leads to increase the strength against cryptanalysis attack. Finally, the dual encryption/decryption algorithm is implemented using different session keys in each stage of the encryption to boost immunity against any attack on the digital audio transmission. The gained results show the positive effect of the dual elliptic curve system in terms of speed and confidentiality without needing any extra time for encryption. Keywords—Elliptic curve cryptography; elliptic curve discrete logarithm problem; dual encryption/decryption; Elliptic Curve Diffie Hellman


INTRODUCTION I.
Elliptic curves were suggested by Neal Koblitz and Victor Miller independently in 1985 to design a public-key cryptographic system [1]. The Elliptic Curve Cryptography (ECC) is a public-key cryptosystem which playing an important role in cryptography world. The shorter key size in ECC provides an equivalent protection level for public-key algorithms which utilized the largest key size (e.g., Rivest Shamir Adleman (RSA)). In addition, the ECC offers more security compared to the RSA algorithm since it is based on DLP, while the latest algorithm based on the prime number factorization problem [2], [3]. ECC is based on an Abelian group, the main operation used in ECC is the addition operation; the multiplication is defined as a repeated addition. For example, ( ) , addition a with times and it is performed over an elliptic curve. Cryptanalysis includes determining ( ) this is called DLP. The definition of elliptic curve is based on the equation, two variables and two coefficients; the values of variables and coefficients are limited to elements of a finite field [1]. In this paper, the elliptic curve over the prime field is considered.

A. Mathematics of ECC Over Finite Field
In general, an elliptic curve E over prime field ( ) denoted by E( ) is given by simplified the weierstrass equation as below [1]: Where , The value of variables are sets of elements from 0 to . In addition, the coefficients must satisfy (2), where Δ denoted to the discriminant of E.

B. Point Addition
If two points on an elliptic curve were added to each other, the output result represents a third point that denotes the intersection of that curve. Graphically, drawing a straight line between any two points on a curve represents a tangent line and reflects a third point around the as denoted in (5). The formula represents the addition operation between points ( ) with ( ) to produce ( ) by applying (3) and (4) [1], [2].

C. Point Doubling
The output value of adding a point ( ) on the curve to itself in condition that will yield the point . One could draw a tangent line where the intersection of that line on the curve represents the cross reflection point on (the point), where . Equations (3), (4) and (6) are used to compute second point ( ) and the tangent line (slope), respectively [1], [2].
The strength of the ECC depends on the DLP. This means that logarithm to base ( ), where is a private key, is a base point and is a public key ( are publicaly parameters). There are some attacks on the Elliptic Curve Discrete Logarithm Problem (ECDLP) from given try to extract . To avoid all recognized attacks on the ECDLP should be selected, the domain parameters for ECC cautiously and in a secure way. www.ijacsa.thesai.org The layout of this paper is composed of the following sections: the related work of elliptic curve cryptography is introduced in Section II, Section III describes the concepts of the advanced encryption standard and cryptographic hash function, the linear congruential generator is presented in Section IV, Section V clarifies the password based key derivation function, Section VI discusses the proposed system followed by the experimental results and discussion in Section VII, and finally, Section VIII presents the conclusions.

RELATED WORK II.
In literature, many researchers have attempted to utilize the strength of the elliptic curve to implement in different tasks of the public key cryptography. Summarized below are some of the features of the linked work.
Rahul Singh, et al. [4] in 2014 investigated an implementation for ECC encryption and decryption audio file was presented.
Artan Luma, et al. [5] in 2015 presented the encryption and decryption for audio file transported through the networkbased on ECC. In this study, the scholars have been concluded that ECC is suitable for large amounts of data and also the ECC is preferred comparing with RSA since it provided the same security with small key size.
Manish Kumar, et al. [6] in 2016 proposed a new method for image security by using DNA for encoding RGB image thereafter applied encryption based on Elliptic Curve Diffie-Hellman Encryption (ECDHE). This algorithm supplied a double layer of security.
Fang, Xianjin and Wu, Yanting. [7] in 2017 studied the details of the elliptic curve cryptography, this discussion includes the basic information about ECC and how to partition a message into blocks and encoding/decoding the message into points on the curve using the koblitz method. Also, is presented the encryption/decryption with the elliptic curve. The researcher concluded that the ECC is utilized for encryption, key exchange, and the digital signature with swift and lesser memory.
Kawther, Esaa and Nada, Hussein [8] in 2018 have been investigated a new mapping method based on -coordinate values of an elliptic curve to generate a secret lookup table, this table is used to convert samples of an audio file (or even any data type) into points on the elliptic curve and vice versa. Besides, the changing form of samples before applying the proposed method to make cryptanalysis more difficult to guess the points on the curve by an intruder (through exploiting statistical analysis) to achieve diffusion, the obtained results indicate that the proposed method is faster, more secure and less time-consuming when embedding a message into a point on the curve.

