Blockchain - Elliptic Curve Cryptography

Cryptography is the study of techniques for secure communication in the presence of adversarial behavior. Encryption uses an algorithm to encrypt data and a secret key to decrypt it. There are 2 types of encryption:

1. Symmetric-key Encryption (secret key encryption): Symmetric-key algorithms are cryptographic algorithms that employ the same cryptographic keys both for plaintext encryption and ciphertext decoding. The keys could be identical, or there could be a simple transition between them.
2. Asymmetric-key encryption (public key encryption): Asymmetric-key algorithms encrypt and decrypt a message using a pair of related keys (one public key and one private key) and safeguard it from unauthorized access or usage.

The following topics of Elliptic Curve Cryptography will be discussed here:

1. Introduction to Elliptic Curve Cryptography
2. History of Elliptic Curve Cryptography
3. Components of Elliptic Curve Cryptography
4. Elliptic Curve Cryptography Algorithms
5. Application of Elliptic Curve Cryptography
6. ECC vs RSA
7. Elliptic Curve Diffie-Hellman Protocol Implementation
8. Types of Security Attacks
9. Benefits of Elliptic Curve Cryptography
10. Limitations of Elliptic Curve Cryptography
11. Conclusion

Introduction to Elliptic Curve Cryptography

ECC, as the name implies, is an asymmetric encryption algorithm that employs the algebraic architecture of elliptic curves with finite fields.

• Elliptic Curve Cryptography (ECC) is an encryption technology comparable to RSA that enables public-key encryption. 
•  While RSA's security is dependent on huge prime numbers, ECC leverages the mathematical theory of elliptic curves to achieve the same level of security with considerably smaller keys.
• Victor Miller and Neal Koblitz separately proposed elliptic curve ciphers in the mid-1980s. On a high level, they are analogs of actual public cryptosystems in which modular arithmetic is substituted by elliptic curve operations.

History of Elliptic Curve Cryptography

• Neal Koblitz and Victor S. Miller independently proposed the use of elliptic curves in encryption in 1985.
• Elliptic curve cryptography algorithms entered wide use from 2004 to 2005.
• In the mid-1980s, researchers found that examining elliptic curves could lead to the discovery of new sources of difficult problems. Elliptic Curve Cryptography (ECC) introduced a new degree of security to public key cryptosystems, that provide combined encryption and digital signature services.
• The security of elliptic curve cryptosystems, like that of all public-key cryptosystems, is based on tough mathematical issues at the core. Given two elliptic curve points G and Y, where Y = kG.
• The term "elliptic curve" is derived from the ellipse. Elliptic curves were discovered in the form of the Diophantine equation for c, after the 17th century. Furthermore, while calculating the surface of the ellipse is simple, calculating the circumference of the ellipse is difficult. The equation can be simplified to an integral:

Components of Elliptic Curve Cryptography

Below are the components of elliptic curve cryptography:

1. ECC keys:

•  Private key: ECC cryptography's private key creation is as simple as safely producing a random integer in a specific range, making it highly quick. Any integer in the field represents a valid ECC private key.
• Public keys: Public keys within ECC are EC points, which are pairs of integer coordinates x, and y that lie on a curve. Because of its unique features, EC points can be compressed to a single coordinate + 1 bit (odd or even). As a result, the compressed public key corresponds to a 256-bit ECC.

2. Generator Point:

• ECC cryptosystems establish a special pre-defined EC point called generator point G (base point) for elliptic curves over finite fields, which can generate any other position in its subgroup over the elliptic curve by multiplying G from some integer in the range [0...r]. 
• The number r is referred to as the "ordering" of the cyclic subgroup.
• Elliptic curve subgroups typically contain numerous generator points, but cryptologists carefully select one of them to generate the entire group (or subgroup), and is excellent for performance optimizations in calculations. This is the "G" generator.

Elliptic Curve Cryptography Algorithms

Based on the arithmetic of elliptic curves over finite fields, Elliptic-Curve Cryptography (ECC) provides numerous sets of algorithms:

Digital signature algorithms:

• Elliptic Curve Digital Signature Algorithm. (ECDSA): ECDSA, or Elliptic Curve Digital Signature Algorithm, is a more highly complicated public-key cryptography encryption algorithm. Elliptic curve cryptography is a type of public key cryptography that uses the algebraic structure of elliptic curves with finite fields as its foundation. Elliptic curve cryptography is primarily used to generate pseudo-random numbers, digital signatures, and other data.
• Edwards-curve Digital Signature Algorithm (EdDSA): The Edwards-curve Digital Signature Algorithm (EdDSA) was proposed as a replacement for the Elliptic Curve Digital Signature Algorithm for performing fast public-key digital signatures (ECDSA). Its primary benefits for embedded devices are higher performance and simple, secure implementations. During a signature, no branch or lookup operations based on the secret values are performed. Many side-channel attacks are foiled by these properties.

