An Optimized Elliptic Curve Digital Signature Algorithm for Network User`s Authentication

K.Naveenraj, Department of Electronics Engineering, Anna University, Madras Institute of Technology Campus, Chennai 600 044, INDIA. E-mail : [email protected]
Abstract Elliptic Curve Digital Signature Algorithm is an

T.Subashri, Department of Electronics Engineering, Anna University, Madras Institute of Technology Campus, Chennai 600 044, INDIA. E-mail : [email protected]
checks for the authenticity of the signature, employing only publicly known values ECC (elliptic curve cryptography) is a new public key cryptosystem. It is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Ne al Koblitz [3] and Victor S. Miller [4] in 1985. Compared with other cryptosystem, ECC has the highest security capability per bit. It became an actual standard and will be widely used in information security system in no time. But ECDSA couldn't be used in some devices that have limited compute and store capacity directly, such as PDA, ATM and Smart Card. So it is necessary to amend it. In section II provides the mathematical background behind elliptic curve cryptography. In section III, the improved scheme was presented. The improved schemes reduce the computational cost while keep the same security as original algorithm. II. MATHEMATICAL BACKGROUND

algorithm which is developed based on the ECC. It generates signature to provide authentication to the users in the network. Most of the real time implementations of the network security were based on ECDSA. In this paper, we propose a new variant to the existing ECDSA scheme by introducing a dynamic key exchange mechanism and also using a 32 bit hash value instead of 64 bit hash value to provide system level optimization. The modified ECDSA algorithm reduces the computational cost. Also, it provides better security to the network users than the existing algorithm. It is useful for the users with limited computing resources.
Keywords ECDSA, ECC, SHA-512, Private key, Public key and Message Digest.

I.

INTRODUCTION

A. Preliminaries on Elliptic Curves The domain of operation of the ECDSA algorithm is the set of integers modulo p denoted usually as Zp. For clarity, in the remainder of the paper we use the mod p notation which will be omitted and the modular reductions will be implicitly assumed for all the coordinates of the points of the curve. The key mathematical object employed to build a computationally hard problem in the ECDSA cryptosystem is a particular algebraic group employing as a support the points of an elliptic curve dened over Zp. Given a eld (Zp, +, ), where p is a large prime number, an elliptic curve E is represented by the set of points with coordinates over ZpZp where the following relation holds: y2= x3+ ax + b with the discriminant of the Weierstrass equation 4a3+27b2 0

Digital signature is a crucial technology to secure information systems but it is different from data encryption. The need to provide a secure way to warrant the authenticity of digital contents is nowadays a growing requirement for modern computing systems. This need is fullled by cryptographic digital signature protocols. Security problems such as data integrity and authentication can be resolved with digital signature. Among them, the most innovative and standardized cryptosystem which is able to provide a signature scheme for digital contents is represented by the Elliptic Curve Digital Signature Algorithm (ECDSA), which has been standardized by both NIST [1] and IEEE. In particular, it has also been recommended to sign top secret information in the NSA Suite B. The ECDSA cryptosystem is composed of two primitives: a signing and a signature verication algorithm. The signing algorithm is able to produce an authenticated token, the digital signature, employing a secret value known only to the signer, while the signature verication algorithm