ADVANCED ENCRYPTION STANDARD AND III. CRYPTOGRAPHIC HASH FUNCTIONS
In 2001 the National Institute of Standards and Technology (NIST) has issued the Advanced Encryption Standard (AES). The AES belongs to a symmetric encryption algorithms family and the type of process is a block cipher, it replaces the Data Encryption Standard (DES) as a criterion for an enormous domain of applications. The block size of a plain-text input to the AES is 128 bits and key size is 128,192,256 bits. The number of rounds in AES algorithm is altered rely on the key size, 10 rounds for key size 16 bytes, 12 rounds for 24 bytes and 14 rounds for 32 bytes. Each round includes four transformation functions are (SubBytes, ShiftRows, MixColumns, and AddRoundKey) but the last round comprises the three transformations except MixColumns [1], [9], [10].
Cryptographic hash functions play a significant part in the computer security and can be used in various applications such as in Message Authentication, Digital Signatures, hash-based key derivation functions and also in Pseudorandom Number Generator. Hash functions take an arbitrary size of input and produce a fixed size called (hash code or message digest). The basic features of Hash functions are preimage resistant (infeasible to obtain a message from knowing its hash code), second preimage resistant (from given a message x impossible to find a message y has the same hash code of x) and collision resistant (impossible to get any pair (x, y) has the same hash code) [11], [12]. In 2002, NIST designed a new version called the family of the Secure Hash Algorithm (SHA-2) content on three algorithms are SHA-256, SHA-384 and SHA-512 the length of bits produced for each one of them are 256, 384 and 512 bits respectively [1], [12].
A linear congruential algorithm was suggested by Lehmer and it is mostly used for pseudorandom number generator in order to generate a sequence of numbers such as x j = x 0 ,x 1 ,x 2 ,… , x n by relying on the following repetition equation [1]: (7) Where, x j is the seed value 0 ≤ x j < n, a represents the multiplier 0 < a < n, b is the increment value 0 ≤ b < n, n represents the modular n > 0. Choosing the values of (a, b and n) accurately helps to produce ideal sequence numbers. The characteristics of this generator are easy to execute and pass the next statistical tests: the frequency test, run test, serial test, poker test and etc., it can be regarded as the best selection for generating robust random numbers [1], [13]. In this study, the proposed system specifies the value of a and x are prime numbers to give a large period in the outcome of the Linear Congruential Generator (LCG).
With the issue of PKCS #5 v2.0 and RFC 2898 [14], is one of the most famous key-derivation functions, Password-Based Key Derivation Function #2 indicated as PBKDF2, with a view to deriving cryptographic keys from (human entrance) passwords. PBKDF2 aims to frustrate expected attacks on password like the dictionary and brute force attacks by incrementing the time necessary for checking every password through two significant parameters in PBKDF2 are the salt and iteration count, it will be difficult to execute these attacks [15]. PBKDF2 is a pseudo-random number PRF that based on some parameters: Salt S, Iteration Count C, Password P and Len key which is the length of derived key also called master key M key actually (2 32 -1) × Length of hash function (Len hash ). Usually, the PRF includes an HMAC (Hash Message Authentication www.ijacsa.thesai.org Code) structure depends on a cryptographic hash function, which can select from the designer. The general expression of PBKDF2 is defined as [16]: ( ) ( ) The iteration count C is a constant value represents the number of iterated requisitions of the PRF in order to produce one block of the M key , according to RFC 2898, a minimum C of 1000 is recommended, where the benefit of C increment the calculated cost of carrying out a dictionary attack on a password. While the value of salt offers a wide range of keys for all password. Further, information can be seen in [14].
PROPOSED SYSTEM VI.
The proposed system is divided into four main phases, the main idea of each part of this system is to strength the security against the cryptanalyst and to reduce the risks of compromised the private key in ECC algorithm. The following sections will demonstrate the procedures for each one.

