28 elliptic curves cryptography on high dimensional surfaces

International Journal of Advanced Engineering Research and Science (IJAERS) [Vol-4, Issue-2, Feb- 2017] Â https://dx.doi.org/10.22161/ijaers.4.2.28 ISSN: 2349-6495(P) | 2456-1908(O)

Elliptic-Curves Cryptography on HighDimensional Surfaces Alberto Sonnino1, Giorgio Sonnino2,3

1

Department of Computer Sciences, University College of London (UCL), LONDON, UK Email: alberto.sonnino.15@ucl.ac.uk 2 Department of Theoretical Physics and Mathematics, UniversitĂŠ Libre de Bruxelles (ULB), BRUSSELS, Belgium Email: gsonnino@ulb.ac.be 3 Royal Military School (RMS), BRUSSELS, Belgium Email: gsonnino@ulb.ac.be

Abstract— We discuss the use of elliptic curves in cryptography on high-dimensional surfaces. In particular, instead of a key exchange protocol written in the form of a bi-dimensional row, where the elements are made up with 256 bits, we propose a Diffie-Hellman key exchange protocol given in a matrix form, with four independent entries each of them constructed with 64 bits. Apart from the great advantage of significantly reducing the number of used bits, this methodology appears to be immune to attacks of the style of Western, Miller, and Adleman, and at the same time it is also able to reach the same level of security as the cryptographic system presently obtained by the Microsoft Digital Rights Management. A nonlinear differential equation (NDE) admitting the elliptic curves as a special case is also proposed. The study of the class of solutions of this NDE is in progress. Keywords— Elliptic-curve cryptography, Elliptic-curve discrete log problem, Public key cryptography, Nonlinear differential equations.

I. Â INTRODUCTION As known, encryption is the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties. The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted via the Internet or other computer networks. Encryption algorithms can provide not only confidentiality, but also authentication (i.e., the origin message is verified), integrity (i.e., the contents of the message have not been changed), and non-repudiation (i.e., the sender cannot deny to be the author of the message) [1,2]. Elliptic curves are more and more used in cryptography [3,4]. The main advantages to use the elliptic curves in cryptography is that shorter encryption keys use fewer memory and CPU resources [5]. The main concept behind this is the use of the so-called one-way functions. A one-way function is a function for which it is relatively easy to compute the image of some elements in the domain

but it is extremely difficult to reverse this process and determine the original element solely based on the given image [6]. More precisely, according to the Federal Office for Information Security (BSI), the recommended security parameters for elliptic curves is 256 bits (standards during the years 2017-2021) [7]. However, to manipulate data with this degree of security is computationally expensive and often impossible on embedded systems. At present many industrial systems adopt (much) less secure methodologies. This necessitates a re-evaluation of our cryptographic strategy. The question is: are we able to obtain the same degree of security with small embedded microprocessors managing only 64-bit operations? The solution of this problem entails several steps: A) First step: Research The solution of this problem requires new mathematical concepts and algorithms. B) Second step: Commercialization Once found the solution, the process is concluded with the start-up of the commercialization of the product. This manuscript deals only with the first step. We shall introduce a hyper-surface in an arbitrary (đ?‘› # +1)-­â€? dimensional space with n denoting a positive integer number), and we use the idea of the one-way function possessing also the property of being a trap function. The encrypted shared-key, instead to be written as a (very large) scalar number is brought into a matrix form. We shall prove that we may obtain the same degree of security as the one obtained by the Microsoft Digital Rights Management by sending an encrypted shared-matrix with four independent entries, each of them made up by 64 bits. The encrypted information is successively transmitted through elliptic curves obtained by projecting the hypersurface imbedded in a (đ?‘› # +1)-­â€?dimensional space onto perpendicular planes. This methodology allows reaching the same level of security as the cryptographic system presently obtained by the Microsoft Digital Rights Management [8].

www.ijaers.com                                                                                                                                                                             Page  |  140 Â

for example, x2 = c2 = const., x3 = c3 = const. and ai (i = 1, ¡ ¡ ¡ , 4) and b denoting elements of the field K. for x4 = cwith 4 = const.) and by rotating the indexes, Eq. (1) defines Examples of fields K are the Real Numbers, R, the Rational together with the points at infinity O,C four Numbers, Q, the Complex Numbers, or the distinguished Integers modulo twodimensional elliptic curves E : p, Z/pZ. By fixing three ofithe four variables setting, International Journal of Advanced Engineering Research and Science (IJAERS) [Vol-4, Issue-2,xFeb  i (by 2017] n x2 = c2 = const., x3 = c3 o= const. and for example, https://dx.doi.org/10.22161/ijaers.4.2.28 ISSN: 2349-6495(P) | 2456-1908(O) (y, xi )and | y 2by=rotating x3i + the ai xindexes, [ (1)Odefines (2) for i = (1, x4E=i c= i + bi Eq. 4 = const.)

The manuscript is organized as follows. In Section (II) we with đ?‘– with = 1,the ‌ points , 4 and together at infinity O, four distinguished twowith i = (1, ¡curves ¡ ¡ , 4)Ei : and dimensional elliptic introduce high-dimensional surfaces cryptography n o (HDSC) and the elliptic curves constructed through these b1 ⌘ Eb + c3 + c3 +2c34 + a3 c3 + a4 c4 (2) wit x3i a +2aci2x+ i = 2(y, xi )3 | y = i + bi [ O hyper-surfaces. Without loss of generality, we shall limit 3 3 3 elli b2 ⌘ with b + c1i = +(1, c3 ¡+ a1 c 1 + a3 c3 + a4 c4 4 + and ¡ ¡ c, 4) ourselves to the case of đ?‘› = 2 (i.e., to a 5đ??ˇ-space). The y= 3 3 3 3 33 b3 ⌘ bb1 + c4c4++aa12 cc21 ++aa3 c23c+ ⌘ bc1++ c2 c+2 c+ a4 ca44 c4 2+ with i = ( 3+ generalization to (đ?‘›# + 1)-dimensional space is • S elliptic cur ⌘ bc3++ c3 +3 c33 +c3c34+ + aa11 cc11 + a c b4 ⌘ bb2 + +aa3 c23c+ straightforward. The definition of the groups in elliptic 2 +4 a43 c3 1 1 c2 + 3 y = 0 allo for b3 ⌘ b + c31 + c32 + c34 + a1 c1 + a2 c2 + a4 c4 curves on high-dimensional surfaces and the elliptic curve • Scalar tha being ci (i b= 1 ¡ ¡ ¡34) elements of K. In order to avoid 3 3 4 ⌘ b + c1 + c 2 + c3 + a1 c 1 + a2 c2 + a3 c3 discrete log problem can be found in the Subsections (IIbeing đ?‘?these 1, ‌ , 4) elements đ??ž. In to order avoid allows isdefi p ,  (đ?‘– = parameters degeneracy, are of subject theto following A) and (II-B), respectively. Concluding remarks are op being ci (i =these 1 ¡ ¡ parameters ¡ 4) elementsareofsubject K. In toorder to avoid that theThe degeneracy, the following restrictions is perform reported in the Section (IV). degeneracy, restrictions these parameters are subject to the following wh

The scalar

restrictions 3 4a31 + 27(b + c2 + c33 + c34 + a2 c2 + a3 c3 + a4 c4 )2 6= 0 (3) where •is R v 3 3+ c32 + 3 c33 +3c34 + a2 c2 + a3 c3 + a4 c4 )2 6=20 (3) • Reflectio 1 + 27(b for 4a32 +4a 27(b + c + c + c + a c + a c + a c ) = 6 0 1 1 3 3 4 4 1 3 3 43 for Pi sati =( 4a32 + 27(b3+ c31 + c3 +3c4 + a1 c1 + a3 c3 + a4 c4 )2 6=20 3Z/pZ, II.  ELLIPTIC-CURVES CRYPTOGRAPHY ON Clearly, of the of groups in elliptic curves on on high-dimensional Clearly, incase case of K = we associate may associate four2 4modules the groups in elliptic curves high-dimensional surfaces surfaces of K = Z/pZ, we may four modules 4a33 +in27(b + c + c ) 6= 0 satisfying 3 3 c4 3+ a1 c1 + a2 c2 + a4 c 1 3 2+