Encryption algorithms:   

• Elliptic Curve Integrated Encryption Scheme (ECIES): ECIES is a public-key authenticated encryption scheme that uses a KDF (key-derivation function) to generate a separate Medium Access Control key and symmetric encryption key from the ECDH shared secret. Because the ECIES algorithm incorporates a symmetric cipher, it can encrypt any amount of data. In practice, ECIES is used by standards such as Intelligent Transportation Systems.
•  EC-based ElGamal Elliptic Curve Cryptography: ElGamal Elliptic Curve Cryptography is the public key cryptography equivalent of ElGamal encryption schemes that employ the Elliptic Curve Discrete Logarithm Problem. ElGamal is an asymmetric encryption algorithm that is used to send messages securely over long distances. Unfortunately, if the encrypted message is short enough, the algorithm is vulnerable to a Meet in the Middle attack.

Key Agreement algorithm:

• Elliptic-curve Diffie–Hellman (ECDH): Elliptic-curve Diffie-Hellman (ECDH) is a key agreement protocol that enables two parties to establish a shared secret over an insecure channel, each with an elliptic-curve public-private key pair. This shared secret can be used directly as a key or to generate another key. Following that, the key, or the derived key, can be used to encrypt subsequent communications with a symmetric-key cipher.
• Fully Hashed Menezes-Qu-Vanstone(FHMQV): Fully Hashed Menezes-Qu-Vanstone is an authenticated key agreement protocol based on the Diffie-Hellman scheme. MQV, like other authenticated Diffie-Hellman schemes, protects against an active attacker. The protocol can be adapted to work in any finite group, most notably elliptic curve groups, in which it is recognized as elliptic curve MQV (ECMQV).

 Application of Elliptic Curve Cryptography

•  Diffie-Hellman: The basic public-key cryptosystem suggested for secret key sharing is the Diffie-Hellman protocol. If A (Alice) and B (Bob) initially agree on a given curve, field size, and mathematical type. They then distribute the secret key in the following manner. We can see that all we need to build the Diffie-Hellman protocol is scalar multiplication.
•  Elliptic Curve Digital Signature Algorithm (ECDSA): ECC is one of the most widely utilized digital signature implementation approaches in cryptocurrencies. In order to sign transactions, both Bitcoin and Ethereum use the field inverse multiplication, but also arithmetic multiplication, inverse function, and modular operation.
• Online application: Moreover, ECC is not limited to cryptocurrencies. It is an encryption standard that will be utilized by most online apps in the future due to its reduced key size and efficiency. Most commonly used in cryptocurrencies such as Bitcoin and Ethereum, along with single-way encryption of emails, data, and software.
• Blockchain application: The cryptocurrency Bitcoin employs elliptic curve cryptography.   Ethereum 2.0 makes heavy use of elliptic curve pairs with BLS signatures, as stated in the IETF proposed BLS specification, to cryptographically ensure that a specific Eth2 validator has really verified a specific transaction. 

ECC vs RSA

Below is the difference between ECC and RSA: 

ECC vs RSA: Key Length Comparison:

Elliptic curve Diffie-Hellman Protocol Implementation

Prerequisite: Basics of python programming language, basics of cryptography techniques, and Elliptic curve Diffie-Hellman Protocol.

Install tinyec in Python:

pip install tinyec

After the required modules and dependencies are installed then use the following code for the calculation of the shared secret key between user A and user B.   

# Importing required libraries used 
# to perform arithmetic operations 
# on elliptic curves
from tinyec import registry
import secrets

# Function to calculate compress point 
# of elliptic curves
def compress(publicKey):
 return hex(publicKey.x) + hex(publicKey.y % 2)[2:]

# The elliptic curve which is used for the ECDH calculations
curve = registry.get_curve('brainpoolP256r1')

# Generation of secret key and public key
Ka = secrets.randbelow(curve.field.n)
X = Ka * curve.g 
print("X:", compress(X))
Kb = secrets.randbelow(curve.field.n)
Y = Kb * curve.g 
print("Y:", compress(Y))
print("Currently exchange the publickey (e.g. through Internet)")

# (A_SharedKey): represents user A
# (B_SharedKey): represents user B
A_SharedKey = Ka * Y
print("A shared key :",compress(A_SharedKey))
B_SharedKey = Kb * X
print("(B) shared key :",compress(B_SharedKey))
print("Equal shared keys:", A_SharedKey == B_SharedKey)

Output:

Explanation:

• The following Python code generates an ECC private-public key pair for the recipient of the message (based on the brainpoolP256r1 curve), then derives a secret shared key (for encryption) and an ephemeral cipher - text key (for ECDH) from the recipient's public key, and then derives same secret key pair (for decryption) from the recipient's secret key and the previously generated ephemeral ciphertext public key.
• In an integrated encryption scheme, these keys will be utilized for data encryption and decryption. If you execute the code, the above output will differ (due to the randomness used to produce ciphertextPrivKey), but the decryption and encryption keys will remain the same.
• The process for producing a shared ephemeral secret key based on an ECC key pair described above is an example of a KEM (a key encapsulating mechanism) based on the ECC and ECDH.