A. The New H-AES-LCG Generator
The first phase of the proposed system is assigned for generating the domain parameters (Prime number ( ) ) that used for creating the ECC. The purpose of the H-AES-LCG generator is to form an elliptic curve in a random and secure manner to avoid all possible known attacks against it. The steps of constructing the H-AES-LCG generator are described as follows: 1) The inputs to the family of SHA-2 are:  String Password: The Left Circular Shift ( ) process has been done with a password before it is entering the hash algorithms. The amount of rotation is determined randomly and denoted by ( ) , each letter in the password is shifted with a different through converting characters of the password into bytes to store it in a byte array denoted by ( ) the length of a password denotes as . The Pseudo-code for applying the is shown as below: The main purpose of the above operation is to increase the strength of the password by permutation its  Salt Value: The time of recording event on the computer (Time Stamp) has been taken as a salt value, it includes the date and time, for example, (2018-02-08 02:11:55 AM). This operation is considered as a onetime pad key to increase the security.
2) Execute the family of SHA-2 (SHA-512, SHA-384, SHA-256) with the salt value on the String Password after applying the rotation process as explained in point 1.
3) Merge between the results of the family SHA-2 to obtain a string of size 1152-bit denoted as a . The encoding system implemented in the present study is Unicode which uses two bytes (16-bit) for each character, in this case the composed of 72 characters. 4) Expanding the to make it as an input to the MD5 algorithm through converting the to characters, pick some characters from it and insert some ASCII letters chooses randomly in a specific manner to form a new string. This technique can be described as follows: At the beginning, determine some secret parameters which are (start, amount of characters and jump) to extract a new string from the existing string that has been produced in point 3, the pseudo-code is illustrated as below:  Initializing the Parameters: a.
: array of character to store characters in the . b.
: represents the start value, which is a positive integer value chosen randomly and specified from a range between (0 -size of ). c.
: amount of characters (length of a new string) is a positive integer chosen according to the length of string that needs. d.
: a positive integer value to represent the amount of jump between characters.

The resultant
string considered as an input to MD5 algorithm. The aforementioned mechanism is applied in order to make an attack for the MD5 algorithm is difficult to guess the string password.

Stage 2:
The requirements of AES algorithm for generating random sequence bits are:

1) Plain-text:
The output of the MD5 algorithm makes as a plain-text to the AES, the number of bits produced from the MD5 corresponds to the size of the plain-text for AES algorithm which is 128 bits.
2) Key: Prepare a key for the AES algorithm using PBKDF2 function, it applied to derive a master key ( ) for AES. The parameters to perform PBKDF2 comprised from:  Password: Use the LCG algorithm to generate the pseudo-random numbers and make it as a password denoted by ( ). The values of www.ijacsa.thesai.org are specified in the range between . The pseudo-code is shown as the following: a. Initialization four parameters to use in (7), two prime numbers is a multiplier, is seed value, (e.g., the value of are and 8161 respectively) and two positive integer , where, is representing the increment equal to 1 and is a modulus which is equal to ( ) e. The computation of both the plaintext from MD5 algorithm and the key from PBKDF2 are used as input for AES algorithm. The later algorithm is implemented to generate a single encrypted block stored in an array called of size equal to 128 bits.
Stage 3: In order to increase the randomness of crop from the AES algorithm the Exclusive-OR ( ) bit wise operation is implemented between, the and the random numbers generator that generated from the LCG algorithm ( ) by applying (7). The values of the random number are in the range , the pseudocode of the above process is illustrated as below: a. Initialize four parameters include two prime numbers are (e.g., the value of are and respectively) and two positive integer numbers, , to satisfy Equation The proposed H-AES-LCG algorithm usually generates 128-bit and can be used by any algorithm needs a random number generator. The parameters needed to extract any random number from the string produced by proposing algorithm are:


: Represents the random sequence bits that produced from the H-AES-LCG generator.


