New DES based on elliptic curves

Abstract It is known that symmetric encryption algorithms are fast and easy to implement in hardware. Also elliptic curves have proved to be a good choice for building encryption system. Although most of the symmetric systems have been broken, we can create a hybrid system that has the same properties of the symmetric encryption systems and in the same time, it has the strength of elliptic curves in encryption. As DES algorithm is considered the core of all successive symmetric encryption systems, we modified DES using elliptic curves and built a new DES algorithm that is hard to be broken and will be the core for all other symmetric systems.


Introduction
Without any doubt the fi rst and the most signifi cant modern symmetric encryption algorithm is that contained in the Data Encryption Standard (DES) [2]. DES was published by the United States' National Bureau of Standards in January 1977 as an algorithm to be used for unclassifi ed data. The algorithm had been used in banks for funds transfer security [3]. DES encryption was broken in 1999 by Electronics Frontiers Organization. This resulted in NIST issuing a new directive that year so Triple DES that is three consecutive applications of DES was appeared but as DES became unsecured, researchers proposed a variety of alternative designs, which started to appear in the late 1980s and early 1990s: examples include RC5, Blowfi sh and IDEA. Most of these designs kept the 64-bit block size of DES; DES itself can be adapted and reused in more secure schemes [8].
In 2001, after an international competition, NIST selected a new cipher, the Advanced Encryption Standard (AES), as a replacement. The algorithm which was selected as the AES was submitted by its designers under the name Rijndael. Other fi nalists in the NIST AES competition included RC6 and Twofi sh. In our study, we will go back to the past and try to bring back DES to life by using elliptic curves which are considered the simplest possible curves after lines and conics. Elliptic curves over fi nite fi elds provide an inexhaustible supply of fi nite abelian groups. Such curves involve elementary arithmetic operations that make it easy to implement (in either hardware or software) [7]. They are generally more secure than others. Elliptic curves could easily be applied to DES to improve its performance and make it hard to be broken. In the coming sections, you will see how we modify DES to increase its complexity and how to make it secured. The modifi cations will be accomplished through four stages. The 1st stage will be the base for the last three succeeded stages.

Stage 1: Regular DES
DES is a block cipher, meaning it operates on plaintext blocks of a given size (64-bits) and returns cipher-text blocks of the same size. Each block of 64 bits is divided into two blocks of 32 bits each, a left half block L and a right half R. The operation of the DES can be described in the following three steps: Step 1: Initial permutation IP: The 64 bits of the input block to be enciphered are fi rst subjected to IP. This rearranges the bits according to matrix, where its entries show the new arrangement of the bits from their initial order.
Step 2: Iterate the following 16 rounds of operations as in equation (1).
Here k i is called "round key" which is a 48-bit substring of the 56-bit input key; f is called "S-box Function" ("S" for substitution) and is a substitution cipher. This operation features swapping two half blocks, that is, the left half block input to a round is the right half block output from the previous round [3].
Step 3: The result from round 16, ( , ) L R 16 16 , is input to the inverse of IP to cancel the eff ect of the initial permutation. The output from this step is the output of the DES algorithm. We can write this fi nal step as equation (2).
Please pay a particular attention to the input to IP 1 -: the two half blocks output from round 16 take an additional swap before being input to IP 1 - [9]. These three steps are shared by the encryption and the decryption algorithms, with the only diff erence in that, if the round keys used by one algorithm are , , , … k k k 1 1 6 2 , then those used by the other algorithm should be 15 , , , … k k k 16 1 . This way of arranging round keys is called "key schedule". All these steps are shown in Figure 1. These steps are accomplished in MATLAB to be the base of our work.

Elliptic Curves (EC)
An elliptic curve is the set of solutions ( , ) x y to an equation (3) where a and b are constants. Note that the right-hand side is a special cubic polynomial. The left-hand side is a quadratic term. The defi nition of elliptic curve also requires that the curve be non-singular. Geometrically, this means that the graph has no cusps or self-intersections. Algebraically, this involves calculating the discriminant shown in equation (4) in order to prevent repeated roots on the right-hand side [6].
The curve is non-singular if and only if the discriminant is not equal to zero Despite their simple form, elliptic curves have been studied for many years and have many signifi cant applications in mathematics. Maybe one of the most interesting results related to the application of elliptic curves is that they are used to prove Fermat's Last Theorem [5].
ECC is particularly benefi cial for application where: • Computational power is limited (wireless devices, PC cards).
• Integrated circuit space is limited (wireless devices, PC cards).
Let's examine some properties of elliptic curves to generate points used in encryption.

The group law
One of the interesting and powerful features of elliptic curves is that by using a special 'add' operation, any two points added together will result in a third point on the same curve.
Adding points on an elliptic curve: Given two points x y = 2 on the elliptic curve (see Figure 2), the point u v + is calculated by the following steps: Step 1: Drawing a straight line through u and v and fi nding the third intersecting point w; Step 2: Drawing a vertical line through w (and O) and fi nding the third intersecting point u v + [4].

