Hash Function and Digital Signature based on Elliptic ...

14th international conference on Sciences and Techniques of Automatic control & computer engineering - STA'2013, Sousse, Tunisia, December 20-22, 2013

STA'2013-PID3262-BSP

Hash Function and Digital Signature based on Elliptic Curve Dridi Manel, Ouni Raouf, Haddaji Ramzi and Abdellatif Mtibaa CSR GROUP of EμE laboratory University of Monastir – TUNISIA, National Engineering School of Monastir, University of Monastir – TUNISIA [email protected], [email protected] section, we will define hash function and elliptic curve. In the third section we will describe the algorithm of Pizer hash function also the algorithm of digital signature ECDSA. The fourth section shows some examples treated. Finally, we will conclude this paper.

Abstract— this paper, present Pizer hash function based on elliptic curve and expander graph. First it describes how a Pizer hash function is used to hash a message. then, it presents the different steps to sign a message, already hash with Pizer hash function, using Elliptic Curve Digital Signature Algorithm (ECDSA). Finally, examples and results have been elaborated under the MATLAB environment and an explication why the hash function is efficient is given. Also we justify the robustness of the hash function.

II. Hash function and elliptic curve A. Hash function Hash function is widely used in cryptography to protect information authenticity and integrity. It is a transformation that generates a small hash value h with the input of arbitrary large size m (that is, h=H(m)) which can safely determine the initial data cryptographic. Hash function [14] may satisfy three major properties: collision resistance (Two input strings can’t have the same digest value), preimage resistance(It is computationally hard to find the message from the digest) and second preimage resistance(it should be dificult given a message to find a second message that hashes to the same value). A small modification in a message or document results in a complete different digital fingerprint. Hash functions are used in several applications like digital signature scheme.

Keywords: Cryptography, elliptic curve, hash function, Pizer graph, digital signature ECDSA. I. Introduction Cryptography is one of the most efficient solutions to protect private information, also to guaranty confidentiality, integrity and the authenticity of data or image. Today, the proliferation of communication systems allowed cryptography to extend his activity reach while developing several encryption methods to ensure security in the exchange information. In fact, the incredible expansion of the internet was accompanied by a sharp increase of the violations of the security in different world-wide networks (banking networks, telephone networks, etc) this often led to grievous economic consequences. Therefore, the necessity to invent and developed a new algorithms and techniques more secure and perform to check the safety of exchanged information confidentiality integrity and authenticity. Then, the appearance of cryptography based on elliptic curves.

B. Elliptic Curve (EC) EC was proposed in 1985 [12], by V.Miller and N. Koblitz. It is not a curve which has an ellipse form. The study of these was started in the nineteenth century to solve the difficult problem of calculating the perimeter of an ellipse. The arithmetic properties and features of elliptic curves present an interesting fortuitous for cryptography.

An interesting axis of cryptography is the hash function that is very useful for different applications: They are used in encryption, the exchange of the keys, the digital signatures etc. In the past few years, various cryptanalysis results have shown that a variety of cryptographic hash functions based on design principle such as MD5 and SHA1[13] was vulnerable to the collision attack. This may pose a serious security problem that should be replaced and shouldn’t be used further for applications. Today, the cryptographic community should put considerable efforts into the search for better design criteria for the long term security.

Each point P=(xp,yp) which satisfy the elliptic curve equation is a point on the elliptic curve.

In this context, this paper is situated, exactly on a recent collision resistant hash function based on the elliptic curves. This paper is organized as follows. In the next

For a cryptographic use to the elliptic curve, we add a point at infinity, noted O. We can define a group structure, additive Abelian group, with the set of

978-1-4799-2954-2/13/$31.00 ©2013 IEEE

The simpler form of the elliptic curve (Weierstrass equation [2,11]) is: (1) E: y² = x3 + Ax +B with

A; B  Fq

Δ = −16(4 A3 + 27 B 2 )

≠0

And the j-invariant of E is j(A,B) = 1728

388

.


2-isogeny. Let φ : E → E’ thee isogeny and let C = be a subgroup of order 2 on an elliptic curve E with E is given by (1) and C = kerr φ is explicitly given. We denote E’ by E/C. Note that for f a general (i.e., ordinary) elliptic curve α may be defineed over a cubic or quadratic extension field. For a subgrouup C = ⊂ E[2], the elliptic curve E/C is defined by b the equation(3):

points on the curves and the point at innfinity O [1]. The addition operation defined with: (P1, P2)  E, P1 + P2 = O * (P1 * P22)