HIGH DIMENSIONAL SURFACES andelliptic the elliptic curve discrete problem canbe be found found in and the curve discrete loglog problem can in the Subsections (II-A) (II-B), respectively.Concluding Concluding the Subsections (II-A) and and (II-B), respectively. remarks are reported in the Section (IV).dealing with a fiveWe the methodology by remarks areillustrate reported in the Section (IV). dimensional elliptic curve,Ceven though theONprocedure is II. E LLIPTIC -C URVES RYPTOGRAPHY H IGH II. E LLIPTIC -C URVES C RYPTOGRAPHY ON H IGH straightforwardly generalized toS URFACES elliptic curves on surfaces D IMENSIONAL D IMENSIONAL S#URFACES imbedded in anthe arbitrary (đ?‘› +1)-dimensional space, with We illustrate methodology by dealing with a fiveWe dimensional methodology bythough dealing with a which fivecurve, procedure is nillustrate denoting the aelliptic positive integereven number (thethe reason for dimensional elliptic curve, eventothough the procedure is straightforwardly generalized elliptic curves on surfaces only spaces of such dimension are allowed will soon be 2 elliptic curves on surfaces straightforwardly generalized imbedded in an arbitrary (nto + 1)-dimensional space, with n clear). For the sake of simplicity, in this workforwewhich shallonly limit denoting (the reason space, imbedded in ana positive arbitraryinteger (n2 +number 1)-dimensional with n ourselves to the analysis of elliptic curves on spaces of such integer dimension are allowed will soon clear).only For5denoting a positive number (the reason forbewhich dimensional surfaces. The generalization to the general the sake of simplicity, in this work we shall limit ourselves to spaces of such dimension are allowed will soon be clear). For # the analysis of elliptic curves on 5-dimensional surfaces. The case (i.e., to the in case elliptic on (đ?‘› +1)-hyperthe sake of simplicity, thisofwork we curves shall limit ourselves to generalization to the general 1case (i.e., to the case of elliptic surface) straightforward . In a 5-dimensional space, the the analysis of is elliptic curves on 5-dimensional surfaces. The curves on (n2 + 1)-hyper-surface) is straightforward1 . In a 5generalization general case (i.e., to the of elliptic surfaces to onthe which thesurfaces elliptic curves are defined, are the dimensional space, the on which thecase elliptic curves 1 curvesare on defined, (n2 +of1)-hyper-surface) is straightforward . In a 5solutions the equation are the solutions of the equation dimensional space, the surfaces on which the elliptic curves 4 n o X 2 equation are defined, the E =are(y, x1 ,solutions x2 , x3 , x4 )of| ythe = x3 + A ¡ X + b (1) i

n

4 i=1 X 0 o 1 E = (y, x1 , x2 , x3 , x4 ) | y 2 = x3i + A ¡ X +xb1 (1)

where

A ⌘ a1 ,

a3 ,i=1a4

a2 ,

;

Bx2 C B 1 C X ⌘0 @x3 A x1 B x4C

4aelliptic + 27(b + c1 + c2As + cshall asee + a2 cin a4 cforthcoming 1 c1in 2+ 4 ) 6= 0 3 elliptic 4 + shall pp toto3each curves. As the forthcoming each see the 3curves. 3 3we 3we 2 3 3c + 3+ a1 c1 + a2 c2 + a3 c 2 3 ) 6= 0 4a + 27(b + c + c B. 4 1 2 3 4a + 27(b + c + c + c + a c + a c + a c 6= 0 B. High-D section, curves 1 1 2of2 dimension 3 3) 4 elliptic 1 curves 2on hyper-surfaces 3 hyper-surfaces section,only only elliptic on of dimension 22 nn ++1 1(with n = denoting a positive integer number) are For eacF (with n = denoting a positive integer number) are acceptable thethe shared-key involves only square matricesmatrices function [1 acceptablesince since shared-key involves only square fun of orderClearly, n⇼ n. Forinillustration only, we Figure 1 shows a case of purpose đ??ž =purpose đ?‘?/đ?‘?đ?‘? may associate four (p1 1 In we anticipate that the encrypted codeFigure involves 1only squarea pi = p of 1order n ⇼fact, n. For illustration only, shows i threeIndimensional surface values ofAs the parameters fact, we anticipate theSection. encrypted code involves only square matrices of order n each ⇼ nwhere - that see next belonging modules đ?‘? to elliptic curves. we shall see in the three dimensional where the values matrices of order n - seeb next Section. bel are a1 = 4, a2 n =⇼ surface 5 and = 3.5. Figures 2 andof3the referparameters to only curves on hyper-surfaces areelliptic a1 forthcoming = curves 4, a2obtained =section, 5 and b =elliptic 3.5. Figures 2 and 3 refer to the by projecting the surface 1 onto 2 +1 (with of dimension đ?‘› đ?‘› denoting a positive the elliptic curves obtained by projecting the surface 1integer onto the planes x1 = 1 and x2 = 2, respectively.

the planes x1 =are 1 acceptable and x2 = since 2, respectively. number) the shared-key involves only square matrices of order đ?‘›Ă—đ?‘› For purpose A.Each Groups incurve Elliptic ondefines High-Dimensional Surfaces elliptic Ei , Curves separately, underillustration point addionly, Fig.(1) shows a Pthree surface the tionEach an abelian group. For Ri 2point Ewhere i 2 Edimensional i , Qdefines i 2 Ei and i elliptic curve Eeach under addii , separately, the following properties are satisfied: values of the parameters are đ?‘Ž = −4, đ?‘Ž = −5  a nd đ?‘? D i , Qi 2 E # i and Ri 2 E= tion an abelian group. For each Pi 2 E i • Commutative : P + Q = Q + P . i i i i 3.5  . Figs.(2) and (3) refer to the elliptic curves obtained by the following properties are satisfied: • Identity : Pi + O = O + Pi = Pi ; projecting: the (1) ionto the planes đ?‘ĽD = 1  and đ?‘Ľ# = Commutative PiPsurface ++Q(i = ••Inverse : Pi Pi = PiQ ) =+ O;Pi . i • Identity : P + O = O + P = P ; −2  , respectively. i i + (Qi + Ri ) =i (Pi +i Qi ) + Ri ; • Associative : P Inverse: If: P Pii and = PQi i+2(EiP i ) = PO; ••Closed Pii 2 E , then i + Q i 2 Ei ; A.  Groups Elliptic Curves • Associative : Pi +in(Q + R ) = (Pion+High-Dimensional Q i ) + Ri ; i i Surfaces • Closed : If P 2 E and Q 2 E , then Q i 2 Ei ; Each group identified by withPthe i i Ei is iequipped i i + standard group operations [9], [10], i.e. Each elliptic curve đ??¸, , separately, defines under point •Each Addition - If P = abelian (Pixi , by Piygroup. )E2 EisiFor and Qi =đ?‘ƒ(Qwith 2 đ??¸ and i an ixi , Q iy ) ∈ group identified equipped addition each đ?‘„ i , ∈ đ??¸ , , the , standard , Ei , then Pi + Qi = Ri [with Ri = (Rixi , Riy )], which group đ?‘… operations [9], [10], properties i.e. ∈ đ??¸, the following are satisfied: , algebraically is defined as • Addition - If Pi = (Pixi , Piy ) 2 Ei and Qi = (Qixi , Qiy ) 2 RCommutative: s2i Ri(P[with ) đ?‘„, (R Ei , then P•  i + Qi i== R )], which ix ixđ?‘ƒ ix +Qđ?‘„ +đ?‘ƒ i ,+ ix, i; , Riy(4) ,ii== algebraically is defined as R = s (P R ) P iy i đ?‘ƒ ix ixi đ?‘‚ + đ?‘ƒ iy, = đ?‘ƒ, ; •  Identity: , i+ đ?‘‚ = Piy đ?‘ƒ 2Q iyđ?‘ƒ = đ?‘ƒ + −đ?‘ƒ = đ?‘‚; •  siInverse:  âˆ’ , ixi , + Qixi ,) R (P (4) = ixi = s, i Pixi Qixi •  Associative:  đ?‘ƒ + đ?‘„ + đ?‘… = (đ?‘ƒ + đ?‘„ ) + đ?‘… , , Riy = si (Pix, i R, ixi ) , Piy , for i = (1, ¡ ¡â€˘  ¡ , 4).Closed: As a particular we get 2P : If  iyđ?‘ƒ, ∈Qđ??¸case, and đ?‘„ ∈ đ??¸ , then đ?‘ƒ + đ?‘„ ∈ đ??¸, , , , , , P iy 2 s = i 2Pixi = sPi 2PixQi (5) ixi ixi A. Groups in Elliptic Curves on High-Dimensional Surfaces

