Implementation of Elliptic Curve Arithmetic Operations for Prime Field and Binary Field using java BigInteger Class

— The security of elliptic curve cryptosystems depends on the difficulty of solving the Elliptic Curve Discrete Log Problem (ECDLP). Elliptic curves with large group order are used for elliptic curve cryptosystems not to solve ECDLP. We implement elliptic curve arithmetic operations by using java BigInteger class to study and analyze any elliptic curve cryptographic protocol under large integer for prime field and binary field.


I. INTRODUCTION
Elliptic Curve Arithmetic was applied on cryptography known as of Elliptic Curve Cryptography (ECC) was discovered in 1985 by Victor Miller (IBM) and Neil Koblitz (University of Washington) as an alternative mechanism for implementing public-key cryptography (PKC). ECC is a public key cryptography. In public key cryptography each user or the device taking part in the communication generally have a pair of keys, a public key and a private key, and a set of operations associated with the keys to do the cryptographic operations. Only the particular user knows the private key whereas the public key is distributed to all users taking part in the communication. Some public key algorithm may require a set of predefined constants to be known by all the devices taking part in the communication. "Domain parameters" in ECC is an example of such constants. Public key cryptography, unlike private key cryptography, does not require any shared secret between the communicating parties but it is much slower than the private key cryptography.
ECC can be used for providing the following security services: authenticated key exchange.
The recent progress in factorization and parallel processing leads to the need of larger and larger keys for public-key cryptosystems. But, the growth of keys length will do these cryptosystems slower than before. The use of ECC allows the increasing of security. In the same time, ECC decreases the overloading. ECC security consists in the difficulty to calculate logarithms in discrete fields (discrete logarithms problem): being given A (an element from a finite field) and , it is practically impossible to calculate x when A is big enough. Actually, there are several cryptosystems which are based on discrete logarithms problem in multiplicative group * . But these cryptosystems can be also defined in any other finite group, as the group of points of an elliptic curve. The intense research done on public-key cryptosystems, based on elliptic curves, demonstrated that ECC are suitable for the vast majority of existing applications. An ECC with 160-bit key offers a security level equivalent with that offered by a cryptosystem based on a 1024-bit Zp field. Because of this, ECC provide a feasible method of implementation for a high level security system on a PC card, on an intelligent card or on a mobile communications device.
The purpose of this paper is to provide a detailed implementation for elliptic curve arithmetic operations over prime field and binary field under large integers. This work supports to implement, analyze and study any elliptic curve cryptosystems over prime field and binary field under large integers. The organization of this paper is as follows. The section 2 includes finite field arithmetic operations over prime field and binary field and their properties. In section 3, we describe in details elliptic curve arithmetic operations over prime field and binary field and their geometric properties. The section 4 illustrates the implementation of elliptic curve

II. FINITE FIELD ARITHMETIC
A finite field is a field containing a finite number of elements. Fields are abstractions of familiar number systems (such as the rational numbers Q, the real numbers R, and the complex numbers C) and their essential properties. They consist of a set F together with two operations, addition (denoted by +) and multiplication (denoted by ·), that satisfy the usual arithmetic properties: o (F,+) is an abelian group with (additive) identity denoted by 0. o (F\{0}, ·) is an abelian group with (multiplicative) identity denoted by 1. o The distributive law holds: (a+b) · c = (a · c) + (b · c) for all a, b, c ∈ F.
If the set F is finite, then the field is said to be finite. Galois showed that for a field to be finite, the number of elements should be p m , where p is a prime number called the characteristic of F and m is a positive integer. The finite fields are usually called Galois fields and also denoted as GF(p m ). If m = 1, then GF is called a prime field. If m ≥ 2, then F is called an extension field. The order of a finite field is the number of elements in the field. Any two fields are said to be isomorphic if their orders are the same [4].