and it is denoted either as E[Zp] or E. The set of points E is used as a support for a commutative group (E, +), where the + operator denotes the so-called point addition operation. The point addition operation between two points of the curve P = (xP,yP) and Q = (xQ,yQ) is dened to be an associative and commutative operation. The identity element of the operation is a particular point, known as point at innity denoted as O, while the inverse of the point P = (xP,yP ) is dened as P = (xP , yP ). Since the group (E, +) is cyclic, a point G of maximum order is selected as the default generator and standardized together with the other curve parameters for protocols denitions. In order to construct the one-way function which will be exploited to build the ECDSA cryptosystem, the group law is used to build an external operation as scalar multiplication. Given an integer k Z, and a point P E the scalar multiplication operation is dened as [k]P = P + P + . . . + P {k times} .i.e., as the iterated sum of a point. The result of [0]P is dened as O, and it follows from the denition of the operation that [k]P = [k]P. It is thus possible to regard the group (E, +) where the curve has prime order n as isomorphic to (Zn, +) through the map k [k]P. The operation on the elliptic curve employed as a trapdoor function is the point scalar multiplication. It is in fact possible to compute efciently the scalar multiplication operation through the use of a double and add strategy [6], which has a complexity of O(log(k)) point additions. On the other hand, given a point Q E and a generator of the additive group over the curve P, it is computationally hard to nd the value of k such that [k]P = Q. This problem is known as the Elliptic Curve Discrete Logarithm Problem (ECDLP) and the best algorithms known at present time belong to the O(n) complexity class (with n the order of the curve). III. ECDSA The ECDSA suite relies on the hardness of the ECDLP problem in order to produce a signature token from a secret value k, which represents an ephemeral key held only during the signature procedure duration. This protocol for digital signatures is derived from the classic DSA [1], through substituting the discrete logarithm problem over a number eld with the one constructed over the (E, +) curve points group. The key generation algorithm is described in Algorithm 1. Algorithm 1 Key Generation 1: Choose an elliptic curve Ep(a,b) with p as a prime number. 2: Choose another prime number q to be used in the calculation. 3: Choose an integer as a private key, d.

4: Choose a point on the curve as e1. 5: Calculate e2 = d * e1 as another point on the curve. 6: Public key is (a,b,p,q,e1,e2) and private key is d. The signing algorithm of ECDSA is described in Algorithm 2. Algorithm 2 ECDSA Signature Generation Input: curve parameters (E, G), private key d, message m Output: signature S 1: e hash(m) 2: k random [1, n 1] 3: P [k]G 4: r xP mod n 5: s (e + rd)/k mod n 6: return S = (r, s) In particular, the signature generation algorithm (Algorithm 1) produces the signature token S, taking as input the denition of the group (E, +) together with a default generator G E, the private key parameter k Zp and the message of which authenticity must be warranted m. In order to build the signature, the algorithm at rst obtains a hashed version e of the message m and a non zero random number, smaller than the order of the curve. Subsequently, the point scalar multiplication between the random number and the generator G is performed and the x coordinate of the resulting point is divided by the order of the curve n and stored in r. In case r = 0 the procedure is re-run with a different random number until a non-zero r is obtained. Finally the signature is computed through combining together the hash of the message, the value obtained through the point scalar multiplication and the extracted random k. The signature token S is represented by the pair (r, s). It is particularly important to choose a cryptographically strong random number for k and never reuse it: it is trival in fact to extract the value of the secret key d if two different signatures are computed with the same random k. In order to check if an ECDSA signature is valid, the verier is provided with the public key Y = [d]G, where the secret value d is protected by the computational hardness of the ECDLP. The verier proceeds to compute the message hash e and compares the received r value with [e/s]G+ [r/s]Y . If the two quantities match, the provided signature is valid.

, a pointThe Stepped impedance resonator (SIR) is symmetrical and has two different characteristic impedance

lines, Z1 and Z2, of admittance Y1 and Y2. The basic structure of the g /2 SIR is shown in fig 1, where g is the wavelength. Whereas, and , are their corresponding electrical lengths. For the ease of the analysis, a new parameter RZ is introduced, which is defined as the ratio of the line impedances Z1and Z2, (Rz = Z2/Z1).

A filter with a second order Chebychev response is considered for the design. By taking [2], hence, the value of RZ is obtained as 0.5. From the value of R Z, and considering Z2 = 50 , then Z1 is obtained as 100 .