x2 C a1¡,¡ ¡ ,a4)2 ,anda3b,denoting a4 elements where A ⌘= 1, ; X ⌘ofB with field K. @the withađ?‘Ži ,(i  (đ?‘– = 1, ‌ , 4) and đ?‘? denoting elements the field xof3 A Examples of fields K are the Real Numbers, R, the Rational x đ??ž. Examples of fields đ??ž are the Real Numbers, 4 đ?‘…, the Numbers, Q, the Complex Numbers, C or the Integers modulo Rational Numbers, đ?‘„, the Complex Numbers, or K. the with ap, = 1, ¡By ¡ ¡ ,fixing 4) and b denoting elements field Z/pZ. three of the four variablesofxithe (byđ??ś, setting, i (i Integers modulo đ?‘?, đ?‘?/đ?‘?đ?‘?. By fixing three of the four for example, = cthe const., x3 = cR, const. and Examples of fields xK2 are Numbers, Rational 2 =Real 3 =the xvariables c4 the =đ?‘Ľ const.) by rotating Eq. defines setting, for example, đ?‘?#(1) =modulo đ?‘?đ?‘œđ?‘›đ?‘ đ?‘Ą., 4 =Q, Numbers, Complex Numbers, Ctheorindexes, theđ?‘ĽIntegers , (by and # = together with thethree points infinity O, four distinguished twop, Z/pZ. ofatđ?‘Ľthe variables x đ?‘Ľ? =Byđ?‘??fixing = đ?‘?đ?‘œđ?‘›đ?‘ đ?‘Ą. and đ?‘?? = đ?‘?đ?‘œđ?‘›đ?‘ đ?‘Ą.) and by setting, rotating i (by ? =four dimensional elliptic curves E : i for example, x2 =nEq.(1) c2 = defines const.,together x3 = cwith const. andat 3 o= the the indexes, points 2Piy = si (Pixi Rixi ) Piy 2 3the indexes, Eq. (1) defines As2 a particular case, we get 2P : x4 = cinfinity and by rotating 4 = const.) Eđ?‘‚, (y, xdistinguished (2) for i = (1, ¡ ¡ ¡ , 4).3P elliptic i = four i ) | y = xi + atwo-dimensional i x i + bi [ O ixi + ai together with the points at infinity O, four distinguished twos = i curves with đ??¸, : 2Pixi2P =iys2i 2Pixi i = (1, ¡ ¡ ¡ , 4) and dimensional elliptic curves E: 3 3 i 3 bn1 ⌘ b + c2 + c3 + c4 + a2 c2 + a3o c3 + a4 c4 2PThe si (Pat Rixare Piy in each with i = (1, ¡ ¡ ¡ , 4). points iy = ixiinfinity i ) reached 3 y2 = 3 x33+ a x + b Ei = b2 (y, x ) | (2) elliptic curves Ei when P3P 2 Qi = O if Pixi = Qixi or when ⌘b+ + aO i c1 + c3 + ic4 + ai1 ci1 + ai3 c3 [ i+ 4 c4 + a i ixi si = (i.e., y = 0 for point doubling Pi + Pi = O). 3 3 + c¡31¡+ 2 + cand 4 + a1 c 1 + a2 c2 + a4 c4 with b3i⌘=b(1, ¡ ,c4) 2P iy • Scalar Multiplication - If P 2 E and  2 Z, Eq. (5) 3

3

3

c3a+ca1 c+1 + b1 ⌘ bb4+⌘cb32 + +cc133++c2c34++ a3ac23c2++aa4 3cc43 2 2

(5)

i

allows operation Q = at Pinfinity under are the reached condition in each with i defining = (1, ¡ ¡the ¡ , 4). The points that the operation Q when = P ⌘ P++Q¡ ¡ ¡=+O P ,ifequal =times , when 3      1 3¡   ¡   4) 3 being (i ¡ elements of K. In order to avoid    b   2    âŒ˜   c   ib    +     c   =                               elliptic curves E P P QixiPor i i i ixi 1 + c 3 + c 4 + a1 c 1 + a3 c3 + a4 c4 1 is performed by using the same elliptic curve E i.e., Q 2 E i. degeneracy, parameters subject to theinvolves following y = 0 for point doubling (i.e., Pi + Pi = iO).  In fact, wethese anticipate that theareencrypted code b3 ⌘ b + c31 + c32 + c34 + a1 c1 + a2 c2 + a4 c4 The scalar multiplication defines the one way function Q ! P restrictions only square matrices of order đ?‘›Ă—đ?‘› - see next Section. • Scalar Multiplication - If P 2 Ei and  2 Z, Eq. (5) 3 where is very difficult to extract the value of . b43⌘ b + c31 +3 c32 + + a1 c 1 + a2 c2 + a3 c3 2 3 c3 3 allows defining the operation Q = P under condition 4a1 + 27(b + c2 + c3 + c4 + a2 c2 + a3 c3 + a4 c4 ) 6= 0 (3) • Reflection - The reflection of a point is its inverse. the Hence 3 3 3 3 2 thatPithe operation Q= P ⌘ofPPi+is¡ ¡ ¡P+i = P ,(Pequal  times P, for = (P , Piy ) the inverse , P ) being cwww.ijaers.com  of  K. In order to     avoid 4a 27(b1+¡ ¡c¡14) + celements 0 i 2(i+ =     3    +     c   4    +     a   1   c  1    +    a   3   c   3    +     a   4   c  4   )      6=                is      performed               ix    i    by       using            the        same            elliptic               curve            ix   i     i.e.,     Piyage  |  E 141  E Q 2 3 these parameters 3 3 3 are subject to the following 2 satisfying the relation P P = O. i i. degeneracy, i i 4a + 27(b + c + c + c + a c + a c + a c ) 6= 0 3

1

2

4

1 1

2 2

4 4

restrictions 4a34 + 27(b + c31 + c32 + c33 + a1 c1 + a2 c2 + a3 c3 )2 6= 0

4a31 + 27(b + c32 + c33 + c34 + a2 c2 + a3 c3 + a4 c4 )2 6= 0 (3) 3

3

3

3

2

The scalar multiplication defines the one way function Q ! P where is very difficult to extract the value of . each Ei- the multiplication defines a one way Hence • For Reflection Thescalar reflection of a point is its inverse.