A. Field Operations
A field F is equipped with two operations, addition and multiplication. Subtraction of field elements is defined in terms of addition: for a,b ∈ F, a −b = a +(−b) where −b is the unique element in F such that b+(−b) = 0 (−b is called the negative or additive inverse of b). Similarly, division of field elements is defined in terms of multiplication:

B. Prime Field
Let p be a prime number. The integers modulo p, consisting of the integers {0,1,2, . . ., p −1} with addition and multiplication performed modulo p, is a finite field of order p. We shall denote this field by GF(p) and call p the modulus of GF(p). For any integer a, a mod p shall denote the unique integer remainder r, 0 ≤r ≤ p−1, obtained upon dividing a by p; this operation is called reduction modulo p [1]. Example

C. Binary Field
Finite fields of order 2 m are called binary fields or characteristic-two finite fields. One way to construct GF(2 m ) is to use a polynomial basis representation. Here, the elements of GF(2 m ) are the binary polynomials (polynomials whose coefficients are in the field GF(2) = {0,1}) of degree at most m −1: An irreducible binary polynomial f (x) of degree m is chosen. Irreducibility of f(x) means that f(x) cannot be factored as a product of binary polynomials each of degree less than m. Addition of field elements is the usual addition of polynomials, with coefficient arithmetic performed modulo 2. Multiplication of field elements is performed modulo the reduction polynomial f(x). For any binary polynomial a(x), a(x) mod f(x) shall denote the unique remainder polynomial r(x) of degree less than m obtained upon long division of a(x) by f(x); this operation is called reduction modulo f(x) [1].

A. Elliptic Curves over Prime Field -GF(p)
The elliptic curve over finite field E(GF) is a cubic curve defined by the general Weierstrass equation: 2 + 1 + 3 = 3 + 2 2 + 4 + 6 over GF where ∈ and GF is a finte field. The following elliptic curves are adopted from the general Weierstrass equation. The elliptic curve E(GF(p)) over prime field GF(p) is defined by the equation [1]: where > 3 is a prime and , ∈ ( ) satisfy that the discriminant 4 3 + 27 2 ≠ 0 (a1 = a2 = a3 = 0; a4 = a and a6 = b corresponding to the general Weierstrass equation).

1) Points on E(GF(p))
The elliptic curve E(GF(p)) consists of a set of points { = ( , )| 2 = 3 + + , , , , ∈ ( )} together with a point at infinity defined as O. Every point on the curve has its inverse. The inverse of a point (x, y) on E(GF(p)) is (x, -y). The number of points on the curve, including a point at infinity, is called its order #E. The pseudocode for finding the points on the elliptic curve E(GF(p)) is shown in Algorithm (1).

2) Arithmetic Operations on E(GF(p))
There is a rule, called the chord-and-tangent rule, for adding two points on an elliptic curve E(GF(p)) to give a third elliptic curve point. Together with this addition operation, the set of points E(GF(p)) forms a group with O serving as its identity. It is this group that is used in the construction of elliptic curve cryptosystems. The addition rule is best explained geometrically. Let = ( 1 , 1 ) and = ( 2 , 2 ) be two distinct points on an elliptic curve E. Then the sum of P and Q, denoted = ( 3 , 3 ), is defined as follows. First draw the line through P and Q; this line intersects the elliptic curve in a third point. Then R is the reflection of this point in the xaxis. This is depicted in Figure ( 7).

B. Elliptic Curves over Binary Field -GF(2 m )
A reduction polynomial ( ) must be firstly chosen to construct a binary field GF(2 m ). The elements generated by the reduction polynomial are applied to construct an elliptic curve E(GF(2 m )). The elliptic curve E(GF(2 m )) over binary field GF(2 m ) is defined by the equation [1]: where , ∈ (2 ) and ≠ 0.

1) Points on E(GF(2 m ))
The elliptic curve E(GF(2 m )) consists of a set of points:{ = ( , )| 2 + = 3 + + , , , , ∈ (2 )} together with a point at infinity. Every point on the curve has its inverse. The inverse of a point (x, y) on E(GF(2 m )) is ( , ⨁ ). The number of points on the curve, including a point at infinity, is called its order #E. The pseudocode for finding the points on the elliptic curve E(GF(2 m )) is shown in Algorithm (2).

2) Arithmetic Operations on E(GF(2 m ))
As with elliptic curves over GF(2 m ), there is a rule, called the chord-and-tangent rule, for adding two points on an elliptic curve E(GF(2 m )) to give a third elliptic curve point. Together with this addition operation, the set of points E(GF(2 m )) forms a group with O serving as its identity. The algebraic formula [1] for the sum of two points and the double of a point are the following. Example (6). (elliptic curve addition and doubling) Let's consider the elliptic curve defined in Example (5). a. Addition. Let = ( 5 , 12 ) and = ( 6 , 7 ). Then + = ( 12 , 7 ). b. Doubling. Let = ( 5 , 12 ).

