Abstract and 1 Introduction

  1. Scenario and Requirements

  2. History and Related Work

  3. Concept of Cramer-Shoup with Elliptic Curve and 4.1 Prerequisite

    4.2 Public Key Generation by Receiver

    4.3 Encryption by Sender

    4.4 Decryption by Receiver

  4. Evaluation and 5.1 Proof of Correctness

    5.2 Preliminary Performance Comparison

  5. Proof: Secure against adaptive-chosen ciphertext attacks

    6.1 DDH Assumption and 6.2 CCA Assumption

    6.3 IND-CCA 1 - non-adaptive Security

    6.4 IND-CCA 2 - adaptive Security (Validity Checking Failure)

  6. Security discussion: Post-Quantum Cryptography

  7. Summary, References, and Authors

5 Evaluation

In the following, the correct operation of the approach is first demonstrated. The subsequent performance comparison puts our approach in relation to comparable systems.

5.1 Proof of Correctness

For a better comprehensibility and compact notation, the description is done without the continuous specification of the elliptic curve F(x). The correctness of our system is given by:

So, our system is working properly.

5.2 Preliminary Performance Comparison

The implementation of our schema is done from an academic perspective in Java without any special optimizations. It serves to verify and validate the correct functioning. The performance of the algorithms is highly dependent on proper implementation and mathematical realization. The Table 1 shows a preliminary comparison of the speeds of different encryption algorithms on an Intel Core i7-8565U CPU 1.80GHz. We used freely available sources as reference implementation for RSA with Chinese-Reminder-Theorem[1], ECDH[2], SIDH[3], and Kyber[4]. The time is measured in milliseconds.

The ECDH and SIDH [54] method require more computing power than our approach and the key cannot be reused. The speed of RSA depends heavily on the key size, especially the key generation. However, RSA requires further power through OAEP and key validation, which is not included here. The more complex basis of our schema requires correspondingly more computing power to guarantee the desired security. Only the optimized implementation of Kyber for the NIST competition is faster, requiring larger keys [5].

Author:

(1) Peter Hillmann, University of the Bundeswehr Munich, Department of Computer Science, Werner-Heisenberg-Weg 39, 85577 Neubiberg, Germany.

This paper is available on arxiv under ATTRIBUTION-NONCOMMERCIAL-SHAREALIKE 4.0 INTERNATIONAL license.

[1] https://github.com/YYZ/RSA

[2] http://www.academicpub.org/PaperInfo.aspx?PaperID=14496

[3] https://github.com/Art3misOne/sidh

[4] https://github.com/fisherstevenk/kyberJCE

[5] https://pq-crystals.org/kyber/