Combining Public-Key Encryption with Digital Signature Scheme

Abstract

This paper presents the possibilities of combing public-key encryption and digital signature algorithms which are actually based on different mathematical hard problems. Since the output of the combination produces an Encrypted signed message. In general, most of the currently used public-key algorithms are computationally expensive with relatively lengthy key requirement due to the dependency on the number theory. Therefore, it’s important to show a combinational protocols which are based on different mathematical hard problem. In some sense, difficult to solve. In the combined scheme, we present the powerful and practical encryption digital signature scheme and its security level and execution time.

1 Introduction

Cryptography algorithms can be classified into two board categories, secret key (one key, single key, symmetric) algorithms and public key (two key, asymmetric) algorithms (refer to Fig. 1). In general, Cryptography protocol employs public key cryptosystem to exchange the secret key and then uses faster secret key algorithms to ensure confidentiality, integrity, non-repudiation, authentication, and accessibility of the data stream [4, 5]. In 1976, Diffie-Hellman [2, 6] developed the concept of the public-key cryptosystem (refer to Figs. 1 and 2), and the first asymmetric encryption protocol is the RSA [7] algorithm which was published in 1978. As well as, there are many others asymmetric encryption algorithms issued since the RSA. Among them are Rabin [8], ElGamal [9], and Elliptic Curve [10].

Fig. 1.

Main branches of public-key scheme

Fig. 2.

Encryption and signature combinational protocol

In public-key Cryptography, Every public-key algorithm is actually based on a mathematical problem. These problems are called “mathematical hard problems” and are classified into two major groups according to the Cryptography standards. These groups are P (Polynomial) and NP (Non-deterministic polynomial). The P hard problem is defined when the problem is solved in polynomial time. Whereby, if the validity of a proposed solution can be checked only in polynomial time then the problem is considered as an NP hard mathematical problem [1–3]. Basically, public-key algorithms are classified into many major types depending on the mathematical hard problem. These problems are the discrete logarithm problem (DLP), the integer factorization problem (IFP), the Elliptic Curve discrete logarithm problem (ECDLP), the chaotic hard problem, etc. This following survey study will help us to identify the strength of the used public-key algorithms according to their mathematical hard problem (refer to Fig. 1).

In asymmetric encryption protocols, there is a pair of keys, one of which is known to encrypt the plaintext and called as the public key, while the other key is known as the private key and is used to decrypt the encrypted plaintext.

As discussed earlier, every public-key encryption algorithm is based on a NP mathematical problem that is in some sense difficult to be solved, therefore the public-key algorithms are classified according to their hard problems in this subsection. Table 1 show the key size for prime based algorithms (RSA, DSA, etc.) and integer based algorithm (ECC, Chaotic) algorithms, regarding to the resistance to brute force attacks. The keys space for RSA and DSA were calculated based on the number of primes existed for particular key sizes [14].

Table 1. Public-Key Encryption and Digital Signature protocols (Efficiency and Key Size) [14]

This paper developed a public-key encryption with digital signature scheme which are based on mathematical hard problem. The paper discusses the possibility of creating a combinational public key encryption and digital signature protocol.

2 The Proposed Encryption and Digital Signature Protocol

The combination between encryption algorithm and digital signature algorithm provides confidentiality, Integrity, authentication, and non-reputation services for messages. In this article, both algorithms are defined as any of the different mathematical problems; since it’s possible to combine encryption based IFP with digital signature based DLP in some cases. However, in the proposed solution the sender and the receiver must generate their own private and public keys. The sender must compute his/her keys for digital signature purpose while the receiver will compute the encryption and decryption keys, in parallel with the sender.

As shown by Fig. 2, the message is selected by the sender and then encrypted and signed to be sent over the insecure network to the receiver. After receiving the encrypted and signed message, the receiver should verify the signature authenticity before decrypting the ciphertext.

2.1 Combination of RSA and DSA Protocol

Figure 3 shows the combinational protocol between RSA and DSA algorithms, since RSA is based on integer factorization problem while DSA is based on discrete logarithm problem.

Fig. 3.

RSA + DSA protocol

Key generation algorithm (generated by sender, Alice) - Alice must do:

1. 1.

   Choose a prime number (p _s ), where 2^L−1 < p _s  < 2^L for 512 ≤ L ≤ 1024 and L a multiple of 64.

2. 2.

   Choose a prime numbers (q _s ), where q _s divisor of (p – 1), and 2¹⁵⁹ < q _s  < 2¹⁶⁰.

3. 3.

   Compute g as follows: g = (h ^{(p −1)/q} _{s s} ) mod p _s , where 1<h<(p _s – 1), and g > 1.

4. 4.

   Choose a random integer x, with 0 < x < q _s .

5. 5.

   Compute y as follows: y = g ^x mod p _s .

   Send (p _s , q _s , g, and y) to Bob (verifier).

Key generation algorithm (generated by receiver, Bob) - Bob must do:

1. 6.

   Choose two prime numbers (p _r , q _r ) randomly, secretly, and roughly of the same size.

2. 7.

   Compute the modulus n as follows: n = p _r \( \times \) q _r .

3. 8.

   Compute the Ф(n), as follows: Ф(n) = (p _r −1) \( \times \) (q _r −1).

4. 9.