Fig. 1. Basic structure of half wavelength type SIR [2] The resonance condition can be analyzed by using the input admittance. The input admittance of the half wavelength SIR is given as [2]

Fig. 2. Schematic of the filter The filter is implemented in FR4 substrate with dielectric thickness 1.6 mm, dielectric constant 4.4 and conductor thickness of 0.035 mm. The filter is simulated in ADS tool. Fig 2 shows the schematic of the filter in ADS. The layout corresponding to the filter schematic is obtained in ADS, and shown in Fig.3. In the layout, the dark areas denote the conducting strip and background denotes the substrate. IV. RESULTS AND DISCUSSION

The resonance condition is achieved at Yi = 0, and this is realized by the following equation

If we assume

, equation (2) can be rewritten as

From (3), we obtain the following solution,

The layout is simulated in ADS- Momentum and the S parameter characteristics are obtained as shown figure 4. The insertion loss in the pass band is found to be 1.013 dB. The return loss (S11) in the pass band is obtained as 21.137 dB. and spurious From the S21 characteristics, The 3 dB bandwidth of the filter is calculated around 60 MHz. The response is shown in the fig. 5. The 20dB bandwidth of the filter is found to be 230 MHz (Fig. 6).

The relationship between frequencies is given by [1]

fundamental

Thus the spurious frequencies can be controlled by impedance ratio Rz. III. FILTER SCHEMATIC AND DESIGN

Fig.3. Layout of the filter

m1 indep(m1)= 1.572E9 plot_vs(dB(S(2,1)), freq)=-1.013 Max m1

m2
dB(S(1,1)) dB(S(2,1))
-20 -30 -40 -50 -60 1.0 1.2 1.4 1.6 1.8

m2 indep(m2)= 1.571E9 plot_vs(dB(S(1,1)), freq)=-21.137 Min

Fig.7. Photograph of the fabricated filter

freq, GHz

Fig.4.

S-parameter characteristics

m2 indep(m2)= 1.602E9 m1 plot_vs(dB(S(2,1)), freq)= -3.043 indep(m1)= 1.542E9 plot_vs(dB(S(2,1)), freq)= -3.030 m1 2 m 0
-10 -20 -30 -40 -50 -60 1.0 1.2 1.4 1.6 1.8 2.0 2.2 2.4 2.6 2.8 3.0

The photograph of the fabricated filter is shown in fig.7.An Agilent E5071C Network analyzer (8 GHz) is used to measure the filter characteristics. The measured S21 and S11 response of the filter are shown in fig.8 and fig.9 respectively. The insertion loss is found to be 7dB.The return loss is found to be 30 dB. A higher value of insertion loss is seen in the measurement owing to the non uniformities of the substrate material. Fig.10 shows the group delay of the filter which is almost constant around 5.6 ns, in the pass band. The impedance and SWR of the filter is shown in fig.11 and fig.12 respectively. They indicate an SWR value of 1.2 and impedance value of 48.5 Ohms. These values are close to the ideal values and will lead to better filter performance.

dB(S(2,1))

freq, GHz

Fig.5.

3 dB bandwidth

m2 indep(m2)= 1.695E9 m1 plot_vs(dB(S(2,1)), freq)= -20.027 indep(m1)= 1.465E9 plot_vs(dB(S(2,1)), freq)= -20.216
0 -10 -20 -30 -40 -50 -60 1.0 1.2 1.4 1.6 1.8 2.0 2.2 2.4 2.6 2.8 3.0

m1

m2

dB(S(2,1))

Fig.8.

Measured S21 response

freq, GHz

Fig. 6. 20 dB bandwidth

Fig.9. Measured S11 response

Fig.12. Measured SWR of the filter.

V.

CONCLUSION

A method of designing a BPF suitable for GPS L1 band with SIR is established, and a microstrip bandpass filter using stepped-impedance resonator has been proposed, designed and fabricated .Measurement shows an insertion loss of 30 dB, impedance of 48 Ohms and SWR of 1.2 at the desired frequency .

Fig.10. Measured Group Delay of the filter.

REFERENCES
[1] James Bao-Yea Tusi, Fundamentals of Global Positioning System Receivers: A Software Approach, Second Edition, Johon Wiley & Sons 2005

[2] M.Makimoto and S.Yamashita, Microwave Resonator and Filters for Wireless Communication, Theory Design and Application, Springer 2001.

Fig.11. Measured Impedance of the filter

[3] Alkan, R.M.; Karaman, H.; Sahin, M.; GPS, GALILEO and GLONASS satellite navigation systems & GPS modernization Proceedings of 2nd International Conference, Recent Advances in Space Technologies, 2005. Page(s):390 . 394