A positive integer number specified in the range in order to represent an index of a bit that stored in .


Refers to how many number of bits that needs.
 A positive integer number represents jump between the random sequence bits. This paper has been applied the proposed generator (H-AES-LCG) to extract the domain parameters ( ) for the ECC algorithm, these parameters are used to plot a secure elliptic curve from the output of H-AES-LCG generator. Algorithm 1 shows how to extract the domain parameters ( ) for the ECC algorithm. Also, the aforementioned procedures of H-AES-LCG generator are demonstrated in Fig. 1

1: Parameters Setting
Generate using the H-AES-LCG generator // is a positive integer value initialization by one to make a number of multiples two.
// To avoid exceeding the number of bits that specified.

B. Base Point Selection from an Elliptic Curve Over Prime Field
After determining the domain parameters ( ) for an elliptic curve denoted by in a secure mechanism that based on the H-AES-LCG generator, it will be selected two base points from the points on the . There are two important matters to improve the adequacy of ECC: the determination of the base point from and the point multiplication operation. The choice of two base points from that depends on an efficient technique in order to generate two subgroups to implement dual encryption. Each point on elliptic curve should be satisfied as (1) by computing the quadratic residues denoted as in order to obtain the value of . The quadratic residues obtained by substitution the value of in the range in (1) and comparing the crop from (1) with if equal then get the value of .
Every parity in the proposed technique must agree on the value of , which determine randomly in the range to select two base points. Then, applying the right-hand side of (1) to check the quadratic residue of the crop which is denoted as ( ) computed by Euler criteria [17], it is defined as below. Where: is an integer belong to prime field .
The checking quadratic residue of to obtain the value of will leads for retrieving the first base point ( ) denoted by and second base point ( ) labeled as , both achieved through use (1). Algorithm 2 illustrates the proposed technique to determinate two points on an elliptic curve ( ).

Algorithm 2: Selection Two Base Points from an Elliptic Curve Input:
 Prime number  The coefficients values using in (2)  An integer value specified in the range Moreover, it would be generated two subgroups by applying the Doubling-Addition operations; are the basic operations in ECC; from the two base points also called generator points, all one separately. At the beginning, it executes the Doubling operation on the base point with itself and then, the Addition operation is implemented on the first base point and the outcome from doubling operation and so on until reach to the infinity point ( ) , where the doubling operation implements only once in the beginning. In addition, it would be applied the same mentioned above in the second base point in order to generate two subgroups, where the first base point produces the first subgroup and the second base point generates the second subgroup. The points in the subgroup are considered as the public keys and the number of points in the subgroup (the order of subgroup) specify the range of the private keys, where each a private key scalar corresponding to a public key point in the subgroup.

C. Elliptic Curve Diffie Hellman Key Exchange
Elliptic Curve Diffie Hellman is used to exchange a session key between the parties. It has been described as a method to generate two session keys by applying ECDH algorithm in order to use them with dual ECC encryption. This procedure is illustrated below:

Step1:
Both parties agree on the domain parameters ( ) in a secure manner depended on the H-AES-LCG generator and the method for selection the two base points. Where, is the number of points that is generated from the and represents number of points that is generated from .
Step2: Each party (Alice and Bob) selects two private keys (N a1 , N a2 , N b1 , N b2 ) respectively, which are smaller than order. The selection of the first private keys (N a1 , N b1 ) for each party is from the range of (the first subgroup), while the second private keys (N a2 , N b2 ) from the range of (the second subgroup).
Step3: Calculate two public keys for each party through multiply private key with the base point, where (P a1 , P a2 , P b1 , P b2 ) are the public keys for Alice and Bob respectively. The (P a1 , P b1 ) are points in the first subgroup and (P a2 , P b2 ) are points in the second subgroup, and are computed as follows. (9) (10) In the same way, Bob can compute his public keys as Alice.
Step4: The computation of two session keys ( ), at the beginning, exchange the public keys between the parties (Alice/Bob) and then, each one computes the session key by multiplying his/her private key with the public key for the corresponding party. This operation is demonstrated as below:

Alice:
(11) (12) Bob: Analysis of the above is similar on both sides.
After the two parties agreed of the two session keys ( ), which utilize in dual encryption phase that will be discussed later. Here multiplication is not implied simple multiplication, which is an algebra, rather it is repeated addition of points by the point multiplication operation (scalar multiplication) in ECC.