   Choose the public key e, such that 1 < e < Ф(n), and GCD (e, Ф(n)) = 1.

5. 10.

   Compute the decryption key d, where d = e ^{− 1} mod Ф(n).

   Determine the public keys (e, n) and determine the private keys (Ф(n), d).

Encryption and Signing (sender - Alice) - Alice must do the following:

1. 11.

   Obtain the public keys (e, n).

2. 12.

   Determine the message m to be encrypt such that 0 < m < n.

3. 13.

   Encrypt the message as follows, c = m ^e mod n.

4. 14.

   Choose a random integer k, with 0 < k < q _s .

5. 15.

   Compute r as follows r = (g ^k mod p _s ) mod q _s .

6. 16.

   Compute s as follows: s = ((k ⁻¹ ) \( \times \) (SHA-1(C) + x \( \times \) r)) mod q _s .

   • The signature is (r, s).

   • Send the signature and the ciphertext (c, r, s) to the receiver.

   • k ⁻¹ is a multiplicative inverse of k in Z _q

Verifying and Decryption (receiver - Bob) - Bob must do the following:

1. 17.

   Obtain the keys (p _s , q _s , g, and y).

2. 18.

   w = s ⁻¹ mod q _s .

3. 19.

   u1 = ((SHA-1(C)) \( \times \) w) mod q _s .

4. 20.

   u2 = (r \( \times \) w) mod q _s .

5. 21.

   v = ((g ^u1 \( \times \) y ^u2 ) mod p _s ) mod q _s .

   Verify the message m as follows: is v = r?.

6. 22.

   Obtain the ciphertext c from Alice.

7. 23.

   Recover the message as follows, m = c ^d mod n.

2.2 Combination of RSA and RSADS

Figure 4 shows the combinational protocol between RSA and RSADS algorithms, since both RSA algorithms are based on integer factorization problem.

Fig. 4.

RSA + RSADS protocol

Key generation algorithm (generated by sender, Alice) - Alice must do:

1. 1.

   Choose two prime numbers (p _s , q _s ) randomly, secretly, and roughly of the same size.

2. 2.

   Compute the modulus n as follows: n _s  = p _s \( \times \) q _r .

3. 3.

   Compute the Ф(n), as follows: Ф _s (n _s ) = (p _s −1) \( \times \) (q _s −1).

4. 4.

   Choose the public key e, such that 1 < e _s  < Ф _s (n _s ), and GCD (e _s , Ф _s (n _s )) = 1.

5. 5.

   Compute the decryption key d _s , where d _s  = e _s ^{− 1} mod Ф _s (n _s ).

   Determine the public keys (e _s , n _s ) and determine the private keys (Ф _s (n _s ), d _s ).

Key generation algorithm (generated by receiver, Bob)- Bob must do:

1. 6.

   Choose two prime numbers (p _r , q _r ) randomly, secretly, and roughly of the same size.

2. 7.

   Compute the modulus n as follows: n _r  = p _r \( \times \) q _r .

3. 8.

   Compute the Ф(n), as follows: Ф _r (n _r ) = (p _r −1) \( \times \) (q _r −1).

4. 9.

   Choose the public key e, such that 1 < e _r  < Ф _r (n _r ), and GCD (er, Ф _r (n _r )) = 1.

5. 10.

   Compute the decryption key d _r , where d _r  = er ^{− 1} mod Ф _r (n _r ).

   Determine the public keys (e _r , n _r ) and determine the private keys (Ф _r (n _r ), d _r ).

Encryption and Signing (sender - Alice) - Alice must do the following:

1. 11.

   Determine the message m to be encrypt such that 0 < m < n _r .

2. 12.

   Encrypt the message as follows, c = m ^er mod n _r .

3. 13.

   Sign the ciphertext C as: c = C ^ds mod n _s

   Send the signature and the ciphertext (C, s) to the receiver.

Verifying and Decryption (receiver - Bob) - Bob must do the following:

1. 14.

   v = s ^es mod n _s

   Verify the message m as follows: is v = C?

2. 15.

   Obtain the ciphertext C from Alice.

3. 16.

   Recover the message as follows, m = C ^dr mod n _r .

3 Performance Evaluation Based on Equivalent Key Sizes for Fractal and Public-Key Encryption Protocol

We compare the performance of the integer based public-key algorithm against the well-known prime’s public-key algorithms (such as RSA and DSA) for the combined encryption and digital signature cryptosystems. Table 2 shows the performance for both approaches. Both protocols were coded in C++ with GMP library. Also, Miller-Rabin algorithm [18] is implemented for primarily test which was coded using C++ and GMP as well. However, the comparison between integers and primes based public-key cryptosystems shows that integers based public key encryption and digital signature algorithms performs better than primes based public key algorithms in general. As Fig. 5 indicate, integers based public-key algorithm (ECC), provides higher level of security at a much lower cost, both in term of key size and execution time. Moreover,

Table 2. Performance evaluation between integers and primes based public key algorithms

Fig. 5.

Overall time comparison between integers and primes based public key algorithms’ time

4 Conclusions

This paper presents and implemented a scheme of combining public-key encryption and digital signature algorithms and proposed an encryption digital signature protocol. However, an overall running time that compare between integers and primes based public key algorithms’ time were presented.