Improvement of Menezes-Vanstone Elliptic Curve Cryptosystem Based on Quadratic Bézier Curve Technique

Corresponding Author: Dua M. Ghadi Department of Mathematics, Faculty of Mathematics and Computer Science, University of Kufa, Iraq Email: doaam.zubaidi@student.uokufa .edu.iq Abstract: Cryptography is one of the most important applications and widely used in our life especially in the information security that needed by many government institutions, banks, communications and others to keep data over internet and other transportations that it is ensure safety of transfers between the sender and the recipient. The most important system in cryptography is public key cryptography and the mostly used is the elliptic curves cryptosystem, because of it is very efficient and secure and difficult to solve the discrete logarithm problem and find the secret key. In this study a new method is introduced using the Menezes-Vanstone Elliptic Curve Cryptosystem (MVECC) for data based on quadratic Bézier curve techniques. The purpose of this proposal is to increase the security of this cryptosystem. We will apply this proposed method to all measurements of National Institute of Standards and Technology (NIST) tests and running time and compared it with the original method.


Introduction
It is known that cryptography is one of the mathematical methods that ensure security of information communications, it contains algorithms and protocols which used to help it to do that, so cryptography it is very important for the security of communications between the sender and the recipient. Therefore, many researchers specialists in this approach developed the methods that used in cryptography to increase level of security of information exchange and reducing attacks, there are some research that has been using Bézier curves techniques like in (Srividya and Akhila, 2014) use quartic Bézier curve to improve encryption and decryption of data and to lower computational complexity which is depend on Galois field multiplication table. Abdul Wahab and Satter Jaber (2016) used quadratic Bézier curve in chebyshev to improvement NTRU and DES algorithm and also produce protocol depended on PGP behavior. Improve encryption algorithm for secure digital image depend on the scrambling the pixel's position and changing the gray value of image for pixel's image by using chaotic map and Bernstein from Bézier curve (El-Latif et al., 2011).
In this work, the proposition uses the Menezes-Vanstone Elliptic Curve Cryptosystem (MVECC) based on quadratic Bézier curve for encryption and decryption that depend on Bézier's point, the parameters of t in the interval, [0,1] the key and point of message. This proposed uses the ASCII code values to represent each characters of the text. This paper is organized as follows: Section 2 a Basic concepts of Quadratic Bézier Curve (QBC) and Elliptic Curve Cryptosystem (ECC), section 3 the proposed cryptography method using Menezes-Vanstone Elliptic Curve Cryptosystem and quadratic Bézier Curve, section 4 the implementation of example for proposed method, section 5 discussion and results of the comparison between the proposed method and the Original Method of Menezes-Vanstone Elliptic curve Cryptosystem and section 6 the conclusion and the advantages of the proposed method.

Basic Concepts of Quadratic Bézier Curve and Elliptic Curve Cryptosystem
Bézier curve it is one of the most important mathematical representations of curves and surfaces used in computer graphics and design forms. Therefore, in 1958Therefore, in -1960 was it the original development of Bézier curve in the cars manufacture by two French scientists Pierre Bézier and Paul de Casteljau. Bézier curves is polynomial curves and it is popularity used because it possess a number of mathematical properties which is easy to manipulation and analysis. A Bézier curve of degree n is specified by a sequence of n+1 points which are called the control points (Marsh, 1999).

Quadratic Bézier Curve (QBC)
Quadratic Bézier curve is described by three points P°, P1 and P2. The first point and the third point are "anchors". The second point affect the shape of the curve. The generated curve starts at the first point P° going toward the second point P1 and it settles at the third point P2. Therefore, this curve will not pass through the second point P1 (Armstrong, 2005).
To development of the quadratic Bézier curve let three control points P°, P1 and P2 with parameter t, which it a number between in the interval (0,1) (Joy Kenneth, 2000). ** P1 (1) be a point on the piece 1 PP  and defined by ( Fig. 1): (1) (1) (1) 2 1 2 Each of this points P1 (1) , P2 (2) and P2 (2) are a function of the parameter t and P2 (2) can be equated with B(t) since it is a point of the curve that agree upon to the parameter value t for developing the equation of the curve. In this way B(t) become the equation of Bézier curve: This is quadratic polynomial (Quadratic Bézier Curve): 0  t1, t2  1, where, (x, y) are the control points.