D. The Pre-processing Operations
In cryptography, there are two important operations confusion and diffusion to make the cipher more secure against attacks. According to Shannon, confusion means that every bit on the cipher-text should depend on many parts of the key, concealing the relation between the two and make it as complex as possible. Diffusion means that if it changes only one bit (digit) of the plain-text, statistically, half of the ciphertext should change, and vice versa, therefore, making the cryptanalysis so difficult. This complexity generally implemented through of substitutions and permutations. In the present work, the and bitwise operations are applied to achieve diffusion. The diffusion spreads any change in only one bit of the data to the entire cipher-text, so the sensitivity increased. Moreover, these operations are efficient to perform, less time consuming and provide more security against statistical analysis. These advantages are obtained by removing the characteristics that exploit by an www.ijacsa.thesai.org intruder such as repeated plain text values. The following steps demonstrate the above process:  The Right Circular Shift ( ) process is implemented on the samples of an audio file( ). The amount of shifting is determined randomly and denoted by . Each value in the message is shifted with different . The Pseudocode of is shown as below:  The bit-wise operation is implemented between the first sample in the ( ) and an initial random value ( ), the output is fed back to operation with the next sample in the ( ) and so on to produce a chaining cipher. Therefore, if one bit of the plainaudio or the initial value altered, all the cipher-text will be changed. This operation is defined as follows: Where: an initial random value.
Exclusive-OR operation.
The post-processing, the , and the Left Circular Shift ( ) operations are implemented on the message, where the amount of shifting and the initial value for are determined randomly.

E. Dual Encryption/Decryption in ECC
The purpose of the dual encryption/decryption process for the audio file is to increase the immunity against any expected attacks. This process is implemented through the encryption of the audio file in two layers. Each layer uses different key pairs (Private and Public). Also, the decryption process is executed in the same manner but in reverse order. The procedure for this process is explained in what follows:

Step 1: Dual Encryption
Alice wants to send an encrypted message to Bob, in the present work the message is an audio file. At the beginning, she converts the audio file data into points on the curve denoted by ( ); then encrypt them to produce the cipher text points denoted by ( ). The dual encryption process composed of two phases: the first encryption applies the addition operation between ( ) and ( ), the second encryption implements the addition operation between ( ) and ( ). Equations (17) and (18), respectively define the aforementioned procedure as below: (17) (18)

Step 2: Dual Decryption
Bob received the dual encrypted points and needs to decrypt it, Bob implements the decryption operation on the received points by using the subtraction operation, obtain a reflect coordinate of the subtracted point along an x-axis and execute point addition (i.e., ( ) ( ) ( ) ( ) ) as clarified in (19) and (20) respectively as follows: (19) (20) After the dual decryption have been implemented on the received points, converting the decryption points into data of the audio file is the next step.
Here the addition and subtraction operations does not mean simple operations, which they are in algebra, rather they are addition and subtraction, the points in ECC. So, the subtraction operation is the same addition operation, just take the inverse of i.e, the inverse of ( ) ( ) ( ).
RESULTS AND DISCUSSION VII.
The experiments run under Windows 10 professional operating system, Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz, 4 GB random access memory and 64-bit system type. The visual studio 2010 (C# programming language) is used to evolve the proposed system. Table Ӏ shows the randomness of different AES key sizes. The inputs setting for generating AES key from the PBKDF2 algorithm are:  Password is composed of 1024-byte that generated from the LCG algorithm, where the inputs to LCG algorithm are ( ).
 Iteration Count is 10000.
 Length of key is (128,192,256) bits.
 The amount of rotation is 139.
The inputs setting for the LCG algorithm to generate the sequence numbers are ( ). Fig. 2 demonstrates a comparison between the time of the traditional method for generating all points on a curve and the proposed method for selecting two base points from the curve in a secure manner, that have been tested on the different curves (i.e., different sizes of the domain parameters ( )).
Tables III and IV illustrate the execution time for dual encryption/decryption process in ECC, different sizes of audio models and various elliptic curves are used to test the results.