Types of Security Attacks

• Side-channel attack: Side-channel attacks in elliptic curve cryptography are caused by unintended information leaking during processing. The computation of n*P, where n is a positive number and P is a location on the elliptic curve E, is a critical operation.
• Backdoor attack: Concerns have been made by cryptographic specialists that the National Security Agency has installed a kleptographic backdoor into at least one elliptic curve-based pseudo-random generator. According to one investigation of the potential backdoor, an attacker in possession of the algorithm's secret key might access encryption keys provided only 32 bytes of outputs.
• Quantum computing attacks: By calculating discrete logarithms on a hypothetical quantum computer, Shor's technique can be used to break elliptic curve cryptography. The most recent quantum resource estimates are 2330 qubits and 126 billion Toffoli gates for cracking a curve with only a 256-bit modulus (128-bit security level).

Benefits of Elliptic Curve Cryptography

•  Fast key generation: ECC cryptography's key creation is as simple as securely producing a random integer in a specific range, making it highly quick. Any integer in the range represents a valid ECC secret key. The public keys in the ECC are EC points, which are pairs of integer coordinates x, and y that lie on a curve.
• Smaller key size: Cipher text, signatures, and Elliptic-curve cryptography (ECC) is a public-key encryption technique based on the algebraic structure of elliptic curves with finite fields. Compared to non-EC encryption (based on ordinary Galois fields), ECC allows for fewer keys to guarantee equal security.
• Low latency: Signatures can be computed in two stages, allowing latency much lower. By computing signatures in two stages, ECC achieves lower latency than the inverse throughout. ECC has robust protocols for authorized key exchange, and the technology has widespread adoption.
• Less computation power: Since the ECC key is shorter the computation power is also less computational power, ECC offers high security with faster, shorter keys compared to RSA and take more energy to factor than it does to calculate an elliptic curve objective function.
• High security: A 256-bit ECC public key ensures comparable security to a 3072-bit RSA public key. With ECC, you may obtain the same level of security with smaller keys. ECC provides strong security in a world where mobile phones must do more and more encryption with fewer computational resources.

Limitations of Elliptic Curve Cryptography

•  Large encryption size: ECC increases the size of the encrypted message significantly more than RSA encryption. The default key length for ECC private keys is 256 bits, but many different ECC key sizes are conceivable depending on the curve.
• A more complex: The ECC algorithm is more complete and more difficult to implement than RSA. Algorithms cost have been computed from the computation of the elliptic curve operation and finite field operations that determine the running time of the scalar multiplication integer sub-decomposition (ISD) method. 
• Complex security: Complicated and tricky to implement securely, mainly the standard curves. If the key size used is large enough, ECC is regarded to be highly secure. For internal communications, the US government needs ECC with a key size of either 256 or 384 bits, depending on the sensitivity level of the material being communicated.
• Binary curves: Processing of binary curves is costly. Elliptic curve cryptography (ECC) employs elliptic curves over finite fields Fp (where p is prime and p > 3) or F2m (where the field size p = 2 m_). This means that the field is a p x p square matrix, and the points on the curve can only have integer locations within the field.

Conclusion

• Encryption strength: The main distinction between RSA and ECC certificates is the encryption strength. When compared to other approaches, such as RSA, ECC can provide a level of security that uses fewer processing resources to encrypt and decrypt data.
• ECC Keys feature: With a lower key length, Elliptic Curve Cryptography (ECC) delivers the same level of encryption strength as the RSA.ECC and other public key encryption systems use a mathematical technique to combine two separate keys and then use the resulting output to encrypt and decrypt data. One is a public key that anybody can see, and the other is a private key that only the sender and receiver of the data can see.
• ECC certificates: As a result, for Public Key Infrastructure, an ECC certificate provides more speed and security than an RSA certificate. Elliptic Curve Cryptography (ECC) provides an equivalent level of encryption strength to the RSA algorithm with a shorter key length.
• ECC curves: The elliptic curve over a finite area gives us more security. For contemporary ECC purposes, an elliptic curve is a plane curve over a finite field composed of points fitting the equation: Any point on the curve in this elliptic curve cryptography example can be mirrored over the x-axis and the curve will remain unchanged.
• Use of prime number: Zp (where p is a prime number) elliptic curve When p is a huge prime integer, it indicates that the cipher text is extremely tough to crack. The public and shared keys are both 257 bits long (65 hexadecimal digits, 256 bits due to key compression). The private keys KA and KB are different due to randomness, but the estimated shared secret key across (A) and (B) will always be the same.