Elliptic Curves Cryptosystem (ECC)
Elliptic curves was use in cryptography by Neal Koblitz in 1987 (Kobliz, 1987) and Miller (1986). Since then, many research papers have been published in this approach about security and efficient of elliptic curves, where elliptic curve systems have begun to receive wide agreement and have been used by private companies to keep their security products (Hankerson et al., 2004). There are another type of cryptosystem is called the public key cryptosystem, or asymmetric cryptosystem. The most famous cryptosystems Point on the curve 717 that used in public key cryptography are known as RSA and ECC and they provides the same level of security but ECC deals with shorter keys than keys that used in RSA it about (160-256 bit vs. 1024-3072 bit). ECC is based on the discrete logarithm problem and can be realized in EC protocols like Diffie-Hellman key exchange using elliptic curves. ECC has advantages like few of computations and (short signatures and keys) over RSA and Discrete Logarithm (DL) schemes. The elliptic curves are more associated with the mathematical than those of RSA and DL schemes (Paar and Pelzl, 2010). There are cryptosystems based on elliptic curve cryptography like ElGamal elliptic curve cryptosystem and Menezes-Vanstone elliptic curve cryptosystem and more. Menezes-Vanstone Elliptic Curve Cryptosystem (MVECC) was one of a famous methods that used ECC and gave security for sender and recipient data (Menezes and Vanstone, 1993).

Definition 2.2.1
An elliptic curve E over a field Fp is defined by an equation: If p is an odd prime, then a and b shall satisfy (4a 3 + 27b 2  0) mod p in Fp and every point P = (xP, yP) on E (other than the point O) in Fp (Mogollon, 2007).

Operations on Elliptic Curve
There are many arithmetic operations that used in Elliptic curve cryptosystems schemes as studied in (Stallings, 2017):

Point Addition
Let P = (xP, yP) and Q = (xQ, yQ) such that P  -Q, are two points lie on an elliptic curve E defined the Equation (1). Then the sum R = P + Q = (xR, yR) is determined by the following:

Point Doubling
Let P = (xP, yP) be a point lies on E. Adding the point P to itself:

Multiplication
Let k is an integer and P = (x1, y1) is a point lies on E. Is defined as repeated addition: For example, the scalar multiplication 9P can be calculated by the following expression:

Negative of the Point
Let, P = (x, y) then the negative of the point P is -P = (x, -y) where, P + (-P) = P -P = 0.

Menezes-Vanstone Elliptic Curve Cryptosystem (MVECC)
This cryptosystem has no analogue for Discrete Logarithm Problem (DLP), this means that it does not depend on discrete logarithm problem like ElGamal cryptosystems. Once one has a curve and a point on it, one is sure to succeed in embedding data into the system. That is not true for the elliptic curve analogue of DLP, it is a variant of the ElGamal analogue (Sadiq and Kadhim, 2009). Therefore, in this cryptosystem the sender (Alice) and the recipient (Bob) are agree upon publicly an elliptic curve E over finite field Fp and abase point B on E. Bob chooses a secret integer d such that (1 < d < N), where N is the number of points of E and he computes and publishes his public key the point QB = dB Alice wants to send the message M = (m1, m2) to Bob, first she will choose a private random positive integer e such that (1 < e < N) then uses Bob's public key to compute QA = eQB = (k1, k2) and encrypt her message by compute: where, C = (c1, c2) is cipertext:

718
When Bob decrypts the ciphertext C = (c1, c2) he needs first to compute: Then he computes the following:

The Proposed Method
The modification of Menezes-Vanstone Elliptic curve cryptosystem MVECC has been produced in this section. This modification making the system has high level of security and more efficient than the original cryptosystem. This proposed based on the quadratic Bézier curve QBC technique (depend on the Equations (5) and (6)).
Assume that Alice and Bob want to communicate and exchange messages with each other using modified MVECC over insecure channel.
Firstly, they should agree on publicly an elliptic curve E over finite field Fp (E(Fp)) with equation: such that a and b satisfy the condition c: Secondly, they agree on secretly Bézier point (control point) BP = (x, y) and the parameters t = (t1, t2)  [0,1] mod p.
Bob chooses a private key d then computes and publish his public key by QB = dB.
Alice also chooses a secret random positive integer e and uses Bob's public key to compute QA = eQB = (k1, k2) and computes eB.
Encryption part (Alice): Wants to send the message M to Bob, she must first convert each character in the message M to ASCII value according to Table 1, by take every two characters (char1, char2) in the message M and separate them to represented as a point then convert each of them into ASCII value (M1, M2).
Then she computes the ciphertext using Bézier point BP = (x, y) and t = (t1, t2) [0,1] mod p and the key QA = (k1, k2) by: Then converts the ASCII value (M1, M2) into characters (char1, char2) and rewrite to (char1 char2) then he get the original characters. By same way for each two characters in the message M.