(2)

is based on the geometrical proprieties of elliptic curve. -Over Fp, two elliptic curves are isomoorphic if and only if they have the same j-invariant [8]. -For a positive integer n, the set of n-toorsion points of E is E[n] = {P  E(Fp) | nP = OE}. E over Fp, a -Set two elliptic curves E and E’ homomorphism φ : E → E’ is a morphhism of algebraic curves that sends OE to OE’. a isogeny, and a -A non-zero homomorphism is named an separable isogeny with the cardinality ℓ of the kernel is named ℓ -isogeny.

y2 = x3 - (4a + 15α2) x + (8b - 14α 3) Therefore, E/C is definedd over

(3) Fp 2 when E is

supersingular. Moreover, the unique u isogeny

φα : E → E/C is given by the equation (4): 3α 2 +a (3α 2 +a)y φα : (x,y) 6 (x+ ) ,yyx-α (x-α) 2

III .Pizer Hash function and digital siignature ECDA

(4)

2.Walk in the graph A. Pizer graph

We will describe in this sectioon, the different steps to be followed to calculate the hassh message. First, convert the message in base ℓ(ℓ=2). Then, T fix a vertex E0 which represents the starting vertexx of the path in the ℓ+1regular graph. The content off massage (message already converted before), allows movving of a vertex to another, without backtracking, with onnly two choices are allowed at each step. For each verrtex, we must order the different edges correspondingg to paths that come back to a markup edges connecting the first vertex E0 to last vertex En [2]. In path (walk) the number n of vertex is defined depending on the lenggth of the message.

The Pizer graph G(V,E) is a Ramanujann graph, a special type of expander graph [8,11]. For definnition or detail of expander graph see [10]. It’s defined by b the vertex set, V, and by the edges set, E. With V represent all the supersingulaar elliptic curves over the finite field Fp 2 characterized by b a j-invariants, which can be calculated directly from m the equation of the curve and are a priori elements of Fp 2 and E present all of isogenies between thesse curves. Fig 1 depicts a simplified representation of Piizer graph.

E0

The vertices of Pizer graph set, V, aree constructed by classes of supersingular elliptic curve, which have the same j-invariant. These vertices are coonnected between them by the edges which are isogenies of degree ℓ (ℓ is a prime number distinct from p). Set p (a ( prime number) and ℓ being fixed to walk around the graph g of a vertex Ei to another. We have ℓ + 1 possiibilities or paths emanating from each vertex Ei. They saay that the graph is ℓ + 1 regular [2]. In cryptography, p is taken of the order of 2256 and ℓ relatively small with respect to p.

Ф1

E1

Ф2

E2

Ф3

…

Фn

E n.

As follows, we present thhe algorithms define the different step to compute the hash h value of the message. 1) First, fix a starting vertex E0 in the graph: set initial parameters prime p and a suppersingular elliptic curve E0 over Fp 2 (in Weierstrass form m (1)). 2) Second, convert the inpuut message m to a binary string (base ℓ = 2) with n is the length of the string, therefore m = m1m2……..mn. 3) Using the convert messaage to walk the graph is defined as follows, let: 2

- Ei : yi = fi(x) be the curvee at each step - Pi1; Pi2; Pi3 be the non-triviaal points of Ei at each step [2] -

φi +1 : Ei →

Ei+1 represent the isogeny corresponding

to the edge (Ei;Ei+1). 4) Find the three roots, P01; P02; P03 of f0(x), corresponding to E0 where the cubic f0(x) factors as (x – x01)(x –x02)(x –x03) Then If the first bit =0, set E1 = E0/< and set

Figure 1: Pizer graph.

1.Vélu’s formulas (particular case : ℓ=2)

x2 =

φ1 (P03).

If the first bit =1, set E1 = E0/
and set

We use Vélu’s formulas [8,11] to compuute the

x2 = 389

φ1 (P02).


These computations use Vélu’s formulas (see section III.1.a). 5) For each bit in the string, using Vélu’s formulas, we follow this steps (it’s more explained in section IV.2):

1. Verify that p is an odd prime number. 2. Verify that Q(xG, yG) ≠ ∞. 3. Check that a, b, xG and yG lie in Fq. 4. Check that a and b the parameters of curve, verify the equation: 4a3+27b2 ≠ 0 (mod p) over Fq 5. Verify that Q is a point in the elliptic curve (equation 1) defined by a and b. 6. Verify that the order of point P, n is a prime number. 7. Verify that nQ= ∞ and verify that n≠p.

i) Compute the roots of fi(x)/(x -xi) to get Pi1 and Pi2. ii) If the ith bit = 0, set Ei+1 = Ei/ and calculate xi = x( φi +1 (Pi2)). iii) If the ith bit = 1, set Ei+1 = Ei/ and calculate

3. Digital signature ECDSA generation

xi = x( φi +1 (Pi1)).

First, Alice generate a random number k, where 0