B. High-Dimensional Elliptic Curve Discrete Log Problem

function [11]. Let us consider elliptic curves Ei (Z/pi Z), with

International Journal of Advanced Engineering Research and Science (IJAERS) [Vol-4, Issue-2, Feb- 2017] Â https://dx.doi.org/10.22161/ijaers.4.2.28 ISSN: 2349-6495(P) | 2456-1908(O)

roups in elliptic curves on high-dimensional surfaces elliptic curve discrete log problem can be found in sections (II-A) and (II-B), respectively. Concluding heare groups in elliptic high-dimensional surfaces reported in the curves Sectionon(IV).

Clearly, in case of K = Z/pZ, we may associate four modules p to each elliptic curves. As we shall see in the forthcoming section, only elliptic curves on hyper-surfaces of dimension 2 in casenof=K denoting = Z/pZ, awepositive may associate modules nClearly, + 1 (with integerfour number) are the elliptic curve discrete log problem can be found in acceptable p to each elliptic curves. As we shall see in the forthcoming since the shared-key involves only square matrices E LLIPTIC -C URVES ON HConcluding IGH Subsections (II-A) andC RYPTOGRAPHY (II-B), respectively. curves onpurpose hyper-surfaces of dimension ofsection, order nonly ⇼ n.elliptic For illustration only, Figure 1 shows a 2 D IMENSIONAL S URFACES arks are reported in the Section (IV). n +dimensional 1 (with n =surface denoting a positive integer number) are three where the values of the parameters acceptable since the shared-key involves only square matrices llustrate the methodology by dealing with a fiveare a1 = 4, a2 = 5 and b = 3.5. Figures 2 and 3 refer to II. E LLIPTIC -C URVES C RYPTOGRAPHY ON H IGH of order n ⇼curves n. For obtained illustration only,the Figure 1 shows a onal elliptic Dcurve, even though the procedure is the elliptic bypurpose projecting surface 1 onto IMENSIONAL S URFACES three dimensional surface where the values of the parameters orwardly generalized to elliptic curves on surfaces planes x1 = 1 and x2 = 2, respectively. e illustrate the methodology by dealing with a five- the are a1 = 4, a2 = 5 and b = 3.5. Figures 2 and 3 refer to ed in an arbitrary (n2 + 1)-dimensional space, with n ensional elliptic curve, even though the procedure is ellipticincurves obtained the surfaceSurfaces 1 onto Elliptic Curvesbyonprojecting High-Dimensional g a positive integer number (the reason for which only A.theGroups ghtforwardly generalized to elliptic curves on surfaces the planes x1 = 1 and x2 = 2, respectively. of suchindimension are(nallowed will soon bespace, clear).with Forn Each elliptic curve Ei , separately, defines under point addi2 edded an arbitrary + 1)-dimensional of simplicity, in this work we(the shall limitfor ourselves to tion an abelian group. For eachonPiHigh-Dimensional 2 Ei , Qi 2 Ei and R i 2 Ei A. Groups in Elliptic Curves Surfaces ting a positive integer number reason which only ysis of elliptic curves on 5-dimensional surfaces. The the following properties are satisfied: es of such dimension are allowed will soon be clear). For Each elliptic curve Ei , separately, defines under point addization the general case (i.e., toshall the limit case ourselves of ellipticto •tion Commutative : Pi +For Qi each = QP Pi .i , Qi 2 Ei and Ri 2 Ei i+ ake of to simplicity, in this work we an abelian group. i 2 E fig.  1:   Only  for  illustration  purpose,  we  show  2 1 the  two-­â€?dimensional  surface  given  by  Eq.(2)  with  parameters  đ?‘ŽD = −4, đ?‘Ž# = −5  and  on (n +of1)-hyper-surface) straightforward . In a The 5-elliptic  â€˘the Identity : Pi properties + O = oO + Psatisfied: 2 i; i = đ?‘›P analysis elliptic onois 5-dimensional following đ?‘? = 3.5.  curves However,  ne  should  bear  in  msurfaces. ind  that  only  curves  on  hyper-­â€?surfaces  f  dare imension  +1  have  real  meaning  (hence,  onal space, the surfaces on which the elliptic curves • Inverse : P P = P + ( P ) i so  :oP i ia+ ii = Qi + iThis  ralization to the general case (i.e., toby  the case of elliptic • Commutative Qcceptable).  P=i .bO; only  elliptic  curves  constructed  hyper-­â€?surfaces  of  dimensions  2,  5,  10,   and  n,  re  a ecause,  as  we  shall  see  in  the  1 code  involves  square  mIdentity atrices  of  :oP rder  ned, solutionssection,  of thethe  equation ••Associative Pđ?‘›iĂ—đ?‘›. Rii )==Pi(P es onare (n2the +forthcoming  1)-hyper-surface) isencrypted  straightforward . Inonly  a 5O+=(Q Oi + P ; i + Q i ) + Ri ; i: + ensional space, the surfaces on Inverse: :IfPiPi 2 PiE=i and Pi +Q( i 2 Pi E )= O; Pi + Qi 2 Ei ; i , then 4 which the elliptic n o curves ••Closed X Each group identified by đ??¸, is+equipped with the standard 2 of the equation 3 defined, are the solutions • Associative : P + (Q + R ) = (P Qi ) + R i i i i i; (y, x1 , x2 , x3 , x4 ) | y = xi + A ¡ X + b (1) group operations [9,10], i.e. • Closed : Ifidentified Pi 2 Ei and + Qi the 2 Estandard i , then Pi with i; 4 Each group by Q Eii 2isEequipped i=1 n X 0 1o 2 3 = (y, x1 , x2 , x3 , x4 ) | y = xi + A ¡ Xx+ (1) group operations [9], [10],- i.e.If đ?‘ƒ, = đ?‘ƒ,J , đ?‘ƒ,K ∈ đ??¸,  and đ?‘„, = 1 b •  Addition Each group identified by Ei )is2equipped with theixstandard i=1 B0 C • Addition If P Ei and = đ?‘…(Q , Qiy )đ?‘… 2= x iđ?‘„= , (P ixi , Piy 2 C1 i then đ?‘ƒ, +Q đ?‘„i, = [with ,J đ?‘„,K ∈ đ??¸, , , , e A ⌘ a1 , a2 , a3 , a4 ; X⌘B group operations [9], [10], i.e. @x3xA 1 Ei , then Pi + Qi = Ri [with Ri = (Rixi , Riy )], which đ?‘… , đ?‘… ] which algebraically is defined as Bx2 C ,J (P ,Kix , Piy ) 2 Ei and Qi = (Qix , Qiy ) 2 • Addition - If i = i algebraically is Pdefined asi x4 C here A ⌘ a1 , a2 , a3 , a4 ; X⌘B @x3 A