C. Elliptic Curve Discrete Logarithm Problem
The security of ECC depends on the difficulty of Elliptic Curve Discrete Logarithm Problem (ECDLP). Let P and Q be two points on an elliptic curve such that kP = Q, where k is a scalar. Given P and Q, it is computationally infeasible to obtain k, if k is sufficiently large. k is the discrete logarithm of Q to the base P. Hence the main operation involved in ECC is point multiplication. i.e. multiplication of a scalar k with any point P on the curve to obtain another point Q on the curve.

1) Point Multiplication
Scalar multiplication is the computation of the form Q = k.P where P and Q are the elliptic curve points and k is an integer. This is achieved by repeated point addition and doubling operations. To calculate the above, integer k is represented as = −1 2 −1 + −2 2 −2 + ⋯ + 1 + 0 where −1 = 1 and ∈ {0, 1}, = 0, 1, 2, … , − 1. This method is called binary method [2] which scans the bits of k either from left-to-right or right-to-left. The Algorithm-3 given below illustrates the computation of kP using binary method. It can be used for both elliptic curves over prime field GF(p) and binary field GF(2 m ). The cost of multiplication depends on the length of the binary representation of k and the number of 1s in this representation. The number of non-zero digits is called the Hamming Weight of scalar. In an average, binary method requires (n-1) doublings and (n-1)/2 additions. For each bit .1., we need to perform point doubling and point addition, if the bit is .0., we need only point doubling operation. So if we reduce the number of 1s in the scalar representation or hamming weight, the speed of elliptic curve scalar multiplication will improve.

2) Order of Points
Let P ∈ E(GF(p)). The order of P is the smallest positive integer, r, such that rP = O where O is the group identity. Hasse's theorem [4] say that + 1 − 2√ ≤ ≤ + 1 + 2√ .

3) Attacks on ECDLP
The following algorithms can compute the elliptic curve discrete logarithm. Attacks on the ECDLP can be divided into three main categories: The discrete logarithm problem is of fundamental importance to the area of public key cryptography. Many of the most commonly used cryptography systems are based on the assumption that the discrete logarithm is extremely difficult to compute; the more difficult it is, the more security it provides a data transfer. One way to increase the difficulty of the discrete logarithm problem is to base the cryptosystem on a larger group.

IV. IMPLEMENTATION
The elliptic curve cryptosystems on a small group are susceptible to the attacks described above. Therefore, we have to implement the elliptic curve cryptosystems under large integers to increase the difficulty of the discrete logarithm problem. At first level, we implement finite field arithmetic operations using java BigInteger class [6]. For prime fields, we implement a PrimeField class with methods of arithmetic operations for addition, subtraction, multiplication, multiplicative inverse and division of elements in the prime field GF(p). And, for binary fields, we implement a BinaryField class with methods of arithmetic operations for addition, subtraction, multiplication, multiplicative inverse and division of elements in the binary field GF(2 m ) with reduction polynomial p. At second level, we implement elliptic curve arithmetic operations by using PrimeField class and BinaryField class. The ECCfp class is implemented by using methods of PrimeField class for point addition and point doubling over prime field GF(p). And the ECCf2m class is implemented by using methods of BinaryField class for point addition and point doubling over binary field GF(2 m ). At third level, we implement point multiplication for both ECCfp and ECCf2m by using algorithm (3). At fourth level, we will implement elliptic curve cryptosystems for our future research. For the implementation logic design of elliptic curve cryptosystems, the general hierarchy is shown in Figure (4

Figure (4). General logic design of implementation
We measure the performance of elliptic curve arithmetic basic operations: point addition and point doubling under prime field and binary field for comparison of execution time on the processor Intel Core i5@1.60GHz, 2.30GHz. The National Institute of Standards and Technology (NIST) submitted a report to recommend a set of elliptic curves for federal government use with larger key sizes [5]. We use NIST recommended elliptic curves for our research. The experimental results of elliptic curve arithmetic operations are shown in section (4.1). The performance results are listed in Table (3).
CONCLUSION The performance of elliptic curve arithmetic basic operations, point addition and point doubling, under prime field and binary field, depends on the performance of equivalent finite field arithmetic operations. As a result of the performance for finite field arithmetic operations in the paper [6], it proved that the java BigInteger class is more efficient for the software implementation of finite field arithmetic operations in prime field than in binary field. Therefore, the results of performance in the table (1) more proved that the java BigInteger class is more efficient for the software implementation of elliptic curve arithmetic operations in prime field than in binary field.