A. Security Analysis
Security analysis is a fundamental process to guarantee the power of the cryptography mechanism; the following metrics are used to evaluate the performance of the proposed system:

1) Entropy
The entropy is considered as one of the most significant measurements to measure the degree of secrecy (randomness). Where, a maximum entropy value in the first order entropy reach to 8 and 16 in the second order entropy, to compute the first order entropy ( ) and second order entropy ( ) of a source are formulated as in the following equations [18] [19]: Where, the total number of denotes by , ( ) referred to the probability of appearance of .

2) Key Sensitivity Analysis
A fundamental feature of a good cryptosystem is a key sensitivity that assures the cryptosystem is secure contra the brute force attack. The key sensitivity is any simple change in the encrypted key gives a different result in recovering the plain-text from a cipher-text. Assume the user A sends a message (audio file) to the user B, the original session keys are ( ), ( ). A slight alteration in the private keys (i.e., ) produce the different sessions keys ( ( ) , ( ) that lead to recovering a different message. Fig. 3 clarifies the decryption operation with the correct and wrong session keys, respectively.

3) Cryptanalysis Attacks
The intruder attempts an analysis of encrypted message by exploiting some characteristics in cipher-text such as repeated cipher or knowing some pairs of plain-text/cipher-text. In addition, he/she tries to identify the nature of the algorithm to recover a plain-text or key [1].

Our Suggested Solution:
The diffusion property enhanced in the proposed system by using the Exclusive-OR and Circular Shift that performed to increase strength against cryptanalysis attack. Besides, it uses the dual encryption to increase immunity against any expected attack.

4) Attacks on ECDLP a) Brute-Force Attack (Exhaustive Search):
An intruder seeks to compute all the points that generated from the base point (G) until a public key (P u ) is obtained to recognize the private key (P r ). The Seeking time in this type of attacks depends on the order (the number of points in a subgroup (G)) denoted by O r , the large the order (O r ≥ 2 80 ) makes the computational infeasible [1], [2]. b) Pohling-Hellman and Pollard's roh Attacks: These attacks in order to accelerate the calculation of the ECDLP, the countermeasure of these attacks the (O r ) should be prime and O r >2 160 [2].
Our Suggested Solution: It is choosing the public elements in a secure manner to avoid all recognized attacks, instead of a large number of points; it requires a high computational cost.

5) Man in the Middle Attack
When two parties exchange the public keys for each them an intruder intercepts the transmission to occupy the public keys in order to generate a fake shared key between it and each party through exploits the public parameters (prime number, base point, their public keys) [1].

Our Suggested Solution:
In our methodology, it frustrates this attack by selecting the global parameters randomly and in a secure manner this helps us even if an intruder knows a public key impossible to obtain the private key because there are unknown parameters to solve ECDLP.

CONCLUSIONS VIII.
This paper implements a new design for the ECC cryptosystem in random, efficient and secure manner based on the H-AES-LCG generator function, besides it chooses the domain parameters of the ECC within a given safe mechanism in order to defeat all organized attacks on the ECDLP. The ECDH method is used to make the communication between two parties more secure during the key exchanged process. In addition, the encryption process implemented in double or dual stages, the aim of this is to provide secure transmission for the audio messages and increase immunity against any attack. The proposed methodology is faster, more secure and provides many positive aspects such as enhancements in the key exchange compared with Diffie-Hellman key exchange and ECC performance. In addition, the (H-AES-LCG) is useful for generating encryption key for some algorithms, a slate value for the hash function, a prime number for the RSA algorithm or generates the domain parameters for ECC in a random and safe style.