Ei , then Pi + Qi = Ri [with Ri = (Rixi , Riy )], which

(i = 1, ¡ ¡ ¡ , 4) and b denoting elements of thexfield K. s2i (Pixi + Qixi ) (4) algebraically is R defined ixi = as 4 es of fields K are the Real Numbers, R, the Rational R = si 2(Pix(P Piy ixi ) i ix R a (i = 1, ¡ ¡ ¡ , 4) and b denoting elements of the field K. Riy (4) ixi = si i + Qixi ) s, iQ, the Complex Numbers, C or the Integers modulo P Q mples of fields K are the Real Numbers, R, the Rational iy iy sRi iy== si (Pixi Rixi ) Piy Z. By fixing three of the four variables xi (by setting, mbers, Q, the Complex Numbers, C or the Integers modulo PPixiyi Q Qiy ixi mple, x2 fixing = c2 three = const., x3 variables = c3 = xconst. and s = /pZ. By of the four (by setting, i i the  surface  (1)  onto  fig.  2:  Elliptic  curve  obtained  by  projecting  Qixi case, we get 2P : ¡ , 4). AsPaixparticular = const.)xthe  andplane  by the indexes, defines i example, c2 đ?‘Ľrotating x3 = c3Eq. = (1) const. and for i = (1, ¡ ¡for 1. 2 = đ?‘– =  (1, ‌ , 4). As a particular case, we get 2đ?‘ƒ: D== const., points O,the four distinguished two2 for i = (1, ¡ ¡ ¡ ,2P 4). As=a sparticular = with c4 = the const.) andatbyinfinity rotating indexes, Eq. (1) defines 2Pixicase, we get 2P : (5) ixi i onal elliptic curves E : i ther with the points at infinity O, four distinguished two2 2Piy =ssii(Pix2P (5) n o 2P Piy ixi= i ixi ) i ixR ensional elliptic curves E3i : 2 Ei = (y, x ) | y = x + a x + b [ O (2) 2 i i i i i n o 2Piy = Piy 3Psixi (P + ixiai Rixi ) i 2 3 si = E = (y, x ) | y = x + a x + b [ O (2) 2 i i i i i i 3Pix + ai with i = (1, ¡ ¡ ¡ , 4) and 2P i iy si =

with ¡ ¡ ¡c3, 4) and b1 ⌘ b + ci32 = + (1, c33 + 4 + a2 c2 + a3 c3 + a4 c4

iy with i = (1, ¡ ¡ ¡ , 4). The2P points at infinity are reached in each 3 3 3 3 3 3 b ⌘ b + c + c + c + a c + a c + a c 1 2 2 3 3 4 4 with i = (1, ¡ ¡ ¡ , 4). The points at 2 3 4 elliptic curves E when P + Q O if Pare = Qixi in or each when b2 ⌘ b + c 1 + c 3 + c 4 + a 1 c 1 + a 3 c 3 + a 4 c 4 i i i =infinity ixi reached withEđ?‘– =  (1, ‌ , 4). The=points at infinity areorreached in 3 3 3 elliptic curves when P + Q O if P = Q when b2 b⌘+bc+ y = 0 for point doubling O). i i(i.e., iPi + Pi =ix ixi 3 c1 + 3 c3 + 3 c 4 + a1 c 1 + a3 c3 + a4 c4 i b3 ⌘ + c + c + a c + a c + a c 1 1 2 2 4 4 1 2 4 each doubling elliptic curves đ??¸ when + O). đ?‘„ = đ?‘‚ if đ?‘ƒ,JL =  đ?‘„,JL or = 0 forMultiplication point + PEđ?‘ƒii,= •y Scalar -(i.e., If P,Pi 2 and,  2 Z, Eq. (5) b ⌘ b + c3 + c 3 + c 3 + a c 1 + a2 c2 + a4 c4 b4 ⌘3 b + c31 +1 c32 +2 c33 +4 a1 c11 + a2 c2 + a3 c3 when đ?‘Ś = 0 for point doubling (i.e., đ?‘ƒ, + đ?‘ƒZ, =condition đ?‘‚). • Scalar Multiplication If P 2 E and  2 Eq. (5) , i allows defining the operation Q = P under the b4 ⌘ b + c31 + c32 + c33 + a1 c1 + a2 c2 + a3 c3 allows defining the operation Q = P under the condition that the operation Q = P ⌘ P + ¡ ¡ ¡ + P , equal  times P , i (i = 1 ¡ ¡ ¡ 4) elements of K. In order to avoid •  Scalar Multiplication đ?‘ƒP, ,∈equal đ??¸, and đ?‘˜times ∈ đ?‘? Eq.(5) that the operation Q =the Psame ⌘ P elliptic + ¡ ¡- ¡ If+curve g c (i = 1 ¡ ¡ ¡ 4) elements of K. In order to avoid using Ei i.e., Q 2PE, i . i acy, these parameters are subject to the following is performed by allows defining the operation đ?‘„i = đ?‘˜đ?‘ƒQunder is performed by using the same elliptic i.e., Ei .Pthe neracy, these parameters are subject to the following The scalar multiplication defines the onecurve way E function Q2 ! ons condition that the operation đ?‘„ = đ?‘˜đ?‘ƒ ≥ đ?‘ƒ + The scalar multiplication defines the one way function Q !â‹ŻP+ đ?‘ƒ ictions fig.  3:  Elliptic  curve  obtained  by  p rojecting  the  surface  (1)  owhere nto  is very difficult to extract the value of . 3 the  p3lane  đ?‘Ľ3 = −2. 2 equals đ?‘˜totimes đ?‘? ,the is performed where is very difficult extract value of .by using the same 327(b + c2 +3 c3 +3 c4# + 3 a2 c2 + a3 c3 + a4 c4 ) 26= 0 (3) • Reflection reflection of a point is its inverse. Hence c2 + c3 + c4 + a2 c2 + a3 c3 + a4 c4 ) 6= 0 (3) • Reflection -- The elliptic curve đ??¸ i.e., đ?‘„ ∈ đ??¸,  is . The multiplication 1 + 27(b + The reflection of a point its scalar inverse. Hence , 3 3 3 2 for Pi = (Pixi , Piy ) the inverse of Pi is Pi = (Pixi , Piy ) 327(b + c1 +3 c3 +3 c4 + 3 a1 c1 + a3 c3 + a4 c4 ) 26= 0 defines the one-way function đ?‘„ → đ?‘ƒ  w here for P = (P , P ) the inverse of P is P = (P , Pisiyvery ) + 27(b + c + c + c + a c + a c + a c ) = 6 0 i ixi iy i i ixi 1 1 3 3 4 4 2 3 1 3 3 3 4 2 satisfying the relation P P = O. i i 327(b + c +3 c +3 c + 3 a c + a c + a c ) 26= 0 satisfying the relation P =the O.value of đ?‘˜ difficultPto extract

1

2

4

3 + 27(b + c1 + c2 + c4 3 3 3 327(b + c1 +3 c2 +3 c3 + 3 4 + 27(b + c1 + c2 + c3

+1 a11 c1 +2a22c2 +4a44c4 ) 6= 0 2

26=

a a2 c 2 + a3 c 3 ) 6 0 0 +1 ca11 c+ 1 + a2 c 2 + a3 c 3 ) =

i

i

B.B. High-Dimensional Curve Discrete DiscreteLog LogProblem Problem High-Dimensional Elliptic Elliptic Curve For multiplication defines defines a aone oneway way For each each E Eii the the scalar scalar multiplication function [11]. Let us consider elliptic curves E (Z/p Z), with i i function [11]. Let us consider elliptic curves Ei (Z/p with i Z), ppi i == (p let and and et et Q Q11 and and PP1 1 two twopoints points (p11,,¡¡¡¡¡¡ ,,pp44), ), and and let belonging curve,say sayEE11, ,with withthe thecondition condition belongingto to the the same same elliptic curve,

www.ijaers.com                                                                                                                                                                             Page  |  142 Â

act, we we anticipate thatthat the the encrypted code In fact, anticipate encrypted codeinvolves involvesonly onlysquare square f order n ⇼nn⇼- nsee- see nextnext Section. ces of order Section.