Figure 2
The addition of two points on EC To make this rule work, we assume the following: • An extra imaginary point O on the curve, also known as the identity element or the point at infi nity. It has no specifi c ( , ) x y coordinates, but one might imagine that its location is infi nitely high above the curve where all vertical lines converge.
• A line tangent to a point on the curve is said to intersect the point twice. Think of the tangent as the limit of a line through two distinct points as the points approach each other [7]. You can observe in Figure 3 (a) that the curve has self intersection if 2 b = or 2 -so the curve in this case is called singular and the singular curves are not preferred in encryption as it is so simple to be broken. In our algorithm, all stages, we should use non-singular elliptic curves that have no self intersection for encryption. Some of these curves, which are used in our algorithm, are shown in Figure 3. (b, c) and (d).

Stage 2: S-boxes modifi cation
We will modify only in the cipher function using EC's as in the following:

The Cipher Function f
A sketch of the calculation of ( , ) f R Kn is given in Figure 4. DES operates on the 64-bit blocks using key sizes of 56-bits. The keys are actually stored as being 64 bits long, but every 8th bit in the key is not used (i.e. bits numbered 8, 16, 24, 32, 40, 48, 56, and 64). However, we will nevertheless number the bits from 1 to 64, going left to right, in the following calculations. But, as you will see, the eight bits just mentioned get eliminated when we create sub-keys.
The 64-bit key is permuted fi rstly to be transformed into 56-bit key. Then it will be subjected to some shifting to the left to generate the 16 subkeys and fi nally all sub-keys will be permuted again to be transformed into 48-bit key. This function takes a block of 32 bits (R) XORing with the secret key ( Kn ) as input written as 8 blocks of 6 bits each. Each of the unique selection functions , , ..., , S S S 1 2 8 takes a 6-bit block as input and yields a 4-bit block as output. S-boxes in DES are arrays whose cells are known but in this stage, the cells of S 1 for example, are generated from diff erent elliptic curves as the x-coordinates of double of their base points and the cells of S 2 are generated from the same elliptic curves as the y-coordinates of these points. In the same way, we can generate S 3 and 4 , S S 5 and S 6 , and fi nally S 7 and S 8 .

Stage 3: Sub-keys modifi cation
We will keep everything in stage 2 except we will generate the subkeys using elliptic curve equation. So we will cancel the regular DES key and all operations applied on it. The 64-bit key will be generated from the elliptic curve and we can generate the sub-keys using the addition of points on the same elliptic curve.

= + +
Decryption in all previous steps is simply the inverse of encryption, following the same steps as above, but reversing the order in which the sub-keys are applied exactly as the regular DES.

Stage 4: New DES
We will keep everything in stage 3 except that the input will be represented in another elliptic curve equation. We used an elliptic curve to mask the plaintext.

Input masking
To mask an ordered pair of elements 1 ( , ) m m 2 with an elliptic curve means to alter the pair by multiplying 1 m and m 2 with the x and y coordinate, respectively, of some point on the curve. Consider that ( , ) T x x = 1 2 is the pair of plaintexts, each plaintext 1 ( , ) x x 2 represents two alphabetic characters in this case, and "a" corresponds to 1, "b" to 2, "c" to 3, … ., "z" to 26, with the point 1 ( , ) c c K P = 2 where P is the selected base point of the used elliptic curve and K is a secret random integer number that is varying per plaintext. It depends on the order of the used elliptic curve.
The masking process is used actually as an encryption method using elliptic curves and it's easier in decryption, so we are going to use the masking process in our algorithm. The 64 bits of the input block to be enciphered are fi rst subjected to masking process.
The input to the DES scheme is M is considered the permuted input to the calculations of 16 rounds to produce the pre-output block. We select a non-singular elliptic curve to carry out this process. Then we complete the DES algorithm as previous, the output (M) is subjected to an initial permutation IP and complete as what happen in the regular DES. Figure 5 explains the encryption algorithm in this stage.

Decryption algorithm
Decryption algorithm is also the inverse of the encryption but slightly diff erent as shown in Figure 6.
The output of the DES decryption algorithm ( , ) M y y = 1 2 is subjected to the inverse of the masking process according to equations 5 and 6.

Comparison between stages
From all previous stages, we can see that starting from stage 2 the cipher function varied according to changing of the parameters of EC's also the subkeys are varied from the 3 rd stage. The comparison between all stages will be explained in Table 1.

Conclusion
In our study, DES algorithm has been modifi ed and we build a new DES based on many elliptic curves equations. We apply the new DES algorithm on MATLAB. This new algorithm will be the core of symmetric cryptosystems like Blowfi sh and Twofi sh for example. As soon as, we change the parameters of the equation, we get diff erent elliptic curves, diff erent points and of course, diff erent cipher functions and keys. By this new algorithm, we made a complication in DES computations to be hard to be broken and it is still easy to be implemented on hardware like DSP's, Microprocessors, and any embedded systems.