Implementation Example for Proposed Method
In this section, the implement the proposed method is studied in the following simple example: Alice and Bob Agree Upon 1) Wants to send the plaintext "Cryptography" and takes two characters (Cr), (yp), (to), (gr), (ap) and (hy) separates them as a points:

Results and Discussion
In this section, a comparison between the proposed method in this paper and the original method of MVECC is done the total running time in seconds to encryption and decryption of the message as in Table 2 and this 720 table shows that running time of the proposed method is almost the same in the original method for (1000, 3000 and 5000) characters, but the difference be in one-three seconds or the part of millisecond. According to the mathematical complexity for the number of operations which are used in the processing of encryption and decryption in Table 3 shows the proposed method possess operations of computational complexity more than in the original method and this make it more efficient from the original method where used Inv. for inverse operation, Mult. For multiplication operation, Add for addition operation and Sub for subtraction operation. In Table 4 it is done for testing of all the measurement of NIST tests between the proposed method and the original method.
We have programmed the two methods of the proposed and the original method on Core i3 computer with CPU 2.00GHz and RAM 4GB by using MATLAB R2018b (9.5.0.944444) 64-bit software to compute the running time for encryption and decryption of the messages with different sizes.
It is known that in the tests of NIST, the output values if it is a great than or equal (0.01) would be considered to be random and if it less than (<0.01) would be considered to be non-random. In our paper was put word "Success" for random and word "Failure" for non-random.
From Table 4, show that the Run test have been success for the original method and the proposed method, but in this test it we found that the proposed method has higher random than the original method and also at in ( show the original method was a failure because all of tests for it have values less than (0.01) and at in the proposed method was success because values of it was great than (0.01).

Table 2: The time implementation in encryption and decryption for the proposed method and the original method
The original method of MVECC The proposed method   2Inv. + 2Mult. 6Mult.+ 4Add+4Sub 6Mult.+ 8Sub +2Inv.  Table 4 show that the proposed method was success to had a higher random than the original method.

Robustness of Proposed Method
Assume that Eve is the attacker and she knowledgeable about the present algorithm. She can gain access and read the ciphertext C = (c1, c2) and eB, the parameters that available to her is the elliptic curve over finite field Fp and abase point B and the public key of Bob QB, because these chosen in publicly. Eve can't arrives to the secret random number e for Alice and private key d for Bob and also she can't arrives to BP = (x, y) and t = (t1, t2) [0,1] mod p because this points chosen in secretly, only Alice and Bob knows them.
Therefore, she will have difficulty for breaking ciphertext C = (c1, c2) because she can't get the following parameters {e, d, BP and t} and to computes and find the session keys (the keys who use to processing in the decryption to find the original message) using d or e and also BP and t (which are also has been consider as the keys) because these parameters are important for attacker to processing and find the original message. The parameters required to break the ciphertext are more than the original method.
Previously, in the original method of MVECC the parameters which can't get it was {e, d}. Therefore, the proposed method has more secure than the original method.
Finally, we can say that this proposed method showed an increase in the randomness of the output than in the original method due to the effect of BP = (x, y) and t = (t1, t2) [0,1] mod p on the encryption process and the processing technique which is used on it as shown the NIST measures in Table 4.

Analysis of the Proposed Method
The complexity of ECC (the difficulty of breaking it) is actually equivalent to solving the discrete logarithm problem. Finding the discrete logarithm of one element in EC does not help find the logarithm of any other element. Let E denote order of E and let r be the largest prime factor E of. Then the better known algorithms for finding discrete logarithms in E have complexity 0 r n

  
, such that n is the number of processors working on the problem. Thus, the mathematical complexity which is based on the largest prime factor E of and on the number of operations which are used during the processing of encryption and decryption (Al-Saffar et al., 2013). So, we will discuss analysis of the proposed method according to the mathematical complexity compared with the original method as follow.
The proposed method is more efficient than the original method of MVECC, because:

According the Time Implementation Between the Proposed and the Original Methods
It is known that cryptosystems often take a little different amounts of time to process different inputs, so we used different sizes bit of message and take same elliptic curve with prime number as in the example implementation in section 4 to compared between the proposed method and the original method with the time required to implement each process.
We note in the Table 2, that the proposed method is longer to decrypt than the original method, where the different was almost 1-4 sec. While in encryption the proposed method also longer to encrypt, the different was in the parts millisecond. Therefore, the different between them was very small.

Conclusion
In this paper we proposed a new technique to improve the Menezes-Vanstone Elliptic Curve Cryptosystem MVECC based on Quadratic Bezier Curve QBC to made it more secure and efficient, also used the ASCII value in this proposed to convert the text to numbers by taken every two characters in the message and separate them as a point and then convert into ASCII values. MVECC is a very important cryptosystem because of it the message not necessary be a point from the points on elliptic curve or the numbers of mathematical operations used it, so we were modified it using QBC equation and ASCII values. This proposed succeed to obtain a high level of security compared it with the original method of MVECC in all testing of the NIST according to the results in the Table 4. This modification improved the MVECC and make it has a higher level of security and the mathematical complexity of the proposed method is more efficient than the original method because it has more numbers of operations which 722 are used in encryption and decryption processes as shown in Table 3. Although the time implementation of the proposed method is slow compared to the original method as shown in Table 2, we have obtained much higher level security than the original method.