✓

â—† ✓ â—† generalizes n1 n2 Gx 1 Gx2 (n1 ) N= ; G= space (n = n3 n4 Gx3 (n2 ) Gx4 (n3 ) ✓ â—† International Journal of Advanced Engineering Research [Vol-4, Issue-2, Feb- 2017]  1 and 2Science (IJAERS) (6) https://dx.doi.org/10.22161/ijaers.4.2.28 K =  ISSN: 2349-6495(P) | 2456-1908(O) 3 4 I

The parameters that also Eve, the eavesdropper, possesses H IGH -D I that also Eve, the eavesdropper, possesses are are (đ?‘?, , đ?‘Ž, , đ?‘?, , đ??ş, đ??ž) with đ?‘– = (1, ‌ 4). đ?‘?, specifies the (pi , ai , bi , G, K) withmodulo i = (1, ¡ ¡ fields ¡ , 4).đ??ž, p, đ?‘Ži , specify thethemodulo of the and đ?‘?, define elliptic curves đ?‘ƒ,J , −  đ?‘ƒ,K satisfying the relation đ?‘ƒ, − đ?‘ƒ, = đ?‘‚. of the fields Ki , ai and b define the elliptic curves E (notice i i different from The aim đ??¸,  (notice that in general these curves are that in Log general these curves are different from each G order each others), đ??ş is the Generator matrixothers), and đ??ž is the and practic B.  High-Dimensional Elliptic Curve Discrete Problem of the subgroups generated by đ??ş,  r espectively. Now, if Bob is the Generator matrix and K is the order of the subgroups Dimension and Alice want to communicate with each other, For each đ??¸, the scalar multiplication defines a one by wayG, respectively. generated Now, if Bob and Alice wantBob to picks HDECC ca private key đ?‘ with 1 ≤ đ?‘›, ≤ đ?‘˜, − 1, đ?‘– = (1, ‌ 4). Bob function [11]. Let us consider elliptic communicate curves đ??¸, (đ?‘? đ?‘?đ?‘?),with each other, Bob picks private key N with i.e., Bitcoi computes matrix đ?‘‡ = đ??şđ?‘ , which belongs to the curves đ??¸ with đ?‘? = (đ?‘?D , ‌ , đ?‘?S ) and let đ?‘„D and đ?‘ƒD two points 1  ni  i 1, i = (1, ¡ ¡ ¡ , 4). Bob computes matrix T = [14]. Amon [given by Eq.(1)]. At the same time, Alice picks private key belonging to the same elliptic curve, say đ??¸D , with the GN , which belongs tođ?‘€ the curves E [given by Eq. (1)]. At the certainly tl condition that đ?‘„_1 is a multiple of đ?‘ƒD . As known, finding time, Alice picks private key M Socket Lay the value of the number đ?‘˜ such that đ?‘„same D = đ?‘˜đ?‘ƒD is a very ✓ â—† nication. F difficult problem [12]. We introduce now the first base m1 m2 M = (7) than the cla point (Generator), đ??şD ≥ đ??şJ , đ??şK \đ?‘–đ?‘›  đ??¸D (đ?‘? đ?‘?đ?‘?). Since the m3 m4 group is closed, đ??şD generates a cyclic group under point ensure a se where the entries m satisfy the conditions 1  m   addition in the curve đ??¸D .   The order đ?‘›D (withđ?‘›D ∈ đ?‘˜) of đ??şD i i i betwe where the entries đ?‘š, satisfy the conditions 1 ≤ đ?‘š, ≤ đ?‘˜, data − is the number of the points in the group1, thati đ??ş= generates. (1, ¡ ¡ ¡ , 4). Alice receives from Bob the information D th 1, đ?‘– = (1, ‌ 4). Alice receives from Bob the informationbetween đ?‘‡ By this operation, we say that đ??şD generates a subgroup of T and she generates the point M T = M GN = W (notice mainly reli and she generates the point đ?‘€đ?‘‡ = đ?‘€đ??şđ?‘ = đ?‘Š (notice that size đ?‘›D , and we write đ?‘œđ?‘&#x;đ?‘‘ đ??şD =  đ?‘›D . that The order of thedo not commute). Bob receives from Alice the matrices matrices do not commute). Bob receives from Alice the discussed i subgroup generated by đ??şD is the smallest integer đ?‘˜D such information P = M Ginformation and he computes P he N computes = M GN W 3 . = đ?‘Š. đ?‘ƒ = đ?‘€đ??ş and đ?‘ƒđ?‘ = = đ?‘€đ??şđ?‘ However, i that  đ?‘˜DYZ = đ?‘‚ (hence,  đ?‘›D < đ?‘˜D ). that possess Bob multiplies matrices by placing đ?‘ key always on Both players, Bob andNote Alice, the same (encrypted) of overhead the right, while Alice E multiplies placing đ?‘€ W , a which also belongs to the curve [givenmatrices by Eq.by(1)]. After đ?‘›D iterations on the curve đ??¸D we find second base latency, da always the left.information Both players, Bob point (Generator), đ??ş# with coordinates đ??ş# eavesdropper, đ?‘›D = Eve, the seeson both T and andAlice, P , possess but the the first m same (encrypted) key đ?‘Š, which also belongs to the curve [đ??şJ# đ?‘›D , đ??şK# (đ?‘›D )]. We may keep this second he is generator unable toto retrieve the sheared-key W . Figure 4 depicts security in đ??¸ [given by Eq.(1)]. Eve, the eavesdropper, sees both perform đ?‘›# iterations on the curve đ??¸# , with # < đ?‘˜# being theđ?‘›entire process. Weinformation summarize the main advantages of our technologie đ?‘‡ and đ?‘ƒ, but she is unable to retrieve the đ?‘˜# the order of the subgroup generated byproposed đ??ş# on the elliptic encrypting procedure. sheared-key đ?‘Š. Fig.(4) depicts the entire process. modern sec curve đ??¸# . After đ?‘›# iterations we get a third base point ( • Eve does not know to which entry of the matrix G the and wearab Generator), đ??ş? with coordinates đ??ş? đ?‘›# = generators have been assigned; reduce the [đ??şJ? đ?‘›# , đ??şK? (đ?‘›# )]. With this second generator we • In case of 5D-elliptic curves, the process runs on four, perform đ?‘›? iterations on the curve đ??¸? , with đ?‘›? < đ?‘˜? (with on data fou distinguished and independent, 2D-elliptic curves and the đ?‘˜? denoting the order of the subgroup generated by đ??ş? on same time, encrypted the elliptic curve đ??¸? .After đ?‘›? iterations on the curve đ??¸?key we belongs to a 5D-surface. This hyper-surface opens new get the fourth base point (Generator), đ??şis ith coordinates in such a way that the curves with variables xi , S  wconstructed shall discu đ??şS đ?‘›? = [đ??şJS đ?‘›? , đ??şKS (đ?‘›? )].. The process concludes obtained by setting constant the remaining variables of this after đ?‘›S iterations on the elliptic curveshyper-surface đ??¸S (with đ?‘›S less (i.e., by setting xj = const. with j 6= i), are than đ?‘˜S the order of the subgroup generated by đ??şcurves; S  on the elliptic curve đ??¸S ). At the end of these operations we get three • The level of security remains unchanged. Indeed, it is easily matrices đ?‘ , đ??ş and đ??ž, of order 2Ă—2, where the entries are to convince ourselves that to obtain the same level of security on totally the curve E4 ). At thefrom end each of these operations we get threeđ??ş Hence, a surface like Eq. (1) is the immediate generalization independent others. Matrices đ?‘ and We have as the in entries case are of one-dimensional curvecryptography cryptography matrices of the one-dimensionalelliptic elliptic curves (which reads2N , G and K, of order 2 ⇼ 2, where high-dimen totally independent from each others. Matrices N and Grequires reads2 corresponds n =need 1). Hence, the subsequent surface which (which 256 bits),towe to encrypt the shared-key ✓ â—† ✓ â—† generalizes Eq. (1) should be imbedded in a ten-dimensional maintaining n1 n2 Gx with Gx (n only 64 bits (since in our case, for a shared-key written 1) N= ; G= space (n = 3), and so on. by the Mic n3 n4 Gx (n2 )inGthe ) x (n3 form of a matrix 2 ⇼ 2 the level of security is of the ✓ â—† of these m 1 2 order of ↾4(6) , with ↾ denoting the number of required bits). K=  3 4 III. E XAMPLES OF P RACTICAL U SES OF 1) The qu We recall that the present methodology applies to elliptic H IGHfig.  -D IMENSIONAL E LLIPTIC C URVE Cprotocol  RYPTOGRAPHY The parameters that also Eve, the eavesdropper, possesses are 4:  Diffie-­â€?Hellman  key  exchange  [13]   in  high-­â€? avoided an curves constructed on hyper-surfaces of dimen(pi , ai , bi , G, K) with i = (1, ¡ ¡ ¡ , 4). pi specify thecryptography modulo dimensional  elliptic  curves  cryptography.  Bob  and  Alice  exchange  2 1 (with The n denoting an integer number) because the bits operati of the fields Ki , ai and bi define the ellipticsion curvesnEi + (notice aim of this section is to illustrate the many possibilities                                                             that2 in general these curves are different from each others),isG brought and practical usages opened introduction of High- 2) We may shared-key into the form of nby⇼the n square matrices.  NGenerator ote that, once generated, elements đ??ş(đ?‘Ľ đ??şJL đ?‘›, is the matrix and K the is the order of theD ),subgroups Dimensional Elliptic Curve Cryptography. Generally speaking, cryptograph generated G, respectively. Bob and want to HDECC can be applied instead of any use of the classic ECC; may beby allocated as entriesNow, of theifmatrix đ??ş inAlice a random 2 Note that, once generated, the elements Gx1 , Gxi (ni ) may be allocated dimensiona communicate with each other, Bob picks private key N with i.e., Bitcoin, secure shell (ssl), way.  transport layer security (tls) as entries of the matrix G in a random way. 1  ni  i 1, i = (1, ¡ ¡ ¡ , 4). Bob computes3 matrix T = [14]. Among these applications, one of the most important is 3) This me Note At that Bob multiplies matrices by placing N always on the right, GNwww.ijaers.com  , which belongs to     the       curves             E      [given             by      Eq.         (1)].               the           certainly                  tls.       Indeed,                tls      is      the        new          generation                    of       the       P age  |  143  Secure while Alice multiplies matrices by placing M always on the left. difficult to same time, Alice picks private key M Socket Layer (ssl) which is used in any modern telecommu• Â

Reflection - The reflection of a point is its inverse. The parameters Hence for đ?‘ƒ, = đ?‘ƒ,J , đ?‘ƒ,K the inverse of đ?‘ƒ, is −đ?‘ƒ, =

1

3

M=

✓

m1 m3

m2 m4

â—†

2 4

(7)

nication. For instance, the well-known https is nothing else than the classic http protocol running within ssl/tls in order to ensure a secured, bidirectional connection for arbitrary binary

International Journal of Advanced Engineering Research and Science (IJAERS) [Vol-4, Issue-2, Feb- 2017]  https://dx.doi.org/10.22161/ijaers.4.2.28 ISSN: 2349-6495(P) | 2456-1908(O) the  encryption  key  in  a  matrix  form,  đ?‘Š = đ?‘€đ??şđ?‘ ,  having  four  independent  entries  each  of  them  constructed  with  64  bits.  Eve,  the  eavesdropper,  may  see  đ?‘‡ = đ??şđ?‘  and  đ?‘ƒ = đ?‘€đ??ş,  but  he  is  unable  to  get  the  sheared  Bob-­â€?Alice's  key  đ?‘Š  since  it  is  very  difficult  to  reverse  the  process  and  determine  what  was  the  original  information. Â

bidirectional connection for arbitrary binary data between two hosts. In order to establish a shared key between these two hosts, the current implementations of tls relies on the DH or ECDH key exchange protocols discussed in the previous sections.

We summarize the main advantages of our proposed encrypting procedure.

However, introducing such security layers comes at the price of overheads in terms of infrastructure costs, communication latency, data usage, and energy consumption [15]. Therefore, the first motivation of HDECC is to reduce the cost of security in many of the today's state-of-the-art communication technologies. Moreover, reducing these costs makes the most modern security protocols accessible for embedded systems and wearable devices. Indeed, by using HDECC, we could reduce the cost of these protocols by performing operations on data four time shorter than before by maintaining, at the same time, the same level of security. In addition, HDECC opens new perspectives on elliptic curve cryptography as we shall discuss in the next section.

•  • Â

• Â

Eve does not know to which entry of the matrix G the generators have been assigned; In case of 5đ??ˇ-elliptic curves, the process runs on four, distinguished and independent, 2đ??ˇ-elliptic curves and the encrypted key belongs to a 5đ??ˇsurface. This hyper-surface is constructed in such a way that the curves with variables đ?‘Ľ, , obtained by setting constant the remaining variables of this hyper-surface (i.e., by setting đ?‘Ľd = đ?‘?đ?‘œđ?‘›đ?‘ đ?‘Ą. with đ?‘– ≠đ?‘—), are elliptic curves; The level of security remains unchanged. Indeed, it is easily to convince ourselves that to obtain the same level of security as in case of one-dimensional elliptic curve cryptography (which requires 256 bits), we need to encrypt the shared-key with only 64 bits (since in our case, for a shared-key written in the form of a 2Ă—2 matrix, the level of security is of the order of đ?›ź S , with đ?›ź denoting the number of required bits).

We recall that the present methodology applies to elliptic curves cryptography constructed on hyper-surfaces of dimension đ?‘›# + 1 (with đ?‘› denoting an integer number) because the shared-key is brought into the form of đ?‘›Ă—đ?‘› square matrices. Hence, a surface like Eq.(1) is the immediate generalization of the one-dimensional elliptic curves cryptography (which corresponds to đ?‘› = 1). Hence, the subsequent surface which generalizes Eq.(1) should be imbedded in a ten-dimensional space (đ?‘› = 3), and so on. III. Â

EXAMPLES OF PRACTICAL USES OF HIGH-DIMENSIONAL ELLIPTIC CURVE CRYPTOGRAPHY

The aim of this section is to illustrate the many possibilities and practical usages opened by the introduction of HighDimensional Elliptic Curve Cryptography. Generally speaking, HDECC can be applied instead of any use of the classic ECC; i.e., Bitcoin, secure shell (ssh), transport layer security (tls) [14]. Among these applications, one of the most important is certainly tls. Indeed, tls is the new generation of the Secure Socket Layer (ssl) which is used in any modern telecommunication. For instance, the wellknown https is nothing else than the classic http protocol running over ssl/tls in order to ensure a secured,

IV. Â

CONCLUSION

We have proposed an encrypted procedure based on the high-dimensional elliptic curve cryptography, which allows maintaining the same level of security as presently obtained by the Microsoft Digital Rights Management. The advantages of these methodology are multiplex. 1)  The quite heavy intermediate exponential operations are avoided and the key exchange protocol is constructed with 64 bits operations instead of 256 bits. 2)  We may proceed to the construct of a new generation of cryptographic standards working with the technology high-dimensional elliptic curves 3)  This methodology opens new perspectives. In fact, it is not difficult to derive a nonlinear differential equation (NDE) admitting the elliptic curves by a special choice of the parameters and initial conditions. We get � hh + �D � � iD

# Â hh

� + �# � � iD +� � =0

# Â h

� + �? � � i?

� 0 = �D       ;      �′ 0 = �#

# Â hj

đ?‘Ś

(8)

with đ?›ź, đ?‘Ľ = đ?‘Ž, + đ?‘?, đ?‘Ľ (i=1,2,3) ; đ?›ž đ?‘Ľ = đ?›žD + đ?›ž# đ?‘Ľ and đ?‘Ž, , đ?‘?, , đ?›˝D , đ?›˝# , đ?›žD , đ?›ž# = đ?‘?đ?‘œđ?‘›đ?‘ đ?‘Ą.    with ′ denoting the derivative with respect to the variable đ?‘Ľ. Differential equation (8) is well-weighted with variables đ?‘Ś, đ?‘Ś h , đ?‘Śâ€˛â€˛ and đ?›ž đ?‘Ľ having weight 1 and đ?›ź, (đ?‘Ľ) having weight 1 2, respectively. Note that the differential equation (8) admits as a special solution the Weierstrass equation [16] đ?‘Ś # + đ?‘?D đ?‘Ľđ?‘Ś + đ?‘?? đ?‘Ś = đ?‘Ľ ? + đ?‘?# đ?‘Ľ # + đ?‘?S đ?‘Ľ + đ?‘?n

(9)

with đ?‘?, ∈ đ??ž. If đ??śâ„Žđ?‘Žđ?‘&#x;đ??ž ≠(2,3), we can complete before

www.ijaers.com                                                                                                                                                                             Page  |  144 Â

International Journal of Advanced Engineering Research and Science (IJAERS) [Vol-4, Issue-2, Feb- 2017]  https://dx.doi.org/10.22161/ijaers.4.2.28 ISSN: 2349-6495(P) | 2456-1908(O) the square and, successively, the cube, by defining đ?œ‚=đ?‘Ś+

đ?‘?D đ?‘Ľ + đ?‘?? đ?‘?D# + 4đ?‘?#   ;   đ?œ‰ = đ?‘Ľ +                (10) 2 12

By substituting Eqs (10) into Eq.(9), we get the elliptic curve [17]: đ?œ‚# = đ?œ‰ ? −

đ?‘‘S đ?‘‘n đ?œ‰âˆ’                                            11 48 864

where đ?‘‘S = đ?‘?D# + 4đ?‘?# # − 24 đ?‘?D đ?‘?? + 2đ?‘?S                           (12) đ?‘‘n = − đ?‘?D# + 4đ?‘?# ? + 36 đ?‘?D# + 4đ?‘?# đ?‘?D đ?‘?? + 2đ?‘?S − 216(đ?‘??# + 4đ?‘?n ) Clearly, now the question is: how can we determine the largest class of parameters đ?‘Ž, , đ?‘?, , đ?›˝D and đ?›˝# , introduced in (8), such that the NDE (8) admits (only) a class of one way functions, possessing the property of being trap functions? In addition, we should also be able to define on these curves a group under point addition. Successively, the trapped curves could be identified uniquely by indexes. Being able to answer to this question would allow encrypting not only the key exchange protocol but also the trapped-curves on which the generator and the encrypted keys belong. However, all of this requires sophisticated mathematical tools and it will be subject of future works. We close this Section by mentioning two other relevant perspectives of this work. 1)  It is quite evident that the formalism illustrated in this manuscript allows introducing two operations: matrix addition and scalar matrix multiplication (including the so-called matrix doubling operation). These operations can be used to implement a highdimensional version of algorithms such as the ECDSA (elliptic curves digital signature algorithm) [18]. 2)  It is possible to introduce an operator đ??ż which connects two distinct points đ??ş D , đ??ş (#) on the highdimensional surface đ??¸ [see Eq.(1)] as follows đ??ş

D

= đ??ż Â đ??ş (D)

đ??şJZ

(D)

đ??şJu

#

                                                    13 D

đ??şJj (đ?‘›D ) D

đ??şJv (đ?‘›? )

=đ??ż

(#)

đ??şJj (đ?‘›S )

(#)

đ??şJv (đ?‘›n )

đ??şJZ đ??şJu

# #

with đ??ż denoting a non-singular 2Ă—2 matrix, satisfying the group law under matrix multiplication. The analytic expression and the mathematical study of this matrix (and the đ?‘›Ă—đ?‘› matrices, in general), with its potential application in cryptography, will be subject of a future work.

ACKNOWLEDGEMENTS AS is indebted with Prof. G. Danezis, from University College London (UCL), Department of Computer Sciences, and Prof. J. Becker, from Karlsruhe Institute of Technology (KIT), Institut fĂźr Technik der Informationsverar-beitung (ITIV), for their support and useful suggestions. GS is also very grateful to Prof. Pasquale Nardone from the UniversitĂŠ Libre de Bruxelles (U.L.B.). REFERENCES [1] Â Anderson, Ross. Security engineering. John Wiley & Sons, 2008 [2] Â WhatIs.com - SearchSecurity, What is encryption? This definition is part of the Essential Guide to business continuity and disaster recovery plans, http://searchdisasterrecovery.techtarget.com/essential guide/Essential-guide-to-business-continuity-anddisaster-recovery-plans [3] Â V. S. Miller, Use of Elliptic Curves in Cryptography, Lecture Notes in Computer Science, 218, pp. 417-426 (2000) [4] Â V. Kapoor, V. Sonny Abraham, R. Singh, Elliptic Curve Cryptography, Ubiquity, 2008 No. 7 (2008). [5] Â K Lauter, The Advantages of Elliptic Curve Cryptography for Wireless Security, IEEE Wireless communications, 11 Issue 1 pp. 62-67 (2004). [6] Â R. Impagliazzo, M. Luby, One-way functions are essential for complexity based cryptography, Foundations of Computer Science 1989. 30th Annual Symposium on Research Triangle Park NC, pp. 230235 (1989). [7] Â D. Giry, BlueKrypt - v 29.2 https://www.keylength.com/en/8/ , Sept 2015. [8] Â P. Krawczyk (2001), Microsoft's Digital Rights Management Scheme-Technical Details, http://cryptome.org/ms-drm.html [9] Â E. W. Weisstein, Elliptic Curve Group Law. MathWorld-A Wolfram Web Resource. http://mathworld.wolfram.com/EllipticCurveGroupL aw.html [10] Â I. Blake, G. Seroussi; N. Smart (2000). Elliptic Curves in Cryptography. LMS Lecture Notes. Cambridge University Press. ISBN 0-521-65374-6. [11] Â A. J. Menezes, T. Okamoto, S. A. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field, IEEE Transactions on Information Theory, 39, Issue 5 pp. 1639-1646 (1993). [12] Â N. P. Smart, The Discrete Logarithm Problem on Elliptic Curves of Trace One, Journal of Cryptology, 12, Issue 3 pp. 193-196, (1999). [13] Â W. Diffie, M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, 22, Issue 6, pp. 644 - 654 (1976).

www.ijaers.com                                                                                                                                                                             Page  |  145 Â

International Journal of Advanced Engineering Research and Science (IJAERS) [Vol-4, Issue-2, Feb- 2017] https://dx.doi.org/10.22161/ijaers.4.2.28 ISSN: 2349-6495(P) | 2456-1908(O) [14] J. W. Bos, J. A. Halderman, N. Heninger, J. Moore, M. Naehrig, and E. Wustrow, Elliptic Curve Cryptography in Practice, Lecture Notes in Computer Science}, 8437, pp. 157-175 (2014). [15] D. Naylor, A. Finamore, I. Leontiadis, Y. Grunenberger, M. Mellia, M. Munafo, K. Papagiannaki, P. Steenkiste, The Cost of the "S" in HTTPS, Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, pp. 133-140 (2014). [16] M. Laska, An Algorithm for Finding a Minimal Weierstrass Equation for an Elliptic Curve, American Mathematical Society, 38, No. 157 pp. 257-260, (1982). [17] I. Connell (1999), Elliptic Curve Handbook. This handbook is a set of notes of about 540 pages, which can be found at the address: https://pendientedemigracion.ucm.es/BUCM/mat/doc 8354.pdf [18] D. Johnson, A. Menezes, S. Vanstone, The elliptic curves digital signature algorithm (ECDSA), International Journal of Information Security, 1, Issue 1, pp.36-63 (2001) - First Online: 31 Jan 2014.

www.ijaers